mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-01 02:36:42 +00:00
d396236a83
Remove hard coded paths from shebangs and other references because they do not play well in nix-land. Either use /usr/bin/env to do runtime PATH based lookup or avoid absolute paths so PATH look up happens instead. Signed-off-by: Thierry Laurion <insurgo@riseup.net> Signed-off-by: Manuel Mendez <github@i.m.mmlb.dev> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
70 lines
2.5 KiB
Bash
Executable File
70 lines
2.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
function printusage {
|
|
echo "Usage: $0 -m <me_cleaner>(optional)"
|
|
}
|
|
|
|
BLOBDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4 $BLOBDIR/me.bin"
|
|
ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153 g1rg24ww.exe"
|
|
ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa app/ME8_5M_Production.bin"
|
|
|
|
if [ "$#" -eq 0 ]; then printusage; fi
|
|
|
|
while getopts ":m:" opt; do
|
|
case $opt in
|
|
m)
|
|
if [ -x "$OPTARG" ]; then
|
|
MECLEAN="$OPTARG"
|
|
fi
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ -e "$BLOBDIR/me.bin" ]; then
|
|
echo "$BLOBDIR/me.bin found..."
|
|
if ! echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check; then
|
|
echo "$BLOBDIR/me.bin doesn't pass integrity validation. Continuing..."
|
|
rm -f "$BLOBDIR/me.bin"
|
|
else
|
|
echo "$BLOBDIR/me.bin already extracted and neutered outside of ROMP and BUP"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
if [ -z "$MECLEAN" ]; then
|
|
MECLEAN=$(command -v "$BLOBDIR/../../build/x86/coreboot-"*/util/me_cleaner/me_cleaner.py 2>&1 | head -n1)
|
|
if [ -z "$MECLEAN" ]; then
|
|
echo "me_cleaner.py required but not found or specified with -m. Aborting."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
echo "### Creating temp dir"
|
|
extractdir=$(mktemp -d)
|
|
cd "$extractdir" || exit
|
|
|
|
echo "### Downloading https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe..."
|
|
wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe || { echo "ERROR: wget not found" && exit 1; }
|
|
echo "### Verifying expected hash of g1rg24ww.exe"
|
|
echo "$ME_EXE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; }
|
|
|
|
echo "### Extracting g1rg24ww.exe..."
|
|
innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed on host?" && exit 1; }
|
|
echo "### Verifying expected hash of app/ME8_5M_Production.bin"
|
|
echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; }
|
|
|
|
bioscopy="some_value" # Assign a value to the bioscopy variable
|
|
|
|
echo "### Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... "
|
|
"$MECLEAN" -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin
|
|
echo "### Verifying expected hash of me.bin"
|
|
echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; }
|
|
|
|
echo "### Cleaning up..."
|
|
cd - >/dev/null
|
|
|
|
rm -r "$extractdir"
|