#!/bin/bash -e # depends on : git build-essential bison flex m4 zlib1g-dev gnat libpci-dev libusb-dev libusb-1.0-0-dev dmidecode bsdiff python2.7 pv # Librem 13 v1 and Librem 15 v2 binary blob hashes BDL_UCODE_SHA="69537c27d152ada7dce9e35bfa16e3cede81a18428d1011bd3c33ecae7afb467" BDL_DESCRIPTOR_SHA="be34b19b4de387a07d4fc859d2e4ee44723756f5f54552f236136679b4e52c46" BDL_MRC_SHA="dd05ab481e1fe0ce20ade164cf3dbef3c479592801470e6e79faa17624751343" BDL_REFCODE_SHA="8a919ffece61ba21664b1028b0ebbfabcd727d90c1ae2f72b48152b8774323a4" BDL_VBIOS_SHA="e1cd1b4f2bd21e036145856e2d092eb47c27cdb4b717c3b182a18d8c0b1d0f01" BDL_UCODE_URL="https://github.com/platomav/CPUMicrocodes/raw/18a85ffed180447aa16c2796146ff2698691eddf/Intel/cpu306D4_platC0_ver0000002A_2018-01-18_PRD_CC79BBDA.bin" # Librem 13 v2/v3 and Librem 15 v3 binary blob hashes SKL_UCODE_SHA="9c84936df700d74612a99e6ab581640ecf423d25a0b74a1ea23a6d9872349213" SKL_DESCRIPTOR_SHA="d5110807c9d67cea6d546ac62125d87042a868177241be4ae17a2dbedef10017" SKL_ME_NOCONF_SHA="70f07be7934bdbb215c66455a2b0d32651f3b2ecaf2519d83d8ca9cf475cc366" SKL_ME_SHA="3042150c7f655293a69bcf886836732fc451439ae551a2babf3173f4f0d9a8d3" SKL_FSP_SHA="74e579604bdc3eb6527f7add384d6b18e16eee76953748b226fe05129d83b419" SKL_FSPM_SHA="b6431369b921df1c3ec01498e04e9dab331aa5b5fc4fbbb67b03ea87de27cd96" SKL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf" SKL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98" SKL_VBIOS_SHA="18d861485b86f93dad2b294cebd40b99eb03493d32b514e731ddb8dcf3a1ce83" # Librem 13 v4 and Librem 15 v4 binary blob hashes KBL_UCODE_SHA="a420274eecca369fcca465cc46725d61c0ae8ca2e18f201b1751faf9e081fb2e" KBL_ME_NOCONF_SHA="912271bb3ff2cf0e2e27ccfb94337baaca027e6c90b4245f9807a592c8a652e1" KBL_ME_SHA="9c91052d457890c4a451c6ab69aabeeac98c95dce50cf462aa5c179236a27ba1" KBL_VBIOS_SHA="7181b60e119d08d5c2a265071093f6973dbea9c9f25d890a7b377059cf733a98" # FSP downloadable from Github SKL_UCODE_URL="https://github.com/platomav/CPUMicrocodes/raw/bfb23e48eb84dff1495d1c8789f133a1b684de27/Intel/cpu406E3_platC0_ver000000C2_2017-11-16_PRD_C6C6F699.bin" KBL_UCODE_URL="https://github.com/platomav/CPUMicrocodes/raw/0d88b2eba0c9930e69180423d3fb9f348d5ca14f/Intel/cpu806E9_platC0_ver0000009A_2018-07-16_PRD_DDFC5B64.bin" SKL_FSP_URL="https://github.com/IntelFsp/FSP/raw/324ffc02523bf23a907a3ff305b43b5047adf1c5/KabylakeFspBinPkg/Fsp.fd" SKL_VBT_URL="https://github.com/IntelFsp/FSP/raw/324ffc02523bf23a907a3ff305b43b5047adf1c5/KabylakeFspBinPkg/SampleCode/Vbt/Vbt.bin" SKL_FSP_SPLIT_URL="https://raw.githubusercontent.com/tianocore/edk2/e8a70885d8f34533b6dd69878fe95a249e9af086/IntelFsp2Pkg/Tools/SplitFspBin.py" SKL_FSP_SPLIT_SHA="f654f6363de68ad78b1baf8b8e573b53715c3bc76f7f3c23562641e49a7033f3" # Link found on : http://www.win-raid.com/t832f39-Intel-Engine-Firmware-Repositories.html # Update link if it changes and becomes invalid. SKL_ME_RAR_URL="https://mega.nz/#!2ElyFQDT!cC0gTlH8rB9EWD4MGX0mVElT94BauqFn-dBKuoEselc" SKL_ME_FILENAME="11.0.18.1002_CON_LP_C_NPDM_PRD_RGN.bin" SKL_ME_FULL_FILENAME="Intel CSME 11.0 Firmware Repository Pack r53/$SKL_ME_FILENAME" SKL_ME_RAR_SHA="1450d7ea985fbcf0ea79ba61bdc71ed3c5de52a6a82f14c07120b6b321e97352" SKL_ME_PATCH="me11.0.18_config.bspatch" KBL_ME_RAR_URL="https://mega.nz/#!6JlAla6a!hvulc0ZYCj19OzOZoyKimZSh8bxHw9Qmy6bQ8h_xKTU" KBL_ME_FILENAME="11.6.0.1126_CON_LP_C_NPDM_PRD_RGN.bin" KBL_ME_FULL_FILENAME="Intel CSME 11.6 Firmware Repository Pack r28/$KBL_ME_FILENAME" KBL_ME_RAR_SHA="3c23134fca8de7c9b47dd4d62498bcde549ad07565d158c69f4ed33f9bda8270" KBL_ME_PATCH="me11.6.0.1126_config.bspatch" # Needed to download SKL_ME_RAR_URL/KBL_ME_RAR_URL MEGADOWN_URL="https://github.com/tonikelope/megadown.git" MEGADOWN_GOOD_COMMIT="83c53ddad1c32bf6d35c61fcd12a2fa94271ff77" # Might be required to compile unrar in case unrar-nonfree is not installed RAR_NONFREE_SOURCE_URL="https://www.rarlab.com/rar/unrarsrc-5.5.8.tar.gz" RAR_NONFREE_SOURCE_SHA="9b66e4353a9944bc140eb2a919ff99482dd548f858f5e296d809e8f7cdb2fcf4" # Final flashregion_1_bios sha256 hashes L13V1_COREBOOT_VERSION="4.8.1-Purism-4" L15V2_COREBOOT_VERSION="4.8.1-Purism-4" L13V2_COREBOOT_VERSION="4.8.1-Purism-4" L13V3_COREBOOT_VERSION="4.8.1-Purism-4" L15V3_COREBOOT_VERSION="4.8.1-Purism-4" L13V4_COREBOOT_VERSION="4.8.1-Purism-4" L15V4_COREBOOT_VERSION="4.8.1-Purism-4" L13V1_COREBOOT_BIOS_SHA="149f68641a282fd3369cf98133ddafeb7e415f664cd6260a30d479f20010620b" L15V2_COREBOOT_BIOS_SHA="d47691b3ef47ca962583c9fff90b558f77acee659b2ec51228172cc5536cdaf9" L13V2_COREBOOT_BIOS_SHA="6bd98ba30b1fa500d065107dbf5ee4dde49ef173c52fdfdb49853eb92d686176" L13V3_COREBOOT_BIOS_SHA="6652e8df571c0a155d42948c6457df69188f96dc8871eb6ad3cb569710fdb8e3" L15V3_COREBOOT_BIOS_SHA="39f2388d704464c6cb74787e39b57b5ffe08ac820f69a26cc0b063cda89ef6c1" L13V4_COREBOOT_BIOS_SHA="c2f62bba8614995f3359b947b31ec93ac1b822ace9829f1493cca0501aa9c1da" L15V4_COREBOOT_BIOS_SHA="a68a4e13fe24a5be6a2450a9b9a73de16821e9ab1aa9d2dd12c741e57b8a2d34" die () { local msg=$1 echo "" echo "$msg" exit 1 } extract_binary () { local name=$1 local filename=$2 local hash=$3 sha="" if [ -f "$BLOB_DIR/$filename" ]; then sha="$(sha256sum "$BLOB_DIR/$filename" | awk '{print $1}')" fi if [ "$sha" != "$hash" ]; then if [ "${filename##*.}" == "elf" ]; then ./util/cbfstool/cbfstool ../coreboot-orig.rom extract -n "$name" -f "$BLOB_DIR/$filename" -m x86 else ./util/cbfstool/cbfstool ../coreboot-orig.rom extract -n "$name" -f "$BLOB_DIR/$filename" fi sha=$(sha256sum "$BLOB_DIR/$filename" | awk '{print $1}') if [ "$sha" != "$hash" ]; then die "Extracted binary '$filename' has the wrong SHA256 hash" fi fi } check_binary () { local filename=$1 local hash=$2 if [ ! -f "$BLOB_DIR/$filename" ]; then die "Binary blob file '$filename' does not exist" fi sha=$(sha256sum "$BLOB_DIR/$filename" | awk '{print $1}') if [ "$sha" != "$hash" ]; then die "Extracted binary '$filename' has the wrong SHA256 hash" fi } check_and_get_url () { filename=$1 url=$2 hash=$3 description=$4 if [ -f "$BLOB_DIR/$filename" ]; then sha=$(sha256sum "$BLOB_DIR/$filename" | awk '{print $1}') fi if [ "$sha" != "$hash" ]; then wget -O "$BLOB_DIR/$filename" "$url" sha=$(sha256sum "$BLOB_DIR/$filename" | awk '{print $1}') if [ "$sha" != "$hash" ]; then die "Downloaded $description has the wrong SHA256 hash" fi fi } check_and_copy_descriptor_bdl () { if [ -f "$BLOB_DIR/descriptor.bin" ]; then sha=$(sha256sum "$BLOB_DIR/descriptor.bin" | awk '{print $1}') fi if [ "$sha" != "$BDL_DESCRIPTOR_SHA" ]; then cp coreboot-files/descriptor-bdl.bin "$BLOB_DIR/descriptor.bin" sha=$(sha256sum "$BLOB_DIR/descriptor.bin" | awk '{print $1}') if [ "$sha" != "$BDL_DESCRIPTOR_SHA" ]; then die "Binary 'descriptor.bin' has the wrong SHA256 hash" fi fi } check_and_copy_descriptor_skl () { if [ -f "$BLOB_DIR/descriptor.bin" ]; then sha=$(sha256sum "$BLOB_DIR/descriptor.bin" | awk '{print $1}') fi if [ "$sha" != "$SKL_DESCRIPTOR_SHA" ]; then cp coreboot-files/descriptor-skl.bin "$BLOB_DIR/descriptor.bin" sha=$(sha256sum "$BLOB_DIR/descriptor.bin" | awk '{print $1}') if [ "$sha" != "$SKL_DESCRIPTOR_SHA" ]; then die "Binary 'descriptor.bin' has the wrong SHA256 hash" fi fi } get_and_split_fsp () { fsp="fsp.fd" fsp_M="fsp_M.fd" fsp_S="fsp_S.fd" fsp_T="fsp_T.fd" fspm="fspm.bin" fsps="fsps.bin" fsp_split="SplitFspBin.py" if [ -f "$BLOB_DIR/$fspm" ]; then fspm_sha=$(sha256sum "$BLOB_DIR/$fspm" | awk '{print $1}') fi if [ -f "$BLOB_DIR/$fsps" ]; then fsps_sha=$(sha256sum "$BLOB_DIR/$fsps" | awk '{print $1}') fi # No FSP-M or FSP-S if [ "$fspm_sha" != "$SKL_FSPM_SHA" ] || [ "$fsps_sha" != "$SKL_FSPS_SHA" ]; then if [ -f "$BLOB_DIR/$fsp" ]; then fsp_sha=$(sha256sum "$BLOB_DIR/$fsp" | awk '{print $1}') fi # No FSP.fd if [ "$fsp_sha" != "$SKL_FSP_SHA" ]; then wget -O "$BLOB_DIR/$fsp" "$SKL_FSP_URL" fsp_sha=$(sha256sum "$BLOB_DIR/$fsp" | awk '{print $1}') if [ "$fsp_sha" != "$SKL_FSP_SHA" ]; then die "Downloaded FSP image has the wrong SHA256 hash" fi fi # No FspSplit if [ -f "$BLOB_DIR/$fsp_split" ]; then split_sha=$(sha256sum "$BLOB_DIR/$fsp_split" | awk '{print $1}') fi if [ "$split_sha" != "$SKL_FSP_SHA" ]; then wget -O "$BLOB_DIR/$fsp_split" "$SKL_FSP_SPLIT_URL" split_sha=$(sha256sum "$BLOB_DIR/$fsp_split" | awk '{print $1}') if [ "$split_sha" != "$SKL_FSP_SPLIT_SHA" ]; then die "Downloaded FSP Split Tool has the wrong SHA256 hash" fi fi python2 "$BLOB_DIR/$fsp_split" split -o "$BLOB_DIR" -f "$BLOB_DIR/$fsp" if [ -f "$BLOB_DIR/$fsp_M" ]; then mv "$BLOB_DIR/$fsp_M" "$BLOB_DIR/$fspm" fi if [ -f "$BLOB_DIR/$fsp_S" ]; then mv "$BLOB_DIR/$fsp_S" "$BLOB_DIR/$fsps" fi fspm_sha=$(sha256sum "$BLOB_DIR/$fspm" | awk '{print $1}') fsps_sha=$(sha256sum "$BLOB_DIR/$fsps" | awk '{print $1}') if [ "$fspm_sha" != "$SKL_FSPM_SHA" ] || [ "$fsps_sha" != "$SKL_FSPS_SHA" ]; then die "Extracted FSP images have the wrong SHA256 hash" fi rm -f "$BLOB_DIR/$fsp" rm -f "$BLOB_DIR/$fsp_split" rm -f "$BLOB_DIR/$fsp_T" fi } get_and_patch_me_11 () { if [ $KBL -eq 1 ]; then ME_NOCONF_SHA=$KBL_ME_NOCONF_SHA ME_SHA=$KBL_ME_SHA ME_RAR_URL=$KBL_ME_RAR_URL ME_FILENAME=$KBL_ME_FILENAME ME_FULL_FILENAME=$KBL_ME_FULL_FILENAME ME_RAR_SHA=$KBL_ME_RAR_SHA ME_PATCH=$KBL_ME_PATCH else ME_NOCONF_SHA=$SKL_ME_NOCONF_SHA ME_SHA=$SKL_ME_SHA ME_RAR_URL=$SKL_ME_RAR_URL ME_FILENAME=$SKL_ME_FILENAME ME_FULL_FILENAME=$SKL_ME_FULL_FILENAME ME_RAR_SHA=$SKL_ME_RAR_SHA ME_PATCH=$SKL_ME_PATCH fi if [ -f "$BLOB_DIR/me.bin" ]; then sha=$(sha256sum "$BLOB_DIR/me.bin" | awk '{print $1}') fi if [ "$sha" != "$ME_SHA" ]; then local rar_filename=me_11_repository.rar local unrar='unrar-nonfree' if ! type "$unrar" &> /dev/null; then wget -O unrar.tar.gz "$RAR_NONFREE_SOURCE_URL" sha=$(sha256sum unrar.tar.gz | awk '{print $1}') if [ "$sha" != "$RAR_NONFREE_SOURCE_SHA" ]; then die "Unrar source package has the wrong SHA256 hash" fi tar -xzvf unrar.tar.gz ( cd unrar make ) unrar="`pwd`/unrar/unrar" fi if [ -f "$rar_filename" ]; then sha=$(sha256sum "$rar_filename" | awk '{print $1}') fi if [ "$sha" != "$ME_RAR_SHA" ]; then if [ ! -d megadown ]; then git clone $MEGADOWN_URL fi ( cd megadown git checkout $MEGADOWN_GOOD_COMMIT echo -e "\n\nDownloading ME 11 Repository from $ME_RAR_URL" echo "Please be patient while the download finishes..." rm -f ../$rar_filename 2>/dev/null ./megadown "$ME_RAR_URL" -o ../$rar_filename 2>/dev/null ) sha=$(sha256sum "$rar_filename" | awk '{print $1}') if [ "$sha" != "$ME_RAR_SHA" ]; then # We'll assume the rar file was updated again me_dirname=$("$unrar" l "$rar_filename" | grep '\.\.\.D\.\.\.' | tr -s [:blank:] | cut -d' ' -f 6-) ME_FULL_FILENAME="$me_dirname/$ME_FILENAME" fi fi if type "$unrar" &> /dev/null; then "$unrar" e -y "$rar_filename" "$ME_FULL_FILENAME" else die "Couldn't extract ME image. Requires unrar-nonfree" fi sha="" if [ -f "$ME_FILENAME" ]; then sha=$(sha256sum "$ME_FILENAME" | awk '{print $1}') fi if [ "$sha" != "$ME_NOCONF_SHA" ]; then die "Couldn't extract ME image with the correct SHA256 hash" fi bspatch "$ME_FILENAME" "$BLOB_DIR/me.bin" coreboot-files/$ME_PATCH fi } flashrom_progress() { local current=0 local total_bytes=0 local percent=0 local IN='' local spin='-\|/' local spin_idx=0 local progressbar='' local progressbar2='' local status='init' local prev_word='' local prev_prev_word='' progressbar2=$(for ((i=0; i < 49; i++)) do echo -ne ' ' ; done) echo "Initializing internal Flash Programmer" while true ; do prev_prev_word=$prev_word prev_word=$IN read -r -d' ' IN || break if [ "$total_bytes" != "0" ]; then current=$(echo "$IN" | grep -E -o '0x[0-9a-f]+-0x[0-9a-f]+:.*' | grep -E -o "0x[0-9a-f]+" | tail -n 1) if [ "${current}" != "" ]; then percent=$((100 * (current + 1) / total_bytes)) progressbar=$(for ((i=0; i < $((percent / 2)); i++)) do echo -ne '#' ; done) progressbar2=$(for ((i=0; i < $((49 - percent / 2)); i++)) do echo -ne ' ' ; done) fi else if [ "$prev_prev_word" == "Reading" ] && [ "$IN" == "bytes" ]; then total_bytes=$prev_word echo "Total flash size : $total_bytes bytes" fi fi if [ "$percent" -eq 100 ]; then spin_idx=4 else spin_idx=$(( (spin_idx+1) %4 )) fi if [ "$status" == "init" ]; then if [ "$IN" == "contents..." ]; then status="reading" echo "Reading old flash contents. Please wait..." fi fi if [ "$status" == "reading" ]; then if echo "${IN}" | grep "done." > /dev/null ; then status="writing" fi fi if [ "$status" == "writing" ]; then echo -ne "Flashing: [${progressbar}${spin:$spin_idx:1}${progressbar2}] (${percent}%)\\r" if echo "$IN" | grep "Verifying" > /dev/null ; then status="verifying" echo "" echo "Verifying flash contents. Please wait..." fi fi if [ "$status" == "verifying" ]; then if echo "${IN}" | grep "VERIFIED." > /dev/null ; then status="done" echo "The flash contents were verified and the image was flashed correctly." fi fi done echo "" if [ "$status" == "done" ]; then true else echo 'ERROR!!! Error flashing coreboot!' false fi } update_crossgcc_toolchain() { CURRENT_TOOLCHAIN_VERSION=0 GCC_FILE='util/crossgcc/xgcc/bin/i386-elf-gcc' TARGET_TOOLCHAIN_VERSION=$(grep -m 1 CROSSGCC_VERSION= util/crossgcc/buildgcc | sed -e 's/^.*="\([0-9]\+\.[0-9]\+\)".*$/\1/') if [ -f "$GCC_FILE" ]; then CURRENT_TOOLCHAIN_VERSION=$(${GCC_FILE} --version | grep -m 1 'coreboot toolchain' | sed -e 's/^.*coreboot toolchain v\([0-9]\+\.[0-9]\+\).*$/\1/') fi if [ "$CURRENT_TOOLCHAIN_VERSION" != "$TARGET_TOOLCHAIN_VERSION" ]; then echo "Coreboot toolchain version changed from $CURRENT_TOOLCHAIN_VERSION to $TARGET_TOOLCHAIN_VERSION" echo "Cleaning crossgcc compiler before rebuilding it" make crossgcc-clean fi make crossgcc-i386 CPUS=4 } DMIDECODE_SERIAL_NUMBER="" if [ ! -d coreboot ]; then git clone http://review.coreboot.org/coreboot cd coreboot # It can fail if you don't have a git global user.name/user.email setup make gitconfig || true # Apparently if I do the first 'git sup' after I checkout the purism remote, then it looks for the submodules on the purism base URI git sup git remote add purism https://source.puri.sm/coreboot/coreboot.git else cd coreboot fi ( cd util/cbfstool make ) ( cd util/ifdtool make ) clear echo "Which coreboot image do you want to build:" echo "" echo "# Broadwell/5th-Gen" echo "1 - Librem 13 v1 ($L13V1_COREBOOT_VERSION)" echo "2 - Librem 15 v2 ($L15V2_COREBOOT_VERSION)" echo "# Skylake/6th-Gen" echo "3 - Librem 13 v2 ($L13V2_COREBOOT_VERSION)" echo "4 - Librem 13 v3 ($L13V3_COREBOOT_VERSION)" echo "5 - Librem 15 v3 ($L15V3_COREBOOT_VERSION)" echo "# Kabylake/7th-Gen" echo "6 - Librem 13 v4 ($L13V4_COREBOOT_VERSION)" echo "7 - Librem 15 v4 ($L15V4_COREBOOT_VERSION)" echo "" machine=0 while [ "$machine" != "1" ] && [ "$machine" != "2" ] && \ [ "$machine" != "3" ] && [ "$machine" != "4" ] && \ [ "$machine" != "5" ] && [ "$machine" != "6" ] && \ [ "$machine" != "7" ] ; do read -r -p "Enter your choice (1-7): " machine if [ "$machine" != "1" ] && [ "$machine" != "2" ] && \ [ "$machine" != "3" ] && [ "$machine" != "4" ] && \ [ "$machine" != "5" ] && [ "$machine" != "6" ] && \ [ "$machine" != "7" ] ; then echo "Invalid choice" fi done KBL=0 if [ "$machine" = "1" ]; then MACHINE_NAME="Librem 13 v1" BLOB_DIR="3rdparty/blobs/mainboard/purism/librem_bdw" COREBOOT_FILENAME="coreboot-l13v1.rom" COREBOOT_BIOS_SHA="$L13V1_COREBOOT_BIOS_SHA" COREBOOT_TAG="$L13V1_COREBOOT_VERSION" SKL=0 BDL_VGA_PCI_ID="8086,1616" elif [ "$machine" = "2" ]; then MACHINE_NAME="Librem 15 v2" BLOB_DIR="3rdparty/blobs/mainboard/purism/librem_bdw" COREBOOT_FILENAME="coreboot-l15v2.rom" COREBOOT_BIOS_SHA="$L15V2_COREBOOT_BIOS_SHA" COREBOOT_TAG="$L15V2_COREBOOT_VERSION" SKL=0 BDL_VGA_PCI_ID="8086,162b" elif [ "$machine" = "3" ]; then MACHINE_NAME="Librem 13 v2" BLOB_DIR="3rdparty/blobs/mainboard/purism/librem_skl" COREBOOT_FILENAME="coreboot-l13v2.rom" COREBOOT_BIOS_SHA="$L13V2_COREBOOT_BIOS_SHA" COREBOOT_TAG="$L13V2_COREBOOT_VERSION" SKL=1 elif [ "$machine" = "4" ]; then MACHINE_NAME="Librem 13 v3" BLOB_DIR="3rdparty/blobs/mainboard/purism/librem_skl" COREBOOT_FILENAME="coreboot-l13v3.rom" COREBOOT_BIOS_SHA="$L13V3_COREBOOT_BIOS_SHA" COREBOOT_TAG="$L13V3_COREBOOT_VERSION" SKL=1 elif [ "$machine" = "5" ]; then MACHINE_NAME="Librem 15 v3" BLOB_DIR="3rdparty/blobs/mainboard/purism/librem_skl" COREBOOT_FILENAME="coreboot-l15v3.rom" COREBOOT_BIOS_SHA="$L15V3_COREBOOT_BIOS_SHA" COREBOOT_TAG="$L15V3_COREBOOT_VERSION" SKL=1 elif [ "$machine" = "6" ]; then MACHINE_NAME="Librem 13 v4" BLOB_DIR="3rdparty/blobs/mainboard/purism/librem_skl" COREBOOT_FILENAME="coreboot-l13v4.rom" COREBOOT_BIOS_SHA="$L13V4_COREBOOT_BIOS_SHA" COREBOOT_TAG="$L13V4_COREBOOT_VERSION" SKL=1 KBL=1 elif [ "$machine" = "7" ]; then MACHINE_NAME="Librem 15 v4" BLOB_DIR="3rdparty/blobs/mainboard/purism/librem_skl" COREBOOT_FILENAME="coreboot-l15v4.rom" COREBOOT_BIOS_SHA="$L15V4_COREBOOT_BIOS_SHA" COREBOOT_TAG="$L15V4_COREBOOT_VERSION" SKL=1 KBL=1 else echo "Unexpected error. Unknown choice" exit 1 fi mkdir -p $BLOB_DIR clear echo "How do you want to extract binary blob files:" echo "1 - Extract from the current machine (must be same as target machine and run coreboot)" echo "2 - Extract from a pre-built coreboot image (filename must be coreboot-orig.rom)" echo "3 - Files are copied manually (copy to coreboot/$BLOB_DIR/)" echo "" echo "The following files are needed : " echo "" if [ $SKL -eq 0 ]; then echo "descriptor.bin - The Intel Descriptor - SHA256: $BDL_DESCRIPTOR_SHA" echo "me.bin - The Intel Management Engine image - File contents may vary" echo "mrc.bin - The Memory Reference Code - SHA256: $BDL_MRC_SHA" echo "refcode.elf - The PCH Reference Code - SHA256: $BDL_REFCODE_SHA" echo "vgabios.bin - The VGA BIOS - SHA256: $BDL_VBIOS_SHA" echo "cpu_microcode_blob.bin - The CPU Microcode Update - SHA256: $BDL_UCODE_SHA" echo "" else echo "descriptor.bin - The Intel Descriptor - SHA256: $SKL_DESCRIPTOR_SHA" if [ $KBL -eq 1 ]; then echo "me.bin - The Intel Management Engine image - SHA256: $KBL_ME_SHA" else echo "me.bin - The Intel Management Engine image - SHA256: $SKL_ME_SHA" fi echo "vbt.bin - The Video BIOS Table - SHA256: $SKL_VBT_SHA" echo "fspm.bin - The Intel Firmware Support Package - SHA256: $SKL_FSPM_SHA" echo "fsps.bin - The Intel Firmware Support Package - SHA256: $SKL_FSPS_SHA" if [ $KBL -eq 1 ]; then echo "vgabios.bin - The VGA BIOS - SHA256: $KBL_VBIOS_SHA" echo "cpu_microcode_blob.bin - The CPU Microcode Update - SHA256: $KBL_UCODE_SHA" else echo "vgabios.bin - The VGA BIOS - SHA256: $SKL_VBIOS_SHA" echo "cpu_microcode_blob.bin - The CPU Microcode Update - SHA256: $SKL_UCODE_SHA" fi echo "" echo "The vbt.bin, fspm.bin and fsps.bin can automatically be downloaded, the me.bin can also be" echo "downloaded, configured and patched so it will match the expected SHA256." fi blobs=0 while [ "$blobs" != "1" ] && [ "$blobs" != "2" ] && [ "$blobs" != "3" ]; do read -r -p "Enter your choice (default: 1): " blobs if [ "$blobs" = "" ]; then blobs=1 fi if [ "$blobs" != "1" ] && [ "$blobs" != "2" ] && [ "$blobs" != "3" ]; then echo "Invalid choice" fi done if [ ! -d coreboot-files ]; then git clone https://source.puri.sm/coreboot/coreboot-files.git else # For development, just symlink coreboot/coreboot-files to development dir if [ ! -L coreboot-files ]; then ( cd coreboot-files git pull ) fi fi cp coreboot-files/bootsplash.jpg . make distclean if [ "$machine" = "1" ]; then cp coreboot-files/configs/config.librem13v1 .config cp coreboot-files/bootorder-l13v1.txt bootorder.txt elif [ "$machine" = "2" ]; then cp coreboot-files/configs/config.librem15v2 .config cp coreboot-files/bootorder-l15v2.txt bootorder.txt elif [ "$machine" = "3" ]; then cp coreboot-files/configs/config.librem13v2 .config cp coreboot-files/bootorder-l13v2.txt bootorder.txt elif [ "$machine" = "4" ]; then cp coreboot-files/configs/config.librem13v3 .config cp coreboot-files/bootorder-l13v2.txt bootorder.txt elif [ "$machine" = "5" ]; then cp coreboot-files/configs/config.librem15v3 .config cp coreboot-files/bootorder-l13v2.txt bootorder.txt elif [ "$machine" = "6" ]; then cp coreboot-files/configs/config.librem13v4 .config cp coreboot-files/bootorder-l13v2.txt bootorder.txt elif [ "$machine" = "7" ]; then cp coreboot-files/configs/config.librem15v4 .config cp coreboot-files/bootorder-l13v2.txt bootorder.txt fi HAVE_SERIAL="no" if [ "$blobs" == "1" ] || [ "$blobs" == "2" ]; then if [ "$blobs" == "1" ]; then if [ ! -d flashrom ]; then git clone https://review.coreboot.org/flashrom.git fi ( cd flashrom git checkout v1.0 make CONFIG_CH341A_SPI=n ) echo "Using 'sudo flashrom' to grab the local machine's flash content" sudo ./flashrom/flashrom -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq -r ../coreboot-orig.rom fi ./util/ifdtool/ifdtool -x ../coreboot-orig.rom rm flashregion_1_bios.bin if [ $SKL -eq 0 ]; then # TODO : Make sure ME image has the right version for Broadwell (10.x) mv flashregion_2_intel_me.bin $BLOB_DIR/me.bin check_and_copy_descriptor_bdl check_and_get_url cpu_microcode_blob.bin $BDL_UCODE_URL $BDL_UCODE_SHA "Intel Microcode Update" extract_binary mrc.bin mrc.bin $BDL_MRC_SHA extract_binary "fallback/refcode" refcode.elf $BDL_REFCODE_SHA extract_binary pci${BDL_VGA_PCI_ID}.rom vgabios.bin $BDL_VBIOS_SHA else check_and_copy_descriptor_skl check_binary descriptor.bin $SKL_DESCRIPTOR_SHA get_and_patch_me_11 check_binary me.bin $ME_SHA get_and_split_fsp check_binary fspm.bin $SKL_FSPM_SHA check_binary fsps.bin $SKL_FSPS_SHA check_and_get_url vbt.bin $SKL_VBT_URL $SKL_VBT_SHA "Video BIOS Table" if [ $KBL -eq 1 ]; then check_and_get_url cpu_microcode_blob.bin $KBL_UCODE_URL $KBL_UCODE_SHA "Intel Microcode Update" extract_binary pci8086,5916.rom vgabios.bin $KBL_VBIOS_SHA else check_and_get_url cpu_microcode_blob.bin $SKL_UCODE_URL $SKL_UCODE_SHA "Intel Microcode Update" extract_binary pci8086,1916.rom vgabios.bin $SKL_VBIOS_SHA fi if [ -f $BLOB_DIR/cpu_microcode_blob.bin ]; then sha=$(sha256sum $BLOB_DIR/cpu_microcode_blob.bin | awk '{print $1}') fi ./util/cbfstool/cbfstool ../coreboot-orig.rom extract -n serial_number -f serial_number.txt &> /dev/null && HAVE_SERIAL="yes" fi else if [ $SKL -eq 0 ]; then if [ ! -f "$BLOB_DIR/me.bin" ]; then die "Binary blob file 'me.bin' does not exist" fi check_and_copy_descriptor_bdl check_binary mrc.bin $BDL_MRC_SHA check_binary refcode.elf $BDL_REFCODE_SHA check_binary vgabios.bin $BDL_VBIOS_SHA check_and_get_url cpu_microcode_blob.bin $BDL_UCODE_URL $BDL_UCODE_SHA "Intel Microcode Update" else check_and_copy_descriptor_skl check_binary descriptor.bin $SKL_DESCRIPTOR_SHA get_and_patch_me_11 check_binary me.bin $ME_SHA check_binary vbt.bin $SKL_VBT_SHA check_binary fspm.bin $SKL_FSPM_SHA check_binary fsps.bin $SKL_FSPS_SHA if [ $KBL -eq 1 ]; then check_binary vgabios.bin $KBL_VBIOS_SHA check_and_get_url cpu_microcode_blob.bin $KBL_UCODE_URL $KBL_UCODE_SHA "Intel Microcode Update" else check_binary vgabios.bin $SKL_VBIOS_SHA check_and_get_url cpu_microcode_blob.bin $SKL_UCODE_URL $SKL_UCODE_SHA "Intel Microcode Update" fi fi fi if [ $SKL -eq 1 ]; then clear echo "Which serial number do you want to set : " if [ "$HAVE_SERIAL" == "yes" ]; then COREBOOT_SERIAL_OPT="1" echo "${COREBOOT_SERIAL_OPT} - Extracted from the coreboot image ($(cat serial_number.txt))" else COREBOOT_SERIAL_OPT="0" fi DMIDECODE_SERIAL_OPT=$(( COREBOOT_SERIAL_OPT + 1)) MANUAL_SERIAL_OPT=$(( DMIDECODE_SERIAL_OPT + 1)) NO_SERIAL_OPT=$(( MANUAL_SERIAL_OPT + 1)) echo "${DMIDECODE_SERIAL_OPT} - Fetch the serial number from your local system" echo "${MANUAL_SERIAL_OPT} - Enter serial number manually" echo "${NO_SERIAL_OPT} - Do not set a serial number" echo "" serial=0 while [ "$serial" != "1" ] && [ "$serial" != "2" ] && [ "$serial" != "3" ] && [ "$serial" != "4" ]; do read -r -p "Enter your choice (default: 1): " serial if [ "$serial" = "" ]; then serial=1 fi if [ "$serial" = "0" ]; then serial="" fi if [ "$serial" != "${COREBOOT_SERIAL_OPT}" ] && [ "$serial" != "${DMIDECODE_SERIAL_OPT}" ] && \ [ "$serial" != "${MANUAL_SERIAL_OPT}" ] && [ "$serial" != "${NO_SERIAL_OPT}" ]; then echo "Invalid choice" serial=0 fi if [ "$serial" == "${DMIDECODE_SERIAL_OPT}" ] ; then echo "Using 'sudo dmidecode' to grab the local machine's serial number" DMIDECODE_SERIAL_NUMBER=$(sudo dmidecode -t 1 | grep "Serial Number" | cut -d' ' -f 3-) clear echo "Which serial number do you want to set : " if [ "$HAVE_SERIAL" == "yes" ]; then COREBOOT_SERIAL_OPT="1" echo "${COREBOOT_SERIAL_OPT} - Extracted from the coreboot image ($(cat serial_number.txt))" else COREBOOT_SERIAL_OPT="0" fi if [ "$DMIDECODE_SERIAL_NUMBER" != "" ]; then DMIDECODE_SERIAL_OPT=$(( COREBOOT_SERIAL_OPT + 1)) MANUAL_SERIAL_OPT=$(( DMIDECODE_SERIAL_OPT + 1)) echo "${DMIDECODE_SERIAL_OPT} - Extracted from your local system (${DMIDECODE_SERIAL_NUMBER})" else DMIDECODE_SERIAL_OPT=0 MANUAL_SERIAL_OPT=$(( COREBOOT_SERIAL_OPT + 1)) fi echo "${MANUAL_SERIAL_OPT} - Enter serial number manually" NO_SERIAL_OPT=$(( MANUAL_SERIAL_OPT + 1)) echo "${NO_SERIAL_OPT} - Do not set a serial number" echo "" serial=0 fi done if [ "$serial" == "${DMIDECODE_SERIAL_OPT}" ]; then echo -n "$DMIDECODE_SERIAL_NUMBER" > serial_number.txt elif [ "$serial" == "${MANUAL_SERIAL_OPT}" ]; then read -r -p "Enter the machine's serial number : " serial_number echo -n "$serial_number" > serial_number.txt elif [ "$serial" == "${NO_SERIAL_OPT}" ]; then rm -f serial_number.txt fi else rm -f serial_number.txt fi # Need to fetch origin in order to get all upstream tags # which are used when doing 'git describe' (it affects final hash) git fetch origin git fetch purism git fetch purism --tags # checkout master so we can delete the librem branch git checkout master # delete it, in case it's our first run, do || true git branch -D librem || true git checkout -b librem "$COREBOOT_TAG" # need to update submodules after the checkout git sup update_crossgcc_toolchain make clean make olddefconfig make if [ $SKL -eq 0 ]; then # Unfortunately, we need to remove and replace the microcode file manually because # coreboot just concatenates it to the old image, which makes it get ignored by the CPU ./util/cbfstool/cbfstool build/coreboot.rom remove -n cpu_microcode_blob.bin ./util/cbfstool/cbfstool build/coreboot.rom add -n cpu_microcode_blob.bin -f "$BLOB_DIR/cpu_microcode_blob.bin" \ -t microcode -r COREBOOT -a 16 fi ./util/ifdtool/ifdtool -x build/coreboot.rom sha=$(sha256sum flashregion_1_bios.bin | awk '{print $1}') if [ -f serial_number.txt ]; then ./util/cbfstool/cbfstool build/coreboot.rom add -n serial_number -t raw -f serial_number.txt -r COREBOOT fi if [ ! -d me_cleaner ]; then git clone https://github.com/corna/me_cleaner.git ( cd me_cleaner git checkout v1.2 ) else ( cd me_cleaner git fetch git fetch --tags git checkout v1.2 ) fi if [ $SKL -eq 0 ]; then python2 ./me_cleaner/me_cleaner.py -S build/coreboot.rom else python2 ./me_cleaner/me_cleaner.py -S -w "MFS" build/coreboot.rom fi cp build/coreboot.rom "../$COREBOOT_FILENAME" echo "" echo "" echo "Finished building coreboot for $MACHINE_NAME" echo "" if [ "$sha" != "$COREBOOT_BIOS_SHA" ]; then echo "WARNING: Built coreboot image hash does not match the expect reproducible build hash" echo "Built: $sha" echo "Expected: $COREBOOT_BIOS_SHA" else echo "Built coreboot image hash matches the expected reproducible build hash" flash=0 while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do read -r -p "Do you want to flash the built image now (y/N) ? " flash if [ "$flash" = "" ] || [ "$flash" == "N" ]; then flash="n" fi if [ "$flash" == "Y" ]; then flash="y" fi done if [ "$flash" == "y" ]; then echo "" echo "Coreboot flashing in progress. Do NOT interrupt this process." echo "" sudo ./flashrom/flashrom -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq -w build/coreboot.rom -V -o "../flashrom-$(date '+%Y%m%d-%H%M%S').log" 2>&1 | flashrom_progress fi fi