Commit 2b63e9ed authored by Matt Devillier's avatar Matt Devillier
Browse files

coreboot_util: add option to compile coreboot w/SeaBIOS from source



Adapted from existing build_coreboot.sh script
Signed-off-by: Matt Devillier's avatarMatt DeVillier <matt.devillier@puri.sm>
parent 6d1896fc
#!/bin/bash
# depends on : wget sha256sum gunzip
# depends on : wget sha256sum gunzip git build-essential bison flex m4 zlib1g-dev
# gnat libpci-dev libusb-dev libusb-1.0-0-dev dmidecode bsdiff python2.7 pv
#exit on error
set -e
......@@ -20,6 +21,7 @@ PLATFORM=""
LOCAL_TOOLS_PATH="./tools"
LOCAL_FIRMWARE_PATH="./firmware"
LOCAL_TEMP_DIR="$(mktemp -d)"
BLOBS_DIR="" # set after device/platform selected/set
# precompiled coreboot images
COREBOOT_SEABIOS_IMAGE_l13v1="coreboot-l13v1.rom"
......@@ -61,6 +63,51 @@ CBFSTOOL_FILE_SHA="3994cba01a51dd34388c8be89fd329f91575c12e499dfe1b81975d9fd115c
CBFSTOOL_BIN="${LOCAL_TOOLS_PATH}/cbfstool"
CBFSTOOL_BIN_SHA="73d57d88883cd4106b76fc98d1cb427d3277107c7336e1b38b3763999ba1c9b6"
# everything needed to build coreboot from source
# coreboot repo
COREBOOT_REPO_PURISM="https://source.puri.sm/coreboot/coreboot.git"
COREBOOT_REPO_TAG="4.8.1-Purism-5"
# BIOS region hashes when compiling forom source
COREBOOT_BIOS_SHA_L13V1="d92af2078c59250e9ba403891824df69d31e7b928fd472866d855835680a69de"
COREBOOT_BIOS_SHA_L15V2="1e5c8b8eb2a8791edeb509a6a567c74c156e759658e6a96c285e0dd43baa78c1"
COREBOOT_BIOS_SHA_L13V2="7a1d63ed72ef0280c166868f400e62ba2ef931a82844842dddb0eb82b5926b9e"
COREBOOT_BIOS_SHA_L13V3="ab63c94bf4baac71efb3984dc346ad0743e117109c50af268e2db6d8d9dfd857"
COREBOOT_BIOS_SHA_L15V3="4c509ba5f7cbb865ffa5402c689b5c33eff0ccad9fc30982b493fd3b32067d4b"
COREBOOT_BIOS_SHA_L13V4="55a8977b206ff8fc59db92da4ae05735be88a5d7c31af37c8b87a7b51b3b03ab"
COREBOOT_BIOS_SHA_L15V4="c54988046dd330d48a9538e1d01f9b342a891273896a634ce2fec184b81e2e98"
# locally compiled coreboot utils
CBFSTOOL_CB="./coreboot/util/cbfstool/cbfstool"
IFDTOOL_CB="./coreboot/util/ifdtool/ifdtool"
# Librem 13 v1 and Librem 15 v2 binary blob hashes
BDW_UCODE_SHA="69537c27d152ada7dce9e35bfa16e3cede81a18428d1011bd3c33ecae7afb467"
BDW_DESCRIPTOR_SHA="976209b5e2d5c19f92de770b1b619ddb38bf587cf01d8c57d70d2abd826d9e11"
BDW_ME_SHA="1e8f08c3eb31a0fdb91ec0222d4398b9192141502941a5262e9155915ffb6991"
BDW_MRC_SHA="dd05ab481e1fe0ce20ade164cf3dbef3c479592801470e6e79faa17624751343"
BDW_REFCODE_SHA="8a919ffece61ba21664b1028b0ebbfabcd727d90c1ae2f72b48152b8774323a4"
BDW_VBIOS_SHA="e1cd1b4f2bd21e036145856e2d092eb47c27cdb4b717c3b182a18d8c0b1d0f01"
# Librem 13 v2/v3 and Librem 15 v3 binary blob hashes
SKL_UCODE_SHA="9c84936df700d74612a99e6ab581640ecf423d25a0b74a1ea23a6d9872349213"
SKL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524"
SKL_ME_SHA="cf06d3eb8b24490a1ab46fd988b6cef822e5347cd6a2e92bc332cb4a376eb8bc"
SKL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d"
SKL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf"
SKL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98"
SKL_VBIOS_SHA="18d861485b86f93dad2b294cebd40b99eb03493d32b514e731ddb8dcf3a1ce83"
# Librem 13 v4 and Librem 15 v4 binary blob hashes
KBL_UCODE_SHA="a420274eecca369fcca465cc46725d61c0ae8ca2e18f201b1751faf9e081fb2e"
KBL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524"
KBL_ME_SHA="0eec2e1135193941edd39d0ec0f463e353d0c6c9068867a2f32a72b64334fb34"
KBL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d"
KBL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf"
KBL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98"
KBL_VBIOS_SHA="7181b60e119d08d5c2a265071093f6973dbea9c9f25d890a7b377059cf733a98"
# functions, functions, functions
......@@ -94,7 +141,7 @@ main_menu () {
read -ep "Press [Enter] to return to the main menu."
;;
2)
echo "This function is not yet implemented -- coming soon!"
build_coreboot
read -ep "Press [Enter] to return to the main menu."
;;
3)
......@@ -799,6 +846,248 @@ update_serial_number () {
}
check_and_get_blob () {
local filename=$1
local hash=$2
local description=$3
echo "Checking $filename"
if [ -f "${BLOBS_DIR}/$filename" ]; then
sha=$(sha256sum "${BLOBS_DIR}/$filename" | awk '{print $1}')
fi
if [ "$sha" != "$hash" ]; then
# extract from coreboot image
check_and_get_url ${LOCAL_FIRMWARE_PATH} ${COREBOOT_IMAGE_FILE} ${COREBOOT_IMAGE_URL} ${COREBOOT_IMAGE_SHA} "precompiled coreboot image"
echo "Extracting $filename"
if [ $filename = "descriptor.bin" ]; then
${IFDTOOL_CB} -x ${LOCAL_FIRMWARE_PATH}/${COREBOOT_IMAGE} >/dev/null 2>&1
mv flashregion_0_flashdescriptor.bin ${BLOBS_DIR}/descriptor.bin
echo "Extracting me.bin"
mv flashregion_2_intel_me.bin ${BLOBS_DIR}/me.bin
rm flashregion_* > /dev/null 2>&1
elif [ $filename = "me.bin" ]; then
${IFDTOOL_CB} -x ${COREBOOT_IMAGE} >/dev/null 2>&1
mv flashregion_2_intel_me.bin ${BLOBS_DIR}/me.bin
rm flashregion_* > /dev/null 2>&1
elif [ $filename = "vgabios.bin" ]; then
${CBFSTOOL_CB} ${LOCAL_FIRMWARE_PATH}/${COREBOOT_IMAGE} extract -n pci${VGA_PCI_ID}.rom -f ${BLOBS_DIR}/$filename >/dev/null 2>&1
elif [ $filename = "refcode.elf" ]; then
${CBFSTOOL_CB} ${LOCAL_FIRMWARE_PATH}/${COREBOOT_IMAGE} extract -n fallback/refcode -f ${BLOBS_DIR}/$filename -m x86 >/dev/null 2>&1
else
${CBFSTOOL_CB} ${LOCAL_FIRMWARE_PATH}/${COREBOOT_IMAGE} extract -n $filename -f ${BLOBS_DIR}/$filename >/dev/null 2>&1
fi
sha=$(sha256sum "${BLOBS_DIR}/$filename" | awk '{print $1}')
if [ "$sha" != "$hash" ]; then
die "Downloaded $description has the wrong SHA256 hash"
fi
fi
}
get_and_verify_blobs () {
# ensure target dir exists
BLOBS_DIR="./coreboot/3rdparty/blobs/mainboard/purism/librem_${PLATFORM,,}"
mkdir -p $BLOBS_DIR
# get blobs based on device platform
echo ""
echo "Checking for required firmware blobs..."
case $PLATFORM in
"BDW" )
check_and_get_blob descriptor.bin $BDW_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_and_get_blob me.bin $BDW_ME_SHA "Intel ME firmware"
check_and_get_blob mrc.bin $BDW_MRC_SHA "Memory Reference Code"
check_and_get_blob refcode.elf $BDW_REFCODE_SHA "Silicon Init Reference Code"
check_and_get_blob cpu_microcode_blob.bin $BDW_UCODE_SHA "Intel Microcode Update"
check_and_get_blob vgabios.bin $BDW_VBIOS_SHA "VGA BIOS"
;;
"SKL" )
check_and_get_blob descriptor.bin $SKL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_and_get_blob me.bin $SKL_ME_SHA "Intel ME firmware"
check_and_get_blob fspm.bin $SKL_FSPM_SHA "FSP-M"
check_and_get_blob fsps.bin $SKL_FSPS_SHA "FSP-S"
check_and_get_blob vbt.bin $SKL_VBT_SHA "Video BIOS Table"
check_and_get_blob cpu_microcode_blob.bin $SKL_UCODE_SHA "Intel Microcode Update"
check_and_get_blob vgabios.bin $SKL_VBIOS_SHA "VGA BIOS"
;;
"KBL" )
check_and_get_blob descriptor.bin $KBL_DESCRIPTOR_SHA "Intel Flash Descriptor"
check_and_get_blob me.bin $KBL_ME_SHA "Intel ME firmware"
check_and_get_blob fspm.bin $KBL_FSPM_SHA "FSP-M"
check_and_get_blob fsps.bin $KBL_FSPS_SHA "FSP-S"
check_and_get_blob vbt.bin $KBL_VBT_SHA "Video BIOS Table"
check_and_get_blob cpu_microcode_blob.bin $KBL_UCODE_SHA "Intel Microcode Update"
check_and_get_blob vgabios.bin $KBL_VBIOS_SHA "VGA BIOS"
;;
esac
echo "All blobs successfully verified"
echo ""
}
update_crossgcc_toolchain() {
# assume called from coreboot root dir
local CURRENT_TOOLCHAIN_VERSION=0
local GCC_FILE='util/crossgcc/xgcc/bin/i386-elf-gcc'
local TARGET_TOOLCHAIN_VERSION=$(grep -m 1 CROSSGCC_VERSION= util/crossgcc/buildgcc | sed -e 's/^.*="\([0-9]\+\.[0-9]\+\)".*$/\1/')
if [ -f "${GCC_FILE}" ]; then
CURRENT_TOOLCHAIN_VERSION=$(${GCC_FILE} --version | grep -m 1 'coreboot toolchain' | sed -e 's/^.*coreboot toolchain v\([0-9]\+\.[0-9]\+\).*$/\1/')
fi
if [ "${CURRENT_TOOLCHAIN_VERSION}" != "${TARGET_TOOLCHAIN_VERSION}" ]; then
echo "Coreboot toolchain version changed from ${CURRENT_TOOLCHAIN_VERSION} to ${TARGET_TOOLCHAIN_VERSION}"
echo "Cleaning crossgcc compiler before rebuilding it"
make crossgcc-clean
fi
make crossgcc-i386 CPUS=4
}
build_coreboot() {
# show device selection menu
select_device
# set firmware type to standard/seabios for now
PAYLOAD="SEABIOS"
# set some variables based on device/payload
COREBOOT_IMAGE="COREBOOT_${PAYLOAD}_IMAGE_l${LIBREM_MODEL}"
COREBOOT_IMAGE_SHA="${COREBOOT_IMAGE}_SHA"
COREBOOT_IMAGE=${!COREBOOT_IMAGE}
COREBOOT_IMAGE_SHA=${!COREBOOT_IMAGE_SHA}
COREBOOT_IMAGE_FILE="${COREBOOT_IMAGE}.gz"
COREBOOT_IMAGE_URL="${PURISM_SOURCE}/librem_${LIBREM_MODEL}/${COREBOOT_IMAGE_FILE}"
# extract / set device serial # to be injected later
get_serial
# create bootorder.txt
create_bootorder_file
# check dir, clone if needed
if [ ! -d coreboot ]; then
git clone --branch ${COREBOOT_REPO_TAG} ${COREBOOT_REPO_PURISM} coreboot
(
cd coreboot
# It can fail if you don't have a git global user.name/user.email setup
make gitconfig || true
# init/update submodules
git sup
)
fi
# check out correct branch
(
cd coreboot
git fetch 2>/dev/null
git checkout --detach ${COREBOOT_REPO_TAG} 2>/dev/null
#build cbfstool and ifdtool
(
cd util/cbfstool
make
)
(
cd util/ifdtool
make
)
)
# get/verify blobs
get_and_verify_blobs
# build coreboot
(
# set pwd
cd coreboot
# let user know this will take a few
echo "Ready to build coreboot - this will take some time depending on your connection"
echo "speed and CPU/RAM, esp if the toolchain needs to be built."
read -rp "Press [Enter] to continue " discard
# check/build toolchain
update_crossgcc_toolchain
# do a clean build
make distclean
# copy config
cp configs/config.librem${LIBREM_MODEL,,} .config
make olddefconfig
# build coreboot and payload(s)
make
# copy to root dir
cp build/coreboot.rom ../${COREBOOT_IMAGE}
)
# calculate hash of BIOS region before injecting bootorder/serial
${IFDTOOL_CB} -x ${COREBOOT_IMAGE}
bios_sha=$(sha256sum flashregion_1_bios.bin | awk '{print $1}')
rm -f flashregion*.bin
# inject bootorder
echo ""
echo "Injecting bootorder into coreboot image"
${CBFSTOOL_CB} ${COREBOOT_IMAGE} add -n bootorder -t raw -f ${LOCAL_TEMP_DIR}/bootorder.txt -r COREBOOT #>/dev/null 2>&1
# set serial
set_serial_number ${COREBOOT_IMAGE}
# print CBFS contents
${CBFSTOOL_CB} ${COREBOOT_IMAGE} print
echo ""
echo ""
echo "Finished building coreboot for Librem ${LIBREM_MODEL}"
echo ""
COREBOOT_BIOS_SHA="COREBOOT_BIOS_SHA_L${LIBREM_MODEL^^}"
COREBOOT_BIOS_SHA=${!COREBOOT_BIOS_SHA}
if [ "${bios_sha}" != "${COREBOOT_BIOS_SHA}" ]; then
echo "WARNING: Built coreboot image hash does not match expected reproducible build hash"
echo "Built: ${bios_sha}"
echo "Expected: ${COREBOOT_BIOS_SHA}"
else
echo "Built coreboot image hash matches expected reproducible build hash"
fi
# prompt to flash
echo ""
if [ ${CURRENT_FW_TYPE} != "HEADS" ]; then
flash=0
while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do
read -r -p "Do you want to flash the coreboot update now (y/N) ? " flash
if [ "$flash" = "" ] || [ "$flash" == "N" ]; then
flash="n"
fi
if [ "$flash" == "Y" ]; then
flash="y"
fi
done
if [ "$flash" == "y" ]; then
# check for / get flashrom
get_flashrom
echo ""
echo "coreboot flashing in progress. Do NOT interrupt this process."
echo ""
flash_firmware_internal ${COREBOOT_IMAGE}
if [ $? -eq 0 ]; then
echo ""
echo "You must reboot for the coreboot update to take effect."
read -r -p "Reboot now? (y/N) ? " rb
if [ "$rb" = "Y" ] || [ "$rb" == "y" ]; then
reboot
fi
fi
else
echo ""
fi
else
echo "You may now copy the coreboot update file ($COREBOOT_IMAGE) to USB for updating via Heads."
fi
}
# Start of main script
# let's do stuff
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment