emily
/
libreboot-lbmk
forked de libreboot/lbmk


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
							#!/usr/bin/env sh

# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com>
# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com>
# SPDX-FileCopyrightText: 2023 Leah Rowe <info@minifree.org>
# SPDX-License-Identifier: GPL-3.0-only

blobdir="blobs"
dl_path="${blobdir}/vendorupdate"
appdir="${blobdir}/app"
_7ztest="a"
mecleaner="$(pwd)/me_cleaner/me_cleaner.py"
me7updateparser="$(pwd)/resources/blobs/me7_update_parser.py"
board="${1}"
# A shorthand for each board, to avoid duplicating configs per flash size
board_short=${board%%_*mb}

set -- "resources/coreboot/${board}/config/*"
. ${1} 2>/dev/null
. "resources/coreboot/${board}/board.cfg"

if [ "${CONFIG_HAVE_MRC}" = "y" ]; then
	printf 'haswell board detected, downloading mrc\n'
	needs="${needs} MRC"
fi

if [ "${CONFIG_HAVE_IFD_BIN}" = "y" ]; then
	printf 'board needs intel firmware descriptor\n'
	needs="${needs} IFD"
fi

if [ "${CONFIG_HAVE_ME_BIN}" = "y" ]; then
	printf 'board needs intel management engine\n'
	needs="${needs} ME"
fi

if [ "${CONFIG_HAVE_GBE_BIN}" = "y" ]; then
	printf 'board needs gigabit ethernet firmware\n'
	needs="${needs} GBE"
fi

# Quickly exit without wasting more time if there are no blobs needed (GM45)
if [ -z ${needs+x} ]; then
	printf 'No binary blobs needed for this board\n'
	exit 0
fi

while read -r line ; do
	case ${line} in
		DL_hash*)
		set ${line}
		dl_hash=${2}
		;;
		DL_url*)
		set ${line}
		dl_url=${2}
		;;
		DL_url_bkup*)
		set ${line}
		dl_url_bkup=${2}
		;;
	esac
done << EOF
$(eval "awk ' /\{.*${board_short}.*}{/ {flag=1;next} /\}/{flag=0} flag { print }' resources/blobs/sources")
EOF

Main() {
	Build_deps
	Download_needed
}

Fail(){
	printf "\nERROR: $@\n"
	exit 1
}

Build_deps(){
	if [ ! -d me_cleaner ]; then
		printf "downloading me_cleaner\n"
		./download me_cleaner || Fail 'could not download me_cleaner'
	fi

	if [ ! -d coreboot/default ]; then
		printf "downloading coreboot\n"
		./download coreboot default || Fail 'could not download coreboot'
	fi
	
	if [ ! -f "coreboot/default/util/ifdtool/ifdtool" ]; then
		printf "building ifdtool from coreboot\n"
		make -C coreboot/default/util/ifdtool || Fail 'could not build ifdtool'
	fi
}

Download_needed(){
	for need in ${needs}; do
		case ${need} in
			*ME*)
				Download_me || _failed="${_failed} me"
				;;
			*MRC*)
				./download mrc || _failed="${_failed} mrc"
				;;
	esac
	done
	
	if [ ! -z ${_failed+x} ]; then
	Fail "failed to obtain ${_failed}\nYou may try manually extracting blobs with './blobutil extract'"
	fi
}

Download_me() {
	printf "Downloading neutered ME for board: `%s`\n" ${board}

	Fetch_update || return 1
	Extract_me || return 1

	return 0
}

Fetch_update() {
	printf "Fetching vendor update for board: `%s`\n" ${board}

	if [ -z "${dl_url+x}" ]; then
		printf "No vendor update specified for board: `%s`\n" ${board}
		return 1
	fi

	Vendor_checksum ${dl_path} || \
		curl ${dl_url} > ${dl_path} || curl ${dl_url_bkup} > ${dl_path}

	Vendor_checksum ${dl_path} || Fail \
		"Cannot guarantee intergity of vendor update for board: `${board}`"

	return 0
}

Vendor_checksum() {
	if [ ! -f "${dl_path}" ]; then
		printf "Vendor update not found on disk for board: `%s`\n" ${board}
		return 1
	fi
	if [ "$(sha1sum ${dl_path} | awk '{print $1}')" != "${dl_hash}" ]; then
		printf "Bad checksum on vendor update for board: `%s`\n" ${board}
		rm ${dl_path}
		return 1
	fi
	return 0
}

Extract_me(){
	printf "Extracting neutered ME for ${board}\n"

	_me_destination=${CONFIG_ME_BIN_PATH#../../}

	if [ ! -d "${_me_destination%/*}" ]; then
		mkdir -p ${_me_destination%/*}
	fi
	
	if [ -d "${appdir}" ]; then
		rm -r ${appdir}
	fi

	if [ -f "${_me_destination}" ]; then
		printf 'me already downloaded\n'
		return 0
	fi

	printf 'extracting and stripping intel management engine\n'
	innoextract ${dl_path} -d ${blobdir} \
		|| 7z x ${dl_path} -o${appdir} \
		|| Fail 'could not extract me executable with innoextract' 

	Bruteforce_extract_me "$(pwd)/${_me_destination}" "$(pwd)/${appdir}" \
		|| return 1

	printf "Truncated and cleaned me output to ${_me_destination}\n"
	return 0
}

# cursed, carcinogenic code. TODO rewrite it better
Bruteforce_extract_me() {
	_me_destination="${1}"
	cdir="${2}" # must be an absolute path, not relative

	if [ -f "${_me_destination}" ]; then
		return 0
	fi

	(
	printf "Entering %s\n" "${cdir}"
	cd "${cdir}" || exit 1
	for i in *; do
		if [ -f "${_me_destination}" ]; then
			# me.bin found, so avoid needless further traversal
			break
		elif [ -L "${i}" ]; then
			# symlinks are a security risk, in this context
			continue
		elif [ -f "${i}" ]; then
			"${mecleaner}" -r -t -O "${_me_destination}" "${i}" \
				&& break # (we found me.bin)
			"${me7updateparser}" -O ${_me_destination} "${i}" \
				&& break
			_7ztest="${_7ztest}a"
			7z x "${i}" -o${_7ztest} || continue
			Bruteforce_extract_me "${_me_destination}" "${cdir}/${_7ztest}"
			cdir="${1}"
			cd "${cdir}"
		elif [ -d "$i" ]; then
			Bruteforce_extract_me "${_me_destination}" "${cdir}/${i}"
			cdir="${1}"
			cd "${cdir}"
		else
			printf "SKIPPING: %s\n" "${i}"
		fi
	done
	)
	if [ ! -f "${_me_destination}" ]; then
		printf "me.bin not found in vendor update for board: `%s`\n" ${board}
		return 1
	else
		return 0
	fi
}

Main