CINXE.COM

Libreboot – Libreboot 20241008 released!

<!DOCTYPE html> <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <meta name="generator" content="pandoc"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes"> <!-- anti-social media tags --> <meta property="og:title" content="Libreboot – Libreboot 20241008 released!"> <meta property="og:type" content="article" /> <meta property="og:image" content="https://av.vimuser.org/bootmenu.jpg"> <meta property="og:url" content="https://libreboot.org/news/libreboot20241008.html"> <meta name="twitter:card" content="summary_large_image"> <meta property="og:description" content="Libreboot – Libreboot 20241008 released!"> <meta property="og:site_name" content="Libreboot – Libreboot 20241008 released!"> <meta name="twitter:image:alt" content="Libreboot – Libreboot 20241008 released!"> <meta name="author" content="Leah Rowe"> <meta name="dcterms.date" content="2024-10-08"> <title>Libreboot – Libreboot 20241008 released!</title> <link rel="stylesheet" href="/global.css"> <link rel="stylesheet" href=""> <link rel="alternate" type="application/rss+xml" title="RSS Feed" href="/feed.xml"/> </head> <body> <div class="page"> <header> <div class="title"> <p class="title-logo"> <img loading="lazy" class="title-logo" alt="Libreboot logo" src="/favicon.ico" /> </p> <h1 class="title">Libreboot 20241008 released!</h1> </div> <p class="author">Leah Rowe</p> <p class="date">8 October 2024</p> <ul> <li><a href="/">Home</a></li> <li><a href="/faq.html">FAQ</a></li> <li><a href="/download.html">Download</a></li> <li>-</li> <li style="font-size:1.3em;"><em><strong><a href="https://minifree.org/">Buy Libreboot preinstalled</a></strong></em></li> <li>-</li> <li><a href="/docs/install/">Install</a></li> <li><a href="/docs/">Docs</a></li> <li><a href="/news/">News</a></li> <li><a href="https://codeberg.org/libreboot/lbmk/issues">Bugs</a></li> <li><a href="/tasks/">TODO</a></li> <li><a href="/git.html">Send patch</a></li> <li><a href="/contact.html">Contact</a></li> <li>-</li> <li style="font-size:1.3em;"><em><strong><a href="https://www.patreon.com/libreleah">Donate</a></strong></em></li> </ul> <hr/> </header> <nav id="TOC"> <h1>Navigate this page:</h1> <ul> <li><a href="#introduction">Introduction</a> <ul> <li><a href="#the-build-system-is-smaller">The build system is smaller</a></li> </ul></li> <li><a href="#summarised-list-of-changes">Summarised list of changes</a> <ul> <li><a href="#board-support">Board support</a></li> <li><a href="#about-the-dell-latitude-ports">About the Dell Latitude ports</a></li> <li><a href="#about-the-playstation-bios">About the PlayStation BIOS</a></li> <li><a href="#about-the-optiplex-3050-micro-port">About the OptiPlex 3050 Micro port</a></li> <li><a href="#feature-changes">Feature changes</a></li> <li><a href="#configuration-changes">Configuration changes</a></li> <li><a href="#bug-fixes">Bug fixes</a></li> <li><a href="#general-code-cleanup">General code cleanup</a></li> </ul></li> <li><a href="#revision-updates">Revision updates</a> <ul> <li><a href="#coreboot">Coreboot</a></li> <li><a href="#u-boot">U-Boot</a></li> <li><a href="#grub">GRUB</a></li> <li><a href="#seabios">SeaBIOS</a></li> <li><a href="#flashprog">Flashprog</a></li> <li><a href="#pcsx-redux">PCSX Redux</a></li> </ul></li> <li><a href="#git-log">Git log</a></li> </ul> </nav> <div class="pagetext"> <p><a href="./">Return to index</a></p> <p>Article published by: Leah Rowe</p> <p>Date of publication: 8 October 2024</p> <p>This is a <em>testing</em> release, whereas the current stable release on this day is <em>Libreboot 20240612</em>.</p> <p><strong>IMPORTANT ADVICE: <a href="safety.html">PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING LIBREBOOT</a>.</strong></p> <div class="h"><h1 id="introduction">Introduction</h1><a aria-hidden="true" href="#introduction">[link]</a></div> <p>Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing boot firmware that initialises the hardware in your computer, to then load an operating system (e.g. Linux/BSD). It is specifically a <em>coreboot distribution</em>, in the same way that Debian is a Linux distribution. It provides an automated build system to produce coreboot ROM images with a variety of payloads such as GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy to use as possible for non-technical users. From a project management perspective, this works in <em>exactly</em> the same way as a Linux distro, providing a source-based package manager (called lbmk) which patches sources and compiles coreboot images. It makes use of <a href="https://www.coreboot.org/">coreboot</a> for hardware initialisation, and then a payload such as <a href="https://www.seabios.org/SeaBIOS">SeaBIOS</a> or <a href="https://www.gnu.org/software/grub/">GNU GRUB</a> to boot your operating system; on ARM(chromebooks), we provide <em>U-Boot</em> (as a coreboot payload).</p> <p>The changes of the recent <a href="audit6.html">6th build system audit</a> are included, in this release, and several changes have been made since then; for simplicity, this page is essentially identical to the audit 6 changelog, but with the additional changes referenced.</p> <div class="h"><h2 id="the-build-system-is-smaller">The build system is smaller</h2><a aria-hidden="true" href="#the-build-system-is-smaller">[link]</a></div> <p>The focus of audit6 was to reduce the code size, making the build system more efficient. The build system was 1482 source lines (of shell scripting) in the Libreboot 20240612 release. In <em>this</em> release, that stands at <em>1159 lines</em>, which is a 21 percent reduction. This is <em>without</em> reducing any functionality!</p> <p>Several bug fixes were also made, in addition to new board support, since the Libreboot 20240612 release.</p> <div class="h"><h1 id="summarised-list-of-changes">Summarised list of changes</h1><a aria-hidden="true" href="#summarised-list-of-changes">[link]</a></div> <p>The most interesting changes are marked in <strong>bold</strong>. “Interesting” means that the change greatly improves the usefulness/reliability of Libreboot, or that it affects the user in a profound and noticeable way.</p> <p>Changes are in order per category, from newest to oldest:</p> <div class="h"><h2 id="board-support">Board support</h2><a aria-hidden="true" href="#board-support">[link]</a></div> <p>The following boards have been added since the Libreboot 20240612 release:</p> <ul> <li><a href="../docs/install/playstation.html">Sony PlayStation</a> (PCSX Redux Open BIOS)</li> <li><a href="../docs/install/dell3050.html">Dell OptiPlex 3050 Micro</a> (courtesy of Mate Kukri) - with Boot Guard disabled!</li> <li>Dell Latitude E6220 (courtesy of Nicholas Chin)</li> <li>Dell Latitude E6320 (courtesy of Nicholas Chin)</li> <li>Dell Latitude E6330 (courtesy of Nicholas Chin)</li> <li>Dell Latitude E6230 (courtesy of Nicholas Chin. Seriously cool guy)</li> <li>Dell Latitude E4300 (courtesy of Nicholas Chin)</li> <li><a href="../docs/install/dell7010.html">Dell OptiPlex 7010/9010 SFF</a> (porting done by 3mdeb, and I added the config for it to Libreboot, based on the Dell Precision T1650 config)</li> </ul> <div class="h"><h2 id="about-the-dell-latitude-ports">About the Dell Latitude ports</h2><a aria-hidden="true" href="#about-the-dell-latitude-ports">[link]</a></div> <p>These are yet more Ivybridge (Intel 3rd gen) and Sandybridge (Intel 2nd gen) mainboards, using the same EC as on other Latitudes supported in Libreboot, so they are all internally flashable from the factory firmware.</p> <p>Installation instructions, pertaining to Dell Latitude models, can be found on the <a href="../docs/install/latitude.html">Dell Latitude page</a>.</p> <div class="h"><h2 id="about-the-playstation-bios">About the PlayStation BIOS</h2><a aria-hidden="true" href="#about-the-playstation-bios">[link]</a></div> <p>This is <em>not</em> coreboot, but it is a fully free/opensource BIOS with source code under MIT license, provided by the <a href="https://github.com/grumpycoders/pcsx-redux">PCSX-Redux project</a>. Libreboot provides a pre-build of it. More information available on Libreboot’s installation page, linked above, which also references info from PCSX Redux.</p> <p>You can use this on a real PlayStation. Although the machine was originally meant for playing proprietary games, there are free/opensource SDKs available for it, such as <a href="https://github.com/Lameguy64/PSn00bSDK">PSn00bSDK</a>, and with certain other modifications, it basically becomes a very hackable classic 90s computer, that also happens to play games. More info is on the Libreboot page about it, linked above.</p> <p>I’m currently working on a new fork of <em>DuckStation</em>, a popular PlayStation emulator that recently became proprietary software, where it was previously open source / free software. I’m forking the free version, but my fork is not ready to launch on this day; it was originally planned to launch at the same time as a Libreboot release, but I expect to have the new project ready by end of October 2024 or thereabouts. I’m planning to ship the <em>PCSX-Redux</em> BIOS by default, in the new project, which is why Libreboot has it, because I’ll reference Libreboot from that project.</p> <div class="h"><h2 id="about-the-optiplex-3050-micro-port">About the OptiPlex 3050 Micro port</h2><a aria-hidden="true" href="#about-the-optiplex-3050-micro-port">[link]</a></div> <p>Mate Kukri’s excellent <em><a href="https://review.coreboot.org/admin/repos/deguard,general">deguard</a></em> utility is automatically used at build time, to modify the ME, which has a bug on that platform allowing arbitrary execution. Using this bug, Mate was able to disable the Intel Boot Guard, on this 7th gen mainboard. Without such a hack, coreboot would have previously been impossible!</p> <p>I’ve made some fixes on top of it myself: adding HDA verb configuration, and a VBT file. Mate will incorporate these changes in the patchset, which is still currently under review. The verb patch is required for the headphone jack to work, and Nicholas Chin helped me with it.</p> <p>This is amazing work, based on years of research by others, that Mate was able to use, to so cleverly disable the Boot Guard and finally enable coreboot. He is also working on a ThinkPad T480 port, that is not yet ready on this day (the port is on Gerrit but lacks EC support at the moment).</p> <p>It may be possible to add many more Dell OptiPlex and other 7th gen (Intel Kaby Lake) mainboards to coreboot, using this hack. The <em>Boot Guard</em> is Intel DRM that normally checks a cryptographic signature on the bootblock in the machine, and that bootblock cannot be changed. Various other hacks have also been discovered in the past, such as Trammell Hudson’s <a href="https://trmm.net/TOCTOU/">TOCTOU hack</a>.</p> <p>For my part, I’m currently currently looking at the Dell OptiPlex 5050 SFF and also an MT model, which are likely feasible to port, using deguard and basing upon this 3050micro port.</p> <p>SeaBIOS currently hangs, so you can only use the GRUb payload for now. Also, boot times were considerably slow with DRAM clear on boot, so the <em>DRAM clear on boot</em> option has been disabled on this board. The TPM is also disabled, though you can enable it if you want to re-build. A lot more work will be done on this board, between now and the next stable release of Libreboot (today’s release is a testing release).</p> <p>Because of the SeaBIOS issue, an exception is made: this board executes GRUB first, directly from coreboot. The usual policy, since Libreboot 20240612, is to prefer <em>SeaGRUB</em> (SeaBIOS first, and execute GRUB from SeaBIOS).</p> <div class="h"><h2 id="feature-changes">Feature changes</h2><a aria-hidden="true" href="#feature-changes">[link]</a></div> <p>The changes are as follows:</p> <ul> <li>Relative to audit6: <code>vendor.sh</code>: When handling IFD images, on 7th gen IFD (Kaby Lake), we need to specify the following <code>ifdtool</code> option: <code>-p sklkbl</code>. This is done via the <code>target.cfg</code> files, specifying a variable named <code>IFD_platform</code>. This is used on Dell Optiplex 3050 Micro, which is required for making the <code>./mk inject</code> command work correctly (without it, checksum verification would not match what was built). This is because some IFD versions have certain quirks that ifdtool can’t automatically detect, so you have to give it hints such as this.</li> <li>Relative to audit6: <code>vendor.sh</code>: Complementing the other deguard-related change below: lbmk was modified to make a temporary copy of deguard when building for 3050 Micro. This is because the deguard utility is standalone, and did not integrate directly with lbmk, but Mate is writing another replacement utility, so deep integration with lbmk would be a waste of time. What lbmk does therefore is only remove the download feature in deguard (it downloads a vendor update and extracts ME from that, then modified it, and lbmk runs <code>me_cleaner</code>). The actual ME download is handled by lbmk, using its own logic (which also provides redundancy), and the modification itself, to disable Boot Guard, is handled by deguard.</li> <li>Relative to audit6: <code>vendor.sh</code>: Integrate Mate Kukri’s <code>deguard</code> utility. This is used to modify MEv11 images for systems that have Intel Boot Guard. A bug in MEv11, on earlier revisions, enables arbitrary code execution. Mate was able to exploit this bug, to disable the Intel Boot Guard, which is handled by the Intel ME. Currently used on the Dell OptiPlex 3050 Micro, but could be expanded to support more mainboards. (<strong>yes, you could have a libre ME firmware in the future, because of this bug! Though the Intel ME is still required, albeit it with this hack and lbmk also runs <code>me_cleaner</code></strong>)</li> <li>Relative to audit6: <code>lib.sh</code>: New <code>mk()</code> function can be used as shorthand within lbmk scripts, to build multiple projects, but does not build individual trees/targets within multi-tree projects. This is used to simplify certain parts of lbmk, such as the release build script when compiling multiple projects such as coreboot, serprog firmwares and PCSX-Redux Open BIOS.</li> <li>Relative to audit6: Support using just running <code>./mk</code>, instead of <code>./update trees</code>. This means that the following command (for example) <code>./update trees -f coreboot</code> can now be shortened to <code>./mk -f coreboot</code>. The old commands still work for now, as a matter of backwards compatibility. However, the documentation has also been updated everywhere, referring to <code>./mk</code> exclusively, for all commands! In a future release, the old commands will no longer work (this will be done as part of the next major Libreboot Build System Audit, after Audit 6).</li> <li>Relative to audit6: Use ccache automatically, when building coreboot images. This can improve the build speeds in some cases, depending on which targets are being built, and it is done by hot-patching the coreboot configs at build time, adding the option (in coreboot config) to use ccache. This means that ccache is now a hard dependency, when building images with lbmk.</li> <li><strong>Put the cache directory location in an environmental variable, named <code>XBMK_CACHE</code>.</strong> If unset, it defaults to <code>$PWD/cache</code>, where PWD is the current location that the instance of lbmk is running from, otherwise if defined, the location is used. This means that the same cached files are re-used on the lbmk copy created when running <code>./update release</code>, thus saving on a lot of internet bandwidth if the main instance already has a lot of files cached - it also means that you can re-use another cache from elsewhere, like if you have multiple clones of lbmk on your system.</li> <li>Allow using coreboot’s own build system, to build payloads. Libreboot’s build system builds and adds payloads, with coreboot configurations enabling <code>CONFIG_PAYLOAD_NONE</code> exclusively. However, advanced users may wish to use something else such as Tianocore, which Libreboot may/will not provide (with Tianocore it’s <strong>will not</strong>). Simply set <code>build_depend=""</code> in the <code>target.cfg</code> file for a given mainboard, and then enable a payload under coreboot’s menuconfig interface, or by direct modification of the defconfig file. When <code>CONFIG_PAYLOAD_NONE</code> is not set, lbmk will skip adding a payload, because it’s a given that then coreboot’s own build system would have done it. Libreboot will always enable <code>CONFIG_PAYLOAD_NONE</code> on all official targets, so this feature is only intended for power users.</li> <li><strong>Unified cache file handling</strong> for vendor files, and files defined as modules for specific projects. They are now cached within the same base directory.</li> <li><strong><code>script/trees</code>: Automatically re-download and re-build a given project, when configuration changes</strong>, on any file under specific directories in <code>config/</code> pertaining to it; this is done by concatenating the sha512sum hashes for each of those files, and then making a sha512sum hash from that. The hash is stored, and compared to the current one; if it differs, then you know something changed. This feature does not track modifications to the actual downloaded source code for a given project, because this change also tracks the <code>patches/</code> directories; direct modification (by the user) of the source is not assumed, under the lbmk model, but checking for this may be possible. For example, run the same concatenation logic on a file containing the output of commands such as <code>git describe</code> and <code>git status</code>, perhaps <code>git diff</code>. It was decided that the latter would be undesirable, because <em>developers</em> (of Libreboot, working with lbmk) may want to experiment with quick changes, before preparing patch files to go under <code>config/</code>. - the user previously had to know which files and directories to manually remove, when re-running build commands after modifying a given project within lbmk. Now it’s automatic.</li> <li><code>include/git.sh</code>: Don’t download multi-tree projects to <code>src/project/project</code>, e.g. <code>src/coreboot/coreboot</code>, when downloading the upstream repository, for later copying to the actual destination e.g. <code>src/coreboot/default</code> - instead, use the same cached location as alluded to in the two changes below. This avoids needing to delet those directories, when preparing release archives.</li> <li><code>include/git.sh</code>: Complementing the change seen below, also cache <em>files</em> universally, for vendor files and for submodules files (e.g. crossgcc files). This avoids wasting bandwidth when building for multiple coreboot trees, in cases where multiple trees share the same URLs for crossgcc tarballs.</li> <li><strong><code>include/git.sh</code>: Cache all git downloads</strong>, reset to <code>HEAD</code>, before copying to the final location; this is also done on submodules. If a cached repository exists, run <code>git pull</code> on it but without an exit under fault conditions; if a fault occurs, including when trying to reset on a copy of it, fall back to the old logic where the repository is downloaded (online) directly to the destination. This change results in substantially reduced internet bandwidth usage, especially when downloading submodules for multiple coreboot trees, in cases where those trees share common revisions.</li> <li><strong><code>script/trees</code>: Support <code>-d</code> (flag) for custom build logic</strong>; it does the same thing as <code>-b</code>, but with a variable named <code>dry</code> being set to <code>:</code>; this is prefixed on most build-related commands, and can be further prefixed as desired, in mkhelper functions. The result is that you can do <em>dry runs</em> on a given build. This is used, to provide building of coreboot utilities and downloading of vendor files, without needing specific hacks to be hardcoded in <code>script/trees</code>. The <code>./update trees -b coreboot TREE utils</code> command is no longer available; instead, do <code>./update trees -d coreboot TREE</code>; if the TREE argument is instead an actual mainboard target, it also does the vendor file download, if required. The <code>./vendor download</code> command is still available, and multiple board names can now be provided as argument, because for example, <code>./build roms x220_8mb x230_12mb</code> would run <code>./update trees -d coreboot x220_8mb x230_12mb</code>, and the trees script already supports running for multiple target names, within multi-tree projects. The result of <code>-d</code>, combined with use of mkhelper functions, permits very flexible use of the <code>trees</code> script, essentially allowing it to be extended on a plugin-type infrastructure, in any number of ways. The reason for implementing this is precisely so that project-specific hacks can be removed; the <code>trees</code> script now contains much more generalised logic, and project-specific logic was moved to mkhelper functions.</li> <li><strong><code>script/trees</code>: A <code>premake</code> variable is supported in <code>mkhelper.cfg</code></strong> files, defining a function to be executed <em>before</em> running <code>make</code>, on a given project.</li> <li><strong><code>script/trees</code>: A <code>postmake</code> variable is supported in <code>mkhelper.cfg</code></strong> and <code>target.cfg</code> files, defining a function to be executed immediately after running <code>make</code>, on a given project. This is used during coreboot builds, to add payloads on a given coreboot image. It can be used for any other purpose. More specifically: <code>postmake</code> is executed after handling the defconfig file entirely, rather than just after running <code>make</code>; the latter is handled by <code>mkhelper</code>.</li> <li><code>script/trees</code>: Support <em>build</em> dependencies, complementing the existing <em>fetch</em> dependencies. The <code>build_depend</code> variable can define which other sources need to be built, before building the current target. This is being used on coreboot targets, to manually and surgically specify which GRUB and SeaBIOS trees should be compiled, <em>per</em> coreboot target. A fallback declaration is specified in <code>config/data/coreboot/mkhelper.cfg</code>, for cases where a <code>target.cfg</code> file does not specify it. This change means that certain hardcoded <em>build dependency</em> logic was then removed, instead relying on this much more generalised <code>build_depend</code> logic.</li> <li><code>script/trees</code>: Allow global configuration on multi-tree projects, via file <code>config/data/PROJECT/mkhelper.cfg</code>, e.g. <code>config/data/coreboot/mkhelper.cfg</code>. This is loaded before <code>target.cfg</code>. That way, global configuration can be provided and then overridden.</li> <li><code>script/trees</code>: If a valid flag is passed, but without argument, a loop is now executed with that flag on every defined project, both single- and multi-tree. For example, if <code>-f</code> is passed, it will download every project. If <code>-b</code> is passed, it will build every project. When it passes over multi-tree projects, it operates on every tree within that project. This fact enabled other parts of the build system to be simplified; for example, the logic in <code>mkrelease()</code> no longer needs to implement the same kind of loop, instead simply running <code>./update trees -f</code> to download every project and tree. Similar changes have been made, on that same basis.</li> <li><code>script/trees</code>: Support use of a variable named <code>mkhelper</code>, first defined in project <code>target.cfg</code> files. This variable defines the name of a function, to be called immediately after running <code>make</code> for that project, under the <code>run_make_command()</code> function. This was initially implemented, so that GRUB’s <code>grub-mkstandalone</code> utility could be called from the <code>trees</code> script, but in a way that doesn’t hardcode such execution. This is because part of the 6th audit’s main focus is to remove project-specific hacks, generalising a lot more logic. Prior to Audit 6, the <code>trees</code> script contained a lot of hacks for specific projects, notably coreboot and GRUB, to compile them properly.</li> <li><code>script/trees</code>: Only permit one single-tree project to be built, where an argument is provided. This script previously supported building multiple single-tree projects, defined <em>by argument</em>, but it was quite error prone and there’s no clean way to otherwise do it. We don’t use the script this way, anywhere in lbmk, and users are advised the same.</li> <li><strong><code>script/roms</code>: <em>Only</em> Support SeaBIOS and Sea<em>GRUB</em>, on x86 mainboards</strong>. SeaGRUB is a configuration whereby SeaBIOS starts first, but immediately tries to load GRUB from the flash. This complements the other change, listed below. We will no longer provide configurations where GRUB is the primary payload, precisely to mitigate the same issue as described below (lbmk issue 216). If <em>GRUB</em> is enabled, on a given mainboard, SeaBIOS-only setups are not provided; only SeaGRUB is provided. You can press ESC in the SeaGRUB menu, to access other boot methods besides <em>GRUB from flash</em>, so you can use it in the same way; additionally, you can remove the <code>bootorder</code> file from CBFS if you wish, or change the bootorder file, in such a way that GRUB does not load first. For example, you might want a BSD installation, and BSD bootloaders should be loaded from SeaBIOS directly. This can be done as follows: <code>cbfstool libreboot.rom remove -n bootorder</code> - then flash it. The SeaBIOS code is much smaller and more robust than GRUB, so it’s a safe choice of primary payload, and it’s extremely unlikely that SeaBIOS would ever break.</li> <li><code>script/roms</code>: Removed support for <code>grubonly</code> SeaBIOS. This was a feature where SeaBIOS would try to load GRUB first (from CBFS), but also disable the SeaBIOS menu. We still provide SeaGRUB, but the SeaBIOS menu is always accessible now. This is to mitigate future issues similar to <a href="https://codeberg.org/libreboot/lbmk/issues/216">lbmk issue 216</a>. The Libreboot 20240612 already removed actual configs using <code>grubonly</code>, and we will no longer provide them in Libreboot, so this feature in lbmk became legacy cruft that can simply be removed. The idea is simple: <em>safety first</em>. This has implications for <a href="../docs/linux/grub_hardening.html">GRUB hardening</a>; you can insert the correct bootorder file, to once again disable SeaBIOS, but you must first verify that GRUB is stable. The GRUB hardening guide already documents how to do this.</li> <li><code>script/roms</code>: Don’t insert <code>timeout.cfg</code>. Instead, hardcode the GRUB timeout to a reasonable default (8 seconds). You can still insert your own timeout config as before, and GRUB will honour it.</li> <li><code>script/roms</code>: Insert the background image in GRUB’s memdisk, instead of coreboot’s CBFS. This reduces the amount of code, because we use it as an argument on the <code>grub-mkstandalone</code> command, and it means that the GRUB images can be used standalone in other build systems. The image is very small, so it’s OK to do it this way.</li> <li><code>script/roms</code>: Removed extra checks on <code>grub_scan_disk</code>, because we no longer allow it to be overridden, instead relying only on <code>target.cfg</code> files, which are carefully crafted per board. This setting configures the order of which types of devices Libreboot’s <code>grub.cfg</code> scans first, between device types: PCI-E/NVMe, SATA/AHCI and IDE/ATA. Mate Kukri added NVMe SSD support no GRUB, in the Libreboot 20240612 release.</li> <li><code>script/roms</code>: Removed dangerous <code>-p</code>, <code>-s</code> and <code>-d</code> options. Due to lbmk issue 216 (GRUB memory issue) in Libreboot 20240504, several safety mitigations have been made, for anti-brick purposes. These options enabled use of a custom payload and keymap, which meant that users were able to more easily create a setup affected by 216. See: <a href="https://codeberg.org/libreboot/lbmk/issues/216" class="uri">https://codeberg.org/libreboot/lbmk/issues/216</a> - this was fully mitigated, by virtue of configuration, but the issue itself is not yet fixed as of the day of today’s announcement, the one you’re reading now, so it’s still possible to create such a broken setup. Libreboot mitigates this fact, by avoiding such configurations.</li> </ul> <div class="h"><h2 id="configuration-changes">Configuration changes</h2><a aria-hidden="true" href="#configuration-changes">[link]</a></div> <p>This pertains to anything under <code>config/</code>, for any changes that are of note, but it does not pertain to <em>revisions</em> for specific projects, nor does it cover specific patches applied to projects; the latter will be covered in other sections of this release announcement.</p> <p>The changes are as follows:</p> <ul> <li>Added <code>swig</code> to the Fedora dependencies.</li> <li>Relative to auit6: Re-added SeaBIOS-only images and GRUb keymaps; in earlier changes, made during Audit 6, Libreboot only provided US QWERTY layout, and only provided SeaGRUB, but some people actually prefer to have the SeaBIOS menu first, while still being able to use GRUB (BSD users for example).</li> <li>coreboot: Set <code>postmake</code> in <code>config/data/coreboot/mkhelper.cfg</code>, defining a function that adds payloads to the coreboot image that was just built. This mkhelper config also integrates <code>include/rom.sh</code>, containing these functions. This replicates the functionality originally provided by <code>script/roms</code>.</li> <li>coreboot: Set <code>build_depend</code> on <code>target.cfg</code> files for specific mainboards. This is used to manually specify which GRUB and SeaBIOS trees should be compiled, required when compiling for a specific target, for the next stage where a payload is added to the coreboot image, because lbmk does not use coreboot’s own payload logic, instead building and adding everything itself (the coreboot configs all enable <code>CONFIG_PAYLOAD_NONE</code>). For cases where a <code>target.cfg</code> file does <em>not</em> specify <code>mkhelper</code>, a fallback default entry is dictated within <code>config/data/coreboot/mkhelper.cfg</code>.</li> <li><strong>GRUB: Only load the <code>xhci</code> module from <code>grub.cfg</code></strong>; the <code>install_modules</code> variable now defines <code>xhci</code>, instead of <code>modules</code> defining it. This means that the xHCI module is no longer automatically loaded during GRUB machine initialisation, but it’s then loaded immediately when the GRUB shell starts, and the <code>grub.cfg</code> file is first parsed, then executed. This mitigates a previous issue where booting into GRUB with a USB device connected sometimes made GRUB hang; this issue affected Libreboot 20240612, on Haswell thinkpads, and revised images (and a revised source tarball) was then issued for that release, containing the very fix described here.</li> <li>coreboot: Define <code>makeargs</code> in <code>config/data/coreboot/mkhelper.cfg</code>. It was not practical to define this, and other settings, in each <code>target.cfg</code> file due to how many targets there are, but the mkhelper feature makes this much easier. To mitigate the previous issue, the <code>trees</code> script hardcoded coreboot makeargs in a special variable, <code>cbmakeargs</code>; this variable has since been removed, because it’s no longer used.</li> <li>GRUB: Define common build options in <code>config/data/grub/mkhelper.cfg</code>, instead of repeating them in <code>target.cfg</code> files for each GRUB tree. The <code>mkhelper.cfg</code> feature was added, defined in the Features section above, which is loaded per-project on multi-tree projects, before each target file. It allows easier configuration tree-wide on multi-tree projects.</li> </ul> <div class="h"><h2 id="bug-fixes">Bug fixes</h2><a aria-hidden="true" href="#bug-fixes">[link]</a></div> <p>The changes are as follows:</p> <ul> <li>Relative to audit6: Fix error when re-downloading a cached project. In some cases, a repository had already been downloaded, and lbmk wasn’t properly checking this. Fixed now. The git download logic needs to be checked properly, and this will be done in the next major Libreboot Build System Audit, after Audit 6.</li> <li>Relative to audit6: <code>vendor.sh</code>: When determining vendor file paths based on the coreboot config, don’t load the full config. Instead, selectively grep and parse the file. Some variables in the coreboot config files use different notation than sh, which caused build errors in some cases. This change fixed a build error when compiling the target image for Dell Latitude E5520. This change applies to both <code>inject</code> and <code>download</code> commands.</li> <li>Relative to audit6: <code>lib.sh</code>: the <code>x_</code> wrapper now provides more verbose output indicating what command was being executed, when an error occurs. This is a wrapper function that used as shorthand for error management in lbmk. You prefix it to a command and lbmk returns if the command returns with non-zero status. This wrapper exists because not all parts of lbmk can feasible set <code>-e</code> or <code>-u</code> in sh. The lack of verbosity is considered to have been a bug, because it stifled any debugging effort when bugs occured in lbmk.</li> <li>Relative to audit6: The 4MB HP 8200 SFF target was using a slightly incorrect flash descriptor, where the boundary for the Platform Data region was wrongly defined. This is now fixed, which prevents bricking when you flash that setup. The board has 8MB of flash, but only the earlier 4MB part is user flashable from vendor firmware, even when setting the flash descriptor override. Internal flashing in that case means flashing a custom descriptor where the BIOS region ends at 4MB; you would then flash the full image internally, after the fact.</li> <li>Relative to audit6: Patch uefitool for musl libc. The code was making use of <code>ACCESSPERMS</code>, which is a define in BSD libc (also available in the GNU C Library) for use with chmod when setting 777 permission on files. The musl libc doesn’t have this, so the code was modified to explicitly define it in the same way, but only if not already defined. Useful for Alpine Linux users.</li> <li>Relative to audit6: Don’t dry-run <code>mkcorebootbin</code> when using the <code>-d</code> switch on the <code>trees</code> script. Dry builds in lbmk intentionally avoid running things like <code>make</code>, but still process configurations provided by lbmk. This is done, because individual projects can define their own helper functions. The variable <code>$dry</code> is set to <code>:</code> in lbmk, and can be prefixed to a command, essentially disabling it. This is set to <code>:</code> only when doing a dry build. This is used for many things, such as vendor file downloads (you can use e.g. <code>./mk -d coreboot x220_8mb</code> and it’ll just build coreboot utils and download vendorfiles for the X220, but not actually build the coreboot image). This change enables you to use <code>./mk -d coreboot TARGET</code> instead of <code>./vendor download</code> (the latter will be removed in a future release).</li> <li>Relative to audit6: In addition to the change below, the <code>badhash</code> variable is initialised to “n” by default, instead of being empty. This is a preventative bugfix, to prevent the type of bug like described below from happening again.</li> <li>Relative to audit6: Fix buggy deletion of cbutils. Projects such as this are automatically re-build when lbmk makes configuration changes. This is done, by calculating a hash of a concatenation of hashes of all project config files, and if it changes, the project builds are deleted and re-built (the source is also re-generated from cache, with all the right patches and so on). This is done with a variable called <code>badhash</code>, which was set <em>empty</em> by default. The check for builds needing deletion was being done based on whether the <code>badhash</code> variable <em>was not set to “n”</em>, which it wasn’t; it was empty! Therefore, the logic was changed such that the builds are deleted (and re-built) if the <code>badhash</code> variable is positively set to “y”, instead of <em>not “n”</em>. This prevents the coreboot utilities (such as cbfstool) from being needlessly re-built every time when performing coreboot-related operations in lbmk.</li> <li>Relative to audit6: Copy the <code>coreboot.rom</code> build to the lbmk tmpdir first, before operating on it. This is because the coreboot build system often cleans builds when you perform other operations. This prevents build errors in lbmk.</li> <li><code>script/trees</code>: Hardcode <code>makeargs</code> for crossgcc specifically, by using another variable (within that script) called <code>xgccargs</code>. This prevents the build threads being default (one thread), ensuring that we set it to the value as defined by <code>XBMK_THREADS</code>. The bug was triggered when building the U-Boot images, because U-Boot does not specify <code>CPUS=</code> on makeargs.</li> <li><strong><code>include/git.sh</code>: Re-try <code>git pull</code> three times</strong>, when updating the cache Git repository for a given project or submodule. This mitigates possible instability in the user’s internet connection, where it’s online but may otherwise experience jitter (the same issue could also occur on the internet connection hooking up whichever server lbmk is interacting with, such as the coreboot web server).</li> <li>U-Boot (patch): Courtesy of Alper Nebi Yasak, a mitigation is provided in U-Boot working around the lack of support for clock timings on eDP displays; the clock setting was removed in the devicetree, because display works without it, but with it, display breaks because drivers do not yet support it.</li> <li>U-Boot (patch): Courtesy of Alper Nebi Yasak, a fix was made that prevents breaking the build process for U-Boot, when building binman images. In lbmk, we do not use the BL31 firmware from U-Boot itself, because coreboot does this, so it’s patched out in Libreboot and we defer to coreboot’s logic.</li> <li><code>script/trees</code>: Don’t continue, when no argument is given. <code>main()</code> used to be the only funsction that runs, in this script, but now we source a config file afterward, and run the build after that. Whan a flag is provided without OPTARG, this means that we are continuing such action in error; in practise, it meant that nothing was done because the command was set by <code>mkhelpercfg</code> and <code>cmd</code>, which would be empty in this situation, but it might cause issues depending on the <code>sh</code> implementation, so this fix is pre-emptive.</li> <li><code>include/</code>: Remove <code>+x</code> permissions on these files, because they must never be executed directly; they are stubbed from <code>build</code> and <code>script/trees</code>. This is listed as a bug fix, because having executable permission on these files is a potential security issue, depending on how lbmk might be modified in the future, so it’s a pre-emptive fix.</li> <li><code>include/rom.sh</code>: Only build coreboot utilities <em>before</em> building coreboot itself. This prevents <code>coreboot.rom</code> from being wiped out, when building it, due to idiosyncrasis in coreboot’s own build system. This is a pre-emptive fix, because the issue didn’t really cause actual trouble in practise, except under certain test conditions that are unlikely in real use.</li> <li><code>include/vendor.sh</code>: Properly quote the filename, in a check for <code>ec.bin</code>, on the <code>extract_kbc1126ec()</code> function - in practise, this caused no issue, so this is a pre-emptive bug fix, but quotes are now used to prevent globbing. Overlooked in a previous audit, where anti-globbing was actually a priority in that audit.</li> <li><code>include/vendor.sh</code>: Skip serprog targets, if defined, because these are not coreboot and they are built using separate logic, but they are placed in the same directory within release archives. This prevents an exit under fault conditions, instead causing a regular exit (zero status). This was never triggered during regular builds, because of other conditions checked throughout, but some users may run the <code>inject</code> command, which this fix is for. The issue was previously fixed for <code>download</code>, but overlooked for <code>inject</code>.</li> <li><code>include/vendor.sh</code>: Don’t inject <code>/dev/null</code> into an image. In some cases, a given board may define empty option ROMs which refer to <code>/dev/null</code>. This is used during the coreboot build process, in cases where we want such images inserted, but not handled by vendor scripts. Specifically: PIKE2008 images were inserted empty, for KGPE-D16, by re-using the <em>VGA ROM</em> options in the coreboot build system. The <code>vendor.sh</code> logic also uses that same config item, which was tripping up on these boards. Simply skip insertion (in <code>vendor.sh</code>) file location is <code>/dev/null</code>. This prevents errors during the build process, in some limited cases.</li> <li><code>include/lib.sh</code>: Much stricter checks in <code>chkvars()</code>; the variable string may have been set, but otherwise empty. This function was only checking <code>+x</code> via variable expansion, which only yields negative if the variable was never declared. The intention is to check both unitialised and empty strings, per variable. This is a <em>pre-emptive</em> bug fix, because this bug did not seemingly cause any issues in practise, but a bug is still a bug.</li> <li><strong><code>include/vendor.sh</code>: Re-added the <code>modify_gbe()</code> function</strong>, seldom used but nonetheless required; it’s called when the user specifies a MAC address, during vendorfile insertion on release images. Direct use of <code>nvmutil</code> is still recommended, simply to gain an understanding of how it works; the MAC address feature in <code>vendor.sh</code> simply runs <code>nvmutil</code>.</li> <li><code>script/roms</code>: Made U-Boot be built <em>before</em> checking <code>ubootelf</code>, instead of after. The check was flawed, because if U-Boot didn’t exist, but a given build would be vzerified by the first check, the check would still fail after build, because the check works by first checking the existence of a given U-Boot build file, deferring to another and then exiting if that doesn’t exist, with error status. This is a <em>pre-emptive</em> bug fix, because this bug wasn’t triggered in practise since actual targets already used the fallback build, not the first one. Therefore, this fix is pre-emptive for future U-Boot targets in lbmk.</li> <li><code>include/lib.sh</code>: Do not exceed 80 characters on the line that checks the <code>versiondate</code> variable. Such excess is considered a bug.</li> <li><code>include/vendor.sh</code>: Rename variable <code>release</code> to <code>vrelease</code>. Also remove the <code>inject_vendorfiles()</code> function and merge into <code>vendor_download()</code>. The <code>release</code> variable is included now in some <code>target.cfg</code> files, so we want to avoid conflicting with it. This is a pre-emptive bug fix, because the bug described had not been triggered in practise, but was theoretically possible.</li> <li><code>script/trees</code>: Exit with error status if <code>target.cfg</code> not provided, on multi-tree projejcts. It was already by design that this should occur, but we previously did not support <code>target.cfg</code> files on single-tree projects. Single-tree <code>target.cfg</code> support was later added, done by making <code>target.cfg</code> optional there, but the change accidentally made it optional on multi-tree projects. In practise, all multi-tree projects included this file per target, so this is a pre-emptive bug fix on the theory that future maintainers might accidentally exclude <code>target.cfg</code> on a given tree, within a multi-tree project.</li> <li><code>build</code>: Don’t delete <code>TMPDIR</code> if it’s <code>/tmp</code>. We set it to a subdirectory under <code>/tmp</code>, and subsequent <code>mktemp</code> calls create resources under it, but it’s possible in the future that this functionality might be broken; therefore, this is a pre-emptive bug fix, on the (correct) theory that code equals bugs, and that regressions can and will occur in the future. One could say that this is a <em>safety feature</em>; it could just as easily be listed on <em>Feature changes</em>. This is more strongly a pre-emptive bug fix, as opposed to an actual feature. Upon exit from the main parent instance of lbmk, <code>TMPDIR</code> is deleted. It is set to a subdirectory of <code>/tmp</code>, precisely so that we have a unified directory location for all temporary files, which then get deleted in bulk (upon exit).</li> <li><code>script/trees</code>: Explicitly err if <code>OPTARG</code> is not set, for a given flag. We otherwise rely on <code>-e</code>, but different <code>sh</code> implementations may behave differently. Therefore, this is a emp-emptive bug fix, on the theory that execution may otherwise continue erroneously (depending on the implementation). NOTE: this is only listed for documentary reasons, but the script was later modified to <em>allow</em> a lack of argument, whereby the script would be re-called recursively on all projects with the exact same flag, while defining an argument throughout.</li> <li><code>script/trees</code>: Call err if multiple flags are provided. The script is only designed for one flag. Exit with error status if multiple flags are provided.</li> <li><code>script/trees</code>: Explicitly set <code>mode</code> for flag <code>-b</code>, rather than leaving it at the default state (empty). This is to mitigate the possibility (from later code changes) where other flags might set the string. We need the string to be empty, when the <code>-b</code> flag is used; this is a pre-emptive bug fix, fixing a bug that doesn’t actually exist, but rather, preventing such a bug later on.</li> <li><code>include/lib.sh</code>: Make the presence of a <code>projectname</code> file mandatory, with the project name inside. This prevents the theoretical issue where a project is nameless, because this file is used during the build process when naming release tarballs; theoreticaly, because in practise, lbmk would never remove this file, but the build system is designed to be as adaptable as possible.</li> <li><strong><code>script/trees</code>: If the crossgcc build fails, run it again first</strong>, before returning with error status. If the second build passes, don’t yield an error. Sometimes the crossgcc build can fail for whatever reason, but a second run will succeed. This avoids having to re-run the <em>rest</em> of lbmk, just to re-run the crossgcc build. In most cases, the first attempt passes. Coreboot’s own <code>buildgcc</code> script is quite complex, and error-prone.</li> <li><code>script/trees</code>: Don’t check if crossgcc is already built. The check was done based on whether the <code>xgcc</code> directory exists, but coreboot’s build system may have exited with error status before, having not completed all builds. The result was that subsequent runs would result in a permanently broken crossgcc build, unless the user manually intervened. Instead, lbmk always runs the crossgcc build script from coreboot; coreboot itself has a much more thorough set of checks, skipping a given build that was already performed, but the check is a bit slower, adding a few additional seconds to the build time per target. The bug that this fixes was in fact triggered, during random testing, leading to the fix.</li> <li><code>include/lib.sh</code>: Fixed error when running <code>./build dependencies</code>. The <code>e()</code> and <code>setvars()</code> functions were declared <em>after</em> the dependencies function, but are now declared before. Also: after calling <code>install_packages</code>, it was doing a return when it should have done an exit. All of this lead to certain temporary files being created; the context here was that the user would be running <code>./build dependencies</code> as root, which lead to some of those files being created as root, but lbmk exits with not-zero status when you run it as root, except when running the dependencies command. Therefore, this could create situations where the user can longer run lbmk without intervention such as changing permission on certain files. Avoid the issue entirely.</li> </ul> <div class="h"><h2 id="general-code-cleanup">General code cleanup</h2><a aria-hidden="true" href="#general-code-cleanup">[link]</a></div> <p>Extensive code cleanup has been performed, as was one of the main focuses in this release (in addition to newer hardware support):</p> <p>The changes are as follows:</p> <ul> <li><strong>Removed <code>util/autoport</code></strong>, because the Haswell support that we merged for it is now included in upstream(coreboot), so it will be included in future coreboot revisions for lbmk.</li> <li><code>script/trees</code>: Move dependency building (based on <code>build_depend</code>) to a new function, called from <code>configure_project()</code>, instead of including the logic directly within the latter.</li> <li><code>script/trees</code>: Merge <code>build_targets()</code> into <code>handle_targets()</code>.</li> <li><code>script/trees</code>: Use <code>:</code> as a prefix on certain build commands, when doing try runs (dry builds); the <code>-d</code> flag was initially implemented with a lot of if/else chains, but <code>:</code> does nothing in sh (that’s what it’s for, to do nothing), including if arguments are provided to it. This change enables much more granually disablement of certain commands, which would otherwise require many more if/else chains. This change reduced the amount of code.</li> <li><code>script/trees</code>: Remove all project-specific hacks. The coreboot-specific includes were moved to coreboot’s <code>mkhelper.cfg</code> file. Serprog and coreboot images are handled by mkhelper functions now.</li> <li><code>include/rom.sh</code>: It also provides building of serprog images. The mkhelper configuration is provided for <code>pico-serprog</code> and <code>stm32-vserprog</code>. The old <code>./build roms serprog</code> commands still work, but you are now advised to run <code>./update trees -b stm32-vserprog</code> or <code>./update trees -b pico-serprog</code>, which will now result in the same builds being provided under <code>bin/</code>.</li> <li><code>include/rom.sh</code>: New file, replacing <code>script/roms</code>. It contains the same functions, more or less, for building coreboot images. The <code>trees</code> script already produces coreboot images, and payloads were added by <code>script/roms</code>; now, those same functions (for adding payloads) are stubbed via mkhelper configuration in <code>config/data/coreboot/mkhelper.cfg</code>. The command <code>./update trees -b coreboot</code> (whether specifying additional targets, or specifying none and thus building all of them), now builds coreboot images with payloads inserted, and never leaves them on-disk without payloads; this removes an existing issue where the user might accidentally use the no-payload images, mitigated by provided a warning but still an issue regardless (for example, what if the user doesn’t understand English very well?). The old <code>./build roms</code> command is now deprecated, but still provided for backward compatibility, but you are now advised to run the trees command. The <code>bin/</code> directory is still the place where coreboot images go, but they no longer appear(without payloads) under <code>elf/</code> - only the <code>bin/</code> images are provided.</li> <li><code>script/roms</code>: Removed unnecessary calls to <code>./update trees -b</code> for payloads, because coreboot targets now specify <code>build_depend</code> which is used generically per tree, per multi-tree project, to provide such build dependencies.</li> <li><code>script/trees</code>: Rename function <code>load_target_config()</code> to <code>configure_project()</code>, because the function also now handles building to some extent (based on <code>build_depend</code>), not just mere loading of config files.</li> <li><code>include/vendor.sh</code>: Removed <code>mkdirs()</code> and merged its logic into the only calling function, <code>fetch()</code>.</li> <li><code>include/git.sh</code>: Simplified <code>git_am_patches()</code> by condensing several <code>for</code> loops together, into a single <code>for</code> loop performing each task.</li> <li><code>include/git.sh</code> and <code>script/trees</code>: Tidy up the use of global variables. Some of them were only initialised in <code>git.sh</code> but also used in the <code>trees</code> script, which means they should be initialised in the <code>trees</code> script.</li> <li><code>include/git.sh</code>: Simplified initialisation of <code>loc</code> (single code line)</li> <li><code>script/trees</code>: Simplified <code>distclean</code> directory check, by reducing the nesting of if/else statements.</li> <li><code>include/git.sh</code>: Condensed a few code lines in <code>fetch_targets()</code>.</li> <li><code>include/git.sh</code>: Shorter <code>git_prep</code> command in <code>fetch_targets()</code>.</li> <li><code>script/trees</code>: Simplified multi-tree bare repository cloning. The <code>git_prep</code> function already creates a given directory where source code goes, so we don’t need to handle it from the <code>trees</code> script.</li> <li><code>script/trees</code>: Merged <code>prepare_new_tree()</code> with <code>fetch_targets()</code>.</li> <li><code>script/trees</code>: Simplified <code>distclean</code> handling; condensed a few code lines.</li> <li><code>script/trees</code>: Further simplified <code>copy_elf()</code>; condensed a few code lines.</li> <li><code>script/trees</code>: Added explicit return to the end of <code>handle_defconfig()</code>.</li> <li><code>script/trees</code>: Renamed <code>check_config()</code> to <code>check_defconfig()</code>, for clarity.</li> <li><code>script/trees</code>: Removed variable <code>config_name</code>, because it’s only used once, so its value was instead hardcoded, without declaring a variable.</li> <li><code>script/trees</code>: Renamed variable <code>config</code> to <code>defconfig</code>, for clarity.</li> <li><code>include/git.sh</code>: Removed redundant <code>xtree</code> variable, already defined in <code>trees</code>.</li> <li><code>script/trees</code>: Removed various comments that were redundant, because the code that they covered was already simple enough that what they did was obvious.</li> <li><code>script/trees</code>: Cleaned up <code>handle_makefile()</code> a bit; condensed a few lines.</li> <li><code>script/trees</code>: Renamed <code>load_project_config()</code> to <code>load_target_config()</code>, for clarity.</li> <li><code>script/trees</code>: Download multi-tree <em>bare</em> repositories <em>before</em> given trees. When downloading multi-tree projects, revisions can be reset to <code>HEAD</code> instead of the actual revision for a given target. This occurs when the bare repository (e.g. <code>src/coreboot/coreboot</code>) does not exist and has to be fetched first. Bare repository downloading does not rely on <code>target.cfg</code>, only <code>pkg.cfg</code>, but uses the same variables, e.g. <code>rev</code>. So: instead of using a separate variable name, do the bare repository download first. This means that the <code>git.sh</code> logic can be much cleaner, in that it <em>only</em> copies the bare repository and then runs <code>git_prep</code>. The bare repository is closed directly by calling the relevant function from <code>trees</code>, which is therefore the same behaviour as when cloning single-tree projects.</li> <li><code>script/trees</code>: The <code>_setcfgarg</code> variable was removed, in function <code>load_project_config()</code> because it became disused and thus redundant.</li> <li><code>script/trees</code>: Unified multi-tree and single-tree configuration handling. The same functions that load configurations for single- and multi-tree have been merged with the one in <code>git.sh</code>, and then that was moved back into the <code>trees</code> script. Now <code>git.sh</code> only handles the actual downloading and patching of sources, but not configuration of them; the latter is handled directly within the <code>trees</code> script. The benefit of this change is that it generally allows far more flexibility; many functions that use such configuration logic can now be unified under this script, for instance using the <code>mkhelper</code> feature mentioned elsewhere on this page - and that is precisely what was later done, in further changes that are detailed above.</li> <li><code>script/trees</code>: Unified handling of source downloads. Run it from function <code>load_project_config()</code>. The logic used to be split, between single- and multi-tree projects, but now it is consistent throughout.</li> <li><code>include/git.sh</code>: Rename <code>fetch_project_trees()</code> to <code>fetch_targets()</code>.</li> <li><code>include/git.sh</code>: Rename <code>fetch_project_repo()</code> to <code>fetch_project()</code>.</li> <li><code>script/trees</code>: Add explicit return at the end of <code>check_coreboot_utils()</code>.</li> <li><code>include/vendor.sh</code>: Remove unnecessary check; we don’t need to check whether the <code>grub_install_modules</code> and <code>grub_modules</code> variables are set, because they always are, and we may want to have a setup in the future where no such modules are defined anyway, for testing purposes. Remove this check entirely. This pertains to <code>mkpayload_grub()</code>, which produces the <code>grub.elf</code> payload builds.</li> <li><code>include/vendor.sh</code>: Remove unnecessary check; we don’t need to check the existence of the option ROM in <code>extract_e6400vga()</code>, because a command comes right after it that copies it. If the file doesn’t exist, <code>cp</code> will yield error status, causing the same kind of error returned from lbmk.</li> <li><code>include/vendor.sh</code>: Condensed <code>inject()</code> a bit, by simplifying some of the if/else chains and especially the way in which they return.</li> <li><code>include/vendor.sh</code>: Simplified checks for E6400 VGA config; it was being done in a complicated for loop running <code>eval</code>, but similar functionality is already implemented in <code>chkvars()</code>, which is now used instead.</li> <li><code>include/vendor.sh</code>: Simplified the otherwise over-engineered path checks, when reading vendor paths from inside coreboot configuration files.</li> <li><code>include/vendor.sh</code>: Simplified handling of the kbc1126 utility in coreboot. We were checking whether the binary exists, but <code>make</code> already does this. We still check whether the directory exists, because not all coreboot trees contain this utility; where they don’t, but it is needed, we can always add it with a patch, but this is currently not required.</li> <li><code>include/vendor.sh</code>: Simplified utils handling in <code>bootstrap()</code>; a single for loop is now used, for all utilities, when running the <code>trees</code> script.</li> <li><code>include/vendor.sh</code>: Simplified initialisatino of the <code>_7ztest</code> variable; it is included now in the main call to <code>setvars</code>, under global variables.</li> <li><code>include/vendor.sh</code>: Condensed a few code lines in <code>detect_board()</code>.</li> <li><code>include/vendor.sh</code>: Condensed a few code lines in <code>patch_rom()</code>.</li> <li><code>include/vendor.sh</code>: Add explicit return at the end of <code>bootstrap()</code>.</li> <li><code>include/vendor.sh</code>: Renamed <code>getcfg()</code> to <code>readkconfig()</code>.</li> <li><code>include/vendor.sh</code>: Merged <code>cfgutils()</code> into <code>readcfg()</code>.</li> <li><code>include/vendor.sh</code>: Merged <code>build_dependencies_inject()</code> into <code>vendor_inject()</code>.</li> <li><code>include/vendor.sh</code>: Tidied up a few variable initialisations, and the handling of <code>cbutils</code> (coreboot utilities) in this context.</li> <li><code>include/vendor.sh</code>: Clean up GbE region handling; there were actually two separate sets of logic for handling the MAC address. It was unified, so that only <code>modify_gbe()</code> is used throughout.</li> <li><code>include/vendor.sh</code>: General code simplification. Many variables were declared separately, instead of being declared with <code>setvars</code>, and a lot of for loops were condensed.</li> <li><code>include/vendor.sh</code>: Simplified the <code>modify_gbe()</code> function. It was re-added, and the function was still using a much older coding style from before all the various lbmk audits. The function is now about half the size, while performing the same task.</li> <li>Generally tidied up a few <code>setvars</code> calls, condensing them them so that they used fewer code lines, while still observing the 80-character rule.</li> <li><code>script/roms</code>: Explicitly shift by 1 for all targets. The way this script worked, it would go through all arguments populating each one inside a single string containing them, shifting until no arguments were left. We want to make sure it is shiftedh by <em>one</em>, and make this intention clear.</li> <li><code>script/roms</code>: Add return value for the <code>list</code> command, because we want a specific return value but <code>return</code> passes the value of the previous return, if a given <code>return</code> call does not specify an argument, and there’s no way to predict what the previous value would have been. However, this is not a bug fix, pre-emptive or otherwsise, because nothing actually using this command relied in any way on its return value.</li> <li><code>include/vendor.sh</code>: Remove unnecessary checks. The trees script already checks the existing of binaries and sources, so it didn’t need to be done here.</li> <li><code>include/vendor.sh</code>: Remove unnecessary coreboot tree check. We didn’t need to download a coreboot tree, because this script also handled coreboot utilities, which in turn would download the necessary coreboot tree in the same way.</li> <li><code>include/vendor.sh</code>: Remove unnecessary <code>cbutils</code> variable check; the same check (of coreboot utilities) was already performed in <code>script/trees</code>.</li> <li><code>include/vendor.sh</code>: Remove unnecessary check; <code>mktemp</code> will never return empty output, and it was used just prior to an <code>mkdir</code> command on that output, which would subsequently return an error if the argument is empty.</li> <li><code>include/vendor.sh</code>: Condensed a few code lines in <code>check_board()</code>.</li> <li><code>include/vendor.sh</code>: Condensed some code lines handling variable initialisation.</li> <li><code>include/vendor.sh</code>: Remove unnecessary <code>cbfstool</code> variable check; the same check is also performed in <code>script/trees</code>.</li> <li><code>include/vendor.sh</code>: Simplified the <code>cbfstoolref</code> variable check; condense a few code lines. This variable refers to cbfstool from coreboot 4.13, used for extraction of the <em>refcode</em> file on HP EliteBook 820 G2, at build time.</li> <li><code>include/lib.sh</code>: Tidy up <code>err_()</code>; condense a few code lines.</li> <li><code>include/lib.sh</code>: Add explicit return to the end of <code>chkvars()</code>.</li> <li><code>include/vendor.sh</code>: Unified reading of board configs. The <code>inject</code> and <code>download</code> functions had separate logic for this, which is now implemented in a single function throughout.</li> <li><code>include/vendor.sh</code>: Simplify variable check in <code>getcfg()</code>; use <code>chkvars()</code> to check the <code>vcfg</code> and <code>tree</code> variables (exit with error status if they were not initialised).</li> <li><code>include/vendor.sh</code>: Removed unnecessary <code>cbdir</code> check. We don’t need to check it, because the <code>trees</code> script already checks it.</li> <li>Remove use of <code>_xm</code> in the build system, which was a variable containing a given prefix as set throughout, for each function. It was included in error messages, when returning from a function under fault conditions, but it was no longer used; a relic of lbmk from several audits ago.</li> <li><code>script/trees</code>: Simplify single- and multi-tree handling in <code>main()</code>. Use shorthand notation on a single line, initialising it based on single-tree and then checking that the given project is multi-tree.</li> <li><code>script/trees</code>: Rename <code>build_projects()</code> to <code>build_project()</code>. The script used to support building multiple single-tree projects, but this behaviour was buggy and unused, so it was removed. Rename the function accordingly.</li> <li><code>script/trees</code>: Set <code>btype</code> if <code>target.cfg</code> doesn’t exist; set to <code>auto</code>. The build system assumes multi-tree, if Kconfig files are used. Single-tree projects will not typically define <code>btype</code>, so just default it to <code>auto</code>.</li> <li><code>include/lib.sh</code>: Removed unused <code>cbdir</code> variable.</li> <li><code>script/roms</code>: Don’t assign <code>cbdir</code>, because it wasn’t even used here.</li> <li><code>script/trees</code>: Don’t hardcode skipping kconfig files based on whether the project is GRUB. Instead, define <code>btype</code> in project <code>target.cfg</code> files, and define this in GRUB. Some projects are multi-tree but do not use Kconfig files, and GRUB is one of them; we must avoid commands such as <code>make menuconfig</code>, doing nothing and returning with zero status explicitly, otherwise it would yield an error, which is a problem if you ran the trees script with a flag but no argument (which, as documented elsewhere in this report, was later made to operate that flag on every project in succession).</li> <li><code>include/git.sh</code>: Don’t check that a given source directory exists, because the main <code>trees</code> script already does this before running fetch commands, which are implemented in <code>git.sh</code>.</li> <li><code>build</code>: Move <code>git_err()</code> here, from <code>include/lib.sh</code>, because it’s only used in the main <code>build</code> script.</li> <li><code>include/lib.sh</code>: Simplify <code>singletree()</code>; condense a few code lines.</li> <li><code>include/lib.sh</code>: Add an explicit return to the end of <code>check_defconfig()</code>.</li> <li><code>include/lib.sh</code>: condense the <code>e()</code> function a bit (was already done before, and done again).</li> <li><code>include/lib.sh</code>: Simplified <code>TMPDIR</code> handling; remove the <code>tmpdir</code> variable and use <code>TMPDIR</code> directly. Use a new variable <code>xbmk_parent</code>, which is set to <code>y</code> only on the main instance; child instances of lbmk do not set it, signalling that <code>TMPDIR</code> should not be removed upon exit (it should only be removed upon exit from the main parent instance of lbmk, not child instances executed by it).</li> <li><code>include/lib.sh</code>: Condense if/else logic in <code>setcfg()</code>. Use shorthand notation instead, on conditional statements.</li> <li><code>include/lib.sh</code>: Condensed <code>setvars()</code> a bit.</li> <li><code>include/lib.sh</code>: Simplified lock message, when a lock file exists while trying to run lbmk.</li> <li><code>include/lib.sh</code>: Simplified reading of version files. A single for loop now initialises all of these variables with a single <code>eval</code> command inside.</li> <li><code>include/git.sh</code>, <code>include/lib.sh</code>, <code>script/roms</code> and <code>script/trees</code>: Simplify use of environmental variables. The variables themselves were being copied to other variables, of lowercase naming, but this was unnecessary. The environmental variables are now used, directly, while being properly set per each running instance of lbmk.</li> <li><code>script/roms</code>: Remove the <code>t</code> variable, which was used for temporary ROM images. The script now operates on images more directly, and this variable is no longer used (previously used for storing paths to temporary images).</li> <li><code>script/roms</code>: Simplified logic for checking U-Boot builds.</li> <li><code>script/roms</code>: Simplify initmode/displaymode loop, when building multiple coreboot images per target.</li> <li><code>script/roms</code>: Renamed a few functions and variables for code clarity.</li> <li><code>script/roms</code>: Build coreboot images earlier on in the process, to avoid duplicate work. It was built per coreboot configuration, but the logic builds all images per target, so it doesn’t make sense to run the build twice. The subsequent runs would just skip, because the images already existed.</li> <li><code>script/roms</code>: Generalised more logic, merging a lot of functions and reducing a lot of code repetition.</li> <li><code>include/lib.sh</code>: Remove <code>badcmd()</code>, because it’s bloat. This function simply write “bad command”, followed by a call to the err function. Instead, simply call err with the same string, when required.</li> <li><code>include/lib.sh</code>, <code>include/git.sh</code> and <code>include/vendor.sh</code>, <code>script/trees</code> and <code>script/roms</code>: More unified handling of project configurations. Remove the function <code>scan_config()</code>, which worked with a specially crafted format that we had for vendor files and project (source repo) configs. Instead, use flat config files. Individual <code>target.cfg</code> files for coreboot now contain a <code>vcfg</code> variable pointing to a directory, containing vendorfile config. This change resulted in a sloccount reduction of about 20, in the build system, and the new config handling is much more robust.</li> <li><code>script/trees</code>: More robust check for <code>make fetch</code>, when handling source downloads. Don’t use shorthand form; instead, use if/else chains to determine whether to skip a target after download.</li> <li><code>include/vendor.sh</code>: Minor code cleanup (condense a few code lines).</li> <li><code>include/git.sh</code>: General code cleanup in <code>fetch_submodules()</code>. Several code lines have been condensed.</li> <li><code>script/roms</code>: Merge <code>mkserprog()</code> into <code>main()</code>, because it was essentially performing the same functions, but for checking serprog targets. Unify the logic, for handling coreboot, stm32 serprog and rp2040 serprog targets.</li> <li><code>script/roms</code>: Reduced code indentation in <code>build_grub_roms()</code>.</li> <li><code>script/roms</code>: Remove <code>build_payloads()</code> and split it into smaller functions.</li> <li><code>script/roms</code>: Condense lines together that check for various payloads.</li> <li><code>script/roms</code>: Removed the <code>mt86bin</code> variable, because it’s only used once. Instead, hardcode the path to memtest86plus when building it.</li> <li><code>script/roms</code>: Merge <code>build_uboot_payload()</code> into <code>build_payloads()</code>, because both functions are very simple and do essentially the same thing.</li> <li><code>script/roms</code>: Simplified check for u-boot payload; we only need to know whether it’s enabled, not whether it’s also disabled. If set to enable other than <code>y</code>, set it to <code>n</code> blindly.</li> <li><code>script/roms</code>: Simplify the check for serprog source directories. Instead of an if/else chain, re-use variables and use a single <code>eval</code> command between the two types; serprog rp2040 and serprog stm32.</li> <li><code>script/roms</code>: Simplify the loop for building serprog images, by re-using variables more aggressively and removing the if/else chain for serprog type.</li> <li><code>script/roms</code>: Shorter variable names for serprog build logic.</li> <li><code>script/roms</code>: Simplified serprog image copy, by using a single <code>eval</code> call referencing <code>stm32src</code> or <code>rp2040src</code>, thus unifying this logic between both types of serprog build.</li> <li><code>script/roms</code>: Rename <code>picosrc</code> to <code>rp2040src</code>; this is in preparation for the next change, mentioned above.</li> <li><code>script/roms</code>: Remove confirmation dialog at the end of a serprog build, because the message was overly pedantic and something the user already knows.</li> <li><code>script/roms</code>: Merge the serprog handling into a single helper function.</li> <li><code>script/roms</code>: Renamed the <code>x</code> variable to <code>it</code> in a for loop, to avoid possible conflict with another same-named variable elsewhere in this script.</li> <li><code>script/roms</code>: Don’t call <code>x_</code> when using <code>cproms()</code>, since it never returns with non-zero status anyway.</li> <li><code>script/roms</code>: Move the U-Boot images, instead of copying. This way, we don’t have to clean up the temporary file that was used for it.</li> <li><code>script/roms</code>: Allow flexible use of <code>mv</code> or <code>cp</code> in <code>cproms()</code>.</li> <li><code>script/roms</code>, <code>include/lib.sh</code> and <code>script/trees</code>: Use a common string for setting <code>elfdir</code>, which is where builds are copied to upon completion.</li> <li><code>script/roms</code>: Merge <code>mkUbootRom()</code> into <code>build_uboot_roms()</code>.</li> <li><code>script/roms</code>: Remove unused variables in <code>mkSeabiosRom()</code>.</li> <li><code>script/roms</code>: Remove unused variables in <code>mkUbootRom()</code>.</li> <li><code>script/roms</code>: Remove unnecessary variable assignment; <code>cbcfg</code> was already properly initialised as a global variable, so this was re-used instead.</li> <li><code>script/roms</code>: Removed unnecessary check for <code>payload_uboot</code>; the <code>uboot_config</code> variable, if set, clearly indicates use of U-Boot.</li> <li><code>build</code>: Remove unused <code>linkpath</code> and <code>linkname</code> variables.</li> <li><code>script/roms</code>: Make <code>tmpcfg</code> a variable, re-used elsewhere when a temporary file needs to be written. Simply overwrite the file as required, instead of always calling <code>mktemp</code>.</li> <li><code>script/roms</code>: Simplified timeout/scandisk insertion. We don’t need to call <code>mktemp</code> every time. Just use a static temporary file and keep overwriting it, when we need to make a new configuration file inside CBFS.</li> <li><code>script/roms</code>: Simplified SeaGRUB check in <code>build_grub_roms()</code>; condensed a few code lines.</li> <li><code>script/roms</code>: Simplify <code>mkserprog()</code>; condensed several code lines and removed unused variables!</li> <li><code>script/roms</code>: Simplify the Serprog build functions; condensed several code lines and removed unused variables.</li> <li><code>script/roms</code>: Simplify U-Boot payload check (same change as below).</li> <li><code>script/roms</code>: Simplify GRUB-only check on SeaGRUB (same change as below).</li> <li><code>script/roms</code>: Simplify SeaGRUB check in <code>configure_target()</code>; condensed the if/else checks based on which payloads are configured.</li> <li><code>script/roms</code>: don’t use <code>x_()</code> to call <code>build_grub_roms()</code>, since that function never returns non-zero status anyway.</li> <li><code>script/trees</code>: Simplify <code>copy_elf()</code>; condense the <code>while</code> loop handling file copies, for copying builds to their destination paths once complete.</li> <li><code>script/trees</code>: Remove unnecessary check in <code>copy_elf()</code>; we don’t need to check whether the <code>listfile</code> string is empty, because a check comes after it as to whether the file it defines exists, and checking an empty string there will always yield a negative result, as intended.</li> <li><code>include/lib.sh</code>: Add generic <code>cbfs()</code> function, which is now used throughout lbmk when adding files to CBFS on coreboot images. This simplifies handling of CBFS in lbmk.</li> <li><code>script/roms</code>: merged handling of build targets into the main script, simplifying the loop going through them all; each helper function returns with non-zero status if the build is to cease, and the target is skipped.</li> <li><code>script/roms</code>: Simplified handling of multiple coreboot build targets, when looping through them all during the build process.</li> <li><code>include/lib.sh</code>: added a unified function <code>chkvars()</code>, now used for checking variable initialisation; if a variable is not initialised, it causes an exit with non-zero status.</li> <li><code>script/roms</code>: shorter variable names, condensed several functions.</li> </ul> <div class="h"><h1 id="revision-updates">Revision updates</h1><a aria-hidden="true" href="#revision-updates">[link]</a></div> <div class="h"><h2 id="coreboot">Coreboot</h2><a aria-hidden="true" href="#coreboot">[link]</a></div> <p>The <code>default</code> tree was updated to commit ID <code>97bc693ab</code> from 29 July 2024. Several patches were merged upstream and therefore no longer needed in lbmk.</p> <p>The <code>dell</code> tree (containing Dell Latitude E6400) was merged into <code>default</code>, with the DDR2-specific changes now only applying conditionally (RCOMP replay patch written by Angel Pons).</p> <p>Nicholas Chin’s timing fix for LVDS displays (on Latitude E6400) was also moved to the <code>default</code> tree, patching the <em>libgfxinit</em> submodule.</p> <p>The <code>haswell</code> tree (containing native raminit patches written by Angel Pons) has been rebased, and merged into the <code>default</code> coreboot tree, within lbmk.</p> <p>The <code>fam15h_udimm</code> and <code>fam15h_rdimm</code> trees have been consolidated into a single <code>fam15h</code> tree. This contains the ASUS KGPE-D16 and KCMA-D8 ports, based on coreboot’s <code>4.11_branch</code> tree, with Libreboot’s special build fixes that make it compile on modern distros, such as Debian Sid or Arch Linux.</p> <div class="h"><h2 id="u-boot">U-Boot</h2><a aria-hidden="true" href="#u-boot">[link]</a></div> <p>Alper Nebi Yasak is the maintainer of U-Boot, within Libreboot, and submitted a patch updating U-Boot to v2024.07, on the <code>gru_bob</code> and <code>gru_kevin</code> Chromebooks. Several improvements have been merged upstream, like Alper’s patches for Qemu, so these patches have been dropped in lbmk because they’re now included by default, in the new U-Boot revision.</p> <div class="h"><h2 id="grub">GRUB</h2><a aria-hidden="true" href="#grub">[link]</a></div> <p>Updated the revision to commit ID b53ec06a1 from 17 June 2024. This fixes several bugs in the LUKS implementation. Several virtual memory fixes, and numerous fixes to file system drivers in the GRUB kernel.</p> <div class="h"><h2 id="seabios">SeaBIOS</h2><a aria-hidden="true" href="#seabios">[link]</a></div> <p>Updated the revision to commit ID <code>ec0bc256</code> from 24 June 2024. This brings in only a single change:</p> <pre><code> commit ec0bc256ae0ea08a32d3e854e329cfbc141f07ad Author: Gerd Hoffmann &lt;kraxel@redhat.com&gt; Date: Mon Jun 24 10:44:09 2024 +0200 limit address space used for pci devices, part two</code></pre> <p>This fixes buggy handling for 32-bit (i686) hosts, when allocating memory for the PCI devices.</p> <div class="h"><h2 id="flashprog">Flashprog</h2><a aria-hidden="true" href="#flashprog">[link]</a></div> <p>Updated the revision to commit ID <code>639d563</code> from 2 August 2024.</p> <div class="h"><h2 id="pcsx-redux">PCSX Redux</h2><a aria-hidden="true" href="#pcsx-redux">[link]</a></div> <p>This was added git commit ID <code>6ec5348058413619b290b069adbdae68180ce8c0</code>. It is a <em>Sony PlayStation</em> emulator, but we only need one part of it: the BIOS.</p> <p>PCSX Redux provides their own fully free/opensource BIOS for playstation, mentioned elsewhere on this page. Libreboot’s build system was modified to compile <em>just</em> the BIOS part of PCSX Redux. This is used then, to provide the open BIOS image, which is compatible with every PlayStation emulator and also real PlayStations (soldering required).</p> <div class="h"><h1 id="git-log">Git log</h1><a aria-hidden="true" href="#git-log">[link]</a></div> <p>This git log covers all changes in this audit, relative to Libreboot 20240612.</p> <pre><code>* 6b40616a4 build: actually build pcsx-redux bios on release * d845791d6 rom.sh: support making pcsx-redux bios release * 09a8f2ea8 coreboot/dell3050micro: Add data.vbt file * 217aa1735 Add verb patch for Dell OptiPlex 3050 Micro * f4de640e4 rom.sh: disable seabios-as-primary if grub is main * c99dced5b dell3050micro: make GRUB the primary payload * ed8178e83 disable dram clear on dell 3050 micro * d2939231a 3050micro: disable TPM to mitagate seabios hanging * 809e1d97a fix 3050 config (./mk -u coreboot) * 44473d683 git.sh: fix error with cache re-download * c3ef0a863 Add config for Dell OptiPlex 3050 Micro * 23e64192e Add Dell OptiPlex 7010/9010 SFF support * 02e76d09c add swig to fedora dependencies * a42fe72c9 Merge pull request &#39;config/coreboot: Add Dell Latitude E4300&#39; (#236) from nic3-14159/lbmk:e4300 into master |\ | * e0e9c6ab3 config/coreboot: Add Dell Latitude E4300 |/ * ff9c250a3 Add Sony PlayStation support to Libreboot * 2b0fe39ac config/git: Import pcsx-redux * c723ce56d coreboot/default: Import mkukri&#39;s 3050 micro port * e7c0109f5 Add deguard logic for Dell OptiPlex 3050 Micro * 0266a4891 Add Mate Kukri&#39;s deguard utility * 242b79aa2 Revert &quot;vendor.sh: print extract errors to /dev/null&quot; * 72fa467cb vendor.sh: print extract errors to /dev/null * 66755f73c Merge pull request &#39;Add remaining SNB/IVB Latitude ports&#39; (#217) from nic3-14159/lbmk:latitude-ports into master |\ | * 4702e568c config/coreboot: Fix INTEL_GMA_VBT_FILE in Latitude configs | * 73484d98a config/coreboot: Add config for Dell Latitude E6230 | * f51a9dee9 config/coreboot: Add config for Dell Latitude E6330 | * 0240be183 config/coreboot: Add config for Dell Latitude E6320 | * 875e9cb25 config/coreboot: Add config for Dell Latitude E6220 |/ * 3f9d575ce coreboot/x4x: fix build error * 8ca56f96c coreboot/default: fix build issue with DDR2 fix * 3ee4cc9dd fix typo in dell latitude coreboot coreboot config * 7ab22503a vendor.sh: use readkconfig on inject too * d66f6e0d5 vendor.sh: don&#39;t load entire coreboot configs * aae8cabe7 lib.sh: more verbose error in x_ * 3a5a17937 flashprog: bump to 639d563 (2024-08-02) * c3f6dd03c seabios/default: bump to ec0bc256 (2024-06-24) * 5b353a229 grub/*: Bump to rev b53ec06a1 (2024-06-17) * 80c3f9395 coreboot/fam15h: only use this, for amd boards * 0f7c0aa1c coreboot/default: re-merge coreboot/i945 * 877f5d6ae coreboot/default: merge coreboot/haswell * a15347ef1 coreboot/dell: merge into coreboot/default * dbe24b039 coreboot/default: Update to 97bc693ab (2024-07-29) * 1b55fc790 fix hp8200sff_4mb ifd file (pd region) * 490a94d7b uefitool: Only define ACCESSPERMS on *nix * a78eaac88 uefitool: Add patch working around musl libc issue * 59894ed55 lib.sh: new function mk() to handle trees in bulk * 7fa6052de general code cleanup in the build system * 3bd290f6a rom.sh: don&#39;t dry-run mkcoreboottar * a91751a86 rom.sh: don&#39;t run mkcorebootbin on trees -d * 38b65af5b support ./mk in place of ./update trees * f5ba40200 trees: initialise badhash no n, not empty string * faefcdf3d rom.sh: fix buggy deletion of cbutils * 40dd0a7cf rom.sh: also add grub to seabios images * d070eb1fe rom.sh: copy tmprom to TMPDIR for modification * f85cb69ce rom.sh: re-add seabios-only roms and grub keymaps * 490e0186a emphasis on readme that lbmk isn&#39;t a coreboot fork * ba4278e0c include/rom.sh: use ccache when building coreboot * 31f1e4dad vendor.sh: don&#39;t use XBMK_CACHE for appdir * 2b50b3ea9 put cachedir in environmental variable * 0e0b12a63 git.sh: warn when a cached clone fails * 9b1b95576 git.sh: fix typo in git command * 82bdf2707 git.sh: fix lack of error exits on fault * 64283a1fb build: remove tmp/ on release archives * bf85246c4 trees: hardcode makeargs for xgcc * c6e6d96ce allow using coreboot&#39;s build system to add payload * 78cdc56ae trees: remove unnecessary command * e69903789 build: remove cache/ on making releases * 79f50b379 unify caching of files into cache/ * a9f9de885 unified cache file handling for vendorfile/subfile * ef867eccc git.sh: remove previous tmprepo if args&gt;5 * 4d5385a14 git.sh: try direct clone if cached git fails * 0cd52fc7f git.sh: re-try git pull three times * 0b9cd77fe trees: auto-delete+auto-rebuild if project changes * 4438368c0 trees: also remove single-tree repo/p/ * 570e3abb2 trees: remove repo/p, not src/p/p * 583502027 git.sh: don&#39;t download to src/project/project/ * 9f09728ac git.sh: cache git downloads to repo/ * f367afabc remove util/autoport * 373c2eb23 trees: move dependency building to new function * 12c3956f5 Merge pull request &#39;Update U-Boot to v2024.07&#39; (#225) from alpernebbi/lbmk:uboot-v2024.07 into master |\ | * 708fc14c6 u-boot: Fix display initialization on gru boards | * 0cc7736b4 u-boot: Avoid breaking build for U-Boot-only binman images | * 2ecec55af u-boot: Update to v2024.07 |/ * 090cf7ad5 trees: fix bad comparison in configure_project() * e37779c11 trees: don&#39;t continue if no argument given * 3263eeb6b trees: general code cleanup * 17f3e61a0 trees: merge build_targets() with handle_targets() * c0a4df688 trees: use wrapper for dry-running make commands * 459db1cc2 trees: remove project-specific hacks * e9f66ec4a remove executable permission on include/ * 91994b785 rom.sh: actually say if a cbutil exists * 97b777715 rom.sh: avoid re-building cbutils if built * 494b94799 rom.sh: only before cbutils before coreboot * 469cc64f9 trees: fix bad comparison * 5a1d2401c minor cleanup * 964617214 trees: support -d (dry run) for custom build logic * e850c06bd rom.sh: only make rom tarball if release=y * 2f3cc5d37 rom.sh: new file, to replace script/roms * 889afe168 roms: remove unnecessary trees checks * c241a3ef4 coreboot: set build_depend on target.cfg files * 6d4fb200a trees: rename load_target_config() * 87df6ae36 trees: support build dependencies, not just fetch * 23ca49bee GRUB: only load xhci from grub.cfg * 065453b72 trees: just do makeargs on coreboot, not cbmakearg * 2ab1d9949 trees: fix bad rm -Rf command (-Rf, not Rf) * d6ff009e2 roms: fix bad comparison in configure_target() * 3ee045f9a GRUB: use mkhelper.cfg for common variables * 3ef84af9f trees: allow global config on multi-tree projects * 2b49714a6 trees: handle all projects if project undefined * b7f12ade0 vendor.sh: remove mkdirs() * 0018600d6 git.sh: simpler for loop in git_am_patches() * 5882056a2 git.sh: merge for loops in git_am_patches() * 67421a21f trees and git.sh: tidy up global variables * 55dbd72aa git.sh: simplified initialisation of &quot;loc&quot; * 0cb84a8dd trees: simplified distclean directory check * 5ba0433b5 git.sh: condense fetch_targets() a bit * 4772186b1 git.sh: short git_prep command in fetch_targets() * c62dbdbe8 trees: only do bare multi-tree clone on git * 89a81a291 trees: simplified multi-tree bare repo clone * 017fd8259 git.sh: merge prepare_new_tree with fetch_targets * f937a1142 trees run_make_command: simpler distclean handling * 88f741db9 trees: condense copy_elf() a bit * d5928c9ba trees: add return to handle_defconfig() * 1a7c8acb0 trees: rename check_config to check_defconfig * ba7b3a3b2 trees: remove variable &quot;config_name&quot; * 030f1afd8 trees: rename variable &quot;config&quot; to defconfig * 739496061 git.sh: remove duplicate &quot;xtree&quot; variable * 0c4ad24b0 trees: remove unnecessary commonts * eacc41e82 trees: condense run_make_command() a bit * 563948141 trees: condense handle_makefile() a bit * 1ec9fc336 trees: mv load_project_config load_target_config * 789631ccb trees, multi: download bare project *before* trees * a5e724e51 trees: unified multi-tree configuration handling * cfc9f62ff trees: unified handling of source downloads * 7bf283520 git.sh: rename Fetch_project_trees fetch_targets * e0c244f37 git.sh: rename fetch_project_repo to fetch_project * 02f741795 trees: better skip-clean string in handle_src_tree * f7ec42d37 trees: add return to check_coreboot_utils() * 8d02adfbb trees: simplify &quot;utilmode&quot; variable initialisation * d1b7882c5 vendor.sh readcfg: split the -b coreboot command * fbe36b01a trees mkpayload_grub: remove unnecessary check * 088a79918 vendor.sh: remove unnecessary check * 8c5f78d3d vendor.sh: condense inject() a bit * 42925ce79 vendor.sh extract_kbc1126: use quote on file check * ddcc74777 vendor.sh extract_kbc1126ec: simplify build check * 7a12cd770 vendor.sh: simplify e6400 vga rom file check * 163bcfcdf vendor.sh: simplify variable checks for e6400vga * cbac2087c vendor.sh: condense fetch() a bit more * 675d2c037 vendor.sh: remove unnecessary check * 5e46b9f43 vendor.sh: simplify kbc1126 util handling * 7086b6868 vendor.sh: simplify bootstrap() utils handling * 6a05487ef vendor.sh: simplified initialisation of _7ztest * 972e61070 vendor.sh: condense detect_board() a bit * bf5acedb1 vendor.sh: condense patch_rom() a bit * 8b8cf070d vendor.sh: add return to end of bootstrap() * d85b9de2d vendor.sh: rename getcfg() to readkconfig() * 53b69f673 vendor.sh: merge cfgutils() into readcfg() * 55677d821 vendor.sh: remove build_dependencies_inject() * c76419861 vendor.sh: simplify initialisation of variables * d63da943c vendor.sh inject: skip serprog targets * c6df9666a vendor.sh: don&#39;t inject /dev/null * f7ab70f60 vendor.sh: simplify inject() * ee5bab2c9 vendor.sh: clean up GbE handling * f2d53eb84 vendor.sh: condense fetch() a bit * 85c2eb0f7 vendor.sh: general code cleanup * a8f272536 lib.sh: stricter check in chkvars() * fa5af956c vendor.sh: simplified modify_gbe handling * 155ce49b1 vendor.sh: simplify modify_gbe() * 08bce7ad3 vendor.sh: minor code cleanup * 636b86237 vendor.sh: re-add modify_gbe() * 2eb0163cc Revert &quot;vendor.sh: remove unnecessary check&quot; * 3f37c3788 tidy up some setvars lists * ed3cce84b roms: explicitly shift by 1 on the &quot;all&quot; target * 359d00bd5 roms: add return value for the list command * 3f540e756 roms: build u-boot *before* checking ubootelf * afc003068 remove more unnecessary checks on trees commands * 35c487106 vendor.sh: remove unnecessary checks * ce03786f6 vendor.sh: remove unnecessary command * e01b5c974 vendor.sh: remove unnecesessary cbutils check * 8196ce6dd vendor.sh: remove unnecessary check * 8f50131e1 vendor.sh: condense check_board() a bit * d12a68601 vendor fetch(): condense variable initialisation * 708e306e5 vendor.sh: remove unnecessary cbfstool check * 75951c469 vendor.sh: simplified cbfstoolref check * d36c07847 lib.sh: keep versiondate check to 80 characters * 40d3bb19b lib.sh: condense for loop * 5725e3c4e lib.sh: condense err_() a bit * e3546f77b lib.sh: add a return to the end of chkvars() * d0f68a0fb vendor.sh: rename release to vrelease * 473f27784 vendor.sh: unified reading of board configs * a2f4eba58 vendor.sh: simplify variable check in getcfg() * 4afcbcb64 vendor.sh: remove unnecessary cbdir check * fd037722a remove use of _xm variable in the build system * 136787185 trees: don&#39;t hardcode use of mkpayload_grub * c59fbb365 trees: simplify single/multi handling in main() * 902b98d1a trees: rename build_projects to build_project * e1e04aa80 trees: err if target.cfg not given if multi-tree * 93ff80d96 trees: set btype if target.cfg doesn&#39;t exist * 732c5908d lib.sh: remove unused cbdir variable * 119cebc4d roms: remove unnecessary assignment to cbdir * 7a15ba18c trees: avoid kconfig make commands generically * eb9c1872b git.sh: remove unnecessary check * 9aec992ff lib.sh: move git_err() to build * 6fc7cd3c1 lib.sh: condense singletree() a bit * 35d09e426 lib.sh: add a return to the end of check_defconfig * 144b3c93a trees: condense elfcheck() a bit * 7b8c2bd41 lib.sh: condense e() a bit * ffdecb0ce trees: shorten the final confirmation message * ed6acfee8 lib.sh: make elf/coreboot* a dot directory * 44fb98736 build: don&#39;t rm TMPDIR if it&#39;s /tmp * fac74cd60 lib.sh: simplified TMPDIR handling * 671893a80 lib.sh: condense setcfg() if/else logic * 19bc5845a trees: remove redundant space in printf * 9154ba5b8 trees: explicitly err if OPTARG is not set * f383b1ad7 trees: only permit one single-tree project * a64e2db58 trees: call err if multiple flags are provided * 0e97e98fe trees: explicitly set mode for -b * 7f7b640d3 roms: re-add compression of coreboot images * 1ab9189cb roms: build coreboot *after* checking variables * 2b4c6ee5c lib.sh: introduce mandatory check of projectname * c79fb125e lib.sh: condense setvars() a bit * 1387dc0ae simplified lock message * 20ac7ec67 lib.sh: simplify reading of version files * 4e48fa808 lib.sh: simplify use of environment variables * b4fb25100 roms main(): confirm what serprog images are built * 5e2308ce0 roms: remove unused variable name * 2960abd00 roms: remove redundant printf * c661eca6b roms: optimise u-boot elf check * 8af9f904c roms: simplify build_roms() * c9f26dbc9 roms: make the bin/elf message more polite * 9484eda5a roms: re-add final confirmation of targets * 2b7df7ab2 roms: rename functions for extra clarity * 6753222d0 roms: build coreboot early to avoid duplicate work * 19e7c1eab trees: try xgcc build twice if first attempt fails * 6468bdb3a trees: don&#39;t check if xgcc is already built * d5baaff0e lib.sh: fix error running ./build dependencies * 0158a0811 roms: general code cleanup * e67cd1716 roms: only support SeaBIOS/SeaGRUB on x86 * 71137b12b roms: remove support for &quot;grubonly&quot; seabios * d4d5d2902 use backticks on eval commands, not subshells * c1527b611 lib.sh: remove badcmd() * fc7ae3e59 lib.sh: more unified config handling * ad1602569 trees: more robust check to avoid &quot;make fetch&quot; * a6b1a6bdd roms: fix lack of backslash on multi-line command * 8c4a91850 vendor.sh: more cleanup * 471129684 Revert &quot;roms: remove build_payloads() and split it up&quot; * 5a4fc97c6 vendor.sh: correction (s/scancfg/scan_config) * d65e4fac1 git.sh: revert modification to for loop * bc61c39ec vendor.sh: minor code cleanup * 808458ced minor code cleanup in the build system * 4ab99d546 git.sh: general code cleanup in fetch_submodule() * cd1d84789 git.sh: reduced indentation on repo/file check * 4f6dda136 git.sh: simplified repo/backup check * 185d76f57 roms: merge mkserprog() into main() * 893e88bc8 roms: don&#39;t insert timeout.cfg * abfc799fd correction * a0da8fdef roms: reduce indentation in build_grub_roms() * 383433d4f roms: re-introduce accidentally disabled check * 3610667e3 roms: remove build_payloads() and split it up * 29a7123c0 roms: group some commands that are similar * 2d6946775 roms: remove mt86bin variable * 920e5ba2d roms: merge build_uboot_payload to build_payloads * a96c4b59f roms: simplify payload_uboot y/n check * 28682b1a4 roms: simplify the check for serprog srcdir * b61dd4c25 roms: simplify the loop for building serprog roms * 6df17860e roms: shorten variable serprog_boards_dir * ea5b5b072 roms: simplified serprog image copy * ea9bdfce4 roms: rename picosrc variable to rp2040src * 1a4f97ffd roms: remove useless confirmation in mkserprogfw * 1881d34db roms: merge serprog build into one function * f7e28964a roms: remind the user about gkb files * f928ac5c7 roms: rename x variable to it in for loop * 58a451865 roms: don&#39;t use x_ to call cproms() * bc853fbb8 roms build_uboot_roms(): move rom, don&#39;t copy * 12b26f207 roms cproms(): allow other commands besides cp * e67628c6a unify coreboot elfdir (DO_NOT_FLASH) * 8b58c1eac roms: merge mkUbootRom() into build_uboot_roms() * c3f0a109c roms: simplify mkSeabiosRom() * c8944f1ca roms: simplify mkUbootRom() * 92aa83a23 roms: simplify build_roms() * d3e788645 roms: remove unnecessary check * ef411c596 build: remove unused variables * 6dc051558 roms: further clean up build_grub_roms() * 0e9b36c58 roms: simplify timeout/scandisk insertion * 3a7b3660f roms: simplify seagrub check in build_grub_roms * 4b764d26f roms: simplify mkserprog() * 167e7447a roms: simplify the serprog build functions * 7bc9fcc34 script/roms: fix serprog build commands * 0dfe3aed9 roms: simplified ubootelf check * a9166898d roms: simplify grubonly check in configure_target * 90017cdc5 roms: simplify seagrub check in configure_target * 817004e15 roms: don&#39;t use x_ to call build_grub_roms * 0812d5321 trees: simplify copy_elf() * 331c4097f trees: remove unnecessary check in copy_elf * 340eea0b1 grub: insert background in memdisk instead * ed9c90e59 roms: unify all add-payload commands * 26451775d roms: don&#39;t add grub keymaps at all * af8296ce6 roms: merge handle_coreboot_target into main() * d1c0c3464 roms: simplify target check (whether roms built) * f626b25db roms: simplify main() again * eb9a688ee roms: remove redundant check on grub_scan_disk * a4328cb11 roms: remove dangerous runtime p/s/d options * 167e1a0fb unified checks for variable initialisation * 98724d701 lib.sh: remove the items() function * baea03c67 roms: simplify main() </code></pre> <p>This is roughly 300 changes since the last release.</p> <div id="footer"> <hr /> <ul> <li><a href="/news/policy.html">Binary Blob Reduction Policy</a></li> <li><a href="/freedom-status.html">Freedom status</a></li> <li><a href="/git.html">Edit this page</a></li> <li><a href="/who.html">Who develops Libreboot?</a></li> <li><a href="/license.html">License</a></li> <li><a href="/template-license.html">Template</a></li> <li><a href="/logo-license.html">Logo</a></li> <li><a href="/contrib.html">Authors</a></li> </ul> <hr /> </div> <p>Markdown file for this page: <a href="https://libreboot.org/news/libreboot20241008.md" class="uri">https://libreboot.org/news/libreboot20241008.md</a></p> <p><a href="/feed.xml">Subscribe to RSS for this site</a></p> <p><a href="/sitemap.html">Site map</a></p> <p>This HTML page was generated by the <a href="https://untitled.vimuser.org/">Untitled Static Site Generator</a>.</p> </div> </div> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10