dasharo/dts-scripts
0
0
Fork 0
mirror of https://github.com/Dasharo/dts-scripts.git synced 2026-03-06 15:01:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

Revert changes introduced by commits 4151be3824 through b240c2484981

Browse Source 
Signed-off-by: Tomasz Żyjewski <tomasz.zyjewski@3mdeb.com>
This commit is contained in:
Tomasz Żyjewski
2024-01-17 13:52:31 +01:00
parent 753b9921c5
commit 85b27dee5c
2 changed files with 95 additions and 389 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
meta-dts-distro/recipes-dts/dts/dasharo-deploy/dasharo-deploy
View File

@@ -154,24 +154,12 @@ backup() {
echo "Backing up BIOS firmware and store it locally..."
echo "Remember that firmware is also backed up in HCL report."
check_intel_regions
if [ $BOARD_HAS_FD_REGION -ne 0 ]; then
# Use safe defaults. Descriptor may contain additional regions not detected
# by flashrom and will return failure when attempted to be read. BIOS and
# Flash descriptor regions should always be readable. If not, then we have
# some ugly case, hard to deal with.
FLASHROM_ADD_OPT_READ="--ifd -i fd -i bios"
if [ $BOARD_HAS_ME_REGION -ne 0 ] && [ $BOARD_ME_REGION_LOCKED -eq 0 ]; then
# ME region is not locked, read it as well
FLASHROM_ADD_OPT_READ+=" -i me"
fi
if [ $BOARD_HAS_GBE_REGION -ne 0 ] && [ $BOARD_GBE_REGION_LOCKED -eq 0 ]; then
# GBE region is present and not locked, read it as well
FLASHROM_ADD_OPT_READ+=" -i gbe"
fi
# On MSI boards some regions may be not available so we need to use specific
# ones
if [ "$BOARD_VENDOR" == "Micro-Star International Co., Ltd." ] && [ "$SYSTEM_MODEL" == "MS-7E06" ]; then
FLASHROM_ADD_OPT_READ="--ifd -i fd -i me -i bios"
else
# No descriptor, probably safe to read everything
FLASHROM_ADD_OPT_READ=""
FLASHROM_ADD_OPT_READ=" "
fi
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r "${FW_BACKUP_DIR}"/rom.bin ${FLASHROM_ADD_OPT_READ} >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to read BIOS firmware backup"
@@ -197,23 +185,11 @@ backup() {
}
romhole_migration() {
cbfstool $BIOS_UPDATE_FILE layout -w | grep -q "ROMHOLE" || return
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/rom.bin --ifd -i bios >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to read current firmware to migrate MSI ROMHOLE"
if check_if_dasharo; then
cbfstool /tmp/rom.bin layout -w | grep -q "ROMHOLE" || return
# This one is rather unlikely to fail, but just in case print a warning
cbfstool /tmp/rom.bin read -r ROMHOLE -f /tmp/romhole.bin 2> /dev/null
if [ $? -ne 0 ]; then
print_warning "Failed to migrate MSI ROMHOLE, your platform's unique SMBIOS/DMI data may be lost"
return
fi
else
dd if=/tmp/rom.bin of=/tmp/romhole.bin skip=$((0x17C0000)) bs=128K count=1 iflag=skip_bytes > /dev/null 2>&1
fi
cbfstool "$BIOS_UPDATE_FILE" write -r ROMHOLE -f /tmp/romhole.bin -u 2> /dev/null
echo "Beginning ROM hole migration process..."
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/rom.bin ${FLASHROM_ADD_OPT_READ} >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
dd if=/tmp/rom.bin of=/tmp/romhole.bin skip=$((0x17C0000)) bs=128K count=1 iflag=skip_bytes
echo "Migrate to ROMHOLE section."
cbfstool "$BIOS_UPDATE_FILE" write -r ROMHOLE -f /tmp/romhole.bin -u
}
smbios_migration() {
@@ -279,33 +255,6 @@ resign_binary() {
fi
}
check_vboot_keys() {
if [ "$HAVE_VBOOT" -eq 0 ]; then
# If we flash whole BIOS region, no need to check if keys match
grep -q "\-\-ifd" <<< "$FLASHROM_ADD_OPT_UPDATE" && grep -q "\-i bios" <<< "$FLASHROM_ADD_OPT_UPDATE" && return
# No FMAP flashing? Also skip
grep -q "\-\-fmap" <<< "$FLASHROM_ADD_OPT_UPDATE" || return
BINARY_KEYS=$(CBFSTOOL=$(which cbfstool) futility show $BIOS_UPDATE_FILE| grep -i 'key sha1sum')
if [ $BOARD_HAS_FD_REGION -eq 0 ]; then
FLASHROM_ADD_OPT_READ=""
else
FLASHROM_ADD_OPT_READ="--ifd -i bios"
fi
echo "Checking vboot keys."
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_READ} -r /tmp/bios.bin > /dev/null 2>/dev/null
if [ $? -eq 0 ] && [ -f "/tmp/bios.bin" ]; then
FLASH_KEYS=$(CBFSTOOL=$(which cbfstool) futility show /tmp/bios.bin | grep -i 'key sha1sum')
diff <(echo "$BINARY_KEYS") <(echo "$FLASH_KEYS") > /dev/null 2>&1
# If keys are different we must additionally flash at least GBB region as well
if [ $? -ne 0 ]; then
FLASHROM_ADD_OPT_UPDATE+=" -i GBB"
fi
fi
fi
}
blob_transmission() {
echo "Extracting the UEFI image from BIOS update"
wget -O "$DBT_BIOS_UPDATE_FILENAME" --user-agent='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)' "$DBT_BIOS_UPDATE_URL" >> $ERR_LOG_FILE 2>&1
@@ -371,11 +320,6 @@ install() {
check_flash_lock
verify_artifacts bios
check_intel_regions
check_blobs_in_binary $BIOS_UPDATE_FILE
check_if_me_disabled
set_intel_regions_update_params "-N --ifd -i bios"
if [ "$HAVE_EC" = "true" ]; then
echo "Checking for Open Source Embedded Controller firmware"
dasharo_ectool info >> $ERR_LOG_FILE 2>&1
@@ -412,7 +356,7 @@ install() {
fi
echo "Installing Dasharo firmware..."
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_DEPLOY} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to install Dasharo firmware"
print_green "Successfully installed Dasharo firmware"
@@ -525,60 +469,10 @@ update() {
bootsplash_migration
fi
cbfstool "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE"
grep -q "CONFIG_VBOOT=y" "$BIOS_UPDATE_CONFIG_FILE"
HAVE_VBOOT="$?"
check_intel_regions
check_blobs_in_binary $BIOS_UPDATE_FILE
check_if_me_disabled
set_flashrom_update_params $BIOS_UPDATE_FILE
set_intel_regions_update_params "-N --ifd"
check_vboot_keys
echo "Updating Dasharo firmware..."
print_warning "This may take several minutes. Please be patient and do not reset your computer, or touch the keyboard!"
# FLASHROM_ADD_OPT_UPDATE_OVERRIDE takes priority over auto-detected update params.
# It set only by platform-specific and firmware version-specific conditions
if [ -v FLASHROM_ADD_OPT_UPDATE_OVERRIDE ]; then
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE_OVERRIDE} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to update Dasharo firmware"
else
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to update Dasharo firmware"
if [ $BINARY_HAS_RW_B -eq 0 ]; then
echo "Updating second firmware partition..."
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} --fmap -N -i RW_SECTION_B -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to update second firmware partition"
fi
fi
# We use FLASHROM_ADD_OPT_REGIONS for updating ME and IFD.
# If FLASHROM_ADD_OPT_REGIONS remains the same after
# set_intel_regions_update_params or is cleared, it means
# we either cannot update any region, or were not allowed to,
# or platform has no descriptor.
if [ "$FLASHROM_ADD_OPT_REGIONS" != "-N --ifd" ] && [ "$FLASHROM_ADD_OPT_REGIONS" != "" ]; then
UPDATE_STRING=""
grep -q "\-i fd" <<< "$FLASHROM_ADD_OPT_REGIONS"
UPDATE_IFD=$?
grep -q "\-i me" <<< "$FLASHROM_ADD_OPT_REGIONS"
UPDATE_ME=$?
if [ $UPDATE_IFD -eq 0 ]; then
UPDATE_STRING+="Flash Descriptor"
if [ $UPDATE_ME -eq 0 ]; then
UPDATE_STRING+=" and "
fi
fi
if [ $UPDATE_ME -eq 0 ]; then
UPDATE_STRING+="Managment Engine"
fi
echo "Updating $UPDATE_STRING"
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to update $UPDATE_STRING"
fi
print_warning "This will take around 3 minutes. Please be patient and do not reset your computer, or touch the keyboard!"
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to update Dasharo firmware"
if [ "$HAVE_EC" = "true" ]; then
echo "Dasharo EC update process will start in a moment."
@@ -652,29 +546,22 @@ restore() {
tar -zxf "$HCL_REPORT_PACKAGE" -C /tmp
echo "Restoring BIOS firmware..."
if [ -f "/tmp/logs/rom.bin" ]; then
# Write to entire flash when restoring, ask if user want to restore
print_green "Found $HCL_REPORT_PACKAGE"
read -p "Do you want to restore firmware from the given HCL report? [N/y] "
case ${REPLY} in
yes|y|Y|Yes|YES)
# Ideally we would like to write the entire flash when restoring,
# but in reality we may face locked or unaccessible regions.
# To be on the safe side, flash whatever can be flashed by determining
# what is writable.
check_flash_lock
check_intel_regions
check_blobs_in_binary /tmp/logs/rom.bin
check_if_me_disabled
set_intel_regions_update_params "-N --ifd -i bios"
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "/tmp/logs/rom.bin" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to restore BIOS firmware! You can try one more time."
print_green "Successfully restored firmware"
echo "Returning to main menu..."
exit 0
;;
check_flash_lock
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -w "/tmp/logs/rom.bin" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to restore BIOS firmware! You can try one more time."
print_green "Successfully restored firmware"
echo "Returning to main menu..."
exit 0
;;
*)
echo "Returning to main menu..."
exit 0
;;
echo "Returning to main menu..."
exit 0
;;
esac
else
print_error "Report does not have firmware backup!"
@@ -696,16 +583,9 @@ restore() {
tar -zxf "$HCL_REPORT_PACKAGE" -C /tmp
echo "Restoring BIOS firmware..."
if [ -f "/tmp/logs/rom.bin" ]; then
# Ideally we would like to write the entire flash when restoring,
# but in reality we may face locked or unaccessible regions.
# To be on the safe side, flash whatever can be flashed by determining
# what is writable.
# Write to entire flash when restoring
check_flash_lock
check_intel_regions
check_blobs_in_binary /tmp/logs/rom.bin
check_if_me_disabled
set_intel_regions_update_params "-N --ifd -i bios"
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "/tmp/logs/rom.bin" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -w "/tmp/logs/rom.bin" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE
error_check "Failed to restore BIOS firmware! You can try one more time."
print_green "Successfully restored firmware"
else

310
meta-dts-distro/recipes-dts/dts/dts/dts-functions.sh
View File

@@ -178,23 +178,23 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC="ite_ec"
FLASHROM_ADD_OPT_DEPLOY="--ifd -i bios"
if check_if_dasharo; then
# if v1.5.1 or older, flash the whole bios region
# TODO: Let DTS determine which parameters are suitable.
# FIXME: Can we ever get rid of that? We change so much in each release,
# that we almost always need to flash whole BIOS regions
# because of non-backward compatbile or breaking changes.
compare_versions $DASHARO_VERSION 1.5.2
if [ $? -eq 1 ]; then
# For Dasharo version lesser than 1.5.2
NEED_BOOTSPLASH_MIGRATION="true"
FLASHROM_ADD_OPT_UPDATE_OVERRIDE="--ifd -i bios"
FLASHROM_ADD_OPT_UPDATE="--ifd -i bios"
else
# For Dasharo version greater or equal 1.5.2
FLASHROM_ADD_OPT_UPDATE="--fmap -i RW_SECTION_A"
fi
fi
;;
"NS50_70MU")
DASHARO_REL_NAME="novacustom_ns5x_tgl"
DASHARO_REL_VER="1.5.2"
DASHARO_REL_VER="1.5.1"
BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom"
EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom"
HAVE_EC="true"
@@ -211,17 +211,17 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC="ite_ec"
FLASHROM_ADD_OPT_DEPLOY="--ifd -i bios"
if check_if_dasharo; then
# if v1.5.1 or older, flash the whole bios region
# TODO: Let DTS determine which parameters are suitable.
# FIXME: Can we ever get rid of that? We change so much in each release,
# that we almost always need to flash whole BIOS regions
# because of non-backward compatbile or breaking changes.
compare_versions $DASHARO_VERSION 1.5.2
# if v1.5.0 or older, flash the whole bios region
compare_versions $DASHARO_VERSION 1.5.1
if [ $? -eq 1 ]; then
# For Dasharo version lesser than 1.5.2
# For Dasharo version lesser than 1.5.1
NEED_BOOTSPLASH_MIGRATION="true"
FLASHROM_ADD_OPT_UPDATE_OVERRIDE="--ifd -i bios"
FLASHROM_ADD_OPT_UPDATE="--ifd -i bios"
else
# For Dasharo version greater or equal 1.5.1
FLASHROM_ADD_OPT_UPDATE="--fmap -i RW_SECTION_A"
fi
fi
;;
@@ -243,17 +243,17 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC="ite_ec"
FLASHROM_ADD_OPT_DEPLOY="--ifd -i bios"
if check_if_dasharo; then
# if v1.7.2 or older, flash the whole bios region
# TODO: Let DTS determine which parameters are suitable.
# FIXME: Can we ever get rid of that? We change so much in each release,
# that we almost always need to flash whole BIOS regions
# because of non-backward compatbile or breaking changes.
# if v1.7.1 or older, flash the whole bios region
compare_versions $DASHARO_VERSION 1.7.2
if [ $? -eq 1 ]; then
# For Dasharo version lesser than 1.7.2
NEED_BOOTSPLASH_MIGRATION="true"
FLASHROM_ADD_OPT_UPDATE_OVERRIDE="--ifd -i bios"
FLASHROM_ADD_OPT_UPDATE="--ifd -i bios"
else
# For Dasharo version greater or equal 1.7.2
FLASHROM_ADD_OPT_UPDATE="--fmap -i RW_SECTION_A"
fi
fi
;;
@@ -276,17 +276,17 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC="ite_ec"
FLASHROM_ADD_OPT_DEPLOY="--ifd -i bios"
if check_if_dasharo; then
# if v1.7.2 or older, flash the whole bios region
# TODO: Let DTS determine which parameters are suitable.
# FIXME: Can we ever get rid of that? We change so much in each release,
# that we almost always need to flash whole BIOS regions
# because of non-backward compatbile or breaking changes.
# if v1.7.1 or older, flash the whole bios region
compare_versions $DASHARO_VERSION 1.7.2
if [ $? -eq 1 ]; then
# For Dasharo version lesser than 1.7.2
NEED_BOOTSPLASH_MIGRATION="true"
FLASHROM_ADD_OPT_UPDATE_OVERRIDE="--ifd -i bios"
FLASHROM_ADD_OPT_UPDATE="--ifd -i bios"
else
# For Dasharo version greater or equal 1.7.2
FLASHROM_ADD_OPT_UPDATE="--fmap -i RW_SECTION_A"
fi
fi
;;
@@ -302,7 +302,7 @@ board_config() {
"PRO Z690-A WIFI DDR4(MS-7D25)" | "PRO Z690-A DDR4(MS-7D25)")
DASHARO_REL_NAME="msi_ms7d25"
DASHARO_REL_VER="1.1.1"
DASHARO_REL_VER_DES="1.1.3"
DASHARO_REL_VER_DES="1.1.2"
BIOS_LINK_COMM="${FW_STORE_URL}/${DASHARO_REL_NAME}/v${DASHARO_REL_VER}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr4.rom"
BIOS_LINK_DES="${FW_STORE_URL_DES}/MS-7D25/v${DASHARO_REL_VER_DES}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DES}_ddr4.rom"
HAVE_EC="false"
@@ -318,12 +318,25 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC=""
NEED_ROMHOLE_MIGRATION="true"
FLASHROM_ADD_OPT_DEPLOY="--ifd -i bios"
if check_if_dasharo; then
# if v1.1.1 or older, flash the whole bios region, as per:
# https://docs.dasharo.com/variants/msi_z690/firmware-update/#version-older-than-v110
compare_versions $DASHARO_VERSION 1.1.2
if [ $? -eq 1 ]; then
# For Dasharo version lesser than 1.1.2
NEED_BOOTSPLASH_MIGRATION="true"
FLASHROM_ADD_OPT_UPDATE="--ifd -i bios"
else
# For Dasharo version greater or equal 1.1.2
FLASHROM_ADD_OPT_UPDATE="--fmap -i RW_SECTION_A -i RW_SECTION_B"
fi
fi
;;
"PRO Z690-A WIFI (MS-7D25)" | "PRO Z690-A (MS-7D25)")
DASHARO_REL_NAME="msi_ms7d25"
DASHARO_REL_VER="1.1.1"
DASHARO_REL_VER_DES="1.1.3"
DASHARO_REL_VER_DES="1.1.2"
BIOS_LINK_COMM="${FW_STORE_URL}/${DASHARO_REL_NAME}/v${DASHARO_REL_VER}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr5.rom"
BIOS_LINK_DES="${FW_STORE_URL_DES}/MS-7D25/v${DASHARO_REL_VER_DES}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DES}_ddr5.rom"
HAVE_EC="false"
@@ -339,7 +352,20 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC=""
NEED_ROMHOLE_MIGRATION="true"
FLASHROM_ADD_OPT_DEPLOY="--ifd -i bios"
if check_if_dasharo; then
# if v1.1.1 or older, flash the whole bios region, as per:
# https://docs.dasharo.com/variants/msi_z690/firmware-update/#version-older-than-v110
compare_versions $DASHARO_VERSION 1.1.2
if [ $? -eq 1 ]; then
# For Dasharo version lesser than 1.1.2
NEED_BOOTSPLASH_MIGRATION="true"
FLASHROM_ADD_OPT_UPDATE="--ifd -i bios"
else
# For Dasharo version greater or equal 1.1.2
FLASHROM_ADD_OPT_UPDATE="--fmap -i RW_SECTION_A -i RW_SECTION_B"
fi
fi
;;
*)
error_exit "Board model $BOARD_MODEL is currently not supported"
@@ -351,7 +377,7 @@ board_config() {
"PRO Z790-P WIFI DDR4(MS-7E06)" | "PRO Z790-P DDR4(MS-7E06)")
DASHARO_REL_NAME="msi_ms7e06"
#DASHARO_REL_VER=""
DASHARO_REL_VER_DES="0.9.1"
DASHARO_REL_VER_DES="0.9.0"
#BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr4.rom"
BIOS_LINK_DES="${FW_STORE_URL_DES}/MS-7E06/v${DASHARO_REL_VER_DES}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DES}_ddr4.rom"
HAVE_EC="false"
@@ -367,12 +393,16 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC=""
NEED_ROMHOLE_MIGRATION="true"
FLASHROM_ADD_OPT_DEPLOY="-N --ifd -i bios"
FLASHROM_ADD_OPT_READ="--ifd -i fd -i me -i bios"
if ! check_if_dasharo; then
NEED_ROMHOLE_MIGRATION="true"
fi
;;
"PRO Z790-P WIFI (MS-7E06)" | "PRO Z790-P (MS-7E06)")
DASHARO_REL_NAME="msi_ms7e06"
#DASHARO_REL_VER=""
DASHARO_REL_VER_DES="0.9.1"
DASHARO_REL_VER_DES="0.9.0"
#BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr5.rom"
BIOS_LINK_DES="${FW_STORE_URL_DES}/MS-7E06/v${DASHARO_REL_VER_DES}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DES}_ddr5.rom"
HAVE_EC="false"
@@ -388,7 +418,11 @@ board_config() {
NEED_BLOB_TRANSMISSION="false"
PROGRAMMER_BIOS="internal"
PROGRAMMER_EC=""
NEED_ROMHOLE_MIGRATION="true"
FLASHROM_ADD_OPT_DEPLOY="-N --ifd -i bios"
FLASHROM_ADD_OPT_READ="--ifd -i fd -i me -i bios"
if ! check_if_dasharo; then
NEED_ROMHOLE_MIGRATION="true"
fi
;;
*)
error_exit "Board model $BOARD_MODEL is currently not supported"
@@ -707,211 +741,3 @@ verify_artifacts() {
fi
print_green "Done"
}
check_intel_regions() {
FLASH_REGIONS=$(flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} 2>&1)
BOARD_HAS_FD_REGION=0
BOARD_FD_REGION_RW=0
BOARD_HAS_ME_REGION=0
BOARD_ME_REGION_RW=0
BOARD_ME_REGION_LOCKED=0
BOARD_HAS_GBE_REGION=0
BOARD_GBE_REGION_RW=0
BOARD_GBE_REGION_LOCKED=0
grep -q "Flash Descriptor region" <<< "$FLASH_REGIONS" && BOARD_HAS_FD_REGION=1
grep -qE "Flash Descriptor region.*read-write" <<< "$FLASH_REGIONS" && BOARD_FD_REGION_RW=1
grep -q "Management Engine region" <<< "$FLASH_REGIONS" && BOARD_HAS_ME_REGION=1
grep -qE "Management Engine region.*read-write" <<< "$FLASH_REGIONS" && BOARD_ME_REGION_RW=1
grep -qE "Management Engine region.*locked" <<< "$FLASH_REGIONS" && BOARD_ME_REGION_LOCKED=1
grep -q "Gigabit Ethernet region" <<< "$FLASH_REGIONS" && BOARD_HAS_GBE_REGION=1
grep -qE "Gigabit Ethernet region.*read-write" <<< "$FLASH_REGIONS" && BOARD_GBE_REGION_RW=1
grep -qE "Gigabit Ethernet region.*locked" <<< "$FLASH_REGIONS" && BOARD_GBE_REGION_LOCKED=1
}
check_blobs_in_binary() {
BINARY_HAS_FD=0
BINARY_HAS_ME=0
# If there is no descriptor, there is no ME as well, so skip the check
if [ $BOARD_HAS_FD_REGION -ne 0 ]; then
ME_OFFSET=$(ifdtool -d $1 2> /dev/null | grep "Flash Region 2 (Intel ME):" | sed 's/Flash Region 2 (Intel ME)\://' |awk '{print $1;}')
# Check for IFD signature at offset 0 (old descriptors)
if [ $(tail -c +0 $1|head -c 4|xxd -ps) == "5aa5f00f" ]; then
BINARY_HAS_FD=1
fi
# Check for IFD signature at offset 16 (new descriptors)
if [ $(tail -c +17 $1|head -c 4|xxd -ps) == "5aa5f00f" ]; then
BINARY_HAS_FD=1
fi
# Check for ME FPT signature at ME offset + 16 (old ME)
if [ $(tail -c +$((0x$ME_OFFSET + 17)) $1|head -c 4|tr -d '\0') == "\$FPT" ]; then
BINARY_HAS_ME=1
fi
# Check for aa55 signature at ME offset + 4096 (new ME)
if [ $(tail -c +$((0x$ME_OFFSET + 4097)) $1|head -c 2|xxd -ps) == "aa55" ]; then
BINARY_HAS_ME=1
fi
fi
}
check_if_me_disabled() {
ME_DISABLED=0
if [ $BOARD_HAS_ME_REGION -eq 0 ]; then
# No ME region
ME_DISABLED=1
return
fi
# Check if HECI present
# FIXME: what if HECI is not device 16.0?
if [ -d /sys/class/pci_bus/0000:00/device/0000:00:16.0 ]; then
# Check ME Current Operation Mode at offset 0x40 bits 19:16
ME_OPMODE="$(setpci -s 00:16.0 42.B 2> /dev/null | cut -c2-)"
if [ $ME_OPMODE == "0" ]; then
echo "ME is not disabled" >> $ERR_LOG_FILE
return
elif [ $ME_OPMODE == "2" ]; then
echo "ME is disabled (HAP/Debug Mode)" >> $ERR_LOG_FILE
ME_DISABLED=1
return
elif [ $ME_OPMODE == "3" ]; then
echo "ME is soft disabled (HECI)" >> $ERR_LOG_FILE
ME_DISABLED=1
return
elif [ $ME_OPMODE == "4" ]; then
echo "ME disabled by Security Override Jumper/FDOPS" >> $ERR_LOG_FILE
ME_DISABLED=1
return
elif [ $ME_OPMODE == "5" ]; then
echo "ME disabled by Security Override MEI Message/HMRFPO" >> $ERR_LOG_FILE
ME_DISABLED=1
return
elif [ $ME_OPMODE == "6" ]; then
echo "ME disabled by Security Override MEI Message/HMRFPO" >> $ERR_LOG_FILE
ME_DISABLED=1
return
elif [ $ME_OPMODE == "7" ]; then
echo "ME disabled (Enhanced Debug Mode) or runs Ignition FW" >> $ERR_LOG_FILE
ME_DISABLED=1
return
else
print_warning "Unknown ME operation mode, assuming enabled."
echo "Unknown ME operation mode, assuming enabled." >> $ERR_LOG_FILE
return
fi
else
# If we are running coreboot, check for status in logs
cbmem -1 | grep -q "ME is disabled" && ME_DISABLED=1 && return # HECI (soft) disabled
cbmem -1 | grep -q "ME is HAP disabled" && ME_DISABLED=1 && return # HAP disabled
# TODO: If proprietary BIOS, then also try to check SMBIOS for ME FWSTS
# BTW we could do the same in coreboot, expose FWSTS in SMBIOS before it
# gets disabled
print_warning "Can not determine if ME is disabled, assuming enabled."
echo "Can not determine if ME is disabled, assuming enabled." >> $ERR_LOG_FILE
fi
}
force_me_update() {
echo
print_warning "Flashing ME when not in disabled state may cause unexpected power management issues."
print_warning "Recovering from such state may require removal of AC power supply and resetting CMOS battery."
print_warning "Keeping an older version of ME may cause a CPU to perform less efficient, e.g. if upgraded the CPU to a newer generation."
print_warning "You have been warned."
while : ; do
echo
read -r -p "Skip ME flashing and proceed with BIOS/firmware flashing/udpating? (Y|n) " OPTION
echo
case ${OPTION} in
yes|y|Y|Yes|YES)
print_warning "Proceeding without ME flashing, because we were asked to."
break
;;
n|N)
error_exit "Cancelling flashing process..."
;;
*)
;;
esac
done
}
set_flashrom_update_params() {
# Safe defaults which should always work
if [ $BOARD_HAS_FD_REGION -eq 0 ]; then
FLASHROM_ADD_OPT_UPDATE=""
else
FLASHROM_ADD_OPT_UPDATE="-N --ifd -i bios"
fi
BINARY_HAS_RW_B=0
# We need to read whole binary (or BIOS region), otherwise cbfstool will
# return different attributes for CBFS regions
echo "Checking flash layout."
flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE} -r /tmp/bios.bin > /dev/null 2>&1
if [ $? -eq 0 ] && [ -f "/tmp/bios.bin" ]; then
BOARD_FMAP_LAYOUT=$(cbfstool /tmp/bios.bin layout -w 2> /dev/null)
BINARY_FMAP_LAYOUT=$(cbfstool $1 layout -w 2> /dev/null)
diff <(echo "$BOARD_FMAP_LAYOUT") <(echo "$BINARY_FMAP_LAYOUT") > /dev/null 2>&1
# If layout is identical, perform standard update using FMAP only
if [ $? -eq 0 ]; then
# Simply update RW_A fmap region if exists
grep -q "RW_SECTION_A" <<< $BINARY_FMAP_LAYOUT
if [ $? -eq 0 ]; then
FLASHROM_ADD_OPT_UPDATE="-N --fmap -i RW_SECTION_A"
else
# RW_A does not exists, it means no vboot. Update COREBOOT region only
FLASHROM_ADD_OPT_UPDATE="-N --fmap -i COREBOOT"
fi
# If RW_B present, use this variable later to perform 2-step update
grep -q "RW_SECTION_B" <<< $BINARY_FMAP_LAYOUT && BINARY_HAS_RW_B=1
fi
else
print_warning "Could not read the FMAP region"
echo "Could not read the FMAP region" >> $ERR_LOG_FILE
fi
}
set_intel_regions_update_params() {
if [ $BOARD_HAS_FD_REGION -eq 0 ]; then
# No FD on board, so no further flashing
FLASHROM_ADD_OPT_REGIONS=""
else
# Safe defaults, only BIOS region and do not verify all regions,
# as some of them may not be readable. First argument is the initial
# params.
FLASHROM_ADD_OPT_REGIONS=$1
if [ $BINARY_HAS_FD -ne 0 ]; then
if [ $BOARD_FD_REGION_RW -ne 0 ]; then
# FD writable and the binary provides FD, safe to flash
FLASHROM_ADD_OPT_REGIONS+=" -i fd"
else
print_error "The firmware binary to be flashed contains Flash Descriptor (FD), but FD is not writable!"
print_warning "Proceeding without FD flashing, as it is not critical."
echo "The firmware binary contains Flash Descriptor (FD), but FD is not writable!" >> $ERR_LOG_FILE
fi
fi
if [ $BINARY_HAS_ME -ne 0 ]; then
if [ $BOARD_ME_REGION_RW -ne 0 ]; then
# ME writable and the binary provides ME, safe to flash if ME disabled
if [ $ME_DISABLED -eq 1 ]; then
FLASHROM_ADD_OPT_REGIONS+=" -i me"
else
echo "The firmware binary to be flashed contains Management Engine (ME), but ME is not disabled!" >> $ERR_LOG_FILE
print_error "The firmware binary contains Management Engine (ME), but ME is not disabled!"
force_me_update
fi
else
echo "The firmware binary to be flashed contains Management Engine (ME), but ME is not writable!" >> $ERR_LOG_FILE
print_error "The firmware binary contains Management Engine (ME), but ME is not writable!"
fi
fi
fi
}