libreboot/include/vendor.sh

# SPDX-License-Identifier: GPL-3.0-only
# Copyright (c) 2022 Caleb La Grange <thonkpeasant@protonmail.com>
# Copyright (c) 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com>
# Copyright (c) 2023-2024 Leah Rowe <leah@libreboot.org>

_ua="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
_7ztest="a"

e6400_unpack="$PWD/src/bios_extract/dell_inspiron_1100_unpacker.py"
me7updateparser="$PWD/util/me7_update_parser/me7_update_parser.py"
pfs_extract="$PWD/src/biosutilities/Dell_PFS_Extract.py"
uefiextract="$PWD/src/uefitool/uefiextract"
nvmutil="util/nvmutil/nvm"
vendir="vendorfiles"
appdir="$vendir/app"

eval "$(setvars "" _b EC_url_bkup EC_hash DL_hash DL_url_bkup MRC_refcode_gbe \
    E6400_VGA_DL_hash E6400_VGA_DL_url E6400_VGA_DL_url_bkup E6400_VGA_offset \
    E6400_VGA_romname CONFIG_HAVE_MRC SCH5545EC_DL_url_bkup SCH5545EC_DL_hash \
    mecleaner kbc1126_ec_dump MRC_refcode_cbtree new_mac _dl SCH5545EC_DL_url \
    CONFIG_BOARD_DELL_E6400 CONFIG_HAVE_ME_BIN archive EC_url modifygbe rom \
    CONFIG_ME_BIN_PATH CONFIG_KBC1126_FIRMWARE _dest tree CONFIG_GBE_BIN_PATH \
    CONFIG_KBC1126_FW1_OFFSET CONFIG_KBC1126_FW2 CONFIG_KBC1126_FW2_OFFSET \
    CONFIG_VGA_BIOS_FILE CONFIG_VGA_BIOS_ID CONFIG_KBC1126_FW1 release DL_url \
    CONFIG_INCLUDE_SMSC_SCH5545_EC_FW CONFIG_SMSC_SCH5545_EC_FW_FILE nukemode \
    CONFIG_IFD_BIN_PATH CONFIG_MRC_FILE CONFIG_HAVE_REFCODE_BLOB cbfstoolref \
    CONFIG_REFCODE_BLOB_FILE)"

vendor_download()
{
	export PATH="$PATH:/sbin"

	[ $# -gt 0 ] || $err "No argument given"
	board="$1"
	boarddir="$cbcfgsdir/$board"
	_b="${board%%_*mb}" # shorthand (no duplication per rom size)

	detect_firmware && exit 0
	scan_config "$_b" "config/vendor"

	build_dependencies_download
	download_vendorfiles
}

detect_firmware()
{
	[ -d "$boarddir" ] || $err "Target '$board' not defined."
	check_defconfig "$boarddir" 1>"$tmpdir/vendorcfg.list" && return 0
	while read -r cbcfgfile; do
		set +u +e
		. "$cbcfgfile" 2>/dev/null
		set -u -e
	done < "$tmpdir/vendorcfg.list"
	. "$boarddir/target.cfg" 2>/dev/null

	[ -z "$tree" ] && $err "detect_firmware $boarddir: tree undefined"
	cbdir="src/coreboot/$tree"
	cbfstool="cbutils/$tree/cbfstool"

	mecleaner="$PWD/$cbdir/util/me_cleaner/me_cleaner.py"
	kbc1126_ec_dump="$PWD/$cbdir/util/kbc1126/kbc1126_ec_dump"

	for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \
	    CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW; do
		eval "[ \"\${$c}\" = \"/dev/null\" ] && continue"
		eval "[ -z \"\${$c}\" ] || return 1"
	done
	printf "Vendor files not needed for: %s\n" "$board" 1>&2
}

build_dependencies_download()
{
	[ -d "$cbdir" ] || x_ ./update trees -f coreboot ${cbdir##*/}
	for d in uefitool biosutilities bios_extract; do
		[ -d "src/$d" ] && continue
		x_ ./update trees -f "$d"
	done
	[ -f "$uefiextract" ] || x_ ./update trees -b uefitool
	[ ! -d "${kbc1126_ec_dump%/*}" ] || [ -f "$kbc1126_ec_dump" ] || x_ \
	    make -C "$cbdir/util/kbc1126"
	[ -n "$MRC_refcode_cbtree" ] && \
		cbfstoolref="cbutils/$MRC_refcode_cbtree/cbfstool"
	[ -z "$cbfstoolref" ] || [ -f "$cbfstoolref" ] || \
	    x_ ./update trees -b coreboot utils $MRC_refcode_cbtree
	[ -f "$cbfstool" ] && [ -f "$ifdtool" ] && return 0
	x_ ./update trees -b coreboot utils $tree
}

download_vendorfiles()
{
	[ -z "$CONFIG_HAVE_ME_BIN" ] || fetch intel_me "$DL_url" \
	    "$DL_url_bkup" "$DL_hash" "$CONFIG_ME_BIN_PATH"
	[ -z "$CONFIG_INCLUDE_SMSC_SCH5545_EC_FW" ] || fetch sch5545ec \
	    "$SCH5545EC_DL_url" "$SCH5545EC_DL_url_bkup" "$SCH5545EC_DL_hash" \
	    "$CONFIG_SMSC_SCH5545_EC_FW_FILE"
	[ -z "$CONFIG_KBC1126_FIRMWARE" ] || fetch kbc1126ec "$EC_url" \
	    "$EC_url_bkup" "$EC_hash" "$CONFIG_KBC1126_FW1"
	[ -z "$CONFIG_VGA_BIOS_FILE" ] || fetch "e6400vga" \
	    "$E6400_VGA_DL_url" "$E6400_VGA_DL_url_bkup" "$E6400_VGA_DL_hash" \
	    "$CONFIG_VGA_BIOS_FILE"
	[ -z "$CONFIG_HAVE_MRC" ] || fetch "mrc" "$MRC_url" "$MRC_url_bkup" \
	    "$MRC_hash" "$CONFIG_MRC_FILE"; return 0
}

fetch()
{
	dl_type="$1"
	dl="$2"
	dl_bkup="$3"
	dlsum="$4"
	[ "$5" = "/dev/null" ] && return 0
	[ "${5# }" = "$5" ] || $err "fetch: space not allowed in _dest: '$5'"
	[ "${5#/}" = "$5" ] || $err "fetch: absolute path not allowed: '$5'"
	_dest="${5##*../}"
	_dl="$vendir/cache/$dlsum"
	dl_fail="n"

	x_ mkdir -p "${_dl%/*}"

	dl_fail="y"
	vendor_checksum "$dlsum" "$_dl" || dl_fail="n"
	for url in "$dl" "$dl_bkup"; do
		[ "$dl_fail" = "n" ] && break
		[ -z "$url" ] && continue
		x_ rm -f "$_dl"
		curl --location --retry 3 -A "$_ua" "$url" -o "$_dl" || \
		    wget --tries 3 -U "$_ua" "$url" -O "$_dl" || continue
		vendor_checksum "$dlsum" "$_dl" || dl_fail="n"
	done
	[ "$dl_fail" = "y" ] && \
		$err "fetch $dlsum: matched file unavailable"

	x_ rm -Rf "${_dl}_extracted"
	mkdirs "$_dest" "extract_$dl_type" || return 0
	eval "extract_$dl_type"
	set -u -e

	[ -f "$_dest" ] && return 0
	$err "extract_$dl_type (fetch): missing file: '$_dest'"
}

vendor_checksum()
{
	[ "$(sha512sum "$2" | awk '{print $1}')" != "$1" ] || return 1
	printf "Bad checksum for file: %s\n" "$2" 1>&2
	rm -f "$2" || :
}

mkdirs()
{
	e "$1" f && return 1

	mkdir -p "${1%/*}" || $err "mkdirs: !mkdir -p ${1%/*}"
	remkdir "$appdir"
	extract_archive "$_dl" "$appdir" || \
	    [ "$2" = "extract_e6400vga" ] || \
	    $err "mkdirs $1 $2: !extract"
}

extract_intel_me()
{
	e "$mecleaner" f not && $err "$cbdir: me_cleaner missing"

	_me="$PWD/$_dest" # must always be an absolute path
	cdir="$PWD/$appdir" # must always be an absolute path
	[ $# -gt 0 ] && _me="${1}" && cdir="$2"

	e "$_me" f && return 0

	sdir="$(mktemp -d)"
	[ -z "$sdir" ] && return 0
	mkdir -p "$sdir" || $err "extract_intel_me: !mkdir -p \"$sdir\""

	set +u +e
	(
	[ "${cdir#/a}" != "$cdir" ] && cdir="${cdir#/}"
	cd "$cdir" || $err "extract_intel_me: !cd \"$cdir\""
	for i in *; do
		[ -f "$_me" ] && break
		[ -L "$i" ] && continue
		if [ -f "$i" ]; then
			"$mecleaner" -r -t -O "$sdir/vendorfile" \
			    -M "$_me" "$i" && break
			"$mecleaner" -r -t -O "$_me" "$i" && break
			"$me7updateparser" -O "$_me" "$i" && break
			_7ztest="${_7ztest}a"
			extract_archive "$i" "$_7ztest" || continue
			extract_intel_me "$_me" "$cdir/$_7ztest"
		elif [ -d "$i" ]; then
			extract_intel_me "$_me" "$cdir/$i"
		else
			continue
		fi
		cdir="$1"
		[ "${cdir#/a}" != "$cdir" ] && cdir="${cdir#/}"
		cd "$cdir" || :
	done
	)
	rm -Rf "$sdir" || $err "extract_intel_me: !rm -Rf $sdir"
}

extract_archive()
{
	innoextract "$1" -d "$2" || python "$pfs_extract" "$1" -e || 7z x \
	    "$1" -o"$2" || unar "$1" -o "$2" || unzip "$1" -d "$2" || return 1
}

extract_kbc1126ec()
{
	[ ! -f "$kbc1126_ec_dump" ] && \
		$err "extract_kbc1126ec $cbdir: kbc1126_ec_dump missing"
	(
	x_ cd "$appdir/"
	mv Rompaq/68*.BIN ec.bin || :
	if [ ! -f ec.bin ]; then
		unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \
		    unar -D 68*.CAB Rom.bin || $err "can't extract Rom.bin"
		x_ mv Rom.bin ec.bin
	fi
	[ -f ec.bin ] || $err "extract_kbc1126_ec $board: can't extract"
	"$kbc1126_ec_dump" ec.bin || $err "!1126ec $board extract ecfw"
	) || $err "can't extract kbc1126 ec firmware"

	e "$appdir/ec.bin.fw1" f not && $err "$board: kbc1126ec fetch failed"
	e "$appdir/ec.bin.fw2" f not && $err "$board: kbc1126ec fetch failed"

	cp "$appdir/"ec.bin.fw* "${_dest%/*}/" || $err "!cp 1126ec $_dest"
}

extract_e6400vga()
{
	set +u +e
	for v in E6400_VGA_offset E6400_VGA_romname; do
		eval "[ -z \"\$$v\" ] && $err \"e6400vga: $v undefined\""
	done
	tail -c +$E6400_VGA_offset "$_dl" | gunzip > "$appdir/bios.bin" || :
	(
	x_ cd "$appdir"
	[ -f "bios.bin" ] || $err "extract_e6400vga: can't extract bios.bin"
	"$e6400_unpack" bios.bin || printf "TODO: fix dell extract util\n"
	[ -f "$E6400_VGA_romname" ] || \
		$err "extract_e6400vga: can't extract vga rom from bios.bin"
	) || $err "can't extract e6400 vga rom"
	cp "$appdir/$E6400_VGA_romname" "$_dest" || \
	    $err "extract_e6400vga $board: can't copy vga rom to $_dest"
}

extract_sch5545ec()
{
	# full system ROM (UEFI), to extract with UEFIExtract:
	_bios="${_dl}_extracted/Firmware/1 $dlsum -- 1 System BIOS vA.28.bin"
	# this is the SCH5545 firmware, inside of the extracted UEFI ROM:
	_sch5545ec_fw="$_bios.dump/4 7A9354D9-0468-444A-81CE-0BF617D890DF"
	_sch5545ec_fw="$_sch5545ec_fw/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3"
	_sch5545ec_fw="$_sch5545ec_fw/0 Raw section/body.bin" # <-- this!

	"$uefiextract" "$_bios" || $err "sch5545 !extract"
	cp "$_sch5545ec_fw" "$_dest" || $err "$_dest: !sch5545 copy"
}

vendor_inject()
{
	set +u +e

	[ $# -lt 1 ] && $err "No options specified."
	[ "$1" = "listboards" ] && eval "items config/coreboot || :; exit 0"

	archive="$1"

	while getopts n:r:b:m: option; do
		case "$option" in
		n) nukemode="$OPTARG" ;;
		r) rom="$OPTARG" ;;
		b) board="$OPTARG" ;;
		m) modifygbe="true"
		   new_mac="$OPTARG" ;;
		*) : ;;
		esac
	done

	check_board
	build_dependencies_inject
	inject_vendorfiles
	[ "$nukemode" = "nuke" ] && return 0
	printf "Friendly reminder (this is *not* an error message):\n"
	printf "Please ensure that the files were inserted correctly.\n"
}

check_board()
{
	failcheck="n"
	check_release "$archive" || failcheck="y"
	if [ "$failcheck" = "y" ]; then
		[ -f "$rom" ] || $err "check_board \"$rom\": invalid path"
		[ -z "${rom+x}" ] && $err "check_board: no rom specified"
		[ -n "${board+x}" ] || board="$(detect_board "$rom")"
	else
		release="y"
		board="$(detect_board "$archive")"
	fi

	boarddir="$cbcfgsdir/$board"
	[ -d "$boarddir" ] || $err "check_board: board $board missing"
	[ -f "$boarddir/target.cfg" ] || \
		$err "check_board $board: target.cfg missing"
	. "$boarddir/target.cfg" 2>/dev/null
	[ -z "$tree" ] && $err "check_board $board: tree undefined"; return 0
}

check_release()
{
	[ -f "$archive" ] || return 1
	[ "${archive##*.}" = "xz" ] || return 1
	printf "%s\n" "Release archive $archive detected"
}

# This function tries to determine the board from the filename of the rom.
# It will only succeed if the filename is not changed from the build/download
detect_board()
{
	path="$1"
	filename="$(basename "$path")"
	case "$filename" in
	grub_*)
		board="$(echo "$filename" | cut -d '_' -f2-3)" ;;
	seabios_withgrub_*)
		board="$(echo "$filename" | cut -d '_' -f3-4)" ;;
	*.tar.xz)
		_stripped_prefix="${filename#*_}"
		board="${_stripped_prefix%.tar.xz}" ;;
	*)
		$err "detect_board $filename: could not detect board type"
	esac
	printf "%s\n" "$board"
}

build_dependencies_inject()
{
	cbdir="src/coreboot/$tree"
	cbfstool="cbutils/$tree/cbfstool"
	ifdtool="cbutils/$tree/ifdtool"
	[ -d "$cbdir" ] || x_ ./update trees -f coreboot $tree
	if [ ! -f "$cbfstool" ] || [ ! -f "$ifdtool" ]; then
		x_ ./update trees -b coreboot utils $tree
	fi
	[ -z "$new_mac" ] || [ -f "$nvmutil" ] || x_ make -C util/nvmutil
	[ "$nukemode" = "nuke" ] || x_ ./vendor download $board; return 0
}

inject_vendorfiles()
{
	[ "$release" != "y" ] && eval "patch_rom \"$rom\"; return 0"
	patch_release_roms
}

patch_release_roms()
{
	_tmpdir="tmp/romdir"
	remkdir "$_tmpdir"
	tar -xf "$archive" -C "$_tmpdir" || \
	    $err "patch_release_roms: !tar -xf \"$archive\" -C \"$_tmpdir\""

	for x in "$_tmpdir"/bin/*/*.rom ; do
		printf "patching rom: %s\n" "$x"
		patch_rom "$x"
	done

	(
	cd "$_tmpdir/bin/"* || \
	    $err "patch_release_roms: !cd $_tmpdir/bin/*"

	# NOTE: For compatibility with older rom releases, defer to sha1
	[ "$nukemode" = "nuke" ] || sha512sum --status -c vendorhashes || \
	    sha1sum --status -c vendorhashes || sha512sum --status -c \
	    blobhashes || sha1sum --status -c blobhashes || \
	    $err "patch_release_roms: ROMs did not match expected hashes"
	) || $err "can't verify vendor hashes"

	[ "$modifygbe" = "true" ] && \
		for x in "$_tmpdir"/bin/*/*.rom ; do
			modify_gbe "$x"
		done

	[ -d "bin/release" ] || x_ mkdir -p bin/release
	x_ mv "$_tmpdir"/bin/* bin/release/
	x_ rm -Rf "$_tmpdir"

	printf "Success! Your ROMs are in bin/release\n"
}

patch_rom()
{
	rom="$1"

	. "$(check_defconfig "$boarddir")" 2>/dev/null || exit 0

	[ "$CONFIG_HAVE_MRC" = "y" ] && inject "mrc.bin" "$CONFIG_MRC_FILE" \
	    "mrc" "0xfffa0000"
	[ -n "$CONFIG_HAVE_REFCODE_BLOB" ] && inject "fallback/refcode" \
	    "$CONFIG_REFCODE_BLOB_FILE" "stage"
	[ "$CONFIG_HAVE_ME_BIN" = "y" ] && inject "IFD" "$CONFIG_ME_BIN_PATH" \
	    "me"
	[ "$CONFIG_KBC1126_FIRMWARE" = "y" ] && inject "ecfw1.bin" \
	    "$CONFIG_KBC1126_FW1" "raw" "$CONFIG_KBC1126_FW1_OFFSET" && \
		inject "ecfw2.bin" "$CONFIG_KBC1126_FW2" "raw" \
		    "$CONFIG_KBC1126_FW2_OFFSET"
	[ -n "$CONFIG_VGA_BIOS_FILE" ] && [ -n "$CONFIG_VGA_BIOS_ID" ] && \
		inject "pci$CONFIG_VGA_BIOS_ID.rom" \
		    "$CONFIG_VGA_BIOS_FILE" "optionrom"
	[ "$CONFIG_INCLUDE_SMSC_SCH5545_EC_FW" = "y" ] && \
	    [ -n "$CONFIG_SMSC_SCH5545_EC_FW_FILE" ] && \
		inject "sch5545_ecfw.bin" "$CONFIG_SMSC_SCH5545_EC_FW_FILE" raw
	[ "$modifygbe" = "true" ] && ! [ "$release" = "y" ] && \
		inject "IFD" "$CONFIG_GBE_BIN_PATH" "GbE"

	printf "ROM image successfully patched: %s\n" "$rom"
}

inject()
{
	[ $# -lt 3 ] && $err "$@, $rom: usage: inject name path type (offset)"

	eval "$(setvars "" cbfsname _dest _t _offset)"
	cbfsname="$1"
	_dest="${2##*../}"
	_t="$3"
	[ $# -gt 3 ] && _offset="-b $4" && [ -z "$4" ] && \
	    $err "inject $@, $rom: offset passed, but empty (not defined)"

	[ -z "$_dest" ] && $err "inject $@, $rom: empty destination path"
	[ ! -f "$_dest" ] && [ "$nukemode" != "nuke" ] && \
		$err "inject_$dl_type: file missing, $_dest"

	[ "$nukemode" = "nuke" ] || \
		printf "Inserting %s/%s into: %s\n" "$cbfsname" "$_t" "$rom"

	if [ "$_t" = "GbE" ]; then
		x_ mkdir -p tmp
		cp "$_dest" "tmp/gbe.bin" || \
		    $err "inject: !cp \"$_dest\" \"tmp/gbe.bin\""
		_dest="tmp/gbe.bin"
		"$nvmutil" "$_dest" setmac "$new_mac" || \
		    $err "inject $_dest: can't change mac address"
	fi
	if [ "$cbfsname" = "IFD" ]; then
		if [ "$nukemode" != "nuke" ]; then
			"$ifdtool" -i $_t:$_dest "$rom" -O "$rom" || \
			    $err "inject: can't insert $_t ($dest) into $rom"
		else
			"$ifdtool" --nuke $_t "$rom" -O "$rom" || \
			    $err "inject $rom: can't nuke $_t in IFD"
		fi
	else
		if [ "$nukemode" != "nuke" ]; then
			if [ "$_t" = "stage" ]; then # broadwell refcode
				"$cbfstool" "$rom" add-stage -f "$_dest" \
				    -n "$cbfsname" -t stage -c lzma
			else
				"$cbfstool" "$rom" add -f "$_dest" \
				    -n "$cbfsname" -t $_t $_offset || \
				    $err "$rom: can't insert $_t file $_dest"
			fi
		else
			"$cbfstool" "$rom" remove -n "$cbfsname" || \
			    $err "inject $rom: can't remove $cbfsname"
		fi
	fi
}