Skip to content

Commit

Permalink
Add cbfs wrapper script to handle PNOR
Browse files Browse the repository at this point in the history
Signed-off-by: Sergii Dmytruk <[email protected]>
  • Loading branch information
SergiiDmytruk committed Nov 1, 2022
1 parent d1c771c commit 2e766c2
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 30 deletions.
10 changes: 10 additions & 0 deletions initrd/bin/cbfs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/sh
set -e -o pipefail
. /etc/functions
. /tmp/config

if pnor "$2" -r HBI > /tmp/pnor.part 2>/dev/null; then
cbfs "$@" -o /tmp/pnor.part && pnor "$2" -w HBI < /tmp/pnor.part
else
cbfs "$@"
fi
10 changes: 5 additions & 5 deletions initrd/bin/config-gui.sh
Original file line number Diff line number Diff line change
Expand Up @@ -82,10 +82,10 @@ while true; do
exit 1
fi

if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user"
if (cbfs.sh -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
cbfs.sh -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user"
fi
cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
cbfs.sh -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user

if (whiptail --title 'Update ROM?' \
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then
Expand Down Expand Up @@ -118,8 +118,8 @@ while true; do
rm /boot/kexec* | true
mount -o remount,ro /boot
# clear GPG keys and user settings
for i in `cbfs -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
cbfs -o /tmp/config-gui.rom -d $i
for i in `cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
cbfs.sh -o /tmp/config-gui.rom -d $i
done
# flash cleared ROM
/bin/flash.sh -c /tmp/config-gui.rom
Expand Down
6 changes: 3 additions & 3 deletions initrd/bin/flash.sh
Original file line number Diff line number Diff line change
Expand Up @@ -123,10 +123,10 @@ flash_rom() {
|| die "$ROM: Config preservation failed"
fi
# persist serial number from CBFS
if cbfs -r serial_number > /tmp/serial 2>/dev/null; then
if cbfs.sh -r serial_number > /tmp/serial 2>/dev/null; then
echo "Persisting system serial"
cbfs -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true
cbfs -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial
cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true
cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial
fi
# persist PCHSTRP9 from flash descriptor
if [ "$CONFIG_BOARD" = "librem_l1um" ]; then
Expand Down
28 changes: 14 additions & 14 deletions initrd/bin/gpg-gui.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@ gpg_flash_rom() {
gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust
gpg --update-trust

if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg
fi
Expand All @@ -31,33 +31,33 @@ gpg_flash_rom() {

#to be compatible with gpgv1
if [ -e /.gnupg/pubring.kbx ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg
fi
fi
if [ -e /.gnupg/pubring.gpg ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
fi

if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
fi
if [ -e /.gnupg/trustdb.gpg ]; then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
fi

#Remove old method owner trust exported file
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt"
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt"
fi

# persist user config changes
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user"
if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user"
fi
if [ -e /etc/config.user ]; then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
fi
/bin/flash.sh /tmp/gpg-gui.rom

Expand Down
12 changes: 6 additions & 6 deletions initrd/bin/oem-factory-reset
Original file line number Diff line number Diff line change
Expand Up @@ -659,24 +659,24 @@ if ! gpg --update-trust >/dev/null 2>/tmp/error ; then
whiptail_error_die "Error updating GPG ownertrust:\n\n$ERROR"
fi
# clear any existing heads/gpg files from current firmware
for i in `cbfs -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do
cbfs -o /tmp/oem-setup.rom -d $i
for i in `cbfs.sh -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do
cbfs.sh -o /tmp/oem-setup.rom -d $i
done
# add heads/gpg files to current firmware
if [ -e /.gnupg/pubring.kbx ];then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg
fi
elif [ -e /.gnupg/pubring.gpg ];then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
fi
if [ -e /.gnupg/trustdb.gpg ]; then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
fi
# persist user config changes (boot device)
if [ -e /etc/config.user ]; then
cbfs -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
fi
# flash updated firmware image
echo -e "\nAdding generated key to current firmware and re-flashing...\n"
Expand Down
4 changes: 2 additions & 2 deletions initrd/etc/functions
Original file line number Diff line number Diff line change
Expand Up @@ -246,12 +246,12 @@ preserve_rom() {
old_files=`cbfs -t 50 -l 2>/dev/null | grep "^heads/"`

for old_file in `echo $old_files`; do
new_file=`cbfs -o $1 -l | grep -x $old_file`
new_file=`cbfs.sh -o $1 -l | grep -x $old_file`
if [ -z "$new_file" ]; then
echo "+++ Adding $old_file to $1"
cbfs -t 50 -r $old_file >/tmp/rom.$$ \
|| die "Failed to read cbfs file from ROM"
cbfs -o $1 -a $old_file -f /tmp/rom.$$ \
cbfs.sh -o $1 -a $old_file -f /tmp/rom.$$ \
|| die "Failed to write cbfs file to new ROM file"
fi
done
Expand Down

0 comments on commit 2e766c2

Please sign in to comment.