From a2475e2c534126498814097ba55e71f4ecfd5455 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Mon, 10 Oct 2022 00:23:00 +0300 Subject: [PATCH 1/6] Add flashtools to Talos II boards Signed-off-by: Sergii Dmytruk --- boards/talos-2_server/talos-2_server.config | 1 + boards/talos-2_workstation/talos-2_workstation.config | 1 + modules/flashtools | 10 +++++++--- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/boards/talos-2_server/talos-2_server.config b/boards/talos-2_server/talos-2_server.config index 31ad4fc99..a28f3fa3f 100644 --- a/boards/talos-2_server/talos-2_server.config +++ b/boards/talos-2_server/talos-2_server.config @@ -21,6 +21,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_GPG2=y CONFIG_PCIUTILS=y +CONFIG_FLASHTOOLS=y #Whiptail in console mode CONFIG_SLANG=y diff --git a/boards/talos-2_workstation/talos-2_workstation.config b/boards/talos-2_workstation/talos-2_workstation.config index 83c7285c2..301d444e4 100644 --- a/boards/talos-2_workstation/talos-2_workstation.config +++ b/boards/talos-2_workstation/talos-2_workstation.config @@ -21,6 +21,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_GPG2=y CONFIG_PCIUTILS=y +CONFIG_FLASHTOOLS=y #whiptail in graphical mode CONFIG_CAIRO=y diff --git a/modules/flashtools b/modules/flashtools index 086663d0a..cf5ccd2dc 100644 --- a/modules/flashtools +++ b/modules/flashtools @@ -2,11 +2,11 @@ modules-$(CONFIG_FLASHTOOLS) += flashtools flashtools_depends := $(musl_dep) -flashtools_version := 40d5170e84a3822552df7a500cd00aa870fdfe76 +flashtools_version := 76bdfa21d65caeb7dbe9c2fa1a837369732f50af flashtools_dir := flashtools-$(flashtools_version) flashtools_tar := flashtools-$(flashtools_version).tar.gz -flashtools_url := https://github.com/osresearch/flashtools/archive/$(flashtools_version).tar.gz -flashtools_hash := dca7f4fd129509bdcbf5e4646905d6dd82e91061d7faf62bbe7193c31bb7cd4c +flashtools_url := https://github.com/3mdeb/flashtools/archive/$(flashtools_version).tar.gz +flashtools_hash := 81b3c1f12318bd2942b426a99638e23d24e85819227653cd3b9302fbfc43b220 flashtools_target := \ $(CROSS_TOOLS) \ @@ -20,6 +20,10 @@ flashtools_output := \ cbfs \ uefi \ +ifeq "$(CONFIG_TARGET_ARCH)" "ppc64" +flashtools_output += pnor +endif + flashtools_libraries := \ flashtools_configure := From 572c99e898384450b5a2389987159cef8e54acd6 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Mon, 10 Oct 2022 00:23:48 +0300 Subject: [PATCH 2/6] Add flashrom to Talos II boards Signed-off-by: Sergii Dmytruk --- boards/talos-2_server/talos-2_server.config | 2 ++ .../talos-2_workstation.config | 2 ++ modules/flashrom | 19 ++++++++++++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/boards/talos-2_server/talos-2_server.config b/boards/talos-2_server/talos-2_server.config index a28f3fa3f..84b257a99 100644 --- a/boards/talos-2_server/talos-2_server.config +++ b/boards/talos-2_server/talos-2_server.config @@ -21,6 +21,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_GPG2=y CONFIG_PCIUTILS=y +CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y #Whiptail in console mode @@ -46,3 +47,4 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait panic=10" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Talos 2 Server" +export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" diff --git a/boards/talos-2_workstation/talos-2_workstation.config b/boards/talos-2_workstation/talos-2_workstation.config index 301d444e4..e39cd7120 100644 --- a/boards/talos-2_workstation/talos-2_workstation.config +++ b/boards/talos-2_workstation/talos-2_workstation.config @@ -21,6 +21,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_GPG2=y CONFIG_PCIUTILS=y +CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y #whiptail in graphical mode @@ -46,3 +47,4 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait panic=10" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Talos 2 Workstation" +export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" diff --git a/modules/flashrom b/modules/flashrom index e8cecb634..05a3ca7da 100644 --- a/modules/flashrom +++ b/modules/flashrom @@ -8,15 +8,28 @@ flashrom_tar := $(flashrom_dir).tar.gz flashrom_url := https://github.com/flashrom/flashrom/archive/$(flashrom_version).tar.gz flashrom_hash := 4873ad50f500629c244fc3fbee64b56403a82307d7f555dfa235336a200c336c -flashrom_target := \ - $(MAKE_JOBS) \ - $(CROSS_TOOLS) \ +# Default options for flashrom +flashrom_cfg := \ WARNERROR=no \ CONFIG_NOTHING=yes \ CONFIG_INTERNAL=yes \ CONFIG_DUMMY=yes \ CONFIG_AST1100=yes \ +ifeq "$(CONFIG_TARGET_ARCH)" "ppc64" +flashrom_cfg := \ + WARNERROR=no \ + CONFIG_NOTHING=yes \ + CONFIG_LINUX_MTD=yes \ + CONFIG_DUMMY=yes \ + CONFIG_AST1100=yes +endif + +flashrom_target := \ + $(MAKE_JOBS) \ + $(CROSS_TOOLS) \ + $(flashrom_cfg) + flashrom_output := \ flashrom From 5ee32193225ad01c00fbe2e8473b9ac285b0e43d Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Mon, 10 Oct 2022 00:24:16 +0300 Subject: [PATCH 3/6] Add cbfs wrapper script to handle PNOR Signed-off-by: Sergii Dmytruk --- initrd/bin/cbfs.sh | 10 ++++++++++ initrd/bin/config-gui.sh | 10 +++++----- initrd/bin/flash.sh | 6 +++--- initrd/bin/gpg-gui.sh | 28 ++++++++++++++-------------- initrd/bin/oem-factory-reset | 12 ++++++------ initrd/etc/functions | 4 ++-- 6 files changed, 40 insertions(+), 30 deletions(-) create mode 100755 initrd/bin/cbfs.sh diff --git a/initrd/bin/cbfs.sh b/initrd/bin/cbfs.sh new file mode 100755 index 000000000..cea0f6c86 --- /dev/null +++ b/initrd/bin/cbfs.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -e -o pipefail +. /etc/functions +. /tmp/config + +if pnor "$2" -r HBI > /tmp/pnor.part 2>/dev/null; then + cbfs "$@" -o /tmp/pnor.part && pnor "$2" -w HBI < /tmp/pnor.part +else + cbfs "$@" +fi diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 512e04ee1..93792ec8e 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -82,10 +82,10 @@ while true; do exit 1 fi - if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then - cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user" + if (cbfs.sh -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then + cbfs.sh -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user" fi - cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user + cbfs.sh -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user if (whiptail --title 'Update ROM?' \ --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then @@ -118,8 +118,8 @@ while true; do rm /boot/kexec* | true mount -o remount,ro /boot # clear GPG keys and user settings - for i in `cbfs -o /tmp/config-gui.rom -l | grep -e "heads/"`; do - cbfs -o /tmp/config-gui.rom -d $i + for i in `cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"`; do + cbfs.sh -o /tmp/config-gui.rom -d $i done # flash cleared ROM /bin/flash.sh -c /tmp/config-gui.rom diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index d58cfcef1..70d927f33 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -123,10 +123,10 @@ flash_rom() { || die "$ROM: Config preservation failed" fi # persist serial number from CBFS - if cbfs -r serial_number > /tmp/serial 2>/dev/null; then + if cbfs.sh -r serial_number > /tmp/serial 2>/dev/null; then echo "Persisting system serial" - cbfs -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true - cbfs -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial + cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true + cbfs.sh -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial fi # persist PCHSTRP9 from flash descriptor if [ "$CONFIG_BOARD" = "librem_l1um" ]; then diff --git a/initrd/bin/gpg-gui.sh b/initrd/bin/gpg-gui.sh index e766cba84..eb5701735 100755 --- a/initrd/bin/gpg-gui.sh +++ b/initrd/bin/gpg-gui.sh @@ -19,10 +19,10 @@ gpg_flash_rom() { gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust gpg --update-trust - if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then - cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx" - if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then - cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg" + if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then + cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx" + if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then + cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg" if [ -e /.gnupg/pubring.gpg ];then rm /.gnupg/pubring.gpg fi @@ -31,33 +31,33 @@ gpg_flash_rom() { #to be compatible with gpgv1 if [ -e /.gnupg/pubring.kbx ];then - cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx + cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx if [ -e /.gnupg/pubring.gpg ];then rm /.gnupg/pubring.gpg fi fi if [ -e /.gnupg/pubring.gpg ];then - cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg + cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg fi - if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then - cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg" + if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then + cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg" fi if [ -e /.gnupg/trustdb.gpg ]; then - cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg + cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg fi #Remove old method owner trust exported file - if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then - cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt" + if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then + cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt" fi # persist user config changes - if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then - cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user" + if (cbfs.sh -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then + cbfs.sh -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user" fi if [ -e /etc/config.user ]; then - cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user + cbfs.sh -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user fi /bin/flash.sh /tmp/gpg-gui.rom diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 3dfe1547e..b67a234c4 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -659,24 +659,24 @@ if ! gpg --update-trust >/dev/null 2>/tmp/error ; then whiptail_error_die "Error updating GPG ownertrust:\n\n$ERROR" fi # clear any existing heads/gpg files from current firmware -for i in `cbfs -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do - cbfs -o /tmp/oem-setup.rom -d $i +for i in `cbfs.sh -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do + cbfs.sh -o /tmp/oem-setup.rom -d $i done # add heads/gpg files to current firmware if [ -e /.gnupg/pubring.kbx ];then - cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx + cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx if [ -e /.gnupg/pubring.gpg ];then rm /.gnupg/pubring.gpg fi elif [ -e /.gnupg/pubring.gpg ];then - cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg + cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg fi if [ -e /.gnupg/trustdb.gpg ]; then - cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg + cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg fi # persist user config changes (boot device) if [ -e /etc/config.user ]; then - cbfs -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user + cbfs.sh -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user fi # flash updated firmware image echo -e "\nAdding generated key to current firmware and re-flashing...\n" diff --git a/initrd/etc/functions b/initrd/etc/functions index a445b25b4..f86421b01 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -276,12 +276,12 @@ preserve_rom() { old_files=`cbfs -t 50 -l 2>/dev/null | grep "^heads/"` for old_file in `echo $old_files`; do - new_file=`cbfs -o $1 -l | grep -x $old_file` + new_file=`cbfs.sh -o $1 -l | grep -x $old_file` if [ -z "$new_file" ]; then echo "+++ Adding $old_file to $1" cbfs -t 50 -r $old_file >/tmp/rom.$$ \ || die "Failed to read cbfs file from ROM" - cbfs -o $1 -a $old_file -f /tmp/rom.$$ \ + cbfs.sh -o $1 -a $old_file -f /tmp/rom.$$ \ || die "Failed to write cbfs file to new ROM file" fi done From 976f57f00880fd6e9f2c7e37fd9fd35893c47a72 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 3 Nov 2022 20:41:03 +0200 Subject: [PATCH 4/6] boards/talos-2_*: version zImage.bundled Signed-off-by: Sergii Dmytruk --- boards/talos-2_server/talos-2_server.config | 7 +++++++ boards/talos-2_workstation/talos-2_workstation.config | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/boards/talos-2_server/talos-2_server.config b/boards/talos-2_server/talos-2_server.config index 84b257a99..cb18692d1 100644 --- a/boards/talos-2_server/talos-2_server.config +++ b/boards/talos-2_server/talos-2_server.config @@ -48,3 +48,10 @@ export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait pa export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Talos 2 Server" export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" + +OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) +BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled + +all: $(board_build)/$(BUNDLED_LINUX) +$(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled + $(call do-copy,$<,$@) diff --git a/boards/talos-2_workstation/talos-2_workstation.config b/boards/talos-2_workstation/talos-2_workstation.config index e39cd7120..4e91160ca 100644 --- a/boards/talos-2_workstation/talos-2_workstation.config +++ b/boards/talos-2_workstation/talos-2_workstation.config @@ -48,3 +48,10 @@ export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait pa export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Talos 2 Workstation" export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" + +OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) +BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled + +all: $(board_build)/$(BUNDLED_LINUX) +$(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled + $(call do-copy,$<,$@) From f6999707b8842c5955edad03f4d390903609076a Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Thu, 3 Nov 2022 20:47:54 +0200 Subject: [PATCH 5/6] boards/talos-2_*: build tgz with all output files + hash This makes output suitable for use via Heads' menus. Signed-off-by: Sergii Dmytruk --- boards/talos-2_server/talos-2_server.config | 11 +++++++++++ boards/talos-2_workstation/talos-2_workstation.config | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/boards/talos-2_server/talos-2_server.config b/boards/talos-2_server/talos-2_server.config index cb18692d1..39e50da93 100644 --- a/boards/talos-2_server/talos-2_server.config +++ b/boards/talos-2_server/talos-2_server.config @@ -51,7 +51,18 @@ export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled +OUTPUT_FILES := $(CB_OUTPUT_FILE) $(CB_BOOTBLOCK_FILE) $(BUNDLED_LINUX) all: $(board_build)/$(BUNDLED_LINUX) $(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled $(call do-copy,$<,$@) + +all: $(board_build)/$(OUTPUT_PREFIX).tgz +$(board_build)/$(OUTPUT_PREFIX).tgz: \ + $(addprefix $(board_build)/,$(OUTPUT_FILES)) + rm -rf $(board_build)/pkg # cleanup in case directory exists + mkdir $(board_build)/pkg + cp $^ $(board_build)/pkg + cd $(board_build)/pkg && sha256sum * > hashes.txt + cd $(board_build)/pkg && tar zcf $@ * + rm -r $(board_build)/pkg diff --git a/boards/talos-2_workstation/talos-2_workstation.config b/boards/talos-2_workstation/talos-2_workstation.config index 4e91160ca..a5a7a4928 100644 --- a/boards/talos-2_workstation/talos-2_workstation.config +++ b/boards/talos-2_workstation/talos-2_workstation.config @@ -51,7 +51,18 @@ export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled +OUTPUT_FILES := $(CB_OUTPUT_FILE) $(CB_BOOTBLOCK_FILE) $(BUNDLED_LINUX) all: $(board_build)/$(BUNDLED_LINUX) $(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled $(call do-copy,$<,$@) + +all: $(board_build)/$(OUTPUT_PREFIX).tgz +$(board_build)/$(OUTPUT_PREFIX).tgz: \ + $(addprefix $(board_build)/,$(OUTPUT_FILES)) + rm -rf $(board_build)/pkg # cleanup in case directory exists + mkdir $(board_build)/pkg + cp $^ $(board_build)/pkg + cd $(board_build)/pkg && sha256sum * > hashes.txt + cd $(board_build)/pkg && tar zcf $@ * + rm -r $(board_build)/pkg From 472ca6fb301fd9744c9729482221978bc42a4ce8 Mon Sep 17 00:00:00 2001 From: Sergii Dmytruk Date: Sun, 6 Nov 2022 00:13:05 +0200 Subject: [PATCH 6/6] flash-gui.sh: accept tgz package for Talos boards Signed-off-by: Sergii Dmytruk --- initrd/bin/flash-gui.sh | 4 ++-- initrd/bin/flash.sh | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index 366e79694..dcf04373e 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -22,10 +22,10 @@ while true; do ;; f|c ) if (whiptail $BG_COLOR_WARNING --title 'Flash the BIOS with a new ROM' \ - --yesno "You will need to insert a USB drive containing your BIOS image (*.rom).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 0 80) then + --yesno "You will need to insert a USB drive containing your BIOS image (*.rom or *.tgz).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 0 80) then mount_usb if grep -q /media /proc/mounts ; then - find /media ! -path '*/\.*' -type f -name '*.rom' | sort > /tmp/filelist.txt + find /media ! -path '*/\.*' -type f \( -name '*.rom' -o -name '*.tgz' \) | sort > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the ROM to flash" if [ "$FILE" == "" ]; then return diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 70d927f33..cc2ac0313 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -159,8 +159,41 @@ else fi if [ ! -e "$ROM" ]; then - die "Usage: $0 [-c|-r] " + die "Usage: $0 [-c|-r] " +fi + +if [ "$READ" -eq 0 ] && [ "${ROM##*.}" = tgz ]; then + if [ "${CONFIG_BOARD%_*}" = talos-2 ]; then + rm -rf /tmp/verified_rom + mkdir /tmp/verified_rom + + tar -C /tmp/verified_rom -xf $ROM + if ! (cd /tmp/verified_rom/ && sha256sum -cs hashes.txt); then + die "Provided tgz image did not pass hash verification" + fi + + echo "Reading current flash and building an update image" + flashrom $CONFIG_FLASHROM_OPTIONS -r /tmp/flash.sh.bak \ + || die "Read of flash has failed" + + # ROM and bootblock already have ECC + bootblock=$(echo /tmp/verified_rom/*.bootblock) + rom=$(echo /tmp/verified_rom/*.rom) + kernel=$(echo /tmp/verified_rom/*-zImage.bundled) + pnor /tmp/flash.sh.bak -aw HBB < $bootblock + pnor /tmp/flash.sh.bak -aw HBI < $rom + pnor /tmp/flash.sh.bak -aw BOOTKERNEL < $kernel + rm -rf /tmp/verified_rom + + ROM=/tmp/flash.sh.bak + else + die "$CONFIG_BOARD doesn't support tgz image format" + fi fi flash_rom $ROM + +# don't leave temporary files lying around +rm -f /tmp/flash.sh.bak + exit 0