diff --git a/resources/scripts/build/release/u-boot-stable-src-release b/resources/scripts/build/release/u-boot-stable-src-release new file mode 100755 index 0000000..357338c --- /dev/null +++ b/resources/scripts/build/release/u-boot-stable-src-release @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +# +# helper script: generate deblobbed stable u-boot source code releases +# +# Copyright (C) 2020,2021 Leah Rowe +# Copyright (C) 2022 Denis 'GNUtoo' Carikli +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +[ "x${DEBUG+set}" = 'xset' ] && set -v +set -u -e + +version="v2021.07" +revision="r1" + +topdir="$(realpath $(dirname $(realpath $0))/../../../../)" +tmpdir="${topdir}/release/u-boot/u-boot-${version}-${revision}" +tarball="${tmpdir}.tar" + +printf "Building source code archive, version %s revision %s\n" "${version}" "${revision}" + +cd "${topdir}" +"${topdir}/download" u-boot + +rm -rf \ + "${tmpdir}/" \ + "${tarball}" \ + "${tarball}.lz" \ + "${tarball}.xz" + +mkdir -p "$(dirname ${tmpdir})" +cp -R "u-boot/u-boot/" "${tmpdir}" + +rm -rf ${tmpdir}/.git ${tmpdir}/.gitignore +make -C ${tmpdir} distclean + +prefix="$(dirname ${tmpdir} | sed 's#^/*##')/" +tar cf "${tarball}" "${tmpdir}" --transform="s#${prefix}##" +lzip -9 --keep -vv "${tarball}" +xz -9 --keep -vv "${tarball}" + +rm -rf "${tmpdir}/" + +printf "Source code archives available at:\n\t%s\n\t%s\n\t%s\n" \ + "${tarball}" \ + "${tarball}.lz" \ + "${tarball}.xz" diff --git a/resources/scripts/download/coreboot b/resources/scripts/download/coreboot index a500de6..6d0aa35 100755 --- a/resources/scripts/download/coreboot +++ b/resources/scripts/download/coreboot @@ -125,7 +125,7 @@ downloadfor() { fi cp -R coreboot "${cbtree}" || touch ../build_error - if [ -d ../build_error ]; then + if [ -f ../build_error ]; then printf "ERROR: download/coreboot: Unable to copy directory. Check file system permissions or free space.\n" rm -Rf "${cbtree}/" cd ../; return 1 diff --git a/resources/scripts/download/u-boot b/resources/scripts/download/u-boot new file mode 100755 index 0000000..704d1c3 --- /dev/null +++ b/resources/scripts/download/u-boot @@ -0,0 +1,123 @@ +#!/usr/bin/env bash + +# helper script: download u-boot +# +# Copyright (C) 2014, 2015, 2016, 2020, 2021 Leah Rowe +# Copyright (C) 2021 Denis 'GNUtoo' Carikli +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +[ "x${DEBUG+set}" = 'xset' ] && set -v +set -u -e + +# set this when you want to modify each u-boot tree +# for example, you want to test custom patches +# NODELETE= ./download coreboot +deleteblobs="true" +[ "x${NODELETE+set}" = 'xset' ] && deleteblobs="false" + +# Error handling is extreme in this script. +# This script handles the internet, and Git. Both are inherently unreliable. +[[ -f build_error ]] && rm -f build_error + +downloadfor() { + uboot_revision="v2021.07" + uboot_dir="u-boot/u-boot" + if [ -d "${uboot_dir}" ]; then + printf \ + "REMARK: '%s' directory already exists. Skipping setup.\n" \ + "${uboot_dir}" + return 0 + fi + + if [ ! -d "${uboot_dir}" ]; then + mkdir -p "${uboot_dir}" + fi + + if [ ! -d "${uboot_dir}" ]; then + printf \ + "ERROR: '%s' directory not created. Check file system permissions\n" \ + "${uboot_dir}" + return 1 + fi + + if [ ! -d "${uboot_dir}/.git" ] && [ -d "${uboot_dir}" ]; then + rm -Rf "${uboot_dir}" + fi + + if [ ! -d "${uboot_dir}" ]; then + printf "Download u-boot from upstream:\n" + git clone https://source.denx.de/u-boot/u-boot \ + "${uboot_dir}" || \ + rm -Rf "${uboot_dir}" + if [ ! -d "${uboot_dir}" ]; then + printf \ + "ERROR: %s: Problem with git-clone. Network issue?\n" \ + "download/u-boot" + return 1 + fi + else + git -C "${uboot_dir}" pull || touch build_error + if [ -f build_error ]; then + printf \ + "ERROR: %s: Problem with git-pull. Network issue?\n" \ + "download/u-boot" + return 1 + fi + fi + + git -C "${uboot_dir}" reset --hard ${uboot_revision} || \ + touch build_error + if [ -f build_error ]; then + printf \ + "ERROR: %s: Unable to reset to commit ID/tag '%s' for board '%s' on tree '%s'\n" \ + "download/u-boot" "${uboot_revision}" "${1}" "${uboot_dir}" + return 1 + fi +} + +strip_comments() +{ + file="$1" + # Remove comments + sed 's/#.*//' "${file}" | \ + # Remove lines composed of whitespaces only + sed '/^\W\+$/d' | \ + # Remove empty lines + sed '/^$/d' +} + +printf "Downloading u-boot and (if exist in build system) applying patches\n" +downloadfor + +rm -f "build_error" +printf "\n\n" + +if [ "${deleteblobs}" = "true" ]; then + bloblist="resources/u-boot/default/blobs.list" + + for blob_path in $(strip_comments "${bloblist}"); do + if echo "${blob_path}" | grep '/$' 2>&1 >/dev/null ; then + printf "Deleting blob directory: '%s/%s'\n" \ + "${uboot_dir}" "${blob_path}" + rm -rf "${uboot_dir}/${blob_path}" + else + printf "Deleting blob file: '%s/%s'\n" \ + "${uboot_dir}" "${blob_path}" + rm -f "${uboot_dir}/${blob_path}" + fi + done +fi +exit 0 diff --git a/resources/u-boot/default/blobs.list b/resources/u-boot/default/blobs.list new file mode 100644 index 0000000..ec6c20e --- /dev/null +++ b/resources/u-boot/default/blobs.list @@ -0,0 +1,185 @@ +arch/x86/dts/microcode/ + +# The license is nonfree because it contains the following: "Reverse +# engineering, decompilation, or disassembly of this software is not +# permitted." +Licenses/r8a779x_usb3.txt +drivers/usb/host/xhci-rcar-r8a779x_usb3_v3.h + +# The documentation contains instructions to download and install nonfree +# software. Note that if a board doesn't have such instructions it doesn't +# necessarily means that it can boot with only free software and viceversa. + +########### +# Amlogic # +########### +# Amlogic SOCs Usually have various nonfree components, like the first stages +# of the bootloaders and code that runs in TrustZone. They are most likely +# not signed. +# --------- +# TODO: List the nonfree software of specific documentation +doc/board/amlogic/beelink-gtkingpro.rst +doc/board/amlogic/beelink-gtking.rst +doc/board/amlogic/index.rst +doc/board/amlogic/khadas-vim2.rst +doc/board/amlogic/khadas-vim3l.rst +doc/board/amlogic/khadas-vim3.rst +doc/board/amlogic/khadas-vim.rst +doc/board/amlogic/libretech-ac.rst +doc/board/amlogic/libretech-cc.rst +doc/board/amlogic/nanopi-k2.rst +doc/board/amlogic/odroid-c2.rst +doc/board/amlogic/odroid-c4.rst +doc/board/amlogic/odroid-n2.rst +doc/board/amlogic/p200.rst +doc/board/amlogic/p201.rst +doc/board/amlogic/p212.rst +doc/board/amlogic/q200.rst +doc/board/amlogic/s400.rst +doc/board/amlogic/sei510.rst +doc/board/amlogic/sei610.rst +doc/board/amlogic/u200.rst +doc/board/amlogic/w400.rst +doc/board/amlogic/wetek-core2.rst + +######### +# Linux # +######### +# Has intructions to build Linux which is not FSDG compliant. +# TODO: Use linux-libre instead, especially because documentation about vboot +# could be interesting to have. Vboot is a chain of trust that can work with +# only free software. The hardware root of trust can be created by booting on +# a flash chip whose security registers are configured to set the first +# bootloader component read-only. +doc/uImage.FIT/beaglebone_vboot.txt +# Steers very strongly users into using Linux as it shows that the only tested +# kernels are Broadcom forks of Linux. We would need to have linux-libre +# versions of these or test it with stock linux-libre instead. +doc/README.bcm7xxx + +############ +# Mediatek # +############ +# The instructions uses binaries that lack any corresponding source code. +doc/README.mediatek + +############# +# NXP I.MX8 # +############# +# I.MX8 SOCs require a nonfree firmware for the DDR4 controller. In some +# documentation, I didn't find that requirement mentioned, but instead +# there are still nonfree files mentioned. So I assume that they might +# somehow contain code for that nonfree DDR4 controller, but it might be +# worth checking if it's the case or not. The DDR4 controller firmware is not +# signed. In addition the I.MX8 HDMI controller requires a signed firmware. +# ----------- +# nonfree DDR4 controller firmware +doc/board/freescale/imx8mp_evk.rst +# nonfree DDR4 controller and HDMI firmwares +doc/board/freescale/imx8mq_evk.rst +# nonfree DDR4 controller firmware +doc/board/freescale/imx8mn_evk.rst +# nonfree imx-sc-firmware-1.2.7.1.bin and imx-seco-2.3.1.bin firmwares +doc/board/freescale/imx8qxp_mek.rst +# nonfree DDR4 controller firmware +doc/board/freescale/imx8mm_evk.rst +# nonfree imx-sc-firmware-1.1.bin and firmware-imx-8.0.bin firmwares +doc/board/advantech/imx8qm-rom7720-a1.rst +# TODO +doc/board/verdin-imx8mm.rst +doc/board/toradex/colibri-imx8x.rst +doc/board/toradex/apalix-imx8x.rst +doc/board/toradex/apalix-imx8.rst + +####################### +# NXP nonfree srktool # +####################### +# The SRK tool is a tool that is involved in one way or another with +# authenticated or encrypted boot. I'm unsure if free software replacements +# exists or if could easily be replaced with a free software implementation. +# In any case the I.MX6 and I.MX5 can proabably be setup for encrypted or +# authenticated boot with free software tools. The first and second versions +# of the USB Armory has documentation on how to do that. +# --------------------- +doc/imx/board/toradex/colibri_imx7.rst +doc/imx/habv4/introduction_habv4.txt + +################## +# Samsung Exynos # +################## +# The instructions makes users nonfree components like a nonfree first stage +# bootloaders, and nonfree code that runs in TrustZone. +doc/README.odroid +# The instructions makes its users download an image and update u-boot in that +# image. Because of that, it's extremely likely that the images contains +# nonfree components that cannot even be redistributed in another form, and +# that the instructions uses that images because of that. +doc/README.s5p4418 + +##################### +# Texas Instruments # +##################### +# Users are expected to use nonfree tools and even sign an NDA to get access +# to them. +doc/README.ti-secure + +########### +# Unknown # +########### +# Everything looks free software, but the code still needs to be reviewed. +doc/board/microchip/mpfs_icicle.rst +# OP-TEE is under a free software license but its code needs to be reviewed. +doc/README.tee +# The tutorial has instructions to download a downstream u-boot, so it might +# have the same issues than u-boot itself if the u-boot is recent enough. +doc/chromium/run_vboot.rst + +####### +# x86 # +####### +# Unless the computer is supported by Libreboot, or that u-boot runs after +# some other nonfree boot software like a BIOS or UEFI, it's unlikely to be +# able to run with only free software. Though I'm pretty sure that some +# exceptions do exists, but they are probably not supported by u-boot. +# ----- +# nonfree Management Engine firmware, RAM intialization code, and video BIOS +doc/board/google/chromebook_link.rst +# nonfree SDRAM and hardware intialization code +doc/board/google/chromebook_coral.rst + +# nonfree FSP, video BIOS, Management Engine firmware +doc/board/intel/minnowmax.rst +# nonfree FSP, Chipset Micro Code (CMC), microcode +doc/board/intel/crownbay.rst + +# TODO: check +# board/intel/edison.rst +# Steers userstoward using nonfree FSP +board/intel/slimbootloader.rst + +# Steers users and developers toward using nonfree FSP +doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-m.txt + +# Steers users and developers toward using nonfree FSP +doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-s.txt + +############ +# Rockchip # +############ +# rkbin binaries without license nor source code +doc/board/rockchip/rockchip.rst + +# TODO: check the following files +# imx/common/mxs.txt +# README.armada-secureboot +# README.fdt-control +# README.fsl-ddr +# README.m54418twr +# README.marvell +# README.mpc85xxcds +# README.mpc85xx-sd-spi-boot +# README.OFT +# README.rmobile +# README.rockchip +# README.rockusb +# README.socfpga