While the FAM12H SMU firmware is under a free license, as the
F12NbSmuFirmware.h contains the following copyright header:
* Copyright (c) 2011, Advanced Micro Devices, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Advanced Micro Devices, Inc. nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
we also lack the corresponding source code.
Since AMD Family 12H was removed upstream, and that GNU Boot doesn't
support any computers with this CPU family, it's easier to remove the
file than to try to fix the issue in some other way.
Reported-by: Leah Rowe <info@minifree.org>
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
The file contains the following copyright header:
// This file contains an 'Intel Peripheral Driver' and is
// licensed for Intel CPUs and chipsets under the terms of your
// license agreement with Intel or your vendor. [...]
[...]
// Copyright (c) 2010-2013 Intel Corporation. All rights reserved
// This software and associated documentation (if any) is furnished
// under a license and may only be used or copied in accordance
// with the terms of the license. Except as permitted by such
// license, no part of this software or documentation may be
// reproduced, stored in a retrieval system, or transmitted in any
// form or by any means without the express written consent of
// Intel Corporation.
While there is also many contradicting statements like this one in
src/soc/intel/fsp_baytrail/Kconfig:
## This file is part of the coreboot project.
##
## Copyright (C) 2011 The ChromiumOS Authors. All rights reserved.
## Copyright (C) 2013-2014 Sage Electronic Engineering, LLC.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
The baytrail FSP was added in Coreboot by the commit
954f3882f1ea8512de9a5a6a38569c36bffae405 ("Add the Bay Trail FSP
include & srx directories") by Martin Roth, proably not on behalf on
Intel.
The commit also contains an email address from Martin Roth with the
se-eng.com domain (from Sage Electronic Engineering) and doesn't
contain any email address related to Intel. This increase the
probability that Intel wasn't involved in adding the Bay Trail FSP to
Coreboot.
Because of the (strong) doubts, the fact that the Bay Trail FSP was
also removed upstream and that GNU Boot doesn't support computers with
Intel Bay Trail, it's easier to just remove the nonfree software.
Reported-by: Leah Rowe <info@minifree.org>
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
This was introduced in ARM trusted firmware in the commit
c76631c52b0b1550ff182c177555485700274314 ("rockchip: include hdcp.bin
and declare hdcp key decryption handler").
The hdcp.bin file contains code as it is included inside one of the
arm-trusted-firmware drivers with the following code:
__asm__(
".pushsection .text.hdcp_handler, \"ax\", %progbits\n"
".global hdcp_handler\n"
".balign 4\n"
"hdcp_handler:\n"
".incbin \"" __XSTRING(HDCPFW) "\"\n"
".type hdcp_handler, %function\n"
".size hdcp_handler, .- hdcp_handler\n"
".popsection\n"
);
The same file that contains the above code has the following copyright header:
* Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
This conflicts with the message of the commit mentioned above:
For some reason, HDCP key decrytion can't open source in ATF, so we
build it as hdcp.bin. Besides declare the handler for decrypting.
and we also have missing corresponding source code.
Because of the lack of source code, and the fact that GNU Boot doesn't
support computers with RK3399 yet, it's easier to remove the hdcp.bin
firmware than to pursue other ways to fix the issue.
Reported-by: Leah Rowe <info@minifree.org>
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
neox: fixed "file file" typo in commit message
Acked-by: Adrien Bourmault <neox@gnu.org>
The test data consists mostly in nonfree boot firmware images. The
images contain nonfree binaries like for instance microcode updates
without complete and corresponding source code.
As more and more boot firmware images are added over time it's a good
idea to just remove everything in that directory to make sure that we
don't ship nonfree software from that directory again, while also
lowering the maintenance costs.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
For some reason, 'make release' produces the following files:
- release/roms/gnuboot-lbwww-20211122-328-gafe01fb_default.tar.xz
- release/roms/gnuboot-lbwww-20211122-328-gafe01fb_fam15h_rdimm.tar.xz
- release/roms/gnuboot-lbwww-20211122-328-gafe01fb_fam15h_udimm.tar.xz
This commit works around that issue.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
We also need to check if we have all the files and no superfluous
files inside the released archives.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
This has several goals:
- It checks if the test works fine and if someone forgot to add some
files.
- It checks if the build system produces files that it should not
produce due to some bugs.
- It can also check if some leftover files are there from previous
builds. This can help avoiding pushing wrong files as part as a
release.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
This makes sure that the release at least has all the expected files.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Without that fix building images with make release or './build release
all' results in the following error:
[...]
Built lenovo/t400 (ThinkPad R400)
make[1]: Leaving directory '/home/gnutoo/gnuboot/coreboot/default'
Creating new ROM image: bin/r400_16mb/seabios_withgrub_r400_16mb_libgfxinit_corebootfb_colemak.rom
Usage:
./build <TASK> <PACKAGE>
./build --help
[...]
Refer to the gnuboot documentation for more information.
Error: Invalid task 'descriptors'.
Error: See './build --help'.
Error: build/roms: something went wrong
make: *** [Makefile:47: release] Error 1
This was broken by the commit 857afa42a8
("Switch to packages structure.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Since we use untitled as well it's a good practice to release its
corresponding source code as well to make sure people can rebuild the
website in case upstream disapear.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
This was broken from the start in the commit
fe28bc3c82 ("dependencies: move into
single package.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
This was broken by the commit 8f3d30f809
("dependencies: rename debian in pureos-10.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
This was broken from the start in the commit
fe28bc3c82 ("dependencies: move into
single package.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The "$(dirname $0)"/../dependencies/ directory is the same as
"$(dirname $0)".
So when running the script we have:
# ./resources/packages/dependencies/install
./resources/packages/dependencies/install: 49:
./resources/packages/dependencies/../dependencies/arch: not found
This was broken from the start in the commit
fe28bc3c82 ("dependencies: move into
single package.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Without that fix, running ./resources/packages/dependencies/install
prints the help and does not do any dependency installation.
This was broken from the start in the commit
fe28bc3c82 ("dependencies: move into
single package.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Several scripts in the SeaBIOS source code used during its build use
'#!/usr/bin/env python' but there is no 'python' when installing
Trisquel through debootstrap.
So to fix that we simply add the python-is-python3 package which
creates the /usr/bin/python symlink and points it to python3.
This work is based on the commit
eeddd2b610 ("build/dependencies: debian:
adding python-is-python3 to build seabios properly").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Without that fix 'make release' fails with the following error:
checking for mkdir... mkdir
checking for pandoc... no
configure: error: pandoc was not found in PATH
(/usr/local/bin:/usr/bin:/bin:/usr/games)
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The 'make release' or './build release all' commands build releases of
GNU Boot that consist of installable images and the upstream source
code used to build them.
The u-boot-libre package is instead meant to follow different release
schedules as it releases deblobbed versions of various u-boot releases
for reuse by distributions like Parabola.
Before the commit 857afa42a8 ("Switch to
packages structure.") users were expected to run the release script of
u-boot-libre separately but after it it ended up being run
automatically as part of 'make release' or ./build release all.
Renaming this script ensure that it's not run during regular releases.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
After installing Guix with the following command on PureOS 10
(byzantium) with the following command:
$ sudo pkcon -y --allow-reinstall install guix
we have:
$ ./resources/dependencies/guix
./resources/dependencies/guix: 91: .:
cannot open [$HOME]/.config/guix/current/etc/profile: No such file
This should fix it.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Without that fix we have the following issue on PureOS byzantium:
$ resources/packages/coreboot/distclean
resources/packages/coreboot/distclean: 19:
resources/packages/coreboot/../../scripts/tasks/distclean.sh:
Bad substitution
resources/packages/coreboot/distclean: 20: .:
cannot open /../../..//resources/scripts/misc/sysexits.sh:
No such file
This happens because packages/coreboot/distclean uses #!/bin/sh and
that the default sh shell isn't using bash:
$ readlink $(which sh)
dash
and using bash instead works fine:
$ bash resources/packages/coreboot/distclean ; echo $?
0
all the other distclean scripts in packages/*/ have exactly the same
issue. The tests/distlean script is also affected since it also
sources the distclean task.
So we use #!/usr/bin/env bash as it work with both Guix and regular
more or less FHS compliant distributions.
This issue was introduced by the commit
c7e28dc660 ("packages: Add distclean").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
In Trisquel 10 (nabia) there is no lib32ncurses5-dev package anymore.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
In Trisquel 10 (nabia) there is no lib32tinfo-dev package anymore.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
If wget isn't installed and that we install it, it works fine:
# pkcon -y --allow-reinstall install wget
Resolving [=========================]
Installing [=========================]
Loading cache [=========================]
Running [=========================]
Installing packages [=========================]
Finished [=========================]
But then if we try again it fails because it's already installed:
# pkcon -y --allow-reinstall install wget
Resolving [=========================]
Package not found: wget
Command failed: This tool could not find any available package: No
packages were found
So for now we need to workaround this issue.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
We can't require contributors to install Debian as it has freedom
issues[1] but for contributors, installing PureOS is easier since
it's at least FSDG compliant[2]. So it makes sense to show that
PureOS is the primary target here.
This is also reflected in the reality as the current GNU Boot
maintainers already installed PureOS 10 inside virtual machines
and/or containers to test this script and build the GNU Boot 0.1
RC1 release.
[1]https://www.gnu.org/distros/common-distros.html#Debian
[2]https://www.gnu.org/distros/free-distros.html
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
We can't require contributors to install Ubuntu as it has freedom
issues[1] but for contributors, installing Trisquel is easier since
it's at least FSDG compliant[2]. So it makes sense to show that
Trisquel is the primary target here.
This is also reflected in the reality as the current GNU Boot
maintainers already installed Trisquel 10 inside virtual machines
and/or containers to test this script.
[1]https://www.gnu.org/distros/common-distros.html#Ubuntu
[2]https://www.gnu.org/distros/free-distros.html
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
In PureOS 10 (byzantium) there is no lib32ncurses5-dev package anymore.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
In PureOS 10 (byzantium) there is no lib32tinfo-dev package anymore,
so running the debian dependency script fails with:
Package not found: lib32tinfo-dev
Command failed: This tool could not find any available package: No
packages were found
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Without that fix already the installation script fails on PureOS when
some packages are already installed :
# ./resources/dependencies/debian
[...]
[...] Package not found: wget
[...] Command failed: The selected packages may already be installed.
Since most other dependencies installation scripts also use
PackageKit, they are likely to behave in the same way and so we also
apply the same fix.
This was broken by the commit 0f74569af0
("dependencies: switch arch, debian, fedora35, ubuntu2004 to
packagekit").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The website-build code already uses guix by default. Given that it
also requires a specific Guix revision to workaround an issues with
pandoc, it's a good idea to help users easily install Guix.
PureOS Byzantium has a package for Guix 1.2.0, so if users install
that they will need to update it at least to Guix 1.4.0 to have the
same Guix commands.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Void was not migrated to PackageKit because there is no backend for
xbps in it.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
This can simplify the overal structure of GNU Boot as we don't need to
compute some git tag everytime in the code.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
It is possible to install GNU Boot on I945 Thinkpads without opening
the computer even if the nonfree bios sets the bootblock region (the
last 64K of the flash chip) read-only.
The flash chip looks like that:
+----- -----+---------------------------+-------------------------+
| ... | Secondary bootblock (64k) | Primary bootblock (64k) |
+----- -----+---------------------------+-------------------------+
0 0x1e0000 2MiB
To bypass the read-only restriction we use an utility (bucts) that
tells the hardware to swap the primary bootblock with the secondary
one for the next boot. We then have to disable that swap and reflash
again.
CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK generates the two bootblocks
directly in coreboot so we don't need to use special commands to do
that anymore.
In addition the MacBook 1.1 and 2.1 are known not to have such
read-only restrictions so they don't need to have
CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK enabled.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The arch, debian and ubuntu2005 packages names were respectively
checked on Parabola, PureOS byzantium and Trisquel 11.
The fedora35 and void packages were checked using the Fedora and Void
Linux online package databases.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The various scripts present in GNU Boot are very fragile, so it's a
good idea to have a pristine GNU Boot source code for making releases.
The issue is that 'git clean -dfx' doesn't remove existing git
repositories like coreboot/ grub/ etc, so we need additional code to
take care of that.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
This commit corrects linelength (this should have no functional impact)
and adds exit codes (sysexit.sh)
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
neox: wrote the commit message
This should contain no functional modifications.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
neox: wrote the commit message
Having an {arch,debian,fedora35,ubuntu2004,void} GNU Boot package
looked strange. Having a dependencies package instead makes more
sense.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The various build scripts are scattered around in multiple
places. This make it hard for contributors to understand what they
need to modify.
Most GNU Boot users are interested in running GNU/Linux or BSD
operating systems. And the way to install software on these
operating systems is through a package manager. So most users and
contributors already know the package manager abstraction.
So using that abstraction makes it easier to find where things are.
The scripts to install dependencies don't really fit the new structure
but for now we move them in to make sure that everything works
fine. This could be fixed later on and migrated to a single
dependencies packages by auto-detecting the distribution with
/etc/os-release.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Signed-off-by: Adrien 'neox' Bourmault <neox@gnu.org>
While that microcode is licensed under a permissive free software
license we don't have any corresponding source code, so until someone
produces that source code we need to treat it as nonfree software.
This issue was introduced by the commit the
f7c0fec698 ("coreboot/fam15h: update
code base, deblob, unset CONFIG_STM (see bug #64535)") and is also
present in GNU Boot 0.1 RC1.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The files were sorted with the sort command.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The configuration is based on the one in resources/coreboot/x60/.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
In coreboot this build option is used to download nonfree software so
they can be included later on in the builds.
It doesn't necessarily means that nonfree software ends up in the
images but it is way easier and safer to disable that than having to
audit precisely what happen for each computer and build configuration.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Full build tested on PureOS.
Tested-by: Adrien 'neox' Bourmault <neox@gnu.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>