From 0f9d3ccbec1d3d02743480f51d7a85391cbe9198 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Wed, 7 Aug 2024 15:03:25 +0200 Subject: [PATCH 01/58] tests: add pre-commit fixes Signed-off-by: Daniil Klimuk --- tests/README.md | 52 ++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tests/README.md b/tests/README.md index 1af5fc04..5c78f577 100644 --- a/tests/README.md +++ b/tests/README.md @@ -32,11 +32,11 @@ robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no dts/dts-tests.ro ### Running manually 1. Boot the latest DTS image in QEMU. Recommended steps: - - start QEMU according to - [OSFV documentation](https://github.com/Dasharo/open-source-firmware-validation/blob/develop/docs/qemu.md#booting) + + start QEMU according to [OSFV + documentation](https://github.com/Dasharo/open-source-firmware-validation/blob/develop/docs/qemu.md#booting) (use `os` switch, not `firmware`) - - enable network boot and boot into DTS via iPXE - - enable SSH server (option `8` in main menu) + + enable network boot and boot into DTS via iPXE + + enable SSH server (option `8` in main menu) 1. Deploy updated scripts and tests into qemu @@ -46,7 +46,7 @@ robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no dts/dts-tests.ro 1. Execute desired test as described in below section. E.g.: - ```shell + ```bash ssh -p 5222 root@127.0.0.1 export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.7.2" TEST_DES=y DES_TYPE="heads" && dts-boot @@ -76,7 +76,7 @@ export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" ``` Expected output: - - heads fw should be offered + + heads fw should be offered 1. Dasharo v1.7.2 on NV4x_PZ eligible for updates to heads without DES (regular update only): @@ -86,7 +86,7 @@ export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" ``` Expected output: - - no update should be offered + + no update should be offered 1. Dasharo v1.6.0 on NV4x_PZ not eligible for updates to heads with heads DES (regular update only): @@ -96,8 +96,8 @@ export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" ``` Expected output: - - UEFI fw update should be offered (this is too old release to transition to - heads directly, need to flash latest UEFI fw first) + + UEFI fw update should be offered (this is too old release to transition to + heads directly, need to flash latest UEFI fw first) 1. Dasharo v1.6.0 on NV4x_PZ not eligible for updates to heads without heads DES (regular update only): @@ -107,7 +107,7 @@ export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" ``` Expected output: - - UEFI fw update should be offered + + UEFI fw update should be offered 1. Dasharo heads v0.9.0 on NV4x_PZ eligible for updates to heads with heads DES and switch back (heads updates): @@ -117,8 +117,8 @@ export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" ``` Expected output: - - migration to UEFI should be offered first - - if we say `n` to switch, heads update should be offered + + migration to UEFI should be offered first + + if we say `n` to switch, heads update should be offered 1. Dasharo heads v0.9.0 on NV4x_PZ without DES switch back, no heads updates: @@ -127,8 +127,8 @@ export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" ``` Expected output: - - migration to UEFI should be offered first - - if we say `n` to switch, no heads update should be offered + + migration to UEFI should be offered first + + if we say `n` to switch, no heads update should be offered Another case is to edit `dts-functions.sh` and set `DASHARO_REL_VER` to `v1.7.3` to detect possible regular firmware updates and `HEADS_REL_VER_DES` @@ -206,8 +206,8 @@ export BOARD_VENDOR="Micro-Star International Co., Ltd." SYSTEM_MODEL="MS-7E06" ``` Expected output: - - migration to UEFI should be offered first - - if we say `n` to switch, no heads (no more recent update available yet) + + migration to UEFI should be offered first + + if we say `n` to switch, no heads (no more recent update available yet) 1. Dasharo heads v0.9.0 on MS-7E06 without DES switch back, no heads updates (regular update and switch-back only through regular DES, no community @@ -218,8 +218,8 @@ export BOARD_VENDOR="Micro-Star International Co., Ltd." SYSTEM_MODEL="MS-7E06" ``` Expected output: - - should print info on DES availability in the shop - - migration to UEFI should be offered + + should print info on DES availability in the shop + + migration to UEFI should be offered ### PC Engines @@ -234,8 +234,8 @@ export BOARD_VENDOR="PC Engines" SYSTEM_MODEL="APU2" BOARD_MODEL="APU2" ``` Expected output: - - no DES - no deployment should be offered - - info on DES availailbity in the shop should be shown + + no DES - no deployment should be offered + + info on DES availailbity in the shop should be shown 1. Initial deployment from legacy firmware (UEFI DES credentials) @@ -244,8 +244,8 @@ export BOARD_VENDOR="PC Engines" SYSTEM_MODEL="APU2" BOARD_MODEL="APU2" ``` Expected output: - - UEFI deployment should be offered - - info on DES availailbity in the shop should not be shown + + UEFI deployment should be offered + + info on DES availailbity in the shop should not be shown 1. Initial deployment from legacy firmware (seabios DES credentials) @@ -254,8 +254,8 @@ export BOARD_VENDOR="PC Engines" SYSTEM_MODEL="APU2" BOARD_MODEL="APU2" ``` Expected output: - - Seabios deployment should be offered - - info on DES availailbity in the shop should not be shown + + Seabios deployment should be offered + + info on DES availailbity in the shop should not be shown 1. Initial deployment from legacy firmware (correct DES credentials) @@ -264,5 +264,5 @@ export BOARD_VENDOR="PC Engines" SYSTEM_MODEL="APU2" BOARD_MODEL="APU2" ``` Expected output: - - seabios deployment should be offered - - info on DES availailbity in the shop should not be shown + + seabios deployment should be offered + + info on DES availailbity in the shop should not be shown From cb60fb22faeba36d19bb519f09b4bfa92b71b6dd Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 8 Aug 2024 11:24:31 +0200 Subject: [PATCH 02/58] reports: dasharo-hcl-report: delete surplus definition CMD_DASHARO_DEPLOY is already defined in /usr/sbin/dts-environment.sh which is included at the beginning of the dasharo-hcl-report script. Signed-off-by: Daniil Klimuk --- reports/dasharo-hcl-report | 2 -- 1 file changed, 2 deletions(-) diff --git a/reports/dasharo-hcl-report b/reports/dasharo-hcl-report index d27adb86..a5deb159 100755 --- a/reports/dasharo-hcl-report +++ b/reports/dasharo-hcl-report @@ -50,8 +50,6 @@ update_result() { fi } -CMD_DASHARO_DEPLOY="/usr/sbin/dasharo-deploy" - if [ "$(id -u)" -ne 0 ]; then echo "This script must be started as root!" exit 1 From b1202bfa4e07a6e408e2867727673e87fef6e973 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 8 Aug 2024 11:47:30 +0200 Subject: [PATCH 03/58] add missing shellcheck source statements Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 1 + scripts/ec_transition | 2 ++ 2 files changed, 3 insertions(+) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 1b254812..83a7889d 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -7,6 +7,7 @@ # shellcheck disable=SC2034 # shellcheck source=../include/dts-environment.sh source $DTS_ENV +# shellcheck source=../include/dts-subscription.sh source $DTS_SUBS ### Color functions: diff --git a/scripts/ec_transition b/scripts/ec_transition index a22e4c8e..bea106da 100644 --- a/scripts/ec_transition +++ b/scripts/ec_transition @@ -4,7 +4,9 @@ # # SPDX-License-Identifier: Apache-2.0 +# shellcheck source=../include/dts-environment.sh source $DTS_ENV +# shellcheck source=../include/dts-functions.sh source $DTS_FUNCS board_config() { From 43ce343a033a73c997d4ea085b4608b2a678c71b Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Fri, 9 Aug 2024 12:34:25 +0200 Subject: [PATCH 04/58] include: dts-functions: add QEMU q35 configuration QEMU q35 will use UEFI Capsule Update only. Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 51 +++++++++++++++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 6 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 83a7889d..82c87b98 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -818,11 +818,7 @@ board_config() { shopt -u nocasematch ;; "HARDKERNEL") - HAVE_EC="false" - NEED_EC_RESET="false" NEED_SMBIOS_MIGRATION="true" - NEED_BLOB_TRANSMISSION="false" - PROGRAMMER_BIOS="internal" case "$SYSTEM_MODEL" in "ODROID-H4") @@ -837,9 +833,52 @@ board_config() { esac BIOS_LINK_DPP="$FW_STORE_URL_DPP/$DASHARO_REL_NAME/v$DASHARO_REL_VER_DPP/${DASHARO_REL_NAME}_v$DASHARO_REL_VER_DPP.rom" - BIOS_HASH_LINK_DPP="${BIOS_LINK_DPP}.sha256" - BIOS_SIGN_LINK_DPP="${BIOS_LINK_DPP}.sha256.sig" ;; + "Emulation") + case "$SYSTEM_MODEL" in + "QEMU x86 q35/ich9") + case "$BOARD_MODEL" in + "QEMU x86 q35/ich9") + # Update type: + USE_CAPSULE_UPDATE="true" + # Download and versioning variables: + DASHARO_REL_NAME="qemu_q35" + DASHARO_REL_VER="v0.2.0" + # Only community version is supported for now: + DASHARO_REL_VER_DPP="" + BIOS_LINK_COMM="${FW_STORE_URL}/${DASHARO_REL_NAME}/${DASHARO_REL_VER}/${DASHARO_REL_NAME}_${DASHARO_REL_VER}.rom" + BIOS_HASH_LINK_COMM="${BIOS_LINK_COMM}.sha256" + BIOS_SIGN_LINK_COMM="${BIOS_LINK_COMM}.sha256.sig" + # Only community version is supported for now: + BIOS_LINK_DPP="" + BIOS_HASH_LINK_DPP="" + BIOS_SIGN_LINK_DPP="" + + # Platform configuration variables: + HAVE_HEADS_FW="false" + HAVE_EC="false" + NEED_EC_RESET="false" + # Migrations should be handled by capsule drivers. FIXME: this + # should be rechecked and appropriate migration functions should + # be modified so not to migrate the below regions if capsule + # update is being used. + NEED_SMBIOS_MIGRATION="false" + NEED_SMMSTORE_MIGRATION="false" + NEED_BOOTSPLASH_MIGRATION="false" + NEED_BLOB_TRANSMISSION="false" + NEED_ROMHOLE_MIGRATION="false" + # Capsule update is being used for this platform, no need to set + # programmers for flashrom. TODO: maybe flashromm will be used for + # backing up firmware to .rom files before applying the updates. + PROGRAMMER_BIOS="" + PROGRAMMER_EC="" + ;; + *) + print_error "Board model $BOARD_MODEL is currently not supported" + return 1 + ;; + esac + ;; *) print_error "Board vendor: $SYSTEM_VENDOR is currently not supported" return 1 From 423221471dcd9c0db4cea6c252d236d0e07a0e00 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 19 Aug 2024 12:07:58 +0200 Subject: [PATCH 05/58] include: dts-functions: clean up platforms configuration Configurations of all supported platforms are done inside board_config function as switch/case Bash statements. The list of supported platforms has grown a lot since then, and the function became unreadable, so adding and managing configurations became difficult and error-prone. This commit adds some default configuration values as well as tries to reuse some configuration code. Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 108 ++++++--- include/dts-functions.sh | 429 +++++++++++------------------------- include/dts-subscription.sh | 22 +- 3 files changed, 209 insertions(+), 350 deletions(-) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index a94c6dfd..581c3389 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -13,15 +13,22 @@ YELLOW='\033[0;33m' GREEN='\033[0;32m' BLUE='\033[0;36m' -# DPP options: +# DPP variables: DPP_SERVER_ADDRESS="https://dl.dasharo.com" DPP_SERVER_USER_ALIAS="premium" DPP_PACKAGE_MANAGER_DIR="/var/dasharo-package-manager" DPP_AVAIL_PACKAGES_LIST="$DPP_PACKAGE_MANAGER_DIR/packages-list.json" DPP_PACKAGES_SCRIPTS_PATH="$DPP_PACKAGE_MANAGER_DIR/packages-scripts" DPP_SUBMENU_JSON="$DPP_PACKAGES_SCRIPTS_PATH/submenu.json" +DPP_CREDENTIAL_FILE="/etc/cloud-pass" +FW_STORE_URL="${FW_STORE_URL_DEV:-https://dl.3mdeb.com/open-source-firmware/Dasharo}" +FW_STORE_URL_DPP="https://cloud.3mdeb.com/public.php/webdav" +CLOUD_REQUEST="X-Requested-With: XMLHttpRequest" +BASE_CLOUDSEND_LOGS_URL="39d4biH4SkXD8Zm" +BASE_CLOUDSEND_PASSWORD="1{\[\k6G" +DEPLOY_REPORT="false" -# DTS options: +# DTS menu options: HCL_REPORT_OPT="1" DASHARO_FIRM_OPT="2" REST_FIRM_OPT="3" @@ -42,20 +49,24 @@ SEND_LOGS_OPT_LOW="$(echo $SEND_LOGS_OPT | awk '{print tolower($0)}')" VERBOSE_OPT="V" VERBOSE_OPT_LOW="$(echo $VERBOSE_OPT | awk '{print tolower($0)}')" +# Hardware variables: SYSTEM_VENDOR="${SYSTEM_VENDOR:-$(dmidecode -s system-manufacturer)}" SYSTEM_MODEL="${SYSTEM_MODEL:-$(dmidecode -s system-product-name)}" BOARD_VENDOR="${BOARD_VENDOR:-$(dmidecode -s system-manufacturer)}" BOARD_MODEL="${BOARD_MODEL:-$(dmidecode -s baseboard-product-name)}" - CPU_VERSION="$(dmidecode -s processor-version)" + +# Firmware variables BIOS_VENDOR="${BIOS_VENDOR:-$(dmidecode -s bios-vendor)}" BIOS_VERSION="${BIOS_VERSION:-$(dmidecode -s bios-version)}" DASHARO_VERSION="$(echo $BIOS_VERSION | cut -d ' ' -f 3 | tr -d 'v')" DASHARO_FLAVOR="$(echo $BIOS_VERSION | cut -d ' ' -f 1,2)" -# path to temporary files, created while deploying or updating Dasharo firmware -BIOS_UPDATE_FILE="/tmp/biosupdate.rom" -EC_UPDATE_FILE="/tmp/ecupdate.rom" +# Paths to temporary files, created while deploying or updating Dasharo +# firmware, are used globally for both: updating via binaries and via UEFI +# Capsule Update. +BIOS_UPDATE_FILE="/tmp/biosupdate" +EC_UPDATE_FILE="/tmp/ecupdate" BIOS_HASH_FILE="/tmp/bioshash.sha256" EC_HASH_FILE="/tmp/echash.sha256" BIOS_SIGN_FILE="/tmp/biossignature.sig" @@ -65,10 +76,6 @@ RESIGNED_BIOS_UPDATE_FILE="/tmp/biosupdate_resigned.rom" SYSTEM_UUID_FILE="/tmp/system_uuid.txt" SERIAL_NUMBER_FILE="/tmp/serial_number.txt" -# default value for flash chip related information -FLASH_CHIP_SELECT="" -FLASH_CHIP_SIZE="" - # dasharo-deploy backup cmd related variables, do we still use and need this as # backup is placed in HCL? ROOT_DIR="/" @@ -77,14 +84,14 @@ FW_BACKUP_DIR="${ROOT_DIR}${FW_BACKUP_NAME}" FW_BACKUP_TAR="${FW_BACKUP_DIR}.tar.gz" FW_BACKUP_TAR="$(echo "$FW_BACKUP_TAR" | sed 's/\ /_/g')" -# path to system files +# Paths to system files ERR_LOG_FILE="/var/local/dts-err.log" FLASHROM_LOG_FILE="/var/local/flashrom.log" FLASH_INFO_FILE="/tmp/flash_info" OS_VERSION_FILE="/etc/os-release" KEYS_DIR="/tmp/devkeys" -# path to system commands +# Paths to system commands CMD_POWEROFF="/sbin/poweroff" CMD_REBOOT="/sbin/reboot" CMD_SHELL="/bin/bash" @@ -93,34 +100,67 @@ CMD_NCMENU="/usr/sbin/novacustom_menu" CMD_DASHARO_DEPLOY="/usr/sbin/dasharo-deploy" CMD_CLOUD_LIST="/usr/sbin/cloud_list" CMD_EC_TRANSITION="/usr/sbin/ec_transition" - -# default values for flashrom programmer -FLASHROM="${FLASHROM:-flashrom}" -PROGRAMMER_BIOS="internal" -PROGRAMMER_EC="ite_ec" - DASHARO_ECTOOL="${DASHARO_ECTOOL:-dasharo_ectool}" +FLASHROM="${FLASHROM:-flashrom}" -# variables defining Dasharo specific entries in DMI tables, used to check if -# Dasharo FW is already installed +# Configuration variables declaration and default values (see dts-functions.sh/ +# board_config function for more inf.): +# Versions and names: +declare DASHARO_REL_NAME +declare DASHARO_REL_VER +declare DASHARO_REL_VER_DPP +declare HEADS_REL_VER_DPP +declare DASHARO_REL_VER_DPP_SEABIOS +declare COMPATIBLE_EC_FW_VERSION +# Links to files: +declare BIOS_LINK_COMM +declare BIOS_HASH_LINK_COMM +declare BIOS_SIGN_LINK_COMM +declare BIOS_LINK_DPP +declare BIOS_HASH_LINK_DPP +declare BIOS_SIGN_LINK_DPP +declare BIOS_LINK_DPP_SEABIOS +declare BIOS_HASH_LINK_DPP_SEABIOS +declare BIOS_SIGN_LINK_DPP_SEABIOS +declare EC_LINK_COMM +declare EC_HASH_LINK_COMM +declare EC_SIGN_LINK_COMM +declare EC_LINK_DPP +declare EC_HASH_LINK_DPP +declare EC_SIGN_LINK_DPP +declare HEADS_LINK_DPP +# Configs, are used in dasharo-deploy script: +CAN_INSTALL_BIOS="false" +HAVE_HEADS_FW="false" +HAVE_EC="false" +NEED_EC_RESET="false" +NEED_SMBIOS_MIGRATION="false" +NEED_SMMSTORE_MIGRATION="false" +NEED_BOOTSPLASH_MIGRATION="false" +NEED_BLOB_TRANSMISSION="false" +NEED_ROMHOLE_MIGRATION="false" +# Default flashrom parameters, may differ depending on a platform: +PROGRAMMER_BIOS="internal" +PROGRAMMER_EC="ite_ec:boardmismatch=force,romsize=128K,autoload=disable" +declare FLASHROM_ADD_OPT_UPDATE_OVERRIDE +declare HEADS_SWITCH_FLASHROM_OPT_OVERRIDE +# Platform-specific: +declare PLATFORM_SIGN_KEY + +# Other variables: +# Default values for flash chip related information: +declare FLASH_CHIP_SELECT +declare FLASH_CHIP_SIZE +# Default UEFI Capsule Update device: +CAP_UPD_DEVICE="/dev/efi_capsule_loader" +# Variables defining Dasharo specific entries in DMI tables, used to check if +# Dasharo FW is already installed: DASHARO_VENDOR="3mdeb" DASHARO_NAME="Dasharo" - -# most the time one flash chipset will be detected, for other cases (like for -# ASUS KGPE-D16) we will test the following list in check_flash_chip function +# Most the time one flash chipset will be detected, for other cases (like for +# ASUS KGPE-D16) we will test the following list in check_flash_chip function: FLASH_CHIP_LIST="W25Q64BV/W25Q64CV/W25Q64FV W25Q64JV-.Q W25Q128.V..M" -# Dasharo Supporters Entrance variables -DPP_credential_file="/etc/cloud-pass" -FW_STORE_URL="${FW_STORE_URL_DEV:-https://dl.3mdeb.com/open-source-firmware/Dasharo}" -FW_STORE_URL_DPP="https://cloud.3mdeb.com/public.php/webdav" -CLOUD_REQUEST="X-Requested-With: XMLHttpRequest" - -## base values -BASE_CLOUDSEND_LOGS_URL="39d4biH4SkXD8Zm" -BASE_CLOUDSEND_PASSWORD="1{\[\k6G" -DEPLOY_REPORT="false" - BASE_DTS_LOGS_URL="xjBCYbzFdyq3WLt" DTS_LOGS_PASSWORD="/w\J& ${DPP_credential_file} - echo ${TMP_CLOUDSEND_DOWNLOAD_URL} >> ${DPP_credential_file} - echo ${TMP_CLOUDSEND_PASSWORD} >> ${DPP_credential_file} + echo ${TMP_CLOUDSEND_LOGS_URL} > ${DPP_CREDENTIAL_FILE} + echo ${TMP_CLOUDSEND_DOWNLOAD_URL} >> ${DPP_CREDENTIAL_FILE} + echo ${TMP_CLOUDSEND_PASSWORD} >> ${DPP_CREDENTIAL_FILE} print_ok "Dasharo DPP credentials have been saved" } @@ -116,10 +116,10 @@ subscription_routine(){ # Each time the main menu is rendered, check for DPP credentials and export # them, if file exists - if [ -e "${DPP_credential_file}" ]; then - CLOUDSEND_LOGS_URL=$(sed -n '1p' < ${DPP_credential_file} | tr -d '\n') - CLOUDSEND_DOWNLOAD_URL=$(sed -n '2p' < ${DPP_credential_file} | tr -d '\n') - CLOUDSEND_PASSWORD=$(sed -n '3p' < ${DPP_credential_file} | tr -d '\n') + if [ -e "${DPP_CREDENTIAL_FILE}" ]; then + CLOUDSEND_LOGS_URL=$(sed -n '1p' < ${DPP_CREDENTIAL_FILE} | tr -d '\n') + CLOUDSEND_DOWNLOAD_URL=$(sed -n '2p' < ${DPP_CREDENTIAL_FILE} | tr -d '\n') + CLOUDSEND_PASSWORD=$(sed -n '3p' < ${DPP_CREDENTIAL_FILE} | tr -d '\n') export USER_DETAILS="$CLOUDSEND_DOWNLOAD_URL:$CLOUDSEND_PASSWORD" export DPP_IS_LOGGED="true" else From 3f02401b94be3f49c50bb3462a518d8c3d77ec1e Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 19 Aug 2024 14:59:43 +0200 Subject: [PATCH 06/58] include: dts-functions: erase DTS menu after entering shell Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 79f7a972..f0999f4c 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1532,6 +1532,7 @@ footer_options(){ return 0 ;; "${SHELL_OPT_UP}" | "${SHELL_OPT_LOW}") + clear echo "Entering shell, to leave type exit and press Enter or press LCtrl+D" echo "" send_dts_logs From 9fee55d2c9a0c784e6445192104b42330ef693d5 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 20 Aug 2024 11:30:01 +0200 Subject: [PATCH 07/58] scripts: dasharo-deploy: dont use hash variables in conditions Variables with links to hashes of the firmware binaries are always set, use variables with links to firmware binaries instead. Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 56169253..7a37e3db 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -21,17 +21,17 @@ ask_for_version() { echo "Please, select Dasharo firmware version to install" # -v: True if the shell variable varname is set (has been assigned a value). - if [ -v BIOS_HASH_LINK_COMM ]; then + if [ -v BIOS_LINK_COMM ]; then echo " c) Community version" fi - if [ -v BIOS_HASH_LINK_DPP ]; then + if [ -v BIOS_LINK_DPP ]; then if [ -v DPP_IS_LOGGED ]; then echo " d) DPP version (coreboot + UEFI)" else echo " DPP version (coreboot + UEFI) available, if you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" fi fi - if [ -v BIOS_HASH_LINK_DPP_SEABIOS ]; then + if [ -v BIOS_LINK_DPP_SEABIOS ]; then if [ -v DPP_IS_LOGGED ]; then echo " s) DPP version (coreboot + SeaBIOS)" else @@ -45,11 +45,11 @@ ask_for_version() { case ${OPTION} in c|C|comm|community|COMMUNITY|COMM|Community) - if [ -v BIOS_HASH_LINK_COMM ]; then + if [ -v BIOS_LINK_COMM ]; then BIOS_LINK=$BIOS_LINK_COMM BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM - if [ -v EC_HASH_LINK_COMM ]; then + if [ -v EC_LINK_COMM ]; then EC_LINK=$EC_LINK_COMM EC_HASH_LINK=$EC_HASH_LINK_COMM EC_SIGN_LINK=$EC_SIGN_LINK_COMM @@ -61,11 +61,11 @@ ask_for_version() { fi ;; d|D|dpp|DPP|Dpp) - if [ -v BIOS_HASH_LINK_DPP ]; then + if [ -v BIOS_LINK_DPP ]; then BIOS_LINK=$BIOS_LINK_DPP BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP - if [ -v EC_HASH_LINK_DPP ]; then + if [ -v EC_LINK_DPP ]; then EC_LINK=$EC_LINK_DPP EC_HASH_LINK=$EC_HASH_LINK_DPP # shellcheck disable=SC2034 @@ -78,7 +78,7 @@ ask_for_version() { fi ;; s|S|sea|seabios|SeaBIOS) - if [ -v BIOS_HASH_LINK_DPP_SEABIOS ]; then + if [ -v BIOS_LINK_DPP_SEABIOS ]; then BIOS_LINK=$BIOS_LINK_DPP_SEABIOS BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP_SEABIOS BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP_SEABIOS @@ -132,14 +132,14 @@ display_flashing_warning() { while : ; do echo "Following firmware will be used to install Dasharo" - if [ -v BIOS_HASH_LINK ]; then + if [ -v BIOS_LINK ]; then local _bios_hash _bios_hash="$(cat $BIOS_HASH_FILE | cut -d ' ' -f 1)" echo "Dasharo BIOS firmware:" echo " - link: $BIOS_LINK" echo " - hash: $_bios_hash" fi - if [ -v EC_HASH_LINK ]; then + if [ -v EC_LINK ]; then local _ec_hash _ec_hash="$(cat $EC_HASH_FILE | cut -d ' ' -f 1)" echo "Dasharo EC firmware:" From cee2d5b41fd47e4f2d40f27fa7a185c42aa139e4 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Wed, 21 Aug 2024 15:13:56 +0200 Subject: [PATCH 08/58] use test -n instead of test -v "test -v" checks whether a variable has been declared, it does not check its value. We sometimes use "unset" for some variables, and then check again with "test -v". The problem is, "unset" erases variable value, but the variable still exists, so the "test -v" will be true before, as well as after the "unset". We must use "test -n" (whether a variable holds non-zero length string value) and "test -z" (whether a variable holds zero length string value) to check string values of variables. This way the "unset" will work. Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 12 +++++----- include/dts-subscription.sh | 8 +++---- reports/dasharo-hcl-report | 2 +- scripts/dasharo-deploy | 48 ++++++++++++++++++------------------- 4 files changed, 35 insertions(+), 35 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index f0999f4c..ae7d050f 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -770,7 +770,7 @@ compare_versions() { } download_bios() { - if [ -v BIOS_LINK_COMM ] && [ ${BIOS_LINK} == ${BIOS_LINK_COMM} ]; then + if [ -n "$BIOS_LINK_COMM" ] && [ ${BIOS_LINK} == ${BIOS_LINK_COMM} ]; then curl -s -L -f "$BIOS_LINK" -o $BIOS_UPDATE_FILE error_check "Cannot access $FW_STORE_URL while downloading binary. Please check your internet connection" @@ -795,7 +795,7 @@ download_bios() { } download_ec() { - if [ -v BIOS_LINK_COMM ] && [ ${BIOS_LINK} == ${BIOS_LINK_COMM} ]; then + if [ -n "$BIOS_LINK_COMM" ] && [ ${BIOS_LINK} == ${BIOS_LINK_COMM} ]; then if [ "$HAVE_EC" == "true" ]; then curl -s -L -f "$EC_LINK" -o "$EC_UPDATE_FILE" error_check "Cannot access $FW_STORE_URL while downloading binary. Please @@ -809,7 +809,7 @@ download_ec() { fi else if [ "$HAVE_EC" == "true" ]; then - if [ -v EC_LINK_COMM ] && [ ${EC_LINK} == ${EC_LINK_COMM} ]; then + if [ -n "$EC_LINK_COMM" ] && [ ${EC_LINK} == ${EC_LINK_COMM} ]; then curl -s -L -f "$EC_LINK" -o "$EC_UPDATE_FILE" error_check "Cannot access $FW_STORE_URL while downloading binary. Please check your internet connection" @@ -888,7 +888,7 @@ verify_artifacts() { sha256sum --check <(echo "$(cat $_hash_file | cut -d ' ' -f 1)" $_update_file) >> $ERR_LOG_FILE 2>&1 error_check "Failed to verify $_name firmware checksum" print_ok "Verified." - if [ -v PLATFORM_SIGN_KEY ]; then + if [ -n "$PLATFORM_SIGN_KEY" ]; then echo -n "Checking $_name firmware signature... " _sig_result="$(cat $_hash_file | gpg --verify $_sign_file - >> $ERR_LOG_FILE 2>&1)" error_check "Failed to verify $_name firmware signature.$'\n'$_sig_result" @@ -1138,7 +1138,7 @@ handle_fw_switching() { ;; esac done - elif [ -v DPP_IS_LOGGED ] && [ -v HEADS_LINK_DPP ]; then + elif [ -n "$DPP_IS_LOGGED" ] && [ -n "$HEADS_LINK_DPP" ]; then local _heads_dpp=1 curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$HEADS_LINK_DPP" -o /dev/null _heads_dpp=$? @@ -1182,7 +1182,7 @@ handle_fw_switching() { esac done fi - elif [ ! -v DPP_IS_LOGGED ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then + elif [ -z "$DPP_IS_LOGGED" ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then # Not logged with DPP and we are on heads, offer switch back compare_versions $DASHARO_VERSION $HEADS_REL_VER_DPP if [ $? -eq 1 ]; then diff --git a/include/dts-subscription.sh b/include/dts-subscription.sh index 9ff88eef..7b04e79e 100644 --- a/include/dts-subscription.sh +++ b/include/dts-subscription.sh @@ -33,20 +33,20 @@ check_for_dasharo_firmware() { TEST_LOGS_URL="https://cloud.3mdeb.com/index.php/s/${CLOUDSEND_LOGS_URL}/authenticate/showShare" # If board_config function has not set firmware links - exit with warning: - if [ ! -v BIOS_LINK_DPP ] && [ ! -v HEADS_LINK_DPP ] && [ ! -v BIOS_LINK_DPP_SEABIOS ]; then + if [ -z "$BIOS_LINK_DPP" ] && [ -z "$HEADS_LINK_DPP" ] && [ -z "$BIOS_LINK_DPP_SEABIOS" ] && [ -z "$BIOS_LINK_DPP_CAP" ]; then print_warning "There is no Dasharo Firmware available for your platform." return 1 fi # Check for firmware binaries: if wait_for_network_connection; then - if [ -v BIOS_LINK_DPP ]; then + if [ -n "$BIOS_LINK_DPP" ]; then _check_dwn_req_resp_uefi=$(curl -L -I -s -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP" -o /dev/null -w "%{http_code}") fi - if [ -v HEADS_LINK_DPP ]; then + if [ -n "$HEADS_LINK_DPP" ]; then _check_dwn_req_resp_heads=$(curl -L -I -s -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$HEADS_LINK_DPP" -o /dev/null -w "%{http_code}") fi - if [ -v BIOS_LINK_DPP_SEABIOS ]; then + if [ -n "$BIOS_LINK_DPP_SEABIOS" ]; then _check_dwn_req_resp_seabios=$(curl -L -I -s -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP_SEABIOS" -o /dev/null -w "%{http_code}") fi diff --git a/reports/dasharo-hcl-report b/reports/dasharo-hcl-report index a5deb159..9187be9a 100755 --- a/reports/dasharo-hcl-report +++ b/reports/dasharo-hcl-report @@ -15,7 +15,7 @@ update_result() { LOGFILE=`printf $2 | sed 's/[.].*$//' && echo ".log"` # check if status was set as a unknown - if [ ! -v $3 ]; then + if [ -z "$3" ]; then echo -e [$YELLOW"UNKNOWN"$NORMAL]"\t"$TOOL >> result return fi diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 7a37e3db..3f279be3 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -21,18 +21,18 @@ ask_for_version() { echo "Please, select Dasharo firmware version to install" # -v: True if the shell variable varname is set (has been assigned a value). - if [ -v BIOS_LINK_COMM ]; then + if [ -n "$BIOS_LINK_COMM" ]; then echo " c) Community version" fi - if [ -v BIOS_LINK_DPP ]; then - if [ -v DPP_IS_LOGGED ]; then + if [ -n "$BIOS_LINK_DPP" ]; then + if [ -n "$DPP_IS_LOGGED" ]; then echo " d) DPP version (coreboot + UEFI)" else echo " DPP version (coreboot + UEFI) available, if you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" fi fi - if [ -v BIOS_LINK_DPP_SEABIOS ]; then - if [ -v DPP_IS_LOGGED ]; then + if [ -n "$BIOS_LINK_DPP_SEABIOS" ]; then + if [ -n "$DPP_IS_LOGGED" ]; then echo " s) DPP version (coreboot + SeaBIOS)" else echo " DPP version (coreboot + SeaBIOS) available, if you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" @@ -45,11 +45,11 @@ ask_for_version() { case ${OPTION} in c|C|comm|community|COMMUNITY|COMM|Community) - if [ -v BIOS_LINK_COMM ]; then + if [ -n "$BIOS_LINK_COMM" ]; then BIOS_LINK=$BIOS_LINK_COMM BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM - if [ -v EC_LINK_COMM ]; then + if [ -n "$EC_LINK_COMM" ]; then EC_LINK=$EC_LINK_COMM EC_HASH_LINK=$EC_HASH_LINK_COMM EC_SIGN_LINK=$EC_SIGN_LINK_COMM @@ -61,11 +61,11 @@ ask_for_version() { fi ;; d|D|dpp|DPP|Dpp) - if [ -v BIOS_LINK_DPP ]; then + if [ -n "$BIOS_LINK_DPP" ]; then BIOS_LINK=$BIOS_LINK_DPP BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP - if [ -v EC_LINK_DPP ]; then + if [ -n "$EC_LINK_DPP" ]; then EC_LINK=$EC_LINK_DPP EC_HASH_LINK=$EC_HASH_LINK_DPP # shellcheck disable=SC2034 @@ -78,7 +78,7 @@ ask_for_version() { fi ;; s|S|sea|seabios|SeaBIOS) - if [ -v BIOS_LINK_DPP_SEABIOS ]; then + if [ -n "$BIOS_LINK_DPP_SEABIOS" ]; then BIOS_LINK=$BIOS_LINK_DPP_SEABIOS BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP_SEABIOS BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP_SEABIOS @@ -104,13 +104,13 @@ display_flashing_warning() { print_warning "Please verify detected hardware!" echo - if [ -v SYSTEM_VENDOR ]; then + if [ -n "$SYSTEM_VENDOR" ]; then echo "Board vendor: $SYSTEM_VENDOR" fi - if [ -v SYSTEM_MODEL ]; then + if [ -n "$SYSTEM_MODEL" ]; then echo "System model: $SYSTEM_MODEL" fi - if [ -v BOARD_MODEL ]; then + if [ -n "$BOARD_MODEL" ]; then echo "Board model: $BOARD_MODEL" fi echo @@ -132,14 +132,14 @@ display_flashing_warning() { while : ; do echo "Following firmware will be used to install Dasharo" - if [ -v BIOS_LINK ]; then + if [ -n "$BIOS_LINK" ]; then local _bios_hash _bios_hash="$(cat $BIOS_HASH_FILE | cut -d ' ' -f 1)" echo "Dasharo BIOS firmware:" echo " - link: $BIOS_LINK" echo " - hash: $_bios_hash" fi - if [ -v EC_LINK ]; then + if [ -n "$EC_LINK" ]; then local _ec_hash _ec_hash="$(cat $EC_HASH_FILE | cut -d ' ' -f 1)" echo "Dasharo EC firmware:" @@ -507,8 +507,8 @@ update() { echo "Checking for the latest Dasharo update available..." echo "Current Dasharo version: $DASHARO_VERSION" - if [ -v DPP_IS_LOGGED ]; then - if [ -v DASHARO_REL_VER_DPP ]; then + if [ -n "$DPP_IS_LOGGED" ]; then + if [ -n "$DASHARO_REL_VER_DPP" ]; then if [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then echo "Latest available Dasharo version: $DASHARO_REL_VER_DPP" fi @@ -550,7 +550,7 @@ update() { fi UPDATE_VERSION=$DASHARO_REL_VER fi - if [ -v HAVE_HEADS_FW ] && [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then + if [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then # Check if given DPP credentials give access to heads, if not, # then it means DPP is for regular releases curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$HEADS_LINK_DPP" -o /dev/null @@ -564,13 +564,13 @@ update() { print_ok "Dasharo Heads firmware version is available and your subscription" print_ok "gives you access to this firmware." fi - elif [ -v HAVE_HEADS_FW ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then + elif [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then # Set the switch flag to offer switch back echo "Latest available Dasharo version: $HEADS_REL_VER_DPP" _can_switch_to_heads="true" fi else - if [ -v DASHARO_REL_VER_DPP ]; then + if [ -n "$DASHARO_REL_VER_DPP" ]; then print_green "DPP version (coreboot + UEFI) available, if you are interested" print_ok "please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" fi @@ -588,11 +588,11 @@ update() { EC_LINK=$EC_LINK_COMM fi UPDATE_VERSION=$DASHARO_REL_VER - if [ -v HAVE_HEADS_FW ] && [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then + if [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then print_ok "Dasharo heads firmware version is available. If you are interested," print_ok "please provide your subscription credentials in the main DTS menu" print_ok "and select 'Update Dasharo firmware' again to check if you are eligible." - elif [ -v HAVE_HEADS_FW ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then + elif [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then # Set the switch flag to offer switch back _can_switch_to_heads="true" fi @@ -670,7 +670,7 @@ update() { # FLASHROM_ADD_OPT_UPDATE_OVERRIDE takes priority over auto-detected update params. # It set only by platform-specific and firmware version-specific conditions - if [ -v FLASHROM_ADD_OPT_UPDATE_OVERRIDE ]; then + if [ -n "$FLASHROM_ADD_OPT_UPDATE_OVERRIDE" ]; then # To standardize the operation of the FLASHROM_ADD_OPT_UPDATE_OVERRIDE flag, # by default it contains only the bios section, below we verify the # downloaded binary and add more sections when they were detected after @@ -897,7 +897,7 @@ fi board_config check_flash_chip -if [ -v PLATFORM_SIGN_KEY ]; then +if [ -n "$PLATFORM_SIGN_KEY" ]; then get_signing_keys fi From 89367a5c1f83166a836ffa7ebea9873dda39c99f Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 10 Sep 2024 10:46:09 +0200 Subject: [PATCH 09/58] include: dts-functions: make func verify_artifacts more reusable Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 71 +++++++++++++++++++++++++--------------- 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index ae7d050f..7e07253b 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -861,40 +861,57 @@ get_signing_keys() { } verify_artifacts() { - local _type="$1" +# This function checks downloaded files, the files that are being downloaded +# should have hashes provided on the server too. The hashes will ben downloaded +# and the binaries will be verified upon them. +# +# In case of .rom files it will be enough but capsules have additional +# protection layer built in, the binaries they provide will be verified by +# drivers, so no need to implement it here. local _update_file="" local _hash_file="" local _sign_file="" local _name="" local _sig_result="" - case ${_type} in - ec) - _update_file=$EC_UPDATE_FILE - _hash_file=$EC_HASH_FILE - _sign_file=$EC_SIGN_FILE - _name="Dasharo EC" - ;; - bios) - _update_file=$BIOS_UPDATE_FILE - _hash_file=$BIOS_HASH_FILE - _sign_file=$BIOS_SIGN_FILE - _name="Dasharo" - ;; - *) - ;; - esac - echo -n "Checking $_name firmware checksum... " - sha256sum --check <(echo "$(cat $_hash_file | cut -d ' ' -f 1)" $_update_file) >> $ERR_LOG_FILE 2>&1 - error_check "Failed to verify $_name firmware checksum" - print_ok "Verified." - if [ -n "$PLATFORM_SIGN_KEY" ]; then - echo -n "Checking $_name firmware signature... " - _sig_result="$(cat $_hash_file | gpg --verify $_sign_file - >> $ERR_LOG_FILE 2>&1)" - error_check "Failed to verify $_name firmware signature.$'\n'$_sig_result" + while [[ $# -gt 0 ]]; do + local _type="$1" + + case $_type in + ec) + _update_file=$EC_UPDATE_FILE + _hash_file=$EC_HASH_FILE + _sign_file=$EC_SIGN_FILE + _name="Dasharo EC" + shift + ;; + bios) + _update_file=$BIOS_UPDATE_FILE + _hash_file=$BIOS_HASH_FILE + _sign_file=$BIOS_SIGN_FILE + _name="Dasharo" + shift + ;; + *) + error_exit "Unknown artifact type: $_type" + ;; + esac + + echo -n "Checking $_name firmware checksum... " + sha256sum --check <(echo "$(cat $_hash_file | cut -d ' ' -f 1)" $_update_file) >> $ERR_LOG_FILE 2>&1 + error_check "Failed to verify $_name firmware checksum" print_ok "Verified." - fi - echo "$_sig_result" + + if [ -n "$PLATFORM_SIGN_KEY" ]; then + echo -n "Checking $_name firmware signature... " + _sig_result="$(cat $_hash_file | gpg --verify $_sign_file - >> $ERR_LOG_FILE 2>&1)" + error_check "Failed to verify $_name firmware signature.$'\n'$_sig_result" + print_ok "Verified." + fi + echo "$_sig_result" + done + + return 0 } check_intel_regions() { From e6d46170675cd05a169bf231b4a487d8ddc6f835 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 10 Sep 2024 10:59:22 +0200 Subject: [PATCH 10/58] scripts: dasharo-deploy: add check_for_firmware_access func Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 51 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 3f279be3..a5ccfb95 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -15,6 +15,57 @@ source $DTS_FUNCS CMD="$1" FUM="$2" +check_for_firmware_access() { +# DPP credentials are being provided outside of this script, this script only +# has to check whether the credentials give access to appropriate firmware. + + local _firm_ver_to_check + _firm_ver_to_check=$1 + + case ${_firm_ver_to_check} in + community) + # Always available. + ;; + community_cap) + # Always available. + ;; + dpp) + # This firmware type require user to provide creds: + [ "$DPP_IS_LOGGED" == "true" ] || return 1 + + curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP" -o /dev/null + + [ $? -ne 0 ] && return 1 + ;; + dpp_cap) + # This firmware type require user to provide creds: + [ "$DPP_IS_LOGGED" == "true" ] || return 1 + + curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP_CAP" -o /dev/null + + [ $? -ne 0 ] && return 1 + ;; + seabios) + # This firmware type require user to provide creds: + [ "$DPP_IS_LOGGED" == "true" ] || return 1 + + curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP_SEABIOS" -o /dev/null + + [ $? -ne 0 ] && return 1 + ;; + heads) + # This firmware type require user to provide creds: + [ "$DPP_IS_LOGGED" == "true" ] || return 1 + + curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$HEADS_LINK_DPP" -o /dev/null + + [ $? -ne 0 ] && return 1 + ;; + esac + + return 0 +} + ask_for_version() { while : ; do echo From ca790b3e6cfa20afbc2d199fadb1d3691d1c218d Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 10 Sep 2024 12:04:54 +0200 Subject: [PATCH 11/58] scripts: dasharo-deploy: rework display_warning func This function is useful not unly during update workflow, but every time firmware is being deployed Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 56 +++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index a5ccfb95..7d2ff998 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -149,7 +149,11 @@ ask_for_version() { done } -display_flashing_warning() { +display_warning() { +# This function shows user some inf. about platform and binaries and asks if the +# deployment process should be continued. + local _option + while : ; do echo print_warning "Please verify detected hardware!" @@ -164,15 +168,16 @@ display_flashing_warning() { if [ -n "$BOARD_MODEL" ]; then echo "Board model: $BOARD_MODEL" fi + echo - read -r -p "Does it match your actual specification? (Y|n) " OPTION + read -r -p "Does it match your actual specification? (Y|n) " _option echo - case ${OPTION} in + case ${_option} in ""|yes|y|Y|Yes|YES) break ;; - n|N) + n|N|no|NO|No) echo "Returning to main menu..." exit 0 ;; @@ -182,7 +187,8 @@ display_flashing_warning() { done while : ; do - echo "Following firmware will be used to install Dasharo" + echo "Following firmware will be used to deploy Dasharo:" + if [ -n "$BIOS_LINK" ]; then local _bios_hash _bios_hash="$(cat $BIOS_HASH_FILE | cut -d ' ' -f 1)" @@ -190,6 +196,7 @@ display_flashing_warning() { echo " - link: $BIOS_LINK" echo " - hash: $_bios_hash" fi + if [ -n "$EC_LINK" ]; then local _ec_hash _ec_hash="$(cat $EC_HASH_FILE | cut -d ' ' -f 1)" @@ -197,29 +204,27 @@ display_flashing_warning() { echo " - link: $EC_LINK" echo " - hash: $_ec_hash" fi + echo echo "You can learn more about this release on: https://docs.dasharo.com/" - if check_if_dasharo; then - echo - read -r -p "Do you want to update Dasharo firmware on your hardware? (Y|n) " OPTION - echo - else - echo - if [ "$CAN_INSTALL_BIOS" == "false" ] && [ "$SYSTEM_VENDOR" == "Notebook" ]; then - echo "Notebook supports installation of only EC firmware!" - echo "Dasharo BIOS will have to be flashed manually. More on:" - echo "https://docs.dasharo.com/unified/novacustom/initial-deployment/" - fi - read -r -p "Do you want to install Dasharo firmware on your hardware? (Y|n) " OPTION - echo + if ! check_if_dasharo && \ + [ "$CAN_INSTALL_BIOS" = "false" ] && \ + [ "$HAVE_EC" = "true" ]; then + print_warning "$SYSTEM_VENDOR $SYSTEM_MODEL supports only EC firmware deployment!" + print_warning "Dasharo BIOS will have to be flashed manually. More on:" + print_warning "https://docs.dasharo.com/unified/novacustom/initial-deployment/" fi - case ${OPTION} in + echo + read -r -p "Do you want to deploy this Dasharo Firmware on your platform (Y|n) " _option + echo + + case ${_option} in ""|yes|y|Y|Yes|YES) break ;; - n|N) + n|N|no|NO|No) echo "Returning to main menu..." exit 0 ;; @@ -227,6 +232,8 @@ display_flashing_warning() { ;; esac done + + return 0 } backup() { @@ -450,10 +457,10 @@ install() { if [ "$CAN_INSTALL_BIOS" == "false" ]; then download_ec unset BIOS_HASH_LINK - display_flashing_warning + display_warning else download_artifacts - display_flashing_warning + display_warning check_flash_lock verify_artifacts bios @@ -463,6 +470,9 @@ install() { set_intel_regions_update_params "-N --ifd -i bios" fi + # Ask user for confirmation: + display_warning + if [ "$HAVE_EC" == "true" ]; then echo "Checking for Open Source Embedded Controller firmware" $DASHARO_ECTOOL info >> $ERR_LOG_FILE 2>&1 @@ -686,7 +696,7 @@ update() { download_artifacts if [ ! "$FUM" == "fum" ]; then - display_flashing_warning + display_warning fi check_flash_lock From 4a80617bb23e29843091f21f66f9b1e4f6c68eca Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 10 Sep 2024 14:15:08 +0200 Subject: [PATCH 12/58] scripts: dasharo-deploy: rework deploying config Before deploing we do some configuration based on the list of the firmware versions the target supports and on DPP subscription user has. Previously this configuration lived beside the code responsible for deploying, as a result, the deploying workflows was messy, had nesting levels over 3, and nonlinear and complex logic. This commit tries to separate this configuration and deploying to make it more readable and scallable. Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 226 +++++++++++++++++++++++++++++++---------- 1 file changed, 174 insertions(+), 52 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 7d2ff998..e721f714 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -12,12 +12,18 @@ source $DTS_FUNCS [ -z "$SYSTEM_VENDOR" ] && error_exit "SYSTEM_VENDOR not given" [ -z "$SYSTEM_MODEL" ] && error_exit "SYSTEM_MODEL not given" +# Variables used in this script: +# Currently following firmware versions are available: community, dpp, seabios, +# and heads: +declare FIRMWARE_VERSION +declare CAN_SWITCH_TO_HEADS CMD="$1" FUM="$2" check_for_firmware_access() { # DPP credentials are being provided outside of this script, this script only -# has to check whether the credentials give access to appropriate firmware. +# has to check whether the credentials give access to appropriate firmware. The +# appropriate firmware are defined by FIRMWARE_VERSION variable. local _firm_ver_to_check _firm_ver_to_check=$1 @@ -67,78 +73,81 @@ check_for_firmware_access() { } ask_for_version() { +# Available firmware versions are defined by FIRMWARE_VERSION variable + local _option + local _might_be_comm + local _might_be_dpp + local _might_be_seabios + while : ; do echo - echo "Please, select Dasharo firmware version to install" - - # -v: True if the shell variable varname is set (has been assigned a value). + echo "Please, select Dasharo firmware version to install:" + + # Here we check if user has access to a certain version of Dasharo Firmware. + # The check consists of two stages: + # * does user platform support the fimware - BIOS_LINK_* variables are being + # checked; + # * does user has access rights to the blobs of the supported fimware - a + # call to the server with binaries is done, to check if user can download + # the blobs. if [ -n "$BIOS_LINK_COMM" ]; then - echo " c) Community version" + if check_for_firmware_access community; then + echo " c) Community version" + _might_be_comm="true" + fi fi + if [ -n "$BIOS_LINK_DPP" ]; then - if [ -n "$DPP_IS_LOGGED" ]; then + if check_for_firmware_access dpp; then echo " d) DPP version (coreboot + UEFI)" + _might_be_dpp="true" else - echo " DPP version (coreboot + UEFI) available, if you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" + echo " DPP version (coreboot + UEFI) available but you don't have access" + echo " to it, if you are interested, please visit" + echo " https://shop.3mdeb.com/product-category/dasharo-pro-package/" fi fi + if [ -n "$BIOS_LINK_DPP_SEABIOS" ]; then - if [ -n "$DPP_IS_LOGGED" ]; then + if check_for_firmware_access seabios; then echo " s) DPP version (coreboot + SeaBIOS)" + _might_be_seabios="true" else - echo " DPP version (coreboot + SeaBIOS) available, if you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" + echo " DPP version (coreboot + SeaBIOS) available but you don't have access" + echo " to it, if you are interested, please visit" + echo " https://shop.3mdeb.com/product-category/dasharo-pro-package/" fi fi + echo " b) Back to main menu" echo - read -r -p "Enter an option: " OPTION + read -r -p "Enter an option: " _option echo - case ${OPTION} in + # In case of several Dasharo Firmware versions supported we leave the + # decision to user: + case ${_option} in c|C|comm|community|COMMUNITY|COMM|Community) - if [ -n "$BIOS_LINK_COMM" ]; then - BIOS_LINK=$BIOS_LINK_COMM - BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM - BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM - if [ -n "$EC_LINK_COMM" ]; then - EC_LINK=$EC_LINK_COMM - EC_HASH_LINK=$EC_HASH_LINK_COMM - EC_SIGN_LINK=$EC_SIGN_LINK_COMM - fi - echo "Community version selected" - break - else - error_exit "Bad option or resignation. Returning to main menu..." - fi - ;; + if [ -n "$_might_be_comm" ]; then + print_ok "Community (Coreboot + EDK2) version selected" + FIRMWARE_VERSION="community" + break + fi + ;; d|D|dpp|DPP|Dpp) - if [ -n "$BIOS_LINK_DPP" ]; then - BIOS_LINK=$BIOS_LINK_DPP - BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP - BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP - if [ -n "$EC_LINK_DPP" ]; then - EC_LINK=$EC_LINK_DPP - EC_HASH_LINK=$EC_HASH_LINK_DPP - # shellcheck disable=SC2034 - EC_SIGN_LINK=$EC_SIGN_LINK_DPP - fi - echo "Dasharo Entry Subscription (coreboot + edk2) version selected" - break - else - error_exit "Bad option. Returning to main menu..." - fi - ;; + if [ -n "$_might_be_dpp" ]; then + print_ok "Subscription version (cooreboot + EDK2) selected" + FIRMWARE_VERSION="dpp" + break + fi + ;; s|S|sea|seabios|SeaBIOS) - if [ -n "$BIOS_LINK_DPP_SEABIOS" ]; then - BIOS_LINK=$BIOS_LINK_DPP_SEABIOS - BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP_SEABIOS - BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP_SEABIOS - echo "Dasharo Entry Subscription (coreboot + SeaBIOS) version selected" - break - else - error_exit "Bad option. Returning to main menu..." - fi - ;; + if [ -n "$_might_be_seabios" ]; then + print_ok "Subscription version (coreboot + SeaBIOS) selected" + FIRMWARE_VERSION="seabios" + break + fi + ;; b|B) echo "Returning to main menu..." exit 0 @@ -147,6 +156,119 @@ ask_for_version() { ;; esac done + + return 0 +} + +choose_version(){ +# This function is used for determining Dasharo firmware update version and is +# being used during updates only. We do not ask user to choose firmware update +# versions compared to installation workflow (check ask_for_version function), +# instead we have some priorities: +# 1) Check if Dasharo Heads Firmware available, use it if yes; +# 2) Check if Dasharo EDK2 Firmware available, use it if yes; +# 3) Use Dasharo Community Firmware; +# +# TODO: Currently we do not have clear and concise update mechanisms (e.g. what +# and when a specific firmware version can be used, how to handle revisions of +# firmware). + + if [ "$HAVE_HEADS_FW" == "true" ]; then + if check_for_firmware_access heads; then + CAN_SWITCH_TO_HEADS="true" + FIRMWARE_VERSION="heads" + + return 0 + else + print_warning "Dasharo Heads firmware version is available, but your" + print_warning "subscription does not give you the access to this firmware." + print_warning "If you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-pro-package/" + fi + fi + + if [ -n "$DASHARO_REL_VER_DPP" ]; then + if $(check_for_firmware_access dpp); then + FIRMWARE_VERSION="dpp" + + return 0 + else + print_warning "Dasharo Subscription firmware version is available, but your" + print_warning "subscription does not give you the access to this firmware." + print_warning "If you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-pro-package/" + fi + fi + + # Last resort: + FIRMWARE_VERSION="community" + + return 0 +} + +prepare_env() { +# This function sets all needed variables after user have answered all needed +# questions and before this script does any work. + local _prepare_for + _prepare_for="$1" + + # If firmware is being installed - user should choose what to install, if + # firmware is being updated - final version is being choosed automatically + if [ "$_prepare_for" == "update" ]; then + choose_version + elif [ "$_prepare_for" == "install" ]; then + ask_for_version + fi + + # This is the key variable for this function, should be set either by + # choose_version or by ask_for_version: + if [ -z "$FIRMWARE_VERSION" ]; then + return 1 + fi + + # When board_config returns, we have a set of *_LINK_* variables holding links + # to artifacts for our board. Now we need to decide which links to use (some + # platforms may support several firmware types). The links being used are + # determined bising on FIRMWARE_VERSION: + if [ "$FIRMWARE_VERSION" == "community" ]; then + BIOS_LINK=$BIOS_LINK_COMM + BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM + BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM + + UPDATE_VERSION="$DASHARO_REL_VER" + + # Check EC link additionally, not all platforms have Embedded Controllers: + if [ -n $"EC_LINK_COMM" ]; then + EC_LINK=$EC_LINK_COMM + EC_HASH_LINK=$EC_HASH_LINK_COMM + EC_SIGN_LINK=$EC_SIGN_LINK_COMM + fi + + return 0 + elif [ "$FIRMWARE_VERSION" == "dpp" ]; then + BIOS_LINK=$BIOS_LINK_DPP + BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP + BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP + + UPDATE_VERSION="$DASHARO_REL_VER_DPP" + + # Check EC link additionally, not all platforms have Embedded Controllers: + if [ -n "$EC_LINK_DPP" ]; then + EC_LINK=$EC_LINK_DPP + EC_HASH_LINK=$EC_HASH_LINK_DPP + EC_SIGN_LINK=$EC_SIGN_LINK_DPP + fi + + return 0 + elif [ "$FIRMWARE_VERSION" == "seabios" ]; the + BIOS_LINK=$BIOS_LINK_DPP_SEABIOS + BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP_SEABIOS + BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP_SEABIOS + + return 0 + fi + + # Must not get here. If it gets here - the above variables are empty and + # script will not be able to continue. + return 1 } display_warning() { From c93114f437ade3de49b9e2b1bd8bac992d641265 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 24 Sep 2024 10:39:38 +0200 Subject: [PATCH 13/58] include: add UEFI Capusle Update configuration Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 13 +++++++++++++ include/dts-functions.sh | 12 ++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index 581c3389..a750fa51 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -112,6 +112,9 @@ declare DASHARO_REL_VER_DPP declare HEADS_REL_VER_DPP declare DASHARO_REL_VER_DPP_SEABIOS declare COMPATIBLE_EC_FW_VERSION +# and for capsules: +declare DASHARO_REL_VER_CAP +declare DASHARO_REL_VER_DPP_CAP # Links to files: declare BIOS_LINK_COMM declare BIOS_HASH_LINK_COMM @@ -129,6 +132,16 @@ declare EC_LINK_DPP declare EC_HASH_LINK_DPP declare EC_SIGN_LINK_DPP declare HEADS_LINK_DPP +# and for capsules: +declare BIOS_LINK_COMM_CAP +declare BIOS_HASH_LINK_COMM_CAP +declare BIOS_SIGN_LINK_COMM_CAP +declare BIOS_LINK_DPP_CAP +declare BIOS_HASH_LINK_DPP_CAP +declare BIOS_SIGN_LINK_DPP_CAP +declare EC_LINK_COMM_CAP +declare EC_HASH_LINK_COMM_CAP +declare EC_SIGN_LINK_COMM_CAP # Configs, are used in dasharo-deploy script: CAN_INSTALL_BIOS="false" HAVE_HEADS_FW="false" diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 7e07253b..c27ddfc9 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -673,6 +673,8 @@ board_config() { DASHARO_REL_NAME="qemu_q35" DASHARO_REL_VER="v0.2.0" BIOS_LINK_COMM="${FW_STORE_URL}/${DASHARO_REL_NAME}/${DASHARO_REL_VER}/${DASHARO_REL_NAME}_${DASHARO_REL_VER}.rom" + # TODO: wait till the binaries will be uploaded to the server. + #BIOS_LINK_COMM_CAP="${FW_STORE_URL}/${DASHARO_REL_NAME}/${DASHARO_REL_VER}/" ;; *) print_error "Board model $BOARD_MODEL is currently not supported" @@ -703,6 +705,16 @@ board_config() { [ -z "$EC_SIGN_LINK_COMM" ] && EC_SIGN_LINK_COMM="${EC_HASH_LINK_COMM}.sig" [ -z "$EC_HASH_LINK_DPP" ] && EC_HASH_LINK_DPP="${EC_LINK_DPP}.sha256" [ -z "$EC_SIGN_LINK_DPP" ] && EC_SIGN_LINK_DPP="${EC_HASH_LINK_DPP}.sig" + + # And for capsules as well: + [ -z "$BIOS_HASH_LINK_COMM_CAP" ] && BIOS_HASH_LINK_COMM_CAP="${BIOS_LINK_COMM_CAP}.sha256" + [ -z "$BIOS_SIGN_LINK_COMM_CAP" ] && BIOS_SIGN_LINK_COMM_CAP="${BIOS_HASH_LINK_COMM_CAP}.sig" + [ -z "$BIOS_HASH_LINK_DPP_CAP" ] && BIOS_HASH_LINK_DPP_CAP="${BIOS_LINK_DPP_CAP}.sha256" + [ -z "$BIOS_SIGN_LINK_DPP_CAP" ] && BIOS_SIGN_LINK_DPP_CAP="${BIOS_HASH_LINK_DPP_CAP}.sig" + [ -z "$EC_HASH_LINK_COMM_CAP" ] && EC_HASH_LINK_COMM_CAP="${EC_LINK_COMM_CAP}.sha256" + [ -z "$EC_SIGN_LINK_COMM_CAP" ] && EC_SIGN_LINK_COMM_CAP="${EC_HASH_LINK_COMM_CAP}.sig" + [ -z "$EC_HASH_LINK_DPP_CAP" ] && EC_HASH_LINK_DPP_CAP="${EC_LINK_DPP_CAP}.sha256" + [ -z "$EC_SIGN_LINK_DPP_CAP" ] && EC_SIGN_LINK_DPP_CAP="${EC_HASH_LINK_DPP_CAP}.sig" } check_flash_lock() { From c584d6ecf58bb417d8a08b18aad1c96ffb3fb91c Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 24 Sep 2024 11:32:36 +0200 Subject: [PATCH 14/58] scripts: dasharo-deploy: add UEFI Capsule Update configuration Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 60 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index e721f714..14d60568 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -13,8 +13,8 @@ source $DTS_FUNCS [ -z "$SYSTEM_MODEL" ] && error_exit "SYSTEM_MODEL not given" # Variables used in this script: -# Currently following firmware versions are available: community, dpp, seabios, -# and heads: +# Currently following firmware versions are available: community, community_cap, +# dpp, dpp_cap, seabios, and heads: declare FIRMWARE_VERSION declare CAN_SWITCH_TO_HEADS CMD="$1" @@ -73,7 +73,10 @@ check_for_firmware_access() { } ask_for_version() { -# Available firmware versions are defined by FIRMWARE_VERSION variable +# Available firmware versions are defined by FIRMWARE_VERSION variable. There +# are community and DPP firmwares with UEFI Capsule Update support, but they are +# for firmware updates only, but this function is being called during +# installation, so no need to mention them here. local _option local _might_be_comm local _might_be_dpp @@ -169,6 +172,8 @@ choose_version(){ # 2) Check if Dasharo EDK2 Firmware available, use it if yes; # 3) Use Dasharo Community Firmware; # +# Capsules have higher priority over simple binaries. +# # TODO: Currently we do not have clear and concise update mechanisms (e.g. what # and when a specific firmware version can be used, how to handle revisions of # firmware). @@ -186,6 +191,19 @@ choose_version(){ fi fi + if [ -n "$DASHARO_REL_VER_DPP_CAP" ]; then + if $(check_for_firmware_access dpp_cap); then + FIRMWARE_VERSION="dpp_cap" + + return 0 + else + print_warning "Dasharo Subscription firmware version with UEFI Capsule Update" + print_warning "is available, but your subscription does not give you the access" + print_warning "to this firmware." + print_warning "If you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-pro-package/" + fi + fi + if [ -n "$DASHARO_REL_VER_DPP" ]; then if $(check_for_firmware_access dpp); then FIRMWARE_VERSION="dpp" @@ -198,6 +216,12 @@ choose_version(){ fi fi + if [ -n "$DASHARO_REL_VER_CAP" ]; then + FIRMWARE_VERSION="community_cap" + + return 0 + fi + # Last resort: FIRMWARE_VERSION="community" @@ -242,6 +266,21 @@ prepare_env() { EC_SIGN_LINK=$EC_SIGN_LINK_COMM fi + return 0 + elif [ "$FIRMWARE_VERSION" == "community_cap" ]; then + BIOS_LINK=$BIOS_LINK_COMM_CAP + BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM_CAP + BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM_CAP + + UPDATE_VERSION="$DASHARO_REL_VER_CAP" + + # Check EC link additionally, not all platforms have Embedded Controllers: + if [ -n "$EC_LINK_COMM_CAP" ]; then + EC_LINK=$EC_LINK_COMM_CAP + EC_HASH_LINK=$EC_HASH_LINK_COMM_CAP + EC_SIGN_LINK=$EC_SIGN_LINK_COMM_CAP + fi + return 0 elif [ "$FIRMWARE_VERSION" == "dpp" ]; then BIOS_LINK=$BIOS_LINK_DPP @@ -257,6 +296,21 @@ prepare_env() { EC_SIGN_LINK=$EC_SIGN_LINK_DPP fi + return 0 + elif [ "$FIRMWARE_VERSION" == "dpp_cap" ]; then + BIOS_LINK=$BIOS_LINK_DPP_CAP + BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP_CAP + BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP_CAP + + UPDATE_VERSION="$DASHARO_REL_VER_DPP_CAP" + + # Check EC link additionally, not all platforms have Embedded Controllers: + if [ -n "$EC_LINK_DPP_CAP" ]; then + EC_LINK=$EC_LINK_DPP_CAP + EC_HASH_LINK=$EC_HASH_LINK_DPP_CAP + EC_SIGN_LINK=$EC_SIGN_LINK_DPP_CAP + fi + return 0 elif [ "$FIRMWARE_VERSION" == "seabios" ]; the BIOS_LINK=$BIOS_LINK_DPP_SEABIOS From bebd97bf187ed180e2a55b3dbb4cc31d7be98a64 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 24 Sep 2024 14:39:25 +0200 Subject: [PATCH 15/58] scripts: dasharo-deploy: clean up installation and update funcs The installation workflows must be as linear as possbile for better readability and scalability. Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 460 +++++++++++++++++++---------------------- 1 file changed, 212 insertions(+), 248 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 14d60568..2deb6a4e 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -620,71 +620,172 @@ blob_transmission() { fi } -install_ec() { - verify_artifacts ec - echo "Installing EC..." - $FLASHROM -p "$PROGRAMMER_EC" ${FLASH_CHIP_SELECT} -w "$EC_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE - error_check "Failed to install Dasharo EC firmware" - echo "Successfully installed Dasharo EC firmware" -} - -install() { - ask_for_version - if [ "$CAN_INSTALL_BIOS" == "false" ]; then - download_ec - unset BIOS_HASH_LINK - display_warning - else - download_artifacts - display_warning - check_flash_lock - verify_artifacts bios +deploy_ec_firmware() { +# This function deploys (installs or updates) downloaded EC firmware. +# Parameters: update, install. + local _mode + _mode="$1" - check_intel_regions - check_blobs_in_binary $BIOS_UPDATE_FILE - check_if_me_disabled - set_intel_regions_update_params "-N --ifd -i bios" - fi + if [ "$_mode" == "update" ]; then + echo "Updating EC..." - # Ask user for confirmation: - display_warning + # Following command will reset device, so the function will not quit: + $DASHARO_ECTOOL flash "$EC_UPDATE_FILE" &>> $ERR_LOG_FILE + error_check "Failed to update EC firmware" - if [ "$HAVE_EC" == "true" ]; then + return 0 + elif [ "$_mode" == "install" ]; then echo "Checking for Open Source Embedded Controller firmware" $DASHARO_ECTOOL info >> $ERR_LOG_FILE 2>&1 + if [ $? -eq 0 ]; then echo "Device has already Open Source Embedded Controller firmware, do not flash EC..." else _ec_fw_version=$($FLASHROM -p "$PROGRAMMER_EC" ${FLASH_CHIP_SELECT} | grep "Mainboard EC Version" | tr -d ' ' | cut -d ':' -f 2) + if [ "$_ec_fw_version" != "$COMPATIBLE_EC_FW_VERSION" ]; then - print_warning "EC version: $_ec_fw_version is not supported, update required" - install_ec + echo "Installing EC..." + $FLASHROM -p "$PROGRAMMER_EC" ${FLASH_CHIP_SELECT} -w "$EC_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + error_check "Failed to install Dasharo EC firmware" + print_ok "Successfully installed Dasharo EC firmware" fi fi + + return 0 fi - if [ "$CAN_INSTALL_BIOS" == "true" ]; then - cbfstool "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" - grep "CONFIG_VBOOT=y" "$BIOS_UPDATE_CONFIG_FILE" - HAVE_VBOOT="$?" + # Must not get here: + return 1 +} - if [ "$NEED_ROMHOLE_MIGRATION" = "true" ]; then - romhole_migration - fi +firmware_pre_updating_routine(){ + # Preupdating routine: + check_flash_lock - if [ "$NEED_BOOTSPLASH_MIGRATION" = "true" ]; then - bootsplash_migration - fi + if [ "$HAVE_EC" == "true" ]; then + $DASHARO_ECTOOL info >> $ERR_LOG_FILE 2>&1 + error_check "Device does not have Dasharo EC firmware - cannot continue update!" + fi + + if [ "$NEED_SMMSTORE_MIGRATION" = "true" ]; then + smmstore_migration + fi + + if [ "$NEED_BOOTSPLASH_MIGRATION" = "true" ]; then + bootsplash_migration + fi + + cbfstool "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" + grep -q "CONFIG_VBOOT=y" "$BIOS_UPDATE_CONFIG_FILE" + HAVE_VBOOT="$?" + + check_intel_regions + check_blobs_in_binary $BIOS_UPDATE_FILE + check_if_me_disabled + set_flashrom_update_params $BIOS_UPDATE_FILE + set_intel_regions_update_params "-N --ifd" + check_vboot_keys + + return 0 +} - if [ "$NEED_SMBIOS_MIGRATION" = "true" ]; then - smbios_migration - resign_binary +firmware_pre_installation_routine(){ + # Preinstallation routine: + check_flash_lock + check_intel_regions + check_blobs_in_binary $BIOS_UPDATE_FILE + check_if_me_disabled + set_intel_regions_update_params "-N --ifd -i bios" + + cbfstool "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" + grep "CONFIG_VBOOT=y" "$BIOS_UPDATE_CONFIG_FILE" + HAVE_VBOOT="$?" + + if [ "$NEED_ROMHOLE_MIGRATION" = "true" ]; then + romhole_migration + fi + + if [ "$NEED_BOOTSPLASH_MIGRATION" = "true" ]; then + bootsplash_migration + fi + + if [ "$NEED_SMBIOS_MIGRATION" = "true" ]; then + smbios_migration + resign_binary + fi + + if [ "$NEED_BLOB_TRANSMISSION" = "true" ]; then + blob_transmission + fi + + return 0 +} + +deploy_firmware(){ +# This function deploys (installs or updates) downloaded firmware. +# Parameters: update, install. + local _mode + _mode="$1" + + if [ "$_mode" == "update" ]; then + echo "Updating Dasharo firmware..." + print_warning "This may take several minutes. Please be patient and do not" + print_warning "power off your computer or touch the keyboard!" + + + firmware_pre_updating_routine + + # FLASHROM_ADD_OPT_UPDATE_OVERRIDE takes priority over auto-detected update params. + # It set only by platform-specific and firmware version-specific conditions + if [ -n "$FLASHROM_ADD_OPT_UPDATE_OVERRIDE" ]; then + # To standardize the operation of the FLASHROM_ADD_OPT_UPDATE_OVERRIDE flag, + # by default it contains only the bios section, below we verify the + # downloaded binary and add more sections when they were detected after + # using the `check_blobs_in_binary` function. + set_intel_regions_update_params "$FLASHROM_ADD_OPT_UPDATE_OVERRIDE" + FLASHROM_ADD_OPT_UPDATE_OVERRIDE="$FLASHROM_ADD_OPT_REGIONS" + $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE_OVERRIDE} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + error_check "Failed to update Dasharo firmware" + else + $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + error_check "Failed to update Dasharo firmware" + + if [ $BINARY_HAS_RW_B -eq 0 ]; then + echo "Updating second firmware partition..." + $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} --fmap -N -i RW_SECTION_B -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + error_check "Failed to update second firmware partition" + fi fi - if [ "$NEED_BLOB_TRANSMISSION" = "true" ]; then - blob_transmission + # We use FLASHROM_ADD_OPT_REGIONS for updating ME and IFD. + # If FLASHROM_ADD_OPT_REGIONS remains the same after + # set_intel_regions_update_params or is cleared, it means + # we either cannot update any region, or were not allowed to, + # or platform has no descriptor. + if [ "$FLASHROM_ADD_OPT_REGIONS" != "-N --ifd" ] && [ "$FLASHROM_ADD_OPT_REGIONS" != "" ]; then + UPDATE_STRING="" + grep -q "\-i fd" <<< "$FLASHROM_ADD_OPT_REGIONS" + UPDATE_IFD=$? + grep -q "\-i me" <<< "$FLASHROM_ADD_OPT_REGIONS" + UPDATE_ME=$? + if [ $UPDATE_IFD -eq 0 ]; then + UPDATE_STRING+="Flash Descriptor" + if [ $UPDATE_ME -eq 0 ]; then + UPDATE_STRING+=" and " + fi + fi + if [ $UPDATE_ME -eq 0 ]; then + UPDATE_STRING+="Management Engine" + fi + echo "Updating $UPDATE_STRING" + $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + error_check "Failed to update $UPDATE_STRING" fi + return 0 + elif [ "$_mode" == "install" ]; then + firmware_pre_installation_routine + echo "Installing Dasharo firmware..." # FIXME: It seems we do not have an easy way to add some flasrhom extra args # globally for specific platform and variant @@ -694,14 +795,53 @@ install() { fi $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "$BIOS_UPDATE_FILE" ${_flashrom_extra_args} >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE error_check "Failed to install Dasharo firmware" - print_ok "Successfully installed Dasharo firmware" + + return 0 + fi + + # Must not get here. + return 1 +} + +install_workflow() { +# Installation workflow. + sync_clocks + + # Verify that the device is not using battery as a power source: + check_if_ac + error_check "Firmware update process interrupted on user request." + + # Set all global variables needed for installation: + prepare_env install + + # Download and verify firmware: + if [ "$CAN_INSTALL_BIOS" == "false" ]; then + download_ec + verify_artifacts ec + else + download_artifacts + verify_artifacts ec bios fi + # Ask user for confirmation: + display_warning + + # Deploy EC firmware + if [ "$HAVE_EC" == "true" ]; then + deploy_ec_firmware install + fi + + # Deploy BIOS firmware + if [ "$CAN_INSTALL_BIOS" == "true" ]; then + deploy_firmware install + fi + + # Post-installation routine: echo -n "Syncing disks... " sync echo "Done." - if [ "$NEED_EC_RESET" = "true" ]; then + if [ "$NEED_EC_RESET" == "true" ]; then echo "The computer will shut down automatically in 5 seconds" else echo "The computer will reboot automatically in 5 seconds" @@ -720,7 +860,7 @@ install() { sleep 0.5 echo "Rebooting" sleep 1 - if [ "$NEED_EC_RESET" = "true" ]; then + if [ "$NEED_EC_RESET" == "true" ]; then it5570_shutdown else send_dts_logs @@ -728,115 +868,27 @@ install() { fi } -update_ec() { - verify_artifacts ec - echo "Updating EC..." - $DASHARO_ECTOOL flash "$EC_UPDATE_FILE" &>> $ERR_LOG_FILE - error_check "Failed to update EC firmware" -} - -update() { - local _can_switch_to_heads="false" - +update_workflow() { +# Update workflow. + CAN_SWITCH_TO_HEADS="false" sync_clocks + + # Verify that the device is not using battery as a power source: check_if_ac error_check "Firmware update process interrupted on user request." - echo "Checking for the latest Dasharo update available..." - echo "Current Dasharo version: $DASHARO_VERSION" - if [ -n "$DPP_IS_LOGGED" ]; then - if [ -n "$DASHARO_REL_VER_DPP" ]; then - if [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then - echo "Latest available Dasharo version: $DASHARO_REL_VER_DPP" - fi - curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP" -o /dev/null - if [ $? -ne 0 ]; then - echo "Current DPP credentials do not match the current platform/firmware flavor." - echo "Latest possible and available update is $DASHARO_REL_VER" - BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM - BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM - BIOS_LINK=$BIOS_LINK_COMM - if [ "$HAVE_EC" == "true" ]; then - EC_HASH_LINK=$EC_HASH_LINK_COMM - EC_SIGN_LINK=$EC_SIGN_LINK_COMM - EC_LINK=$EC_LINK_COMM - fi - UPDATE_VERSION=$DASHARO_REL_VER - else - BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP - BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP - BIOS_LINK=$BIOS_LINK_DPP - if [ "$HAVE_EC" == "true" ]; then - EC_HASH_LINK=$EC_HASH_LINK_DPP - EC_SIGN_LINK=$EC_SIGN_LINK_DPP - EC_LINK=$EC_LINK_DPP - fi - UPDATE_VERSION=$DASHARO_REL_VER_DPP - fi - else - if [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then - echo "Latest available Dasharo version: $DASHARO_REL_VER" - fi - BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM - BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM - BIOS_LINK=$BIOS_LINK_COMM - if [ "$HAVE_EC" == "true" ]; then - EC_HASH_LINK=$EC_HASH_LINK_COMM - EC_SIGN_LINK=$EC_SIGN_LINK_COMM - EC_LINK=$EC_LINK_COMM - fi - UPDATE_VERSION=$DASHARO_REL_VER - fi - if [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then - # Check if given DPP credentials give access to heads, if not, - # then it means DPP is for regular releases - curl -sfI -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$HEADS_LINK_DPP" -o /dev/null - if [ $? -ne 0 ]; then - print_warning "Dasharo Heads firmware version is available, but your" - print_warning "subscription does not give you the access to this firmware." - print_warning "If you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" - else - # Access to the heads FW is possible, allow to switch to heads - _can_switch_to_heads="true" - print_ok "Dasharo Heads firmware version is available and your subscription" - print_ok "gives you access to this firmware." - fi - elif [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then - # Set the switch flag to offer switch back - echo "Latest available Dasharo version: $HEADS_REL_VER_DPP" - _can_switch_to_heads="true" - fi - else - if [ -n "$DASHARO_REL_VER_DPP" ]; then - print_green "DPP version (coreboot + UEFI) available, if you are interested" - print_ok "please visit https://shop.3mdeb.com/product-category/dasharo-entry-subscription/" - fi - if [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then - echo "Latest available Dasharo version: $DASHARO_REL_VER" - fi - BIOS_HASH_LINK=$BIOS_HASH_LINK_COMM - # shellcheck disable=SC2034 - BIOS_SIGN_LINK=$BIOS_SIGN_LINK_COMM - BIOS_LINK=$BIOS_LINK_COMM - if [ "$HAVE_EC" == "true" ]; then - EC_HASH_LINK=$EC_HASH_LINK_COMM - # shellcheck disable=SC2034 - EC_SIGN_LINK=$EC_SIGN_LINK_COMM - EC_LINK=$EC_LINK_COMM - fi - UPDATE_VERSION=$DASHARO_REL_VER - if [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" != "Dasharo (coreboot+heads)" ]; then - print_ok "Dasharo heads firmware version is available. If you are interested," - print_ok "please provide your subscription credentials in the main DTS menu" - print_ok "and select 'Update Dasharo firmware' again to check if you are eligible." - elif [ -n "$HAVE_HEADS_FW" ] && [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then - # Set the switch flag to offer switch back - _can_switch_to_heads="true" - fi - fi + # Set all global variables needed for installation: + prepare_env update + + print_ok "Current Dasharo version: $DASHARO_VERSION" + print_ok "Latest available Dasharo version: $UPDATE_VERSION" - handle_fw_switching $_can_switch_to_heads + # TODO: Why do we separate Heads firmware-related code from other code? A + # common way to handle this should be found. + handle_fw_switching $CAN_SWITCH_TO_HEADS + # TODO: It is not a good practice to do some target specific work in the code + # of a scallable product, this should be handled in a more scallable way: if [[ "$UPDATE_VERSION" == "1.1.1" && \ ( "$BOARD_MODEL" == "PRO Z690-A WIFI DDR4(MS-7D25)" || \ "$BOARD_MODEL" == "PRO Z690-A DDR4(MS-7D25)" || \ @@ -850,107 +902,18 @@ update() { echo "That version does not support gen 13 and above CPU. Therefore we cannot continue with flashing." error_exit "Aborting update process..." fi - fi - while : ; do - echo - read -r -p "Are you sure you want to proceed with update? (Y|n) " OPTION - echo - - case ${OPTION} in - ""|yes|y|Y|Yes|YES) - break - ;; - n|N) - error_exit "Aborting update process..." - ;; - *) - ;; - esac - done - download_artifacts - if [ ! "$FUM" == "fum" ]; then - display_warning - fi - check_flash_lock - verify_artifacts bios - if [ "$HAVE_EC" == "true" ]; then - $DASHARO_ECTOOL info >> $ERR_LOG_FILE 2>&1 - error_check "Device does not have Dasharo EC firmware - cannot continue update!" - fi - - if [ "$NEED_SMMSTORE_MIGRATION" = "true" ]; then - smmstore_migration - fi - - if [ "$NEED_BOOTSPLASH_MIGRATION" = "true" ]; then - bootsplash_migration - fi - - cbfstool "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" - grep -q "CONFIG_VBOOT=y" "$BIOS_UPDATE_CONFIG_FILE" - HAVE_VBOOT="$?" - - check_intel_regions - check_blobs_in_binary $BIOS_UPDATE_FILE - check_if_me_disabled - set_flashrom_update_params $BIOS_UPDATE_FILE - set_intel_regions_update_params "-N --ifd" - check_vboot_keys - - echo "Updating Dasharo firmware..." - print_warning "This may take several minutes. Please be patient and do not power off your computer or touch the keyboard!" - - # FLASHROM_ADD_OPT_UPDATE_OVERRIDE takes priority over auto-detected update params. - # It set only by platform-specific and firmware version-specific conditions - if [ -n "$FLASHROM_ADD_OPT_UPDATE_OVERRIDE" ]; then - # To standardize the operation of the FLASHROM_ADD_OPT_UPDATE_OVERRIDE flag, - # by default it contains only the bios section, below we verify the - # downloaded binary and add more sections when they were detected after - # using the `check_blobs_in_binary` function. - set_intel_regions_update_params "$FLASHROM_ADD_OPT_UPDATE_OVERRIDE" - FLASHROM_ADD_OPT_UPDATE_OVERRIDE="$FLASHROM_ADD_OPT_REGIONS" - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE_OVERRIDE} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE - error_check "Failed to update Dasharo firmware" - else - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE - error_check "Failed to update Dasharo firmware" - - if [ $BINARY_HAS_RW_B -eq 0 ]; then - echo "Updating second firmware partition..." - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} --fmap -N -i RW_SECTION_B -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE - error_check "Failed to update second firmware partition" - fi + # Warning must be displayed after the artifacts have been downloaded, because + # we check their hashes inside display_warning function: + if [ ! "$FUM" == "fum" ]; then + display_warning fi - # We use FLASHROM_ADD_OPT_REGIONS for updating ME and IFD. - # If FLASHROM_ADD_OPT_REGIONS remains the same after - # set_intel_regions_update_params or is cleared, it means - # we either cannot update any region, or were not allowed to, - # or platform has no descriptor. - if [ "$FLASHROM_ADD_OPT_REGIONS" != "-N --ifd" ] && [ "$FLASHROM_ADD_OPT_REGIONS" != "" ]; then - UPDATE_STRING="" - grep -q "\-i fd" <<< "$FLASHROM_ADD_OPT_REGIONS" - UPDATE_IFD=$? - grep -q "\-i me" <<< "$FLASHROM_ADD_OPT_REGIONS" - UPDATE_ME=$? - if [ $UPDATE_IFD -eq 0 ]; then - UPDATE_STRING+="Flash Descriptor" - if [ $UPDATE_ME -eq 0 ]; then - UPDATE_STRING+=" and " - fi - fi - if [ $UPDATE_ME -eq 0 ]; then - UPDATE_STRING+="Management Engine" - fi - echo "Updating $UPDATE_STRING" - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "$BIOS_UPDATE_FILE" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE - error_check "Failed to update $UPDATE_STRING" - fi + deploy_firmware update if [ ! -z "$SWITCHING_TO" ]; then # Any post-branch-switch messaging should go here @@ -971,9 +934,10 @@ update() { print_ok "Successfully updated Dasharo firmware." fi + # Post update routine: if [ "$HAVE_EC" == "true" ]; then echo "Updating Embedded Controller firmware. Your computer will power off automatically when done." - update_ec # Ends in a reset, does not exit + deploy_ec_firmware update else echo -n "Syncing disks... " sync @@ -1126,7 +1090,7 @@ if ! check_if_dasharo; then fi fi -# for FUM we start in dasharo-deploy so we need to verify that we have internet +# For FUM we start in dasharo-deploy so we need to verify that we have internet # connection to download shasums in board_config if [ "$FUM" == "fum" ]; then wait_for_network_connection @@ -1145,7 +1109,7 @@ case "$CMD" in initial deployment of Dasharo Firmware. Aborting..." fi backup - install + install_workflow ;; update) if [ "$FUM" == "fum" ]; then @@ -1162,7 +1126,7 @@ case "$CMD" in echo "1..." sleep 0.5 fi - update + update_workflow ;; backup) backup From fd45d4e408f9d12d65963fc8b5f82408da6be89f Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 24 Sep 2024 14:41:44 +0200 Subject: [PATCH 16/58] scripts: dasharo-deploy: add UEFI Capsule Update workflows Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 2deb6a4e..49bf9378 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -621,14 +621,25 @@ blob_transmission() { } deploy_ec_firmware() { -# This function deploys (installs or updates) downloaded EC firmware. -# Parameters: update, install. +# This function deploys (installs or updates) downloaded EC firmware either UEFI +# capsules (updates only) and binaries. Parameters: update, install. local _mode _mode="$1" if [ "$_mode" == "update" ]; then echo "Updating EC..." + # The EC firmware could be updated in two ways: via UEFI Capsule Update or + # via binaries and flashrom: + if [ "$FIRMWARE_VERSION" == "community_cap" ] || [ "$FIRMWARE_VERSION" == "dpp_cap" ]; then + # Linux Kernel driver is responsible for handling UEFI Capsule Updates, so + # the capsule should be fed to a specific device: + cat "$EC_UPDATE_FILE" > "$CAP_UPD_DEVICE" + # Return after updating. The below code is for flashrom updates (using + # binaries) only + return 0 + fi + # Following command will reset device, so the function will not quit: $DASHARO_ECTOOL flash "$EC_UPDATE_FILE" &>> $ERR_LOG_FILE error_check "Failed to update EC firmware" @@ -722,8 +733,8 @@ firmware_pre_installation_routine(){ } deploy_firmware(){ -# This function deploys (installs or updates) downloaded firmware. -# Parameters: update, install. +# This function deploys (installs or updates) downloaded firmware either UEFI +# capsules (updates only) or binaries. Parameters: update, install. local _mode _mode="$1" @@ -732,7 +743,19 @@ deploy_firmware(){ print_warning "This may take several minutes. Please be patient and do not" print_warning "power off your computer or touch the keyboard!" + # Firstly we need to check, whether it is possible to use UEFI Capsule + # Update, this is the preffered way of updating: + if [ "$FIRMWARE_VERSION" == "community_cap" ] || [ "$FIRMWARE_VERSION" == "dpp_cap" ]; then + # Linux Kernel driver is responsible for handling UEFI Capsule Updates, so + # the capsule should be fed to a specific device: + cat "$BIOS_UPDATE_FILE" > "$CAP_UPD_DEVICE" + # Return after updating. The below code is for flashrom updates (using + # binaries) only. + return 0 + fi + # Pre-update routine for UEFI Capsule Update is done by drivers and the + # capsule itself, so the routine is required only for flashrom updates: firmware_pre_updating_routine # FLASHROM_ADD_OPT_UPDATE_OVERRIDE takes priority over auto-detected update params. @@ -805,7 +828,9 @@ deploy_firmware(){ } install_workflow() { -# Installation workflow. +# Installation workflow. The installation of firmware is possible only via +# flashrom, capsules cannot do the installation because they need initial +# support inside firmware. sync_clocks # Verify that the device is not using battery as a power source: @@ -869,7 +894,7 @@ install_workflow() { } update_workflow() { -# Update workflow. +# Update workflow. Supported firmware formats: binary, UEFI capsule. CAN_SWITCH_TO_HEADS="false" sync_clocks From 6b3eee91a31bca3100c777f9f72a5afb4bc5e4be Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 24 Sep 2024 14:59:20 +0200 Subject: [PATCH 17/58] scripts: dasharo-deploy: pre-commit fixes Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 49bf9378..1730bf32 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -4,6 +4,11 @@ # # SPDX-License-Identifier: Apache-2.0 +# Some variables (especially those with hashes, are being used by functions in +# dts-functions.sh only, shellcheck is unaware of them and marks them as +# unused.) +# shellcheck disable=SC2034 + # shellcheck source=../include/dts-environment.sh source $DTS_ENV # shellcheck source=../include/dts-functions.sh @@ -88,9 +93,9 @@ ask_for_version() { # Here we check if user has access to a certain version of Dasharo Firmware. # The check consists of two stages: - # * does user platform support the fimware - BIOS_LINK_* variables are being - # checked; - # * does user has access rights to the blobs of the supported fimware - a + # * does user platform support the firmware - BIOS_LINK_* variables are + # being checked; + # * does user has access rights to the blobs of the supported firmware - a # call to the server with binaries is done, to check if user can download # the blobs. if [ -n "$BIOS_LINK_COMM" ]; then @@ -192,7 +197,7 @@ choose_version(){ fi if [ -n "$DASHARO_REL_VER_DPP_CAP" ]; then - if $(check_for_firmware_access dpp_cap); then + if check_for_firmware_access dpp_cap; then FIRMWARE_VERSION="dpp_cap" return 0 @@ -205,7 +210,7 @@ choose_version(){ fi if [ -n "$DASHARO_REL_VER_DPP" ]; then - if $(check_for_firmware_access dpp); then + if check_for_firmware_access dpp; then FIRMWARE_VERSION="dpp" return 0 @@ -235,7 +240,7 @@ prepare_env() { _prepare_for="$1" # If firmware is being installed - user should choose what to install, if - # firmware is being updated - final version is being choosed automatically + # firmware is being updated - final version is being chosen automatically if [ "$_prepare_for" == "update" ]; then choose_version elif [ "$_prepare_for" == "install" ]; then @@ -260,7 +265,7 @@ prepare_env() { UPDATE_VERSION="$DASHARO_REL_VER" # Check EC link additionally, not all platforms have Embedded Controllers: - if [ -n $"EC_LINK_COMM" ]; then + if [ -n "$EC_LINK_COMM" ]; then EC_LINK=$EC_LINK_COMM EC_HASH_LINK=$EC_HASH_LINK_COMM EC_SIGN_LINK=$EC_SIGN_LINK_COMM @@ -312,7 +317,7 @@ prepare_env() { fi return 0 - elif [ "$FIRMWARE_VERSION" == "seabios" ]; the + elif [ "$FIRMWARE_VERSION" == "seabios" ]; then BIOS_LINK=$BIOS_LINK_DPP_SEABIOS BIOS_HASH_LINK=$BIOS_HASH_LINK_DPP_SEABIOS BIOS_SIGN_LINK=$BIOS_SIGN_LINK_DPP_SEABIOS @@ -744,7 +749,7 @@ deploy_firmware(){ print_warning "power off your computer or touch the keyboard!" # Firstly we need to check, whether it is possible to use UEFI Capsule - # Update, this is the preffered way of updating: + # Update, this is the preferred way of updating: if [ "$FIRMWARE_VERSION" == "community_cap" ] || [ "$FIRMWARE_VERSION" == "dpp_cap" ]; then # Linux Kernel driver is responsible for handling UEFI Capsule Updates, so # the capsule should be fed to a specific device: From 1e152dc6fd04b05acacaa37496a49c5929cfbef1 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Wed, 25 Sep 2024 15:08:49 +0200 Subject: [PATCH 18/58] scripts: ec_transition: delete surplus definitions These veriables are already defined in dts-environment.sh, and the ec_transition sources it. Signed-off-by: Daniil Klimuk --- scripts/ec_transition | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/ec_transition b/scripts/ec_transition index bea106da..e556bee6 100644 --- a/scripts/ec_transition +++ b/scripts/ec_transition @@ -58,8 +58,6 @@ check_for_opensource_firmware() download_files() { wait_for_network_connection - BIOS_UPDATE_FILE="/tmp/biosupdate.rom" - EC_UPDATE_FILE="/tmp/ecupdate.rom" wget -O $EC_UPDATE_FILE $EC_LINK error_check "Cannot download EC update file. Aborting..." wget -O $BIOS_UPDATE_FILE $BIOS_LINK From 05606c728dd2ed5dd911ef850a748252275727f1 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 26 Sep 2024 16:15:12 +0200 Subject: [PATCH 19/58] scripts: dasharo-deploy: delete backup option This code is currently used inside dasharo-deploy only. Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 1730bf32..6ec5421a 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -857,6 +857,8 @@ install_workflow() { # Ask user for confirmation: display_warning + backup + # Deploy EC firmware if [ "$HAVE_EC" == "true" ]; then deploy_ec_firmware install @@ -1110,7 +1112,7 @@ restore() { usage() { echo "Usage:" echo " $0 install - Install Dasharo on this device" - echo " $0 backup - Backup current firmware" + echo " $0 update - Update Dasharo" echo " $0 restore - Restore from a previously saved backup" } @@ -1138,7 +1140,6 @@ case "$CMD" in error_exit "Dasharo Firmware is already installed. This script is only for\r initial deployment of Dasharo Firmware. Aborting..." fi - backup install_workflow ;; update) @@ -1158,9 +1159,6 @@ case "$CMD" in fi update_workflow ;; - backup) - backup - ;; restore) if ! check_if_dasharo; then error_exit "Dasharo Firmware is not installed. This script is only for\r From ce92021c35f3e958ca8f02d29b3e1ee3b4a22892 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 26 Sep 2024 16:23:39 +0200 Subject: [PATCH 20/58] include: dts-functions.sh: fix QEMU config Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index c27ddfc9..dd64cbda 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -661,26 +661,16 @@ board_config() { BIOS_LINK_DPP="$FW_STORE_URL_DPP/$DASHARO_REL_NAME/v$DASHARO_REL_VER_DPP/${DASHARO_REL_NAME}_v$DASHARO_REL_VER_DPP.rom" ;; - "Emulation") + "QEMU"|"Emulation") case "$SYSTEM_MODEL" in - "QEMU x86 q35/ich9") - case "$BOARD_MODEL" in - "QEMU x86 q35/ich9") - # Update type: - CAN_INSTALL_BIOS="true" - CAPSULE_UPDATE="true" - # Download and versioning variables: - DASHARO_REL_NAME="qemu_q35" - DASHARO_REL_VER="v0.2.0" - BIOS_LINK_COMM="${FW_STORE_URL}/${DASHARO_REL_NAME}/${DASHARO_REL_VER}/${DASHARO_REL_NAME}_${DASHARO_REL_VER}.rom" - # TODO: wait till the binaries will be uploaded to the server. - #BIOS_LINK_COMM_CAP="${FW_STORE_URL}/${DASHARO_REL_NAME}/${DASHARO_REL_VER}/" - ;; - *) - print_error "Board model $BOARD_MODEL is currently not supported" - return 1 - ;; - esac + *Q35*ICH9*|*q35*ich9*) + # Update type: + CAN_INSTALL_BIOS="true" + # Download and versioning variables: + DASHARO_REL_NAME_CAP="qemu_q35" + DASHARO_REL_VER_CAP="0.2.0" + # TODO: wait till the binaries will be uploaded to the server. + BIOS_LINK_COMM_CAP="${FW_STORE_URL}/${DASHARO_REL_NAME_CAP}/v${DASHARO_REL_VER_CAP}/" ;; *) print_error "Board model $SYSTEM_MODEL is currently not supported" From ecbb7b142464e08f0f50ad8ab98a0c491b055296 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 26 Sep 2024 16:27:17 +0200 Subject: [PATCH 21/58] include: dts-functions: fix footer rendering Before: ********************************************************* R to reboot P to poweroff S to enter shell K to launch SSH server L to enable sending DTS logs V to enable verbose mode Enter an option: Now: ********************************************************* R to reboot P to poweroff S to enter shell K to launch SSH server L to enable sending DTS logs V to enable verbose mode Enter an option: Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index dd64cbda..ea98e981 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1517,9 +1517,9 @@ show_footer(){ echo -ne "${RED}${SSH_OPT_UP}${NORMAL} to launch SSH server ${NORMAL}" fi if [ "${SEND_LOGS_ACTIVE}" == "true" ]; then - echo -ne "${RED}${SEND_LOGS_OPT}${NORMAL} to disable sending DTS logs ${NORMAL}" + echo -e "${RED}${SEND_LOGS_OPT}${NORMAL} to disable sending DTS logs ${NORMAL}" else - echo -ne "${RED}${SEND_LOGS_OPT}${NORMAL} to enable sending DTS logs ${NORMAL}" + echo -e "${RED}${SEND_LOGS_OPT}${NORMAL} to enable sending DTS logs ${NORMAL}" fi if [ "${VERBOSE_ACTIVE}" == "true" ]; then echo -ne "${RED}${VERBOSE_OPT}${NORMAL} to disable verbose mode ${NORMAL}" From 2aef6c34f4097f185ef09502ab826a8476e29179 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 26 Sep 2024 16:31:50 +0200 Subject: [PATCH 22/58] Add more comments Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 2 +- scripts/dasharo-deploy | 37 +++++++++++++++++++++++++++++++++---- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index ea98e981..88f5da56 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1487,7 +1487,7 @@ main_menu_options(){ check_avail_dpp_packages || return 0 # Download and install available packages, start loop over if there is - # no packages tto install: + # no packages to install: install_all_dpp_packages || return 0 # Parse installed packages for premium submenus: diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 6ec5421a..4a82f7b5 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -628,6 +628,12 @@ blob_transmission() { deploy_ec_firmware() { # This function deploys (installs or updates) downloaded EC firmware either UEFI # capsules (updates only) and binaries. Parameters: update, install. +# +# TODO: Currently we have here flashrom parameters confguration code, this +# should be done before this function is called, so as to palce here only +# deployment-related code. Ideally the deploying calls would look like this: +# +# $DEPLOY_COMMAND $DEPLOY_ARGS &>> $LOGS_FILE local _mode _mode="$1" @@ -675,7 +681,9 @@ deploy_ec_firmware() { } firmware_pre_updating_routine(){ - # Preupdating routine: +# This function only separates some code from deployment code, so to make clear +# where is deployment code, and what should be executed before it: + check_flash_chip check_flash_lock if [ "$HAVE_EC" == "true" ]; then @@ -706,7 +714,9 @@ firmware_pre_updating_routine(){ } firmware_pre_installation_routine(){ - # Preinstallation routine: +# This function only separates some code from deployment code, so to make clear +# where is deployment code, and what should be executed before it: + check_flash_chip check_flash_lock check_intel_regions check_blobs_in_binary $BIOS_UPDATE_FILE @@ -740,6 +750,12 @@ firmware_pre_installation_routine(){ deploy_firmware(){ # This function deploys (installs or updates) downloaded firmware either UEFI # capsules (updates only) or binaries. Parameters: update, install. +# +# TODO: Currently we have here flashrom parameters confguration code, this +# should be done before this function is called, so as to palce here only +# deployment-related code. Ideally the deploying calls would look like this: +# +# $DEPLOY_COMMAND $DEPLOY_ARGS &>> $LOGS_FILE local _mode _mode="$1" @@ -835,7 +851,13 @@ deploy_firmware(){ install_workflow() { # Installation workflow. The installation of firmware is possible only via # flashrom, capsules cannot do the installation because they need initial -# support inside firmware. +# support inside firmware. The workflow steps are: +# 1) Prepare system for installation (e.g. check connection); +# 2) Prepare environment for installation (e.g. set all needed vars); +# 3) Ask user are the changes that will be done ok; +# 4) Do backup; +# 5) Do the installation; +# 6) Do some after-installation routine. sync_clocks # Verify that the device is not using battery as a power source: @@ -901,7 +923,13 @@ install_workflow() { } update_workflow() { -# Update workflow. Supported firmware formats: binary, UEFI capsule. +# Update workflow. Supported firmware formats: binary, UEFI capsule. The +# workflow steps are: +# 1) Prepare system for update (e.g. check connection); +# 2) Prepare environment for update (e.g. set all needed vars); +# 3) Ask user are the changes that wiil be done ok; +# 4) Do the updating; +# 5) Do some after-updating routine. CAN_SWITCH_TO_HEADS="false" sync_clocks @@ -947,6 +975,7 @@ update_workflow() { deploy_firmware update + # TODO: Could it be placed somewhere else? if [ ! -z "$SWITCHING_TO" ]; then # Any post-branch-switch messaging should go here case "$SWITCHING_TO" in From 97aebd817ff541361d2b228905871a1a8fa3474f Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 26 Sep 2024 16:38:28 +0200 Subject: [PATCH 23/58] scripts: dasharo-deploy: pre-commit fixes Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 4a82f7b5..17d474bf 100755 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -629,8 +629,8 @@ deploy_ec_firmware() { # This function deploys (installs or updates) downloaded EC firmware either UEFI # capsules (updates only) and binaries. Parameters: update, install. # -# TODO: Currently we have here flashrom parameters confguration code, this -# should be done before this function is called, so as to palce here only +# TODO: Currently we have here flashrom parameters configuration code, this +# should be done before this function is called, so as to place here only # deployment-related code. Ideally the deploying calls would look like this: # # $DEPLOY_COMMAND $DEPLOY_ARGS &>> $LOGS_FILE @@ -751,8 +751,8 @@ deploy_firmware(){ # This function deploys (installs or updates) downloaded firmware either UEFI # capsules (updates only) or binaries. Parameters: update, install. # -# TODO: Currently we have here flashrom parameters confguration code, this -# should be done before this function is called, so as to palce here only +# TODO: Currently we have here flashrom parameters configuration code, this +# should be done before this function is called, so as to place here only # deployment-related code. Ideally the deploying calls would look like this: # # $DEPLOY_COMMAND $DEPLOY_ARGS &>> $LOGS_FILE @@ -927,7 +927,7 @@ update_workflow() { # workflow steps are: # 1) Prepare system for update (e.g. check connection); # 2) Prepare environment for update (e.g. set all needed vars); -# 3) Ask user are the changes that wiil be done ok; +# 3) Ask user are the changes that will be done ok; # 4) Do the updating; # 5) Do some after-updating routine. CAN_SWITCH_TO_HEADS="false" From 61f68f01b09e59ff97d6c2a2bf153190cb552d46 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Fri, 27 Sep 2024 10:34:52 +0200 Subject: [PATCH 24/58] remove -x flag from all files permissions Signed-off-by: Daniil Klimuk --- reports/dasharo-hcl-report | 0 scripts/cloud_list | 0 scripts/dasharo-deploy | 0 scripts/local-deploy.sh | 0 tests/compare_version.sh | 0 tests/dasharo-ectool-mock.sh | 0 tests/dts-boot | 0 tests/flashrom-mock.sh | 0 8 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 reports/dasharo-hcl-report mode change 100755 => 100644 scripts/cloud_list mode change 100755 => 100644 scripts/dasharo-deploy mode change 100755 => 100644 scripts/local-deploy.sh mode change 100755 => 100644 tests/compare_version.sh mode change 100755 => 100644 tests/dasharo-ectool-mock.sh mode change 100755 => 100644 tests/dts-boot mode change 100755 => 100644 tests/flashrom-mock.sh diff --git a/reports/dasharo-hcl-report b/reports/dasharo-hcl-report old mode 100755 new mode 100644 diff --git a/scripts/cloud_list b/scripts/cloud_list old mode 100755 new mode 100644 diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy old mode 100755 new mode 100644 diff --git a/scripts/local-deploy.sh b/scripts/local-deploy.sh old mode 100755 new mode 100644 diff --git a/tests/compare_version.sh b/tests/compare_version.sh old mode 100755 new mode 100644 diff --git a/tests/dasharo-ectool-mock.sh b/tests/dasharo-ectool-mock.sh old mode 100755 new mode 100644 diff --git a/tests/dts-boot b/tests/dts-boot old mode 100755 new mode 100644 diff --git a/tests/flashrom-mock.sh b/tests/flashrom-mock.sh old mode 100755 new mode 100644 From b447b8c03e6c11f702f0b7414d1dddbb6f870a78 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Fri, 27 Sep 2024 14:11:11 +0200 Subject: [PATCH 25/58] include: dts-functions: downloading artifacts: add capsules Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 88f5da56..ef7f5925 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -772,7 +772,7 @@ compare_versions() { } download_bios() { - if [ -n "$BIOS_LINK_COMM" ] && [ ${BIOS_LINK} == ${BIOS_LINK_COMM} ]; then + if [ "${BIOS_LINK}" == "${BIOS_LINK_COMM}" ] || [ "${BIOS_LINK}" == "${BIOS_LINK_COMM_CAP}" ]; then curl -s -L -f "$BIOS_LINK" -o $BIOS_UPDATE_FILE error_check "Cannot access $FW_STORE_URL while downloading binary. Please check your internet connection" @@ -797,21 +797,21 @@ download_bios() { } download_ec() { - if [ -n "$BIOS_LINK_COMM" ] && [ ${BIOS_LINK} == ${BIOS_LINK_COMM} ]; then + if [ "${BIOS_LINK}" = "${BIOS_LINK_COMM}" ] || [ "${BIOS_LINK}" = "${BIOS_LINK_COMM_CAP}" ]; then if [ "$HAVE_EC" == "true" ]; then curl -s -L -f "$EC_LINK" -o "$EC_UPDATE_FILE" error_check "Cannot access $FW_STORE_URL while downloading binary. Please - check your internet connection and credentials" + check your internet connection" curl -s -L -f "$EC_HASH_LINK" -o $EC_HASH_FILE error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection and credentials" + check your internet connection" curl -s -L -f "$EC_SIGN_LINK" -o $EC_SIGN_FILE error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection and credentials" + check your internet connection" fi else if [ "$HAVE_EC" == "true" ]; then - if [ -n "$EC_LINK_COMM" ] && [ ${EC_LINK} == ${EC_LINK_COMM} ]; then + if [ "${EC_LINK}" = "${EC_LINK_COMM}" ] || [ "${EC_LINK}" = "${EC_LINK_COMM_CAP}" ]; then curl -s -L -f "$EC_LINK" -o "$EC_UPDATE_FILE" error_check "Cannot access $FW_STORE_URL while downloading binary. Please check your internet connection" @@ -824,13 +824,13 @@ download_ec() { else curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_LINK" -o $EC_UPDATE_FILE error_check "Cannot access $FW_STORE_URL while downloading binary. Please - check your internet connection" + check your internet connection and credentials" curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_HASH_LINK" -o $EC_HASH_FILE error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection" + check your internet connection and credentials" curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_SIGN_LINK" -o $EC_SIGN_FILE error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection" + check your internet connection and credentials" fi fi fi From 3910890fe48430835f5a9106dcf9e58e6e59e1cf Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 30 Sep 2024 11:11:42 +0200 Subject: [PATCH 26/58] scripts: dasharo-deploy: add some collors to output Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 17d474bf..d6949c6a 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -90,6 +90,7 @@ ask_for_version() { while : ; do echo echo "Please, select Dasharo firmware version to install:" + echo # Here we check if user has access to a certain version of Dasharo Firmware. # The check consists of two stages: @@ -110,9 +111,11 @@ ask_for_version() { echo " d) DPP version (coreboot + UEFI)" _might_be_dpp="true" else - echo " DPP version (coreboot + UEFI) available but you don't have access" - echo " to it, if you are interested, please visit" - echo " https://shop.3mdeb.com/product-category/dasharo-pro-package/" + print_warning " DPP version (coreboot + UEFI) available but you don't have access" + print_warning " to it, if you are interested, please visit" + print_warning " https://shop.3mdeb.com/product-category/dasharo-pro-package/" + + echo fi fi @@ -121,9 +124,11 @@ ask_for_version() { echo " s) DPP version (coreboot + SeaBIOS)" _might_be_seabios="true" else - echo " DPP version (coreboot + SeaBIOS) available but you don't have access" - echo " to it, if you are interested, please visit" - echo " https://shop.3mdeb.com/product-category/dasharo-pro-package/" + print_warning " DPP version (coreboot + SeaBIOS) available but you don't have access" + print_warning " to it, if you are interested, please visit" + print_warning " https://shop.3mdeb.com/product-category/dasharo-pro-package/" + + echo fi fi From a99ba0254d86f564b8bb6cd783dcbeca9ac5866b Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 30 Sep 2024 11:12:33 +0200 Subject: [PATCH 27/58] scripts: dasharo-deploy: installation_workflow: fix downloading and verifying Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index d6949c6a..a3c32fb1 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -873,12 +873,13 @@ install_workflow() { prepare_env install # Download and verify firmware: - if [ "$CAN_INSTALL_BIOS" == "false" ]; then + if [ "$HAVE_EC" == "true" ]; then download_ec verify_artifacts ec - else - download_artifacts - verify_artifacts ec bios + fi + if [ "$CAN_INSTALL_BIOS" == "true" ]; then + download_bios + verify_artifacts bios fi # Ask user for confirmation: From d7780f288bdaac68814198a68bd85787dbb1b82d Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 14 Oct 2024 12:35:45 +0200 Subject: [PATCH 28/58] include: hal: add Add HAL and mocking functions. Signed-off-by: Daniil Klimuk --- Makefile | 2 + include/dts-functions.sh | 1 - include/hal/common-mock-func.sh | 484 ++++++++++++++++++++++++++++++++ include/hal/dts-hal.sh | 191 +++++++++++++ 4 files changed, 677 insertions(+), 1 deletion(-) create mode 100644 include/hal/common-mock-func.sh create mode 100644 include/hal/dts-hal.sh diff --git a/Makefile b/Makefile index d0036d3c..c11148ab 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,8 @@ install: install -m 0755 include/dts-environment.sh $(DESTDIR)$(SBINDIR) install -m 0755 include/dts-functions.sh $(DESTDIR)$(SBINDIR) install -m 0755 include/dts-subscription.sh $(DESTDIR)$(SBINDIR) + install -m 0755 include/hal/dts-hal.sh $(DESTDIR)$(SBINDIR) + install -m 0755 include/hal/common-mock-func.sh $(DESTDIR)$(SBINDIR) install -m 0755 scripts/cloud_list $(DESTDIR)$(SBINDIR) install -m 0755 scripts/dasharo-deploy $(DESTDIR)$(SBINDIR) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index ef7f5925..eda8a169 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1717,7 +1717,6 @@ check_if_intel() { if [ $cpu_vendor == "GenuineIntel" ]; then return 0 fi - return 1 } set_verbose() { diff --git a/include/hal/common-mock-func.sh b/include/hal/common-mock-func.sh new file mode 100644 index 00000000..fb929f1a --- /dev/null +++ b/include/hal/common-mock-func.sh @@ -0,0 +1,484 @@ +#!/usr/bin/env bash + +################################################################################ +# Helper functions used in this script: +################################################################################ +parse_for_arg_return_next(){ +# This function parses a list of arguments (given as a second argument), looks +# for a specified argument (given as a first argument). In case the specified +# argument has been found in the list - this function returns (to stdout) the +# argument, which is on the list after specified one, and a return value 0, +# otherwise nothing is being printed to stdout and the return value is 1. +# Arguments: +# 1. The argument you are searching for like -r for flashrom; +# 2. Space-separated list of arguments to search in. + local _arg="$1" + shift + + while [[ $# -gt 0 ]]; do + case $1 in + "$_arg") + [ -n "$2" ] && echo "$2" + + return 0 + ;; + *) + shift + ;; + esac + done + + return 1 +} + +# Mocking part of DTS HAL. For format used for mo mocking functions check +# dts-hal.sh script and tool_wrapper func.. + +################################################################################ +# Common mocking function +################################################################################ +common_mock(){ +# This mocking function is being called for all cases where mocking is needed, +# but the result of mocking function execution is not important. + local _tool="$1" + + echo "${FUNCNAME[0]}: using ${_tool}..." + + return 0 +} + +################################################################################ +# flashrom +################################################################################ +TEST_FLASH_LOCK="${TEST_FLASH_LOCK:-}" +TEST_BOARD_HAS_FD_REGION="${TEST_BOARD_HAS_FD_REGION:-true}" +TEST_BOARD_FD_REGION_RW="${TEST_BOARD_FD_REGION_RW:-true}" +TEST_BOARD_HAS_ME_REGION="${TEST_BOARD_HAS_ME_REGION:-true}" +TEST_BOARD_ME_REGION_RW="${TEST_BOARD_ME_REGION_RW:-true}" +TEST_BOARD_ME_REGION_LOCKED="${TEST_BOARD_ME_REGION_LOCKED:-}" +TEST_BOARD_HAS_GBE_REGION="${TEST_BOARD_HAS_GBE_REGION:-true}" +TEST_BOARD_GBE_REGION_RW="${TEST_BOARD_GBE_REGION_RW:-true}" +TEST_BOARD_GBE_REGION_LOCKED="${TEST_BOARD_GBE_REGION_LOCKED:-}" +TEST_COMPATIBLE_EC_VERSINO="${TEST_COMPATIBLE_EC_VERSINO:-}" +TEST_FLASH_CHIP_SIZE="${TEST_FLASH_CHIP_SIZE:-$((2*1024*1024))}" + +flashrom_check_flash_lock_mock(){ +# For flash lock testing, for more inf. check check_flash_lock func.: + if [ "$TEST_FLASH_LOCK" = "true" ]; then + echo "PR0: Warning:.TEST is read-only" 1>&2 + echo "SMM protection is enabled" 1>&2 + + return 1 + fi + + return 0 +} + +flashrom_flash_chip_name_mock(){ +# For flash chip name check emulation, for more inf. check check_flash_chip +# func.: + echo "Test Flash Chip" 1>&1 + + return 0 +} + +flashrom_flash_chip_size_mock(){ +# For flash chip size check emulation, for more inf. check check_flash_chip +# func.. + echo "$TEST_FLASH_CHIP_SIZE" 1>&1 + + return 0 +} + +flashrom_check_intel_regions_mock(){ +# For flash regions check emulation, for more inf. check check_intel_regions +# func.: + if [ "$TEST_BOARD_HAS_FD_REGION" = "true" ]; then + echo -n "Flash Descriptor region (0x00000000-0x00000fff)" + + if [ "$TEST_BOARD_FD_REGION_RW" = "true" ]; then + echo " is read-write" + else + echo " is read-only" + fi + fi + + if [ "$TEST_BOARD_HAS_ME_REGION" = "true" ]; then + echo -n "Management Engine region (0x00600000-0x00ffffff)" + + if [ "$TEST_BOARD_ME_REGION_RW" = "true" ]; then + echo -n " is read-write" + else + echo -n " is read-only" + fi + + [ "$TEST_BOARD_ME_REGION_LOCKED" = "true" ] && echo -n " and is locked" + echo "" + fi + + if [ "$TEST_BOARD_HAS_GBE_REGION" = "true" ]; then + echo -n "Gigabit Ethernet region (0x00001000-0x00413fff)" + + if [ "$TEST_BOARD_GBE_REGION_RW" = "true" ]; then + echo -n " is read-write" + else + echo -n " is read-only" + fi + + [ "$TEST_BOARD_GBE_REGION_LOCKED" = "true" ] && echo -n " and is locked" + echo "" + fi + + return 0 +} + +flashrom_read_flash_layout_mock(){ +# For checking flash layout for further flashrom arguments selection, for more +# inf. check set_flashrom_update_params function. +# +# TODO: this one can be deleted in future and replaced with read_firm_mock, +# which will create a binary with needed bytes appropriately set. + # For -r check flashrom man page: + local _file_to_write_into + _file_to_write_into=$(parse_for_arg_return_next "-r" "$@") + + [ -f "$_file_to_write_into" ] || echo "Testing..." > "$_file_to_write_into" + + return 0 +} + +flashrom_read_firm_mock(){ +# Emulating dumping of the firmware the platform currently uses. Currently it is +# writing into text file, that should be changed to binary instead (TODO). + # For -r check flashrom man page: + local _file_to_write_into + _file_to_write_into=$(parse_for_arg_return_next "-r" "$@") + + [ -f "$_file_to_write_into" ] || echo "Test flashrom read." > "$_file_to_write_into" + + return 0 +} + +flashrom_get_ec_firm_version_mock(){ +# Emulating wrong EC firmware version, check deploy_ec_firmware func. and +# ec_transition script for more inf.: + if [ -n "$TEST_COMPATIBLE_EC_VERSION" ]; then + echo "Mainboard EC Version: $COMPATIBLE_EC_FW_VERSION" 1>&1 + else + echo "Mainboard EC Version: 0000-00-00-0000000" 1>&1 + fi + + return 0 +} + +################################################################################ +# dasharo_ectool +################################################################################ +TEST_USING_OPENSOURCE_EC_FIRM="${TEST_USING_OPENSOURCE_EC_FIRM:-}" +TEST_NOVACUSTOM_MODEL="${TEST_NOVACUSTOM_MODEL:-}" + +dasharo_ectool_check_for_opensource_firm_mock(){ +# Emulating opensource EC firmware presence, check check_for_opensource_firmware +# for more inf.: + if [ "$TEST_USING_OPENSOURCE_EC_FIRM" = "true" ]; then + return 0 + fi + + return 1 +} + +novacustom_check_sys_model_mock(){ + if [ -n "$TEST_NOVACUSTOM_MODEL" ]; then + echo "Dasharo EC Tool Mock - Info Command" 1>&1 + echo "-----------------------------------" 1>&1 + echo "board: novacustom/$TEST_NOVACUSTOM_MODEL" 1>&1 + echo "version: 0000-00-00_0000000" 1>&1 + echo "-----------------------------------" 1>&1 + + return 0 + fi + + return 1 +} + +################################################################################ +# dmidecode +################################################################################ +TEST_SYSTEM_VENDOR="${TEST_SYSTEM_VENDOR:-}" +TEST_SYSTEM_MODEL="${TEST_SYSTEM_MODEL:-}" +TEST_BOARD_MODEL="${TEST_BOARD_MODEL:-}" +TEST_CPU_VERSION="${TEST_CPU_VERSION:-}" +TEST_BIOS_VENDOR="${TEST_BIOS_VENDOR:-}" +TEST_SYSTEM_UUID="${TEST_SYSTEM_UUID:-}" +TEST_BASEBOARD_SERIAL_NUMBER="${TEST_BASEBOARD_SERIAL_NUMBER:-}" + +dmidecode_common_mock(){ +# Emulating dumping dmidecode inf.: + echo "${FUNCNAME[0]}: using dmidecode..." 1>&1 + + return 0 +} + +dmidecode_dump_var_mock(){ +# Emulating dumping specific dmidecode fields, this is the place where the value +# of the fields are being replaced by those defined by testsuite: + local _option_to_read + _option_to_read=$(parse_for_arg_return_next "-s" "$@") + + case "$_option_to_read" in + system-manufacturer) + + [ -z "$TEST_SYSTEM_VENDOR" ] && return 1 + + echo "$TEST_SYSTEM_VENDOR" 1>&1 + ;; + system-product-name) + + [ -z "$TEST_SYSTEM_MODEL" ] && return 1 + + echo "$TEST_SYSTEM_MODEL" 1>&1 + ;; + baseboard-version) + + [ -z "$TEST_BOARD_MODEL" ] && return 1 + + echo "$TEST_BOARD_MODEL" 1>&1 + ;; + baseboard-product-name) + + [ -z "$TEST_BOARD_MODEL" ] && return 1 + + echo "$TEST_BOARD_MODEL" 1>&1 + ;; + processor-version) + + [ -z "$TEST_CPU_VERSION" ] && return 1 + + echo "$TEST_CPU_VERSION" 1>&1 + ;; + bios-vendor) + + [ -z "$TEST_BIOS_VENDOR" ] && return 1 + + echo "$TEST_BIOS_VENDOR" 1>&1 + ;; + bios-version) + + [ -z "$TEST_BIOS_VERSION" ] && return 1 + + echo "$TEST_BIOS_VERSION" 1>&1 + ;; + system-uuid) + + [ -z "$TEST_SYSTEM_UUID" ] && return 1 + + echo "$TEST_SYSTEM_UUID" 1>&1 + ;; + baseboard-serial-number) + + [ -z "$TEST_BASEBOARD_SERIAL_NUMBER" ] && return 1 + + echo "$TEST_BASEBOARD_SERIAL_NUMBER" 1>&1 + ;; + esac + + return 0 +} + +################################################################################ +# ifdtool +################################################################################ +TEST_ME_OFFSET="${TEST_ME_OFFSET:-}" + +ifdtool_check_blobs_in_binary_mock(){ +# Emulating ME offset value check, check check_blobs_in_binary func. for more +# inf.: + echo "Flash Region 2 (Intel ME): $TEST_ME_OFFSET" 1>&1 + + return 0 +} + +################################################################################ +# cbmem +################################################################################ +TEST_ME_DISABLED="${TEST_ME_DISABLED:-true}" + +cbmem_check_if_me_disabled_mock(){ +# Emulating ME state checked in Coreboot table, check check_if_me_disabled func. +# for more inf.: + if [ "$TEST_ME_DISABLED" = "true" ]; then + echo "ME is disabled" 1>&1 + echo "ME is HAP disabled" 1>&1 + + return 0 + fi + + return 1 +} + +################################################################################ +# cbfstool +################################################################################ +TEST_VBOOT_ENABLED="${TEST_VBOOT_ENABLED:-}" +TEST_ROMHOLE_MIGRATION="${TEST_ROMHOLE_MIGRATION:-}" +TEST_DIFFERENT_FMAP="${TEST_DIFFERENT_FMAP:-}" + +cbfstool_layout_mock(){ +# Emulating some fields in Coreboot Files System layout table: + local _file_to_check="$1" + + echo "This image contains the following sections that can be accessed with this tool:" 1>&1 + echo "" 1>&1 + # Emulating ROMHOLE presence, check romhole_migration function for more inf.: + [ "$TEST_ROMHOLE_MIGRATION" = "true" ] && echo "'ROMHOLE' (test)" 1>&1 + # Emulating difference in Coreboot FS, check function + # set_flashrom_update_params for more inf.: + [ "$TEST_DIFFERENT_FMAP" = "true" ] && [ "$_file_to_check" != "$BIOS_DUMP_FILE" ] && echo "test" 1>&1 + + return 0 +} + +cbfstool_read_romhole_mock(){ +# Emulating reading ROMHOLE section from dumped firmware, check +# romhole_migration func for more inf.: + local _file_to_write_into + _file_to_write_into=$(parse_for_arg_return_next "-f" "$@") + + [ -f "$_file_to_write_into" ] || echo "Testing..." > "$_file_to_write_into" + + return 0 +} + +cbfstool_read_bios_conffile_mock(){ +# Emulating reading bios configuration and some fields inside it. + local _file_to_write_into + _file_to_write_into=$(parse_for_arg_return_next "-f" "$@") + + if [ "$TEST_VBOOT_ENABLED" = "true" ]; then + # Emulating VBOOT presence, check firmware_pre_installation_routine and + # firmware_pre_updating_routine funcs for more inf.: + echo "CONFIG_VBOOT=y" > "$_file_to_write_into" + fi + + echo "" >> "$_file_to_write_into" + + return 0 +} + +################################################################################ +# dmesg +################################################################################ +TEST_TOUCHPAD_ENABLED=${TEST_TOUCHPAD_ENABLED:-} + +dmesg_i2c_hid_detect_mock(){ +# Emulating touchpad presence and name detection, check touchpad-info script for +# more inf.: + if [ "$TEST_TOUCHPAD_ENABLED" = "true" ]; then + echo "hid-multitouch: I2C HID Test" 1>&1 + fi + + return 0 +} + +################################################################################ +# futility +################################################################################ +TEST_DIFFERENT_VBOOT_KEYS=${TEST_DIFFERENT_VBOOT_KEYS:-} + +futility_dump_vboot_keys(){ +# Emulating VBOOT keys difference to trigger GBB region migration, check +# check_vboot_keys func. for more inf.: + _local _file_to_check + _file_to_check=$(parse_for_arg_return_next show "$@") + if [ "$TEST_DIFFERENT_VBOOT_KEYS" = "true" ]; then + [ "$_file_to_check" = "$BIOS_UPDATE_FILE" ] && echo "key sha1sum: Test1" + [ "$_file_to_check" = "$BIOS_DUMP_FILE" ] && echo "key sha1sum: Test2" + fi + + return 0 +} +################################################################################ +# fsread_tool +################################################################################ +TEST_HCI_PRESENT="${TEST_HCI_PRESENT:-}" +TEST_TOUCHPAD_HID="${TEST_TOUCHPAD_HID:-}" +TEST_TOUCHPAD_PATH="${TEST_TOUCHPAD_PATH:-}" +TEST_AC_PRESENT="${TEST_AC_PRESENT:-}" + +fsread_tool_common_mock(){ +# This functionn emulates read hardware specific file system resources or its +# metadata. It redirects flow into a tool-specific mocking function, which then +# does needed work. e.g. fsread_tool_test_mock for test tool. + local _tool="$1" + shift + + fsread_tool_${_tool}_mock "$@" + + return $? +} + +fsread_tool_test_mock(){ + local _arg_d + _arg_d="$(parse_for_arg_return_next -d "$@")" + + if [ "$_arg_d" = "/sys/class/pci_bus/0000:00/device/0000:00:16.0" ]; then + # Here we emulate the HCI hardware presence checked by function + # check_if_heci_present in dts-hal.sh. Currently it is assumed the HCI is + # assigned to a specific sysfs path (check the condition above): + [ "$TEST_HCI_PRESENT" = "true" ] && return 0 + fi + + return 1 +} + +fsread_tool_cat_mock(){ + local _file_to_cat + _file_to_cat="$1" + + # Note, Test folder here comes from dmesg_i2c_hid_detect_mock, which is being + # called before fsread_tool_cat_mock in touchpad-info script: + if [ "$_file_to_cat" = "/sys/bus/i2c/devices/Test/firmware_node/hid" ] && [ -n "$TEST_TOUCHPAD_HID" ]; then + # Used in touchpad-info script. + echo "$TEST_TOUCHPAD_HID" 1>&1 + # Note, Test folder here comes from dmesg_i2c_hid_detect_mock, which is being + # called before fsread_tool_cat_mock in touchpad-info script: + elif [ "$_file_to_cat" = "/sys/bus/i2c/devices/Test/firmware_node/path" ] && [ -n "$TEST_TOUCHPAD_PATH" ]; then + # Used in touchpad-info script. + echo "$TEST_TOUCHPAD_PATH" 1>&1 + elif [ "$_file_to_cat" = "/sys/class/power_supply/AC/online" ] && [ "$TEST_AC_PRESENT" = "true" ]; then + # Emulating AC adadpter presence, used in check_if_ac func.: + echo "1" 1>&1 + else + echo "cat: ${_file_to_cat}: No such file or directory" + + return 1 + fi + + return 0 +} + +################################################################################ +# setpci +################################################################################ +TEST_ME_OP_MODE="${TEST_ME_OP_MODE:-0}" + +setpci_check_me_op_mode_mock(){ +# Emulating current ME operation mode, check functions check_if_me_disabled and +# check_me_op_mode: + echo "0$TEST_ME_OP_MODE" 1>&1 + + return 0 +} + +################################################################################ +# lscpu +################################################################################ +TEST_CPU_MODEL="${TEST_CPU_MODEL:-test}" + +lscpu_common_mock(){ +# Emulating CPU model, check update_workflow function. The model should look +# like i5-13409: + echo "12th Gen Intel(R) Core(TM) $TEST_CPU_MODEL" + + return 0 +} diff --git a/include/hal/dts-hal.sh b/include/hal/dts-hal.sh new file mode 100644 index 00000000..b8a71a19 --- /dev/null +++ b/include/hal/dts-hal.sh @@ -0,0 +1,191 @@ +#!/usr/bin/env bash + +# SPDX-FileCopyrightText: 2024 3mdeb +# +# SPDX-License-Identifier: Apache-2.0 +# +# This is a Hardware Abstraction Layer for DTS. The goal of this layer - +# separate all hardware-related code from DTS code to improve readability, +# scalability and testing. +# +# For testing, every hardware-specific tool must utilize DTS_TESTING +# variable, which is declared in dts-environment and set by user. If DTS_TESTING +# is not "true" - HAL communicates with hardware and firmware via specific tools +# otherwise it uses mocking functions and tool_wrapper to emulate behaviour of +# some of the tools. +# +# Real HAL is placed in $DTS_HAL* (* means that, apart from common HAL funcs. +# there could be, in future, files with platform-specific HAL funcs) and the +# Tests HAL is placed in $DTS_MOCK* (* means that, apart from common mocks, +# there could be, in future, files with platform-specific mocking functions). + +# shellcheck disable=SC2034 + +# shellcheck source=./dts-hal-common.sh +source $DTS_ENV +# shellcheck source=./dts-hal-common.sh +source $DTS_MOCK_COMMON + +# Set tools wrappers: +DASHARO_ECTOOL="tool_wrapper dasharo_ectool" +FLASHROM="tool_wrapper flashrom" +DMIDECODE="tool_wrapper dmidecode" +IFDTOOL="tool_wrapper ifdtool" +SETPCI="tool_wrapper setpci" +# Emulating to eliminate false negatives, because it might fail on QEMU: +CBMEM="tool_wrapper cbmem" +CBFSTOOL="tool_wrapper cbfstool" +# Emulating to eliminate false negatives, because it fails on QEMU: +SUPERIOTOOL="tool_wrapper superiotool" +# Emulating to eliminate false negatives, because it fails on QEMU: +ECTOOL="tool_wrapper ectool" +# Emulating to eliminate false negatives, because it fails on QEMU: +MSRTOOL="tool_wrapper msrtool" +# Emulating to eliminate false negatives, because it fails on QEMU: +MEI_AMT_CHECK="tool_wrapper mei-amt-check" +# Emulating to eliminate false negatives, because it fails on QEMU: +INTELMETOOL="tool_wrapper intelmetool" +# Emulating, so no to probe every time testing is done +HW_PROBE="tool_wrapper hw-probe" +DMESG="tool_wrapper dmesg" +DCU="tool_wrapper dcu" +FUTILITY="tool_wrapper futility" +IOTOOLS="tool_wrapper iotools" +FSREAD_TOOL="tool_wrapper fsread_tool" +CAP_UPD_TOOL="tool_wrapper cap_upd_tool" +LSCPU="tool_wrapper lscpu" +# System commands: +POWEROFF="tool_wrapper poweroff" +REBOOT="tool_wrapper reboot" + +################################################################################ +# Tools wrapper. +################################################################################ +tool_wrapper(){ +# This function is a bridge between common DTS logic and hardware-specific DTS +# logic or functions. There is two paths a call to this function can be +# redirected to: real HAL for running on real platform and Tests HAL for testing +# on QEMU (depends on whether the var. DTS_TESTING is set or not). +# +# The real HAL are the real tools e.g. cbfstool, etc.. The testing HAL are the +# mocking functions. There are several types of mocking functions, with every +# type having a specific name syntax: +# +# FUNCTIONNAME_mock(){...}: mocking functions specific for every platform, those +# are stored in $DTS_MOCK_PLATFORM file which is sourced at the beginning of +# this file. +# TOOLNAME_FUNCTIONNAME_mock(){...}: mocking functions common for all platforms +# but specific for some tool, those are stored in $DTS_MOCK_COMMON file, which +# is being sourced at the beginning of this file. +# TOOLNAME_common_mock(){...}: standard mocking functions for every tool that +# are common for all platforms, those are stored in $DTS_MOCK_COMMON file, which +# is being sourced at the beginning of this file. +# common_mock(){...}: common mocking function, in case we need to use mocking +# function for a tool but we do not care about its output. +# +# This tool wrapper should only be used with tools which communicate with +# hardware or firmware (read or write, etc.). +# +# TODO: this wrapper deals with arguments as well as with stdout, stderr, and $? +# redirection, but it does not read and redirect stdin (this is not used in any +# mocking functions or tools right now). + # Gets toolname, e.g. poweroff, dmidecode. etc.: + local _tool="$1" + # Gets mocking function name: + local _mock_func="$2" + # It checks if _mock_func contains smth with _mock at the end, if not - + # mocking function is not provided and some common mocking func. will be used + # instead: + if ! echo "$_mock_func" | grep "_mock" &> /dev/null; then + unset _mock_func + shift 1 + else + shift 2 + fi + # Other arguments for this function are the arguments which are sent to a tool + # e.g. -s system-vendor for dmidecode, etc.: + local _arguments="$*" + + if [ -n "$DTS_TESTING" ]; then + # This is the order of calling mocking functions: + # 1) FUNCTIONNAME_mock; + # 2) TOOLNAME_FUNCTIONNAME_mock; + # 3) TOOLNAME_common_mock; + # 4) common_mock - last resort. + if [ -n "$_mock_func" ] && type $_mock_func &> /dev/null; then + $_mock_func "${_arguments[@]}" + elif type ${_tool}_${_mock_func} &> /dev/null; then + ${_tool}_${_mock_func} "${_arguments[@]}" + elif type ${_tool}_common_mock &> /dev/null; then + ${_tool}_common_mock "${_arguments[@]}" + else + common_mock $_tool + fi + + return $? + fi + + # If not testing - call tool with the arguments instead: + $_tool "${_arguments[@]}" + + return $? +} + +################################################################################ +# Other funcs. +################################################################################ +check_for_opensource_firmware() +{ + echo "Checking for Open Source Embedded Controller firmware..." + $DASHARO_ECTOOL check_for_opensource_firm_mock info > /dev/null 2>&1 + + return $? +} + +fsread_tool(){ +# This func is an abstraction for proper handling of fs hardware-specific (e.g. +# checking devtmpfs, or sysfs, or some other fs that changes its state due to +# changes in hardware and/or firmware) reads by tool_wrapper. +# +# This function does not have arguments in common understanding, it takes a +# command, that is reading smth from some fs, and its arguments as an only +# argument. E.g. if you want to check tty1 device presence: +# +# fsread_tool test -f /dev/tty1 + local _command="$1" + shift + + $_command "$@" + + return $? +} + +cap_upd_tool(){ +# This func is an abstraction for proper handling of UEFI Capsule Update driver +# writing by the tool_wrapper. arguments: capsule update file path, e.g.: +# +# capsule_update_tool /tmp/firm.cap + local _capsule="$1" + + cat "$_capsule" > "$CAP_UPD_DEVICE" + + return $? +} + +check_if_heci_present(){ +# FIXME: what if HECI is not device 16.0? + $FSREAD_TOOL test_mock test -d /sys/class/pci_bus/0000:00/device/0000:00:16.0 + + return $? +} + +check_me_op_mode(){ +# Checks ME Current Operation Mode at offset 0x40 bits 19:16: + local _mode + + _mode="$($SETPCI check_me_op_mode_mock -s 00:16.0 42.B 2> /dev/null | cut -c2-)" + + echo "$_mode" 1>&1 + + return 0 +} From 6d53e2cf0594de088b0b9e2d66e23ae7d16a54df Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 14 Oct 2024 12:40:24 +0200 Subject: [PATCH 29/58] integrate HAL Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 26 ++++----- include/dts-functions.sh | 79 ++++++++++++++-------------- reports/dasharo-hcl-report | 44 ++++++++-------- reports/touchpad-info | 11 ++-- scripts/dasharo-deploy | 105 ++++++++++++++++++------------------- scripts/dts-boot | 5 ++ scripts/ec_transition | 19 +++---- 7 files changed, 146 insertions(+), 143 deletions(-) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index a750fa51..d41dfa41 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -5,6 +5,8 @@ # SPDX-License-Identifier: Apache-2.0 # shellcheck disable=SC2034 +# shellcheck source=../include/hal/dts-hal.sh +source $DTS_HAL # Text colors: NORMAL='\033[0m' @@ -50,15 +52,14 @@ VERBOSE_OPT="V" VERBOSE_OPT_LOW="$(echo $VERBOSE_OPT | awk '{print tolower($0)}')" # Hardware variables: -SYSTEM_VENDOR="${SYSTEM_VENDOR:-$(dmidecode -s system-manufacturer)}" -SYSTEM_MODEL="${SYSTEM_MODEL:-$(dmidecode -s system-product-name)}" -BOARD_VENDOR="${BOARD_VENDOR:-$(dmidecode -s system-manufacturer)}" -BOARD_MODEL="${BOARD_MODEL:-$(dmidecode -s baseboard-product-name)}" -CPU_VERSION="$(dmidecode -s processor-version)" +SYSTEM_VENDOR="$($DMIDECODE dump_var_mock -s system-manufacturer)" +SYSTEM_MODEL="$($DMIDECODE dump_var_mock -s system-product-name)" +BOARD_MODEL="$($DMIDECODE dump_var_mock -s baseboard-product-name)" +CPU_VERSION="$($DMIDECODE dump_var_mock -s processor-version)" # Firmware variables -BIOS_VENDOR="${BIOS_VENDOR:-$(dmidecode -s bios-vendor)}" -BIOS_VERSION="${BIOS_VERSION:-$(dmidecode -s bios-version)}" +BIOS_VENDOR="$($DMIDECODE dump_var_mock -s bios-vendor)" +BIOS_VERSION="$($DMIDECODE dump_var_mock -s bios-version)" DASHARO_VERSION="$(echo $BIOS_VERSION | cut -d ' ' -f 3 | tr -d 'v')" DASHARO_FLAVOR="$(echo $BIOS_VERSION | cut -d ' ' -f 1,2)" @@ -66,6 +67,7 @@ DASHARO_FLAVOR="$(echo $BIOS_VERSION | cut -d ' ' -f 1,2)" # firmware, are used globally for both: updating via binaries and via UEFI # Capsule Update. BIOS_UPDATE_FILE="/tmp/biosupdate" +BIOS_DUMP_FILE="/tmp/bios.bin" EC_UPDATE_FILE="/tmp/ecupdate" BIOS_HASH_FILE="/tmp/bioshash.sha256" EC_HASH_FILE="/tmp/echash.sha256" @@ -91,17 +93,15 @@ FLASH_INFO_FILE="/tmp/flash_info" OS_VERSION_FILE="/etc/os-release" KEYS_DIR="/tmp/devkeys" -# Paths to system commands -CMD_POWEROFF="/sbin/poweroff" -CMD_REBOOT="/sbin/reboot" -CMD_SHELL="/bin/bash" +# Paths to system commands: +SHELL="bash" + +# Paths to DTS commands: CMD_DASHARO_HCL_REPORT="/usr/sbin/dasharo-hcl-report" CMD_NCMENU="/usr/sbin/novacustom_menu" CMD_DASHARO_DEPLOY="/usr/sbin/dasharo-deploy" CMD_CLOUD_LIST="/usr/sbin/cloud_list" CMD_EC_TRANSITION="/usr/sbin/ec_transition" -DASHARO_ECTOOL="${DASHARO_ECTOOL:-dasharo_ectool}" -FLASHROM="${FLASHROM:-flashrom}" # Configuration variables declaration and default values (see dts-functions.sh/ # board_config function for more inf.): diff --git a/include/dts-functions.sh b/include/dts-functions.sh index eda8a169..81c2bd8d 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -9,6 +9,8 @@ source $DTS_ENV # shellcheck source=../include/dts-subscription.sh source $DTS_SUBS +# shellcheck source=../include/hal/dts-hal.sh +source $DTS_HAL ### Color functions: function echo_green() { @@ -53,7 +55,7 @@ check_if_ac() { fi while true; do - ac_status=$(cat ${_ac_file}) + ac_status=$($FSREAD_TOOL check_if_ac_mock cat ${_ac_file}) if [ "$ac_status" -eq 1 ]; then echo "AC adapter is connected. Continuing with firmware update." @@ -121,28 +123,28 @@ it5570_i2ec() { # TODO: Use /dev/port instead of iotools # Address high byte - iotools io_write8 0x2e 0x2e - iotools io_write8 0x2f 0x11 - iotools io_write8 0x2e 0x2f - iotools io_write8 0x2f $(($2>>8 & 0xff)) + $IOTOOLS io_write8 0x2e 0x2e + $IOTOOLS io_write8 0x2f 0x11 + $IOTOOLS io_write8 0x2e 0x2f + $IOTOOLS io_write8 0x2f $(($2>>8 & 0xff)) # Address low byte - iotools io_write8 0x2e 0x2e - iotools io_write8 0x2f 0x10 - iotools io_write8 0x2e 0x2f - iotools io_write8 0x2f $(($2 & 0xff)) + $IOTOOLS io_write8 0x2e 0x2e + $IOTOOLS io_write8 0x2f 0x10 + $IOTOOLS io_write8 0x2e 0x2f + $IOTOOLS io_write8 0x2f $(($2 & 0xff)) # Data - iotools io_write8 0x2e 0x2e - iotools io_write8 0x2f 0x12 - iotools io_write8 0x2e 0x2f + $IOTOOLS io_write8 0x2e 0x2e + $IOTOOLS io_write8 0x2f 0x12 + $IOTOOLS io_write8 0x2e 0x2f case $1 in "r") - iotools io_read8 0x2f + $IOTOOLS io_read8 0x2f ;; "w") - iotools io_write8 0x2f "$3" + $IOTOOLS io_write8 0x2f "$3" ;; esac } @@ -350,11 +352,11 @@ board_config() { "V54x_6x_TU") # Dasharo 0.9.0-rc10 and higher have board model in baseboard-version if check_if_dasharo && compare_versions "$DASHARO_VERSION" 0.9.0-rc10; then - BOARD_MODEL="$(dmidecode -s baseboard-version)" - elif ! dasharo_ectool info 2>/dev/null; then + BOARD_MODEL="$($DMIDECODE dump_var_mock -s baseboard-version)" + elif ! $DASHARO_ECTOOL check_for_opensource_firm_mock info 2>/dev/null; then ask_for_model V540TU V560TU else - BOARD_MODEL=$(dasharo_ectool info | grep "board:" | + BOARD_MODEL=$($DASHARO_ECTOOL novacustom_check_sys_model_mock info | grep "board:" | sed -r 's|.*novacustom/(.*)|\1|' | awk '{print toupper($1)}') fi @@ -387,7 +389,7 @@ board_config() { ;; "V5xTNC_TND_TNE") if check_if_dasharo; then - BOARD_MODEL="$(dmidecode -s baseboard-version)" + BOARD_MODEL="$($DMIDECODE dump_var_mock -s baseboard-version)" else ask_for_model V540TNx V560TNx fi @@ -708,7 +710,7 @@ board_config() { } check_flash_lock() { - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} > /tmp/check_flash_lock 2> /tmp/check_flash_lock.err + $FLASHROM check_flash_lock_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} > /tmp/check_flash_lock 2> /tmp/check_flash_lock.err # Check in flashrom output if lock is enabled grep -q 'PR0: Warning:.* is read-only\|SMM protection is enabled' /tmp/check_flash_lock.err if [ $? -eq 0 ]; then @@ -721,22 +723,22 @@ check_flash_lock() { check_flash_chip() { echo "Gathering flash chip and chipset information..." - $FLASHROM -p "$PROGRAMMER_BIOS" --flash-name >> "$FLASH_INFO_FILE" 2>> "$ERR_LOG_FILE" + $FLASHROM flash_chip_name_mock -p "$PROGRAMMER_BIOS" --flash-name >> "$FLASH_INFO_FILE" 2>> "$ERR_LOG_FILE" if [ $? -eq 0 ]; then echo -n "Flash information: " tail -n1 "$FLASH_INFO_FILE" - FLASH_CHIP_SIZE=$(($($FLASHROM -p "$PROGRAMMER_BIOS" --flash-size 2>> /dev/null | tail -n1) / 1024 / 1024)) + FLASH_CHIP_SIZE=$(($($FLASHROM flash_chip_size_mock -p "$PROGRAMMER_BIOS" --flash-size 2>> /dev/null | tail -n1) / 1024 / 1024)) echo -n "Flash size: " echo ${FLASH_CHIP_SIZE}M else for flash_name in $FLASH_CHIP_LIST do - $FLASHROM -p "$PROGRAMMER_BIOS" -c "$flash_name" --flash-name >> "$FLASH_INFO_FILE" 2>> "$ERR_LOG_FILE" + $FLASHROM flash_chip_name_mock -p "$PROGRAMMER_BIOS" -c "$flash_name" --flash-name >> "$FLASH_INFO_FILE" 2>> "$ERR_LOG_FILE" if [ $? -eq 0 ]; then echo "Chipset found" tail -n1 "$FLASH_INFO_FILE" FLASH_CHIP_SELECT="-c ${flash_name}" - FLASH_CHIP_SIZE=$(($($FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} --flash-size 2>> /dev/null | tail -n1) / 1024 / 1024)) + FLASH_CHIP_SIZE=$(($($FLASHROM flash_chip_size_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} --flash-size 2>> /dev/null | tail -n1) / 1024 / 1024)) echo "Chipset size" echo ${FLASH_CHIP_SIZE}M break @@ -918,7 +920,7 @@ verify_artifacts() { check_intel_regions() { - FLASH_REGIONS=$($FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} 2>&1) + FLASH_REGIONS=$($FLASHROM check_intel_regions_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} 2>&1) BOARD_HAS_FD_REGION=0 BOARD_FD_REGION_RW=0 BOARD_HAS_ME_REGION=0 @@ -946,7 +948,7 @@ check_blobs_in_binary() { # If there is no descriptor, there is no ME as well, so skip the check if [ $BOARD_HAS_FD_REGION -ne 0 ]; then - ME_OFFSET=$(ifdtool -d $1 2> /dev/null | grep "Flash Region 2 (Intel ME):" | sed 's/Flash Region 2 (Intel ME)\://' |awk '{print $1;}') + ME_OFFSET=$($IFDTOOL check_blobs_in_binary_mock -d $1 2> /dev/null | grep "Flash Region 2 (Intel ME):" | sed 's/Flash Region 2 (Intel ME)\://' | awk '{print $1;}') # Check for IFD signature at offset 0 (old descriptors) if [ "$(tail -c +0 $1|head -c 4|xxd -ps)" == "5aa5f00f" ]; then BINARY_HAS_FD=1 @@ -976,11 +978,8 @@ check_if_me_disabled() { return fi - # Check if HECI present - # FIXME: what if HECI is not device 16.0? - if [ -d /sys/class/pci_bus/0000:00/device/0000:00:16.0 ]; then - # Check ME Current Operation Mode at offset 0x40 bits 19:16 - ME_OPMODE="$(setpci -s 00:16.0 42.B 2> /dev/null | cut -c2-)" + if check_if_heci_present; then + ME_OPMODE="$(check_me_op_mode)" if [ $ME_OPMODE == "0" ]; then echo "ME is not disabled" >> $ERR_LOG_FILE return @@ -1015,8 +1014,8 @@ check_if_me_disabled() { fi else # If we are running coreboot, check for status in logs - cbmem -1 | grep -q "ME is disabled" && ME_DISABLED=1 && return # HECI (soft) disabled - cbmem -1 | grep -q "ME is HAP disabled" && ME_DISABLED=1 && return # HAP disabled + $CBMEM check_if_me_disabled_mock -1 | grep -q "ME is disabled" && ME_DISABLED=1 && return # HECI (soft) disabled + $CBMEM check_if_me_disabled_mock -1 | grep -q "ME is HAP disabled" && ME_DISABLED=1 && return # HAP disabled # TODO: If proprietary BIOS, then also try to check SMBIOS for ME FWSTS # BTW we could do the same in coreboot, expose FWSTS in SMBIOS before it # gets disabled @@ -1061,10 +1060,10 @@ set_flashrom_update_params() { # We need to read whole binary (or BIOS region), otherwise cbfstool will # return different attributes for CBFS regions echo "Checking flash layout." - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE} -r /tmp/bios.bin > /dev/null 2>&1 - if [ $? -eq 0 ] && [ -f "/tmp/bios.bin" ]; then - BOARD_FMAP_LAYOUT=$(cbfstool /tmp/bios.bin layout -w 2> /dev/null) - BINARY_FMAP_LAYOUT=$(cbfstool $1 layout -w 2> /dev/null) + $FLASHROM read_flash_layout_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_UPDATE} -r $BIOS_DUMP_FILE > /dev/null 2>&1 + if [ $? -eq 0 ] && [ -f "$BIOS_DUMP_FILE" ]; then + BOARD_FMAP_LAYOUT=$($CBFSTOOL layout_mock $BIOS_DUMP_FILE layout -w 2> /dev/null) + BINARY_FMAP_LAYOUT=$($CBFSTOOL layout_mock $1 layout -w 2> /dev/null) diff <(echo "$BOARD_FMAP_LAYOUT") <(echo "$BINARY_FMAP_LAYOUT") > /dev/null 2>&1 # If layout is identical, perform standard update using FMAP only if [ $? -eq 0 ]; then @@ -1269,7 +1268,7 @@ You can find more info about HCL in docs.dasharo.com/glossary\r" show_ram_inf() { # Get the data: local data="" - data=$(dmidecode) + data=$($DMIDECODE) # Initialize an empty array to store the extracted values: local -a memory_devices_array @@ -1325,7 +1324,7 @@ show_hardsoft_inf() { echo -e "${BLUE}**${NORMAL} HARDWARE INFORMATION ${NORMAL}" echo -e "${BLUE}*********************************************************${NORMAL}" echo -e "${BLUE}**${YELLOW} System Inf.: ${NORMAL}${SYSTEM_VENDOR} ${SYSTEM_MODEL}" - echo -e "${BLUE}**${YELLOW} Baseboard Inf.: ${NORMAL}${BOARD_VENDOR} ${BOARD_MODEL}" + echo -e "${BLUE}**${YELLOW} Baseboard Inf.: ${NORMAL}${SYSTEM_VENDOR} ${BOARD_MODEL}" echo -e "${BLUE}**${YELLOW} CPU Inf.: ${NORMAL}${CPU_VERSION}" show_ram_inf echo -e "${BLUE}*********************************************************${NORMAL}" @@ -1564,11 +1563,11 @@ footer_options(){ ;; "${POWEROFF_OPT_UP}" | "${POWEROFF_OPT_LOW}") send_dts_logs - ${CMD_POWEROFF} + ${POWEROFF} ;; "${REBOOT_OPT_UP}" | "${REBOOT_OPT_LOW}") send_dts_logs - ${CMD_REBOOT} + ${REBOOT} ;; "${SEND_LOGS_OPT}" | "${SEND_LOGS_OPT_LOW}") if [ "${SEND_LOGS_ACTIVE}" == "true" ]; then diff --git a/reports/dasharo-hcl-report b/reports/dasharo-hcl-report index 9187be9a..d412175e 100644 --- a/reports/dasharo-hcl-report +++ b/reports/dasharo-hcl-report @@ -8,6 +8,8 @@ source $DTS_ENV # shellcheck source=../include/dts-functions.sh source $DTS_FUNCS +# shellcheck source=../include/hal/dts-hal.sh +source $DTS_HAL update_result() { TOOL=$1 @@ -68,32 +70,32 @@ if [ $DEPLOY_REPORT = "false" ]; then echo "Getting hardware information. It will take a few minutes..." fi # echo "Dumping PCI configuration space and topology..." -lspci -nnvvvxxxx > logs/lspci.log 2> logs/lspci.err.log +$LSPCI -nnvvvxxxx > logs/lspci.log 2> logs/lspci.err.log update_result "PCI configuration space and topology" logs/lspci.err.log printf '## |\r' # echo "Dumping USB devices and topology..." -lsusb -vvv > logs/lsusb.log 2> logs/lsusb.err.log +$LSUSB -vvv > logs/lsusb.log 2> logs/lsusb.err.log update_result "USB devices and topology" logs/lsusb.err.log printf '#### |\r' # echo "Dumping Super I/O configuration..." -superiotool -deV > logs/superiotool.log 2> logs/superiotool.err.log +$SUPERIOTOOL -deV > logs/superiotool.log 2> logs/superiotool.err.log update_result "Super I/O configuration" logs/superiotool.err.log printf '###### |\r' # echo "Dumping Embedded Controller configuration (this may take a while if EC is not present)..." -ectool -ip > logs/ectool.log 2> logs/ectool.err.log +$ECTOOL -ip > logs/ectool.log 2> logs/ectool.err.log update_result "EC configuration" logs/ectool.err.log printf '######## |\r' # echo "Dumping MSRs..." -msrtool > logs/msrtool.log 2> logs/msrtool.err.log +$MSRTOOL > logs/msrtool.log 2> logs/msrtool.err.log update_result "MSRs" logs/msrtool.err.log printf '########## |\r' # echo "Dumping SMBIOS tables..." -dmidecode > logs/dmidecode.log 2> logs/dmidecode.err.log +$DMIDECODE > logs/dmidecode.log 2> logs/dmidecode.err.log update_result "SMBIOS tables" logs/dmidecode.err.log printf '############ |\r' @@ -121,12 +123,12 @@ update_result "GPIO configuration C header files" logs/intelp2m.err.log printf '#################### |\r' # echo "Dumping kernel dmesg..." -dmesg > logs/dmesg.log 2> logs/dmesg.err.log +$DMESG > logs/dmesg.log 2> logs/dmesg.err.log update_result "kernel dmesg" logs/dmesg.err.log printf '###################### |\r' # echo "Dumping ACPI tables..." -acpidump > logs/acpidump.log 2> logs/acpidump.err.log +$ACPIDUMP > logs/acpidump.log 2> logs/acpidump.err.log update_result "ACPI tables" logs/acpidump.err.log printf '######################## |\r' @@ -190,9 +192,9 @@ if [ $BOARD_HAS_FD_REGION -eq 1 ]; then # GBE region is present and not locked, read it as well FLASHROM_ADD_OPT_READ+=" -i gbe" fi - else - # No descriptor, probably safe to read everything - FLASHROM_ADD_OPT_READ="" +else + # No descriptor, probably safe to read everything + FLASHROM_ADD_OPT_READ="" fi $FLASHROM -V -p internal:laptop=force_I_want_a_brick ${FLASH_CHIP_SELECT} -r logs/rom.bin ${FLASHROM_ADD_OPT_READ} > logs/flashrom_read.log 2> logs/flashrom_read.err.log @@ -233,12 +235,12 @@ update_result "DIMMs information" logs/decode-dimms.err.log printf '########################################## |\r' # echo "Getting CBMEM table..." -cbmem > logs/cbmem.log 2> logs/cbmem.err.log +$CBMEM > logs/cbmem.log 2> logs/cbmem.err.log update_result "CBMEM table information" logs/cbmem.err.log printf '############################################ |\r' # echo "Getting CBMEM console..." -cbmem -1 > logs/cbmem_console.log 2> logs/cbmem_console.err.log +$CBMEM -1 > logs/cbmem_console.log 2> logs/cbmem_console.err.log update_result "CBMEM console" logs/cbmem_console.err.log printf '############################################## |\r' @@ -248,12 +250,12 @@ update_result "TPM information" logs/tpm_version.err.log printf '################################################ |\r' # echo "Checking AMT..." -mei-amt-check > logs/amt-check.log 2> logs/amt-check.err.log +$MEI_AMT_CHECK > logs/amt-check.log 2> logs/amt-check.err.log update_result "AMT information" logs/amt-check.err.log printf '################################################## |\r' # echo "Checking ME..." -intelmetool -m > logs/intelmetool.log 2> logs/intelmetool.err.log +$INTELMETOOL -m > logs/intelmetool.log 2> logs/intelmetool.err.log update_result "ME information" logs/intelmetool.err.log printf '##################################################### |\r' @@ -287,9 +289,9 @@ if [ $DEPLOY_REPORT = "false" ]; then fi # Create name for generated report -filename="$(dmidecode -s system-manufacturer)" -filename+=" $(dmidecode -s system-product-name)" -filename+=" $(dmidecode -s bios-version)" +filename="$($DMIDECODE dump_var_mock -s system-manufacturer)" +filename+=" $($DMIDECODE dump_var_mock -s system-product-name)" +filename+=" $($DMIDECODE dump_var_mock -s bios-version)" # MAC address of device that is used to connect the internet # it could return none only when there is no internet connection but @@ -299,8 +301,8 @@ filename+=" $(dmidecode -s bios-version)" # shellcheck disable=SC2046 uuid_string="$(cat /sys/class/net/$(ip route show default | head -1 | awk '/default/ {print $5}')/address)" # next two values are hardware related so they will be always the same -uuid_string+="_$(dmidecode -s system-product-name)" -uuid_string+="_$(dmidecode -s system-manufacturer)" +uuid_string+="_$($DMIDECODE dump_var_mock -s system-product-name)" +uuid_string+="_$($DMIDECODE dump_var_mock -s system-manufacturer)" # using values from above should generate the same uuid all the time if only # the MAC address will not change. @@ -371,7 +373,7 @@ order to participate)\r read -p "[N/y] " case ${REPLY} in yes|y|Y|Yes|YES) - /usr/bin/hw-probe -all -upload + $HW_PROBE -all -upload if [ $? -eq 0 ]; then echo "Thank you for contributing to the \"Hardware for Linux\" project!" else diff --git a/reports/touchpad-info b/reports/touchpad-info index 00ddabdf..e14492d6 100644 --- a/reports/touchpad-info +++ b/reports/touchpad-info @@ -7,14 +7,17 @@ # A script to get information on the touchpad devices. Currently supports only # Clevo devices. -if ! dmesg | grep hid-multitouch | grep "I2C HID" > /dev/null; then +# shellcheck source=../include/hal/dts-hal.sh +source $DTS_HAL + +if ! $DMESG i2c_hid_detect_mock | grep hid-multitouch | grep "I2C HID" > /dev/null; then echo "No I2C touchpads detected. Exiting" exit 2 fi -devname=$(dmesg | grep hid-multitouch | awk 'NF>1{print $NF}') -hid=$(cat "/sys/bus/i2c/devices/$devname/firmware_node/hid") -path=$(cat "/sys/bus/i2c/devices/$devname/firmware_node/path") +devname=$($DMESG i2c_hid_detect_mock | grep hid-multitouch | awk 'NF>1{print $NF}') +hid=$($FSREAD_TOOL cat "/sys/bus/i2c/devices/$devname/firmware_node/hid") +path=$($FSREAD_TOOL cat "/sys/bus/i2c/devices/$devname/firmware_node/path") ACPI_CALL_PATH="/proc/acpi/call" diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index a3c32fb1..c70bc10a 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -13,6 +13,8 @@ source $DTS_ENV # shellcheck source=../include/dts-functions.sh source $DTS_FUNCS +# shellcheck source=../include/hal/dts-hal.sh +source $DTS_HAL [ -z "$SYSTEM_VENDOR" ] && error_exit "SYSTEM_VENDOR not given" [ -z "$SYSTEM_MODEL" ] && error_exit "SYSTEM_MODEL not given" @@ -447,17 +449,15 @@ backup() { # No descriptor, probably safe to read everything FLASHROM_ADD_OPT_READ="" fi - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r "${FW_BACKUP_DIR}"/rom.bin ${FLASHROM_ADD_OPT_READ} >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + $FLASHROM read_firm_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r "${FW_BACKUP_DIR}"/rom.bin ${FLASHROM_ADD_OPT_READ} >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE error_check "Failed to read BIOS firmware backup" if [ "$HAVE_EC" == "true" ]; then - echo "Checking for Open Source Embedded Controller firmware" - $DASHARO_ECTOOL info >> $ERR_LOG_FILE 2>&1 - if [ $? -eq 0 ]; then + if check_for_opensource_firmware; then echo "Device has already Open Source Embedded Controller firmware, do not backup EC..." else echo "Backing up EC firmware..." - $FLASHROM -p "$PROGRAMMER_EC" ${FLASH_CHIP_SELECT} -r "${FW_BACKUP_DIR}"/ec.bin >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + $FLASHROM read_firm_mock -p "$PROGRAMMER_EC" ${FLASH_CHIP_SELECT} -r "${FW_BACKUP_DIR}"/ec.bin >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE error_check "Failed to read EC firmware backup" fi fi @@ -471,14 +471,14 @@ backup() { } romhole_migration() { - cbfstool $BIOS_UPDATE_FILE layout -w | grep -q "ROMHOLE" || return + $CBFSTOOL layout_mock $BIOS_UPDATE_FILE layout -w | grep -q "ROMHOLE" || return - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/rom.bin --ifd -i bios >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + $FLASHROM read_firm_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/rom.bin --ifd -i bios >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE error_check "Failed to read current firmware to migrate MSI ROMHOLE" if check_if_dasharo; then - cbfstool /tmp/rom.bin layout -w | grep -q "ROMHOLE" || return + $CBFSTOOL layout_mock /tmp/rom.bin layout -w | grep -q "ROMHOLE" || return # This one is rather unlikely to fail, but just in case print a warning - cbfstool /tmp/rom.bin read -r ROMHOLE -f /tmp/romhole.bin 2> /dev/null + $CBFSTOOL read_romhole_mock /tmp/rom.bin read -r ROMHOLE -f /tmp/romhole.bin 2> /dev/null if [ $? -ne 0 ]; then print_warning "Failed to migrate MSI ROMHOLE, your platform's unique SMBIOS/DMI data may be lost" return @@ -487,59 +487,59 @@ romhole_migration() { dd if=/tmp/rom.bin of=/tmp/romhole.bin skip=$((0x17C0000)) bs=128K count=1 iflag=skip_bytes > /dev/null 2>&1 fi - cbfstool "$BIOS_UPDATE_FILE" write -r ROMHOLE -f /tmp/romhole.bin -u 2> /dev/null + $CBFSTOOL "$BIOS_UPDATE_FILE" write -r ROMHOLE -f /tmp/romhole.bin -u 2> /dev/null } smbios_migration() { - echo -n "$(dmidecode -s system-uuid)" > $SYSTEM_UUID_FILE - echo -n "$(dmidecode -s baseboard-serial-number)" > $SERIAL_NUMBER_FILE + echo -n "$($DMIDECODE dump_var_mock -s system-uuid)" > $SYSTEM_UUID_FILE + echo -n "$($DMIDECODE dump_var_mock -s baseboard-serial-number)" > $SERIAL_NUMBER_FILE - COREBOOT_SEC=$(cbfstool $BIOS_UPDATE_FILE layout -w | grep "COREBOOT") - FW_MAIN_A_SEC=$(cbfstool $BIOS_UPDATE_FILE layout -w | grep "FW_MAIN_A") - FW_MAIN_B_SEC=$(cbfstool $BIOS_UPDATE_FILE layout -w | grep "FW_MAIN_B") + COREBOOT_SEC=$($CBFSTOOL layout_mock $BIOS_UPDATE_FILE layout -w | grep "COREBOOT") + FW_MAIN_A_SEC=$($CBFSTOOL layout_mock $BIOS_UPDATE_FILE layout -w | grep "FW_MAIN_A") + FW_MAIN_B_SEC=$($CBFSTOOL layout_mock $BIOS_UPDATE_FILE layout -w | grep "FW_MAIN_B") if [ -n "$COREBOOT_SEC" ]; then # if the migration can be done there for sure will be COREBOOT section echo "Beginning SMBIOS migration process..." echo "Migrate to COREBOOT section." - cbfstool $BIOS_UPDATE_FILE add -f $SERIAL_NUMBER_FILE -n serial_number -t raw -r COREBOOT - cbfstool $BIOS_UPDATE_FILE add -f $SYSTEM_UUID_FILE -n system_uuid -t raw -r COREBOOT + $CBFSTOOL $BIOS_UPDATE_FILE add -f $SERIAL_NUMBER_FILE -n serial_number -t raw -r COREBOOT + $CBFSTOOL $BIOS_UPDATE_FILE add -f $SYSTEM_UUID_FILE -n system_uuid -t raw -r COREBOOT fi if [ -n "$FW_MAIN_A_SEC" ]; then echo "Migrate to FW_MAIN_A section." - cbfstool $BIOS_UPDATE_FILE expand -r FW_MAIN_A - cbfstool $BIOS_UPDATE_FILE add -f $SERIAL_NUMBER_FILE -n serial_number -t raw -r FW_MAIN_A - cbfstool $BIOS_UPDATE_FILE add -f $SYSTEM_UUID_FILE -n system_uuid -t raw -r FW_MAIN_A - cbfstool $BIOS_UPDATE_FILE truncate -r FW_MAIN_A + $CBFSTOOL $BIOS_UPDATE_FILE expand -r FW_MAIN_A + $CBFSTOOL $BIOS_UPDATE_FILE add -f $SERIAL_NUMBER_FILE -n serial_number -t raw -r FW_MAIN_A + $CBFSTOOL $BIOS_UPDATE_FILE add -f $SYSTEM_UUID_FILE -n system_uuid -t raw -r FW_MAIN_A + $CBFSTOOL $BIOS_UPDATE_FILE truncate -r FW_MAIN_A fi if [ -n "$FW_MAIN_B_SEC" ]; then echo "Migrate to FW_MAIN_B section." - cbfstool $BIOS_UPDATE_FILE expand -r FW_MAIN_B - cbfstool $BIOS_UPDATE_FILE add -f $SERIAL_NUMBER_FILE -n serial_number -t raw -r FW_MAIN_B - cbfstool $BIOS_UPDATE_FILE add -f $SYSTEM_UUID_FILE -n system_uuid -t raw -r FW_MAIN_B - cbfstool $BIOS_UPDATE_FILE truncate -r FW_MAIN_B + $CBFSTOOL $BIOS_UPDATE_FILE expand -r FW_MAIN_B + $CBFSTOOL $BIOS_UPDATE_FILE add -f $SERIAL_NUMBER_FILE -n serial_number -t raw -r FW_MAIN_B + $CBFSTOOL $BIOS_UPDATE_FILE add -f $SYSTEM_UUID_FILE -n system_uuid -t raw -r FW_MAIN_B + $CBFSTOOL $BIOS_UPDATE_FILE truncate -r FW_MAIN_B fi } smmstore_migration() { echo -n "Backing up firmware configuration... " - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/dasharo_dump.rom ${FLASHROM_ADD_OPT_READ} --fmap -i FMAP -i SMMSTORE >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE - cbfstool /tmp/dasharo_dump.rom read -r SMMSTORE -f /tmp/smmstore.bin >> $ERR_LOG_FILE 2>&1 || \ + $FLASHROM read_firm_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/dasharo_dump.rom ${FLASHROM_ADD_OPT_READ} --fmap -i FMAP -i SMMSTORE >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + $CBFSTOOL read_smmstore_mock /tmp/dasharo_dump.rom read -r SMMSTORE -f /tmp/smmstore.bin >> $ERR_LOG_FILE 2>&1 || \ print_warning "Failed! Default settings will be used." - cbfstool "$BIOS_UPDATE_FILE" write -r SMMSTORE -f /tmp/smmstore.bin -u >> $ERR_LOG_FILE 2>&1 || \ + $CBFSTOOL "$BIOS_UPDATE_FILE" write -r SMMSTORE -f /tmp/smmstore.bin -u >> $ERR_LOG_FILE 2>&1 || \ print_warning "Failed! Default settings will be used." print_ok Done. } bootsplash_migration() { - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/dasharo_dump.rom ${FLASHROM_ADD_OPT_READ} --fmap -i FMAP -i BOOTSPLASH >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + $FLASHROM read_firm_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} -r /tmp/dasharo_dump.rom ${FLASHROM_ADD_OPT_READ} --fmap -i FMAP -i BOOTSPLASH >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE # If no custom logo, return from bootsplash_migration early and don't show # unnecessary messages - cbfstool /tmp/dasharo_dump.rom extract -r BOOTSPLASH -n logo.bmp -f /tmp/logo.bmp >> $ERR_LOG_FILE 2>&1 || return 1 + $CBFSTOOL /tmp/dasharo_dump.rom extract -r BOOTSPLASH -n logo.bmp -f /tmp/logo.bmp >> $ERR_LOG_FILE 2>&1 || return 1 echo -n "Backing up custom boot logo... " - dcu logo $BIOS_UPDATE_FILE -l /tmp/logo.bmp >> $ERR_LOG_FILE 2>&1 || \ + $DCU logo $BIOS_UPDATE_FILE -l /tmp/logo.bmp >> $ERR_LOG_FILE 2>&1 || \ print_warning "Failed! Default boot splash will be used." || return 1 print_ok Done. } @@ -560,7 +560,7 @@ check_vboot_keys() { # No FMAP flashing? Also skip grep -q "\--fmap" <<< "$FLASHROM_ADD_OPT_UPDATE" || return - BINARY_KEYS=$(CBFSTOOL=$(which cbfstool) futility show $BIOS_UPDATE_FILE| grep -i 'key sha1sum') + BINARY_KEYS=$(CBFSTOOL=$(which cbfstool) $FUTILITY dump_vboot_keys show $BIOS_UPDATE_FILE| grep -i 'key sha1sum') if [ $BOARD_HAS_FD_REGION -eq 0 ]; then FLASHROM_ADD_OPT_READ="" @@ -568,9 +568,9 @@ check_vboot_keys() { FLASHROM_ADD_OPT_READ="--ifd -i bios" fi echo "Checking vboot keys." - $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_READ} -r /tmp/bios.bin > /dev/null 2>/dev/null - if [ $? -eq 0 ] && [ -f "/tmp/bios.bin" ]; then - FLASH_KEYS=$(CBFSTOOL=$(which cbfstool) futility show /tmp/bios.bin | grep -i 'key sha1sum') + $FLASHROM read_firm_mock -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_READ} -r $BIOS_DUMP_FILE > /dev/null 2>/dev/null + if [ $? -eq 0 ] && [ -f $BIOS_DUMP_FILE ]; then + FLASH_KEYS=$(CBFSTOOL=$(which cbfstool) $FUTILITY dump_vboot_keys show $BIOS_DUMP_FILE | grep -i 'key sha1sum') diff <(echo "$BINARY_KEYS") <(echo "$FLASH_KEYS") > /dev/null 2>&1 # If keys are different we must additionally flash at least GBB region as well if [ $? -ne 0 ]; then @@ -611,21 +611,21 @@ blob_transmission() { if [ -n "$SCH5545_FW" ]; then error_file_check "$SCH5545_FW" "Failed to find SCH5545 EC firmware binary." echo -n "Adding SCH5545 EC firmware..." - cbfstool "$BIOS_UPDATE_FILE" add -f "$SCH5545_FW" -n sch5545_ecfw.bin -t raw + $CBFSTOOL "$BIOS_UPDATE_FILE" add -f "$SCH5545_FW" -n sch5545_ecfw.bin -t raw print_ok "Done" fi if [ -n "$ACM_BIN" ]; then error_file_check "$ACM_BIN" "Failed to find BIOS ACM binary." echo -n "Adding BIOS ACM..." - cbfstool "$BIOS_UPDATE_FILE" add -f "$ACM_BIN" -n txt_bios_acm.bin -t raw + $CBFSTOOL "$BIOS_UPDATE_FILE" add -f "$ACM_BIN" -n txt_bios_acm.bin -t raw print_ok "Done" fi if [ -n "$SINIT_ACM" ]; then error_file_check "$SINIT_ACM" "Failed to find Intel SINIT ACM binary." echo -n "Adding SINIT ACM..." - cbfstool "$BIOS_UPDATE_FILE" add -f "$SINIT_ACM" -n txt_sinit_acm.bin -t raw + $CBFSTOOL "$BIOS_UPDATE_FILE" add -f "$SINIT_ACM" -n txt_sinit_acm.bin -t raw print_ok "Done" fi } @@ -650,7 +650,7 @@ deploy_ec_firmware() { if [ "$FIRMWARE_VERSION" == "community_cap" ] || [ "$FIRMWARE_VERSION" == "dpp_cap" ]; then # Linux Kernel driver is responsible for handling UEFI Capsule Updates, so # the capsule should be fed to a specific device: - cat "$EC_UPDATE_FILE" > "$CAP_UPD_DEVICE" + $CAP_UPD_TOOL "$EC_UPDATE_FILE" # Return after updating. The below code is for flashrom updates (using # binaries) only return 0 @@ -662,13 +662,11 @@ deploy_ec_firmware() { return 0 elif [ "$_mode" == "install" ]; then - echo "Checking for Open Source Embedded Controller firmware" - $DASHARO_ECTOOL info >> $ERR_LOG_FILE 2>&1 - if [ $? -eq 0 ]; then + if check_for_opensource_firmware; then echo "Device has already Open Source Embedded Controller firmware, do not flash EC..." else - _ec_fw_version=$($FLASHROM -p "$PROGRAMMER_EC" ${FLASH_CHIP_SELECT} | grep "Mainboard EC Version" | tr -d ' ' | cut -d ':' -f 2) + _ec_fw_version=$($FLASHROM get_ec_firm_version_mock check -p "$PROGRAMMER_EC" ${FLASH_CHIP_SELECT} | grep "Mainboard EC Version" | tr -d ' ' | cut -d ':' -f 2) if [ "$_ec_fw_version" != "$COMPATIBLE_EC_FW_VERSION" ]; then echo "Installing EC..." @@ -692,7 +690,7 @@ firmware_pre_updating_routine(){ check_flash_lock if [ "$HAVE_EC" == "true" ]; then - $DASHARO_ECTOOL info >> $ERR_LOG_FILE 2>&1 + check_for_opensource_firmware error_check "Device does not have Dasharo EC firmware - cannot continue update!" fi @@ -704,7 +702,7 @@ firmware_pre_updating_routine(){ bootsplash_migration fi - cbfstool "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" + $CBFSTOOL read_bios_conffile_mock "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" grep -q "CONFIG_VBOOT=y" "$BIOS_UPDATE_CONFIG_FILE" HAVE_VBOOT="$?" @@ -728,7 +726,7 @@ firmware_pre_installation_routine(){ check_if_me_disabled set_intel_regions_update_params "-N --ifd -i bios" - cbfstool "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" + $CBFSTOOL read_bios_conffile_mock "$BIOS_UPDATE_FILE" extract -r COREBOOT -n config -f "$BIOS_UPDATE_CONFIG_FILE" grep "CONFIG_VBOOT=y" "$BIOS_UPDATE_CONFIG_FILE" HAVE_VBOOT="$?" @@ -774,7 +772,7 @@ deploy_firmware(){ if [ "$FIRMWARE_VERSION" == "community_cap" ] || [ "$FIRMWARE_VERSION" == "dpp_cap" ]; then # Linux Kernel driver is responsible for handling UEFI Capsule Updates, so # the capsule should be fed to a specific device: - cat "$BIOS_UPDATE_FILE" > "$CAP_UPD_DEVICE" + $CAP_UPD_TOOL "$BIOS_UPDATE_FILE" # Return after updating. The below code is for flashrom updates (using # binaries) only. return 0 @@ -924,7 +922,7 @@ install_workflow() { it5570_shutdown else send_dts_logs - ${CMD_REBOOT} + ${REBOOT} fi } @@ -961,7 +959,7 @@ update_workflow() { "$BOARD_MODEL" == "PRO Z690-A (MS-7D25)" || \ "$BOARD_MODEL" == "PRO Z690-A WIFI (MS-7D25)" ) ]]; then - cpu_gen_check=$(lscpu | grep -F "Model name" | grep -E "\-(13|14)[0-9]{3}" | wc -l) + cpu_gen_check=$($LSCPU | grep -F "Model name" | grep -E "\-(13|14)[0-9]{3}" | wc -l) if [ $cpu_gen_check -ne 0 ]; then echo "You have a 13th gen or above CPU and are trying to flash Dasharo v1.1.1 on a MSI PRO Z690-A DDR4 or DDR5 board" @@ -1025,7 +1023,7 @@ update_workflow() { echo "Rebooting" sleep 1 send_dts_logs - ${CMD_REBOOT} + ${REBOOT} fi } @@ -1060,8 +1058,8 @@ restore() { if [ ! $? -eq 0 ]; then uuid_string="" fi - uuid_string="${mac_addr}_$(dmidecode -s system-product-name)" - uuid_string+="_$(dmidecode -s system-manufacturer)" + uuid_string="${mac_addr}_$($DMIDECODE dump_var_mock -s system-product-name)" + uuid_string+="_$($DMIDECODE dump_var_mock -s system-manufacturer)" uuid="$(uuidgen -n @x500 -N $uuid_string -s)" case ${OPTION} in @@ -1127,7 +1125,7 @@ restore() { check_blobs_in_binary /tmp/logs/rom.bin check_if_me_disabled set_intel_regions_update_params "-N --ifd -i bios" - flashrom -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "/tmp/logs/rom.bin" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE + $FLASHROM -p "$PROGRAMMER_BIOS" ${FLASH_CHIP_SELECT} ${FLASHROM_ADD_OPT_REGIONS} -w "/tmp/logs/rom.bin" >> $FLASHROM_LOG_FILE 2>> $ERR_LOG_FILE error_check "Failed to restore BIOS firmware! You can try one more time." print_ok "Successfully restored firmware" else @@ -1165,6 +1163,7 @@ fi board_config check_flash_chip + if [ -n "$PLATFORM_SIGN_KEY" ]; then get_signing_keys fi diff --git a/scripts/dts-boot b/scripts/dts-boot index 7d71f347..03b9ff03 100644 --- a/scripts/dts-boot +++ b/scripts/dts-boot @@ -11,8 +11,13 @@ FUM_EFIVAR="/sys/firmware/efi/efivars/FirmwareUpdateMode-d15b327e-ff2d-4fc1-abf6 export DTS_FUNCS="$SBIN_DIR/dts-functions.sh" export DTS_ENV="$SBIN_DIR/dts-environment.sh" export DTS_SUBS="$SBIN_DIR/dts-subscription.sh" +export DTS_HAL="$SBIN_DIR/dts-hal.sh" +export DTS_MOCK_COMMON="$SBIN_DIR/common-mock-func.sh" export DTS_LOG_FILE="/tmp/dts.log" +# shellcheck source=../include/hal/dts-hal.sh +source $DTS_HAL + if [ -f $FUM_EFIVAR ]; then $SBIN_DIR/dasharo-deploy update fum else diff --git a/scripts/ec_transition b/scripts/ec_transition index e556bee6..ef199c34 100644 --- a/scripts/ec_transition +++ b/scripts/ec_transition @@ -8,6 +8,8 @@ source $DTS_ENV # shellcheck source=../include/dts-functions.sh source $DTS_FUNCS +# shellcheck source=../include/hal/dts-hal.sh +source $DTS_HAL board_config() { case "$SYSTEM_VENDOR" in @@ -46,15 +48,6 @@ board_config() { esac } -check_for_opensource_firmware() -{ - echo "Checking for opensource firmware" - $DASHARO_ECTOOL info >> /dev/null 2>&1 - if [ $? -eq 0 ]; then - error_exit "Device has already Open Source Embedded Controller firmware, aborting..." - fi -} - download_files() { wait_for_network_connection @@ -81,7 +74,7 @@ install() { error_check "Failed to verify Dasharo firmware" if [ "$HAVE_EC" == "true" ]; then - _ec_fw_version=$($FLASHROM -p ${PROGRAMMER_EC} | grep "Mainboard EC Version" | tr -d ' ' | cut -d ':' -f 2) + _ec_fw_version=$($FLASHROM get_ec_firm_version_mock -p ${PROGRAMMER_EC} | grep "Mainboard EC Version" | tr -d ' ' | cut -d ':' -f 2) if [ "$_ec_fw_version" != "$COMPATIBLE_EC_FW_VERSION" ]; then echo "EC version: $_ec_fw_version is not supported, update required" @@ -100,7 +93,7 @@ install() { if [ "$NEED_EC_RESET" = "true" ]; then it5570_shutdown else - ${CMD_POWEROFF} + ${POWEROFF} fi } @@ -115,7 +108,9 @@ ROOT_DIR="/" [ -z "$SYSTEM_VENDOR" ] && error_exit "SYSTEM_VENDOR not given" [ -z "$SYSTEM_MODEL" ] && error_exit "SYSTEM_MODEL not given" -check_for_opensource_firmware +if check_for_opensource_firmware; then + error_exit "Device has already Open Source Embedded Controller firmware, aborting..." +fi board_config download_files install From 5d310535f5cd6e1f4c904cc7d73df36077db417f Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 14 Oct 2024 18:54:44 +0200 Subject: [PATCH 30/58] fix sourcing libs Cause of this patch: After I have added and integrated HAL - I have added following line in dts-boot: source $DTS_HAL This was needed because I have used some fuctions from the HAL in the script. Inside DTS_HAL I had following line: source $DTS_ENV Because I have used some vars from the DTS_ENV in the HAL. The problem was, that I had another line in DTS_ENV: source $DTS_HAL So, I got following boot workflow: Boot | v dts-boot | /-------\ v v | DTS_HAL->DTS_ENV . ............ v dts Instead of sourcing some scripts and then launching dts script - I got a loop betwee DTS_HAL and DTS_ENV. Therefore I decided to clean up sourcing a bit. Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 2 ++ include/dts-functions.sh | 6 ------ include/dts-subscription.sh | 2 -- include/hal/dts-hal.sh | 4 +--- scripts/dts-boot | 4 ++++ 5 files changed, 7 insertions(+), 11 deletions(-) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index d41dfa41..eb9caf00 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -7,6 +7,8 @@ # shellcheck disable=SC2034 # shellcheck source=../include/hal/dts-hal.sh source $DTS_HAL +# shellcheck source=../include/dts-functions.sh +source $DTS_FUNCS # Text colors: NORMAL='\033[0m' diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 81c2bd8d..37f018d7 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -5,12 +5,6 @@ # SPDX-License-Identifier: Apache-2.0 # shellcheck disable=SC2034 -# shellcheck source=../include/dts-environment.sh -source $DTS_ENV -# shellcheck source=../include/dts-subscription.sh -source $DTS_SUBS -# shellcheck source=../include/hal/dts-hal.sh -source $DTS_HAL ### Color functions: function echo_green() { diff --git a/include/dts-subscription.sh b/include/dts-subscription.sh index 7b04e79e..687630d4 100644 --- a/include/dts-subscription.sh +++ b/include/dts-subscription.sh @@ -5,8 +5,6 @@ # SPDX-License-Identifier: Apache-2.0 # shellcheck disable=SC2034 -# shellcheck source=../include/dts-environment.sh -source $DTS_ENV check_for_dasharo_firmware() { # This function checks if Dasharo firmware is available for the current diff --git a/include/hal/dts-hal.sh b/include/hal/dts-hal.sh index b8a71a19..a2fbc00a 100644 --- a/include/hal/dts-hal.sh +++ b/include/hal/dts-hal.sh @@ -21,9 +21,7 @@ # shellcheck disable=SC2034 -# shellcheck source=./dts-hal-common.sh -source $DTS_ENV -# shellcheck source=./dts-hal-common.sh +# shellcheck source=../../include/hal/common-mock-func.sh source $DTS_MOCK_COMMON # Set tools wrappers: diff --git a/scripts/dts-boot b/scripts/dts-boot index 03b9ff03..b99d68df 100644 --- a/scripts/dts-boot +++ b/scripts/dts-boot @@ -15,6 +15,10 @@ export DTS_HAL="$SBIN_DIR/dts-hal.sh" export DTS_MOCK_COMMON="$SBIN_DIR/common-mock-func.sh" export DTS_LOG_FILE="/tmp/dts.log" +# shellcheck source=../include/dts-environment.sh +source $DTS_ENV +# shellcheck source=../include/dts-functions.sh +source $DTS_FUNCS # shellcheck source=../include/hal/dts-hal.sh source $DTS_HAL From ad3958c1856f01da293bbc0b920681b8970e67fc Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 17 Oct 2024 23:30:48 +0200 Subject: [PATCH 31/58] include: fix transaction to Heads Add variables for Hash and Signature. Add checking for EC, beacuse some platforms which use Heads use EC as well, therefore EC firmware links are needed during transition. Before this commit the link had not been set, and transition failed. Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 2 ++ include/dts-functions.sh | 38 ++++++++++++++++++++++++++++++++------ 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index eb9caf00..7b3df953 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -134,6 +134,8 @@ declare EC_LINK_DPP declare EC_HASH_LINK_DPP declare EC_SIGN_LINK_DPP declare HEADS_LINK_DPP +declare HEADS_HASH_LINK_DPP +declare HEADS_SIGN_LINK_DPP # and for capsules: declare BIOS_LINK_COMM_CAP declare BIOS_HASH_LINK_COMM_CAP diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 37f018d7..87e634be 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -687,6 +687,8 @@ board_config() { [ -z "$BIOS_SIGN_LINK_DPP" ] && BIOS_SIGN_LINK_DPP="${BIOS_HASH_LINK_DPP}.sig" [ -z "$BIOS_HASH_LINK_DPP_SEABIOS" ] && BIOS_HASH_LINK_DPP_SEABIOS="${BIOS_LINK_DPP_SEABIOS}.sha256" [ -z "$BIOS_SIGN_LINK_DPP_SEABIOS" ] && BIOS_SIGN_LINK_DPP_SEABIOS="${BIOS_HASH_LINK_DPP_SEABIOS}.sig" + [ -z "$HEADS_HASH_LINK_DPP" ] && HEADS_HASH_LINK_DPP="${HEADS_LINK_DPP}.sha256" + [ -z "$HEADS_SIGN_LINK_DPP" ] && HEADS_SIGN_LINK_DPP="${HEADS_HASH_LINK_DPP}.sig" [ -z "$EC_HASH_LINK_COMM" ] && EC_HASH_LINK_COMM="${EC_LINK_COMM}.sha256" [ -z "$EC_SIGN_LINK_COMM" ] && EC_SIGN_LINK_COMM="${EC_HASH_LINK_COMM}.sig" [ -z "$EC_HASH_LINK_DPP" ] && EC_HASH_LINK_DPP="${EC_LINK_DPP}.sha256" @@ -1130,9 +1132,21 @@ handle_fw_switching() { yes|y|Y|Yes|YES) UPDATE_VERSION=$HEADS_REL_VER_DPP FLASHROM_ADD_OPT_UPDATE_OVERRIDE=$HEADS_SWITCH_FLASHROM_OPT_OVERRIDE - BIOS_HASH_LINK="${HEADS_LINK_DPP}.sha256" - BIOS_SIGN_LINK="${HEADS_LINK_DPP}.sha256.sig" - BIOS_LINK=$HEADS_LINK_DPP + BIOS_HASH_LINK="${HEADS_HASH_LINK_DPP}" + BIOS_SIGN_LINK="${HEADS_SIGN_LINK_DPP}" + BIOS_LINK="$HEADS_LINK_DPP" + + # Check EC link additionally, not all platforms have Embedded Controllers: + if [ -n "$EC_LINK_DPP" ]; then + EC_LINK=$EC_LINK_DPP + EC_HASH_LINK=$EC_HASH_LINK_DPP + EC_SIGN_LINK=$EC_SIGN_LINK_DPP + elif [ -n "$EC_LINK_COMM" ]; then + EC_LINK=$EC_LINK_COMM + EC_HASH_LINK=$EC_HASH_LINK_COMM + EC_SIGN_LINK=$EC_SIGN_LINK_COMM + fi + export SWITCHING_TO="heads" echo echo "Switching to Dasharo heads firmware v$UPDATE_VERSION" @@ -1184,9 +1198,21 @@ handle_fw_switching() { fi echo "Will not switch back to regular Dasharo firmware. Proceeding with Dasharo heads firmware update to $UPDATE_VERSION." FLASHROM_ADD_OPT_UPDATE_OVERRIDE="--ifd -i bios" - BIOS_HASH_LINK="${HEADS_LINK_DPP}.sha256" - BIOS_SIGN_LINK="${HEADS_LINK_DPP}.sha256.sig" - BIOS_LINK=$HEADS_LINK_DPP + BIOS_HASH_LINK="${HEADS_HASH_LINK_DPP}" + BIOS_SIGN_LINK="${HEADS_SIGN_LINK_DPP}" + BIOS_LINK="$HEADS_LINK_DPP" + + # Check EC link additionally, not all platforms have Embedded Controllers: + if [ -n "$EC_LINK_DPP" ]; then + EC_LINK=$EC_LINK_DPP + EC_HASH_LINK=$EC_HASH_LINK_DPP + EC_SIGN_LINK=$EC_SIGN_LINK_DPP + elif [ -n "$EC_LINK_COMM" ]; then + EC_LINK=$EC_LINK_COMM + EC_HASH_LINK=$EC_HASH_LINK_COMM + EC_SIGN_LINK=$EC_SIGN_LINK_COMM + fi + break ;; *) From 0004f910efec08ecbe22804bdbc5a7bb1fd47de0 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 17 Oct 2024 23:37:03 +0200 Subject: [PATCH 32/58] scripts: dasharo-deploy: add check_flash_chip Size of flashchip should be checked before board_config func. because the func. assigns some configs based on the chip size detected for ASUS boards. Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index c70bc10a..666c85d5 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -686,7 +686,6 @@ deploy_ec_firmware() { firmware_pre_updating_routine(){ # This function only separates some code from deployment code, so to make clear # where is deployment code, and what should be executed before it: - check_flash_chip check_flash_lock if [ "$HAVE_EC" == "true" ]; then @@ -719,7 +718,6 @@ firmware_pre_updating_routine(){ firmware_pre_installation_routine(){ # This function only separates some code from deployment code, so to make clear # where is deployment code, and what should be executed before it: - check_flash_chip check_flash_lock check_intel_regions check_blobs_in_binary $BIOS_UPDATE_FILE @@ -1161,6 +1159,10 @@ if [ "$FUM" == "fum" ]; then wait_for_network_connection fi +# Size of flashchip should be checked before board_config func. because the +# func. assigns some configs based on the chip size detected for ASUS boards +# (FIXME). +check_flash_chip board_config check_flash_chip From 4f7f237998819ce993fe899d8169c5e0ab37d2b8 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 17 Oct 2024 23:38:55 +0200 Subject: [PATCH 33/58] scripts: dasharo-deploy: check for EC firmware in update_workflow Some platforms do not have EC firmware, so update for them would fail without this commit. Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 666c85d5..97bcee48 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -966,7 +966,12 @@ update_workflow() { fi fi - download_artifacts + if [ "$HAVE_EC" == "true" ]; then + download_ec + verify_artifacts ec + fi + + download_bios verify_artifacts bios # Warning must be displayed after the artifacts have been downloaded, because From 04ab1e19073c6b7b6ba2a00b175c3990df32bd1a Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Fri, 18 Oct 2024 00:29:24 +0200 Subject: [PATCH 34/58] include: dts-functions.sh: add capsules for MSI Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 1 + include/dts-functions.sh | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index 7b3df953..9ac57842 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -111,6 +111,7 @@ CMD_EC_TRANSITION="/usr/sbin/ec_transition" declare DASHARO_REL_NAME declare DASHARO_REL_VER declare DASHARO_REL_VER_DPP +declare DASHARO_REL_VER_DPP_CAP declare HEADS_REL_VER_DPP declare DASHARO_REL_VER_DPP_SEABIOS declare COMPATIBLE_EC_FW_VERSION diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 87e634be..e21fde7d 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -439,6 +439,10 @@ board_config() { NEED_SMMSTORE_MIGRATION="true" NEED_ROMHOLE_MIGRATION="true" + # Add capsules: + DASHARO_REL_NAME_CAP="$DASHARO_REL_NAME" + DASHARO_REL_VER_DPP_CAP="$DASHARO_REL_VER_DPP" + if check_if_dasharo; then # if v1.1.3 or older, flash the whole bios region # TODO: Let DTS determine which parameters are suitable. @@ -457,11 +461,13 @@ board_config() { "PRO Z690-A WIFI DDR4(MS-7D25)" | "PRO Z690-A DDR4(MS-7D25)") BIOS_LINK_COMM="${FW_STORE_URL}/${DASHARO_REL_NAME}/v${DASHARO_REL_VER}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr4.rom" BIOS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7D25/v${DASHARO_REL_VER_DPP}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DPP}_ddr4.rom" + BIOS_LINK_DPP_CAP="${FW_STORE_URL_DPP}/MS-7D25/v${DASHARO_REL_VER_DPP_CAP}/${DASHARO_REL_NAME_CAP}_v${DASHARO_REL_VER_DPP_CAP}_ddr4.cap" HEADS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7D25/v${HEADS_REL_VER_DPP}/${DASHARO_REL_NAME}_v${HEADS_REL_VER_DPP}_ddr4_heads.rom" ;; "PRO Z690-A WIFI (MS-7D25)" | "PRO Z690-A (MS-7D25)") BIOS_LINK_COMM="${FW_STORE_URL}/${DASHARO_REL_NAME}/v${DASHARO_REL_VER}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr5.rom" BIOS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7D25/v${DASHARO_REL_VER_DPP}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DPP}_ddr5.rom" + BIOS_LINK_DPP_CAP="${FW_STORE_URL_DPP}/MS-7D25/v${DASHARO_REL_VER_DPP_CAP}/${DASHARO_REL_NAME_CAP}_v${DASHARO_REL_VER_DPP_CAP}_ddr5.cap" HEADS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7D25/v${HEADS_REL_VER_DPP}/${DASHARO_REL_NAME}_v${HEADS_REL_VER_DPP}_ddr5_heads.rom" ;; *) @@ -483,6 +489,10 @@ board_config() { NEED_SMMSTORE_MIGRATION="true" NEED_ROMHOLE_MIGRATION="true" + # Add capsules: + DASHARO_REL_NAME_CAP="$DASHARO_REL_NAME" + DASHARO_REL_VER_DPP_CAP="$DASHARO_REL_VER_DPP" + if check_if_dasharo; then # if v0.9.1 or older, flash the whole bios region # TODO: Let DTS determine which parameters are suitable. @@ -501,12 +511,14 @@ board_config() { "PRO Z790-P WIFI DDR4(MS-7E06)" | "PRO Z790-P DDR4(MS-7E06)" | "PRO Z790-P WIFI DDR4 (MS-7E06)" | "PRO Z790-P DDR4 (MS-7E06)") #BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr4.rom" BIOS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7E06/v${DASHARO_REL_VER_DPP}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DPP}_ddr4.rom" + BIOS_LINK_DPP_CAP="${FW_STORE_URL_DPP}/MS-7E06/v${DASHARO_REL_VER_DPP_CAP}/${DASHARO_REL_NAME_CAP}_v${DASHARO_REL_VER_DPP_CAP}_ddr4.cap" HEADS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7E06/v${HEADS_REL_VER_DPP}/${DASHARO_REL_NAME}_v${HEADS_REL_VER_DPP}_ddr4_heads.rom" PROGRAMMER_BIOS="internal:boardmismatch=force" ;; "PRO Z790-P WIFI (MS-7E06)" | "PRO Z790-P (MS-7E06)") #BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}_ddr5.rom" BIOS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7E06/v${DASHARO_REL_VER_DPP}/${DASHARO_REL_NAME}_v${DASHARO_REL_VER_DPP}_ddr5.rom" + BIOS_LINK_DPP_CAP="${FW_STORE_URL_DPP}/MS-7E06/v${DASHARO_REL_VER_DPP_CAP}/${DASHARO_REL_NAME_CAP}_v${DASHARO_REL_VER_DPP_CAP}_ddr5.cap" HEADS_LINK_DPP="${FW_STORE_URL_DPP}/MS-7E06/v${HEADS_REL_VER_DPP}/${DASHARO_REL_NAME}_v${HEADS_REL_VER_DPP}_ddr5_heads.rom" ;; *) From ef75759a383374352921eafca03f202d26637f5f Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Sat, 19 Oct 2024 22:17:32 +0200 Subject: [PATCH 35/58] include: dts-functions.sh: check_if_fused: add mocks Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 52 ++++++++++++++++++++------------- include/hal/common-mock-func.sh | 24 ++++++++++++++- 2 files changed, 54 insertions(+), 22 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index e21fde7d..d5b2f978 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1663,42 +1663,52 @@ send_dts_logs(){ } check_if_fused() { - file_path="/sys/class/mei/mei0/fw_status" - - if [[ ! -f $file_path ]]; then - echo "File not found: $file_path" + local _file_path + _file_path="/sys/class/mei/mei0/fw_status" + local _file_content + local _hfsts6_value + local _line_number + local _hfsts6_binary + local _binary_length + local _padding + local _zeros + local _bit_30_value + + if ! $FSREAD_TOOL test -f "$_file_path"; then + print_error "File not found: $_file_path" return 2 fi - hfsts6_value="" - line_number=1 + _file_content="$($FSREAD_TOOL cat $_file_path)" + + _fsts6_value="" + _line_number=1 while IFS= read -r line; do - if [[ $line_number -eq 6 ]]; then - hfsts6_value=$line + if [[ $_line_number -eq 6 ]]; then + _hfsts6_value="$line" break fi - ((line_number++)) - done <"$file_path" + ((_line_number++)) + done <<< "$_file_content" - if [[ -z $hfsts6_value ]]; then - echo "Failed to read HFSTS6 value" + if [[ -z "$_hfsts6_value" ]]; then + print_error "Failed to read HFSTS6 value" exit 1 fi - hfsts6_binary=$(echo "ibase=16; obase=2; $hfsts6_value" | bc) - - binary_length=${#hfsts6_binary} + _hfsts6_binary=$(echo "ibase=16; obase=2; $_hfsts6_value" | bc) + _binary_length=${#_hfsts6_binary} # Add leading zeros - if [ $binary_length -lt 32 ]; then - padding=$((32 - $binary_length)) - zeros=$(printf "%${padding}s" | tr ' ' "0") - hfsts6_binary=$zeros$hfsts6_binary + if [ $_binary_length -lt 32 ]; then + _padding=$((32 - $_binary_length)) + _zeros=$(printf "%${_padding}s" | tr ' ' "0") + _hfsts6_binary=$_zeros$_hfsts6_binary fi - bit_30_value=${hfsts6_binary:1:1} + _bit_30_value=${_hfsts6_binary:1:1} - if [ $bit_30_value == 0 ]; then + if [ $_bit_30_value == 0 ]; then return 1 else return 0 diff --git a/include/hal/common-mock-func.sh b/include/hal/common-mock-func.sh index fb929f1a..048b3d8d 100644 --- a/include/hal/common-mock-func.sh +++ b/include/hal/common-mock-func.sh @@ -404,6 +404,8 @@ TEST_HCI_PRESENT="${TEST_HCI_PRESENT:-}" TEST_TOUCHPAD_HID="${TEST_TOUCHPAD_HID:-}" TEST_TOUCHPAD_PATH="${TEST_TOUCHPAD_PATH:-}" TEST_AC_PRESENT="${TEST_AC_PRESENT:-}" +TEST_MEI_CONF_PRESENT="${TEST_MEI_CONF_PRESENT:-true}" +TEST_INTEL_FUSE_STATUS="${TEST_INTEL_FUSE_STATUS:-0}" fsread_tool_common_mock(){ # This functionn emulates read hardware specific file system resources or its @@ -419,7 +421,9 @@ fsread_tool_common_mock(){ fsread_tool_test_mock(){ local _arg_d + local _arg_f _arg_d="$(parse_for_arg_return_next -d "$@")" + _arg_f="$(parse_for_arg_return_next -f "$@")" if [ "$_arg_d" = "/sys/class/pci_bus/0000:00/device/0000:00:16.0" ]; then # Here we emulate the HCI hardware presence checked by function @@ -428,6 +432,12 @@ fsread_tool_test_mock(){ [ "$TEST_HCI_PRESENT" = "true" ] && return 0 fi + if [ "$_arg_f" = "/sys/class/mei/mei0/fw_status" ]; then + # Here we emulate MEI controller status file presence, check check_if_fused + # func for more inf.: + [ "$TEST_MEI_CONF_PRESENT" = "true" ] && return 0 + fi + return 1 } @@ -448,8 +458,20 @@ fsread_tool_cat_mock(){ elif [ "$_file_to_cat" = "/sys/class/power_supply/AC/online" ] && [ "$TEST_AC_PRESENT" = "true" ]; then # Emulating AC adadpter presence, used in check_if_ac func.: echo "1" 1>&1 + elif [ "$_file_to_cat" = "/sys/class/mei/mei0/fw_status" ] && [ "$TEST_MEI_CONF_PRESENT" = "true" ]; then + # Emulating MEI firmware status file, for more inf., check check_if_fused + # func.: + echo "smth" 1>&1 + echo "smth" 1>&1 + echo "smth" 1>&1 + echo "smth" 1>&1 + echo "smth" 1>&1 + # Emulating Intel Secure Boot Fuse status, check check_if_fused func. for + # more inf. 4... if fused, and 0 if not: + echo "${TEST_INTEL_FUSE_STATUS}0000000" 1>&1 + echo "smth" 1>&1 else - echo "cat: ${_file_to_cat}: No such file or directory" + echo "${FUNCNAME[0]}: ${_file_to_cat}: No such file or directory" return 1 fi From 1fde2de7364216c1076822140cc5a87f7bb3a32a Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 21 Oct 2024 11:35:45 +0200 Subject: [PATCH 36/58] include: dts-functions.sh: check_if_boot_guard_enabled add mocks Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 32 ++++++++++++++++++++------------ include/hal/common-mock-func.sh | 24 ++++++++++++++++++++++++ include/hal/dts-hal.sh | 1 + 3 files changed, 45 insertions(+), 12 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index d5b2f978..e0ab470a 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1716,29 +1716,37 @@ check_if_fused() { } check_if_boot_guard_enabled() { + local _msr_hex + local _msr_binary + local _binary_length + local _padding + local _zeros + local _facb_fpf + local _verified_boot + # MSR cannot be read - if ! rdmsr 0x13a -0; then + if ! $RDMSR boot_guard_status_mock 0x13a -0; then return 1 fi - msr_hex=$(rdmsr 0x13a -0 | tr '[:lower:]' '[:upper:]') - msr_binary=$(echo "ibase=16; obase=2; $msr_hex" | bc) - - binary_length=${#msr_binary} + _msr_hex=$($RDMSR boot_guard_status_mock 0x13a -0 | tr '[:lower:]' '[:upper:]') + _msr_binary=$(echo "ibase=16; obase=2; $_msr_hex" | bc) - if [ $binary_length -lt 64 ]; then - padding=$((64 - $binary_length)) - zeros=$(printf "%${padding}s" | tr ' ' "0") - msr_binary=$zeros$msr_binary + _binary_length=${#_msr_binary} +arkuszu + if [ $_binary_length -lt 64 ]; then + _padding=$((64 - $_binary_length)) + _zeros=$(printf "%${_padding}s" | tr ' ' "0") + _msr_binary=$_zeros$_msr_binary fi # Bit 4 - facb_fpf=${msr_binary:59:1} + _facb_fpf=${_msr_binary:59:1} # Bit 6 - verified_boot=${msr_binary:57:1} + _verified_boot=${_msr_binary:57:1} - if [ $facb_fpf == 1 ] && [ $verified_boot == 1 ]; then + if [ $_facb_fpf == 1 ] && [ $_verified_boot == 1 ]; then return 0 fi return 1 diff --git a/include/hal/common-mock-func.sh b/include/hal/common-mock-func.sh index 048b3d8d..6c54df13 100644 --- a/include/hal/common-mock-func.sh +++ b/include/hal/common-mock-func.sh @@ -504,3 +504,27 @@ lscpu_common_mock(){ return 0 } +################################################################################ +# rdmsr +################################################################################ +TEST_MSR_CAN_BE_READ="${TEST_MSR_CAN_BE_READ:-true}" +TEST_FPF_PROGRAMMED="${TEST_FPF_PROGRAMMED:-0}" +TEST_VERIFIED_BOOT_ENABLED="${TEST_VERIFIED_BOOT_ENABLED:-0}" + +rdmsr_boot_guard_status_mock(){ + local _bits_8_5="0" + # Emulating MSR accessibility, for more inf. check + # check_if_boot_guard_enabled func.: + [ "$TEST_MSR_CAN_BE_READ" != "true" ] && return 1 + + # Emulating Boot Guard status. 0000000000000000 - FPF not fused and Verified + # Boot disabled, 0000000000000010 - FPF fused and Verified Boot disabled, + # 0000000000000020 - FPF not fused and Verified Boot enabled, 0000000000000030 + # - FPF fused and Verified Boot enabled. For more inf. check + # check_if_boot_guard_enabled func.: + _bits_8_5=$((${_bits_8_5} + ${TEST_FPF_PROGRAMMED} + ${TEST_VERIFIED_BOOT_ENABLED})) + + echo "00000000000000${_bits_8_5}0" + + return 0 +} diff --git a/include/hal/dts-hal.sh b/include/hal/dts-hal.sh index a2fbc00a..fd8b4398 100644 --- a/include/hal/dts-hal.sh +++ b/include/hal/dts-hal.sh @@ -55,6 +55,7 @@ LSCPU="tool_wrapper lscpu" # System commands: POWEROFF="tool_wrapper poweroff" REBOOT="tool_wrapper reboot" +RDMSR="tool_wrapper rdmsr" ################################################################################ # Tools wrapper. From 183ae6ad0fa10e822ca37354e676854525f6d4ca Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 21 Oct 2024 12:32:39 +0200 Subject: [PATCH 37/58] include: dts-subscription.sh: fix creds problem warning printing Before: Something may be wrong with the DPP credentials or you may not have access to Dasharo Firmware. If so, consider getting Dasharo Subscription and improving security of your platform! Now: Something may be wrong with the DPP credentials or you may not have access to Dasharo Firmware. If so, consider getting Dasharo Subscription and improving security of your platform! Signed-off-by: Daniil Klimuk --- include/dts-subscription.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/dts-subscription.sh b/include/dts-subscription.sh index 687630d4..08b972e9 100644 --- a/include/dts-subscription.sh +++ b/include/dts-subscription.sh @@ -59,9 +59,9 @@ check_for_dasharo_firmware() { fi fi - print_warning "Something may be wrong with the DPP credentials or you may not\n - have access to Dasharo Firmware. If so, consider getting Dasharo\n - Subscription and improving security of your platform!" + print_warning "Something may be wrong with the DPP credentials or you may not" + print_warning "have access to Dasharo Firmware. If so, consider getting Dasharo" + print_warning "Subscription and improving security of your platform!" read -p "Press any key to continue" return 1 From e78ced777951fbea2c1016b5a47576856fd33d1b Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 21 Oct 2024 13:57:59 +0200 Subject: [PATCH 38/58] tests: these tests are replaced with OSVF For more inf. check https://github.com/Dasharo/open-source-firmware-validation/pull/333 Signed-off-by: Daniil Klimuk --- tests/README.md | 270 +--------------------------------- tests/README_tests.md | 4 - tests/cloud-pass | 3 - tests/dasharo-ectool-mock.sh | 21 --- tests/dpp-credentials.example | 24 --- tests/dts-boot | 47 ------ tests/flashrom-mock.sh | 63 -------- 7 files changed, 3 insertions(+), 429 deletions(-) delete mode 100644 tests/README_tests.md delete mode 100644 tests/cloud-pass delete mode 100644 tests/dasharo-ectool-mock.sh delete mode 100644 tests/dpp-credentials.example delete mode 100644 tests/dts-boot delete mode 100644 tests/flashrom-mock.sh diff --git a/tests/README.md b/tests/README.md index 5c78f577..bc887148 100644 --- a/tests/README.md +++ b/tests/README.md @@ -1,268 +1,4 @@ -# DTS scripts unit tests +# DTS scripts tests -This directory contains stub scripts for testing DTS update and deploy logic -in complex scenarios. - -## Running on host - -Running test on the host may result in unpredictable results because of the -missing programs and different version of certain tools. It is advised to run -the DTS image in QEMU as a development environment. Running on host is -generally not supported and should be avoided. - -## Running in QEMU - -### Credentials setup - -We need credentials for each test variant. You can use provided template and -fill it in accordingly. - -```bash -cp des-credentials.sh.example des-credentials.sh -``` - -### Running automatically - -Some scenarios are have been already migrated into [OSFV](TBD). - -```bash -robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no dts/dts-tests.robot -``` - -### Running manually - -1. Boot the latest DTS image in QEMU. Recommended steps: - + start QEMU according to [OSFV - documentation](https://github.com/Dasharo/open-source-firmware-validation/blob/develop/docs/qemu.md#booting) - (use `os` switch, not `firmware`) - + enable network boot and boot into DTS via iPXE - + enable SSH server (option `8` in main menu) - -1. Deploy updated scripts and tests into qemu - - ```bash - PORT=5222 ./scripts/local-deploy.sh 127.0.0.1 - ``` - -1. Execute desired test as described in below section. E.g.: - - ```bash - ssh -p 5222 root@127.0.0.1 - export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.7.2" TEST_DES=y DES_TYPE="heads" && dts-boot - ``` - -## Test cases - -The general idea is that we override some variables, so DTS scripts consider -they are running on the given board. Then we select `Install` or `Update` -actions from DTS menu, and check if the flow is as expected in certain -scenario. - -After each `dts-boot -> 5) Check and apply Dasharo firmware updates` scenario -execution, we can drop to DTS shell and continue with the next scenario. - -### NovaCustom - -```bash -export BOARD_VENDOR="Notebook" SYSTEM_MODEL="NV4xPZ" BOARD_MODEL="NV4xPZ" -``` - -1. Dasharo v1.7.2 on NV4x_PZ eligible for updates to heads with heads DES and - regular update: - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.7.2" TEST_DES=y DES_TYPE="heads" && dts-boot - ``` - - Expected output: - + heads fw should be offered - -1. Dasharo v1.7.2 on NV4x_PZ eligible for updates to heads without DES - (regular update only): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.7.2" TEST_DES=n && dts-boot - ``` - - Expected output: - + no update should be offered - -1. Dasharo v1.6.0 on NV4x_PZ not eligible for updates to heads with heads DES - (regular update only): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.6.0" TEST_DES=y DES_TYPE="heads" && dts-boot - ``` - - Expected output: - + UEFI fw update should be offered (this is too old release to transition to - heads directly, need to flash latest UEFI fw first) - -1. Dasharo v1.6.0 on NV4x_PZ not eligible for updates to heads without heads - DES (regular update only): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.6.0" TEST_DES=n && dts-boot - ``` - - Expected output: - + UEFI fw update should be offered - -1. Dasharo heads v0.9.0 on NV4x_PZ eligible for updates to heads with heads - DES and switch back (heads updates): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+heads) v0.9.0" TEST_DES=y DES_TYPE="heads" && dts-boot - ``` - - Expected output: - + migration to UEFI should be offered first - + if we say `n` to switch, heads update should be offered - -1. Dasharo heads v0.9.0 on NV4x_PZ without DES switch back, no heads updates: - - ```bash - export BIOS_VERSION="Dasharo (coreboot+heads) v0.9.0" TEST_DES=n && dts-boot - ``` - - Expected output: - + migration to UEFI should be offered first - + if we say `n` to switch, no heads update should be offered - -Another case is to edit `dts-functions.sh` and set `DASHARO_REL_VER` to -`v1.7.3` to detect possible regular firmware updates and `HEADS_REL_VER_DES` -to `v0.9.1` to detect possible heads firmware updates and repeat all test -cases. The URLs for non-existing versions may fail. - -The NovaCustom test binaries for credentials in `dts-boot` are placed in -[/projects/projects/2022/novacustom/dts_test](https://cloud.3mdeb.com/index.php/f/659609) -on 3mdeb cloud. These are just public coreboot+UEFI v1.7.2 binaries. -Analogically with MSI, cloud directory is -[/projects/projects/2022/msi/dts_test](https://cloud.3mdeb.com/index.php/f/667474) -and binaries are simply Z690-A public coreboot+UEFI v1.1.1 binaries with -changed names for both Z690-A and Z790-P (resigned with appropriate keys). - -### MSI MS-7D25 - -```bash -export BOARD_VENDOR="Micro-Star International Co., Ltd." SYSTEM_MODEL="MS-7D25" BOARD_MODEL="PRO Z690-A WIFI DDR4(MS-7D25)" -``` - -1. Dasharo v1.1.1 on MS-7D25 eligible for updates to heads with heads DES and - regular update: - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.1.1" TEST_DES=y DES_TYPE="heads" && dts-boot - ``` - -1. Dasharo v1.1.1 on MS-7D25 eligible for updates to heads without DES - (regular update only): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.1.1" TEST_DES=n && dts-boot - ``` - -1. Dasharo v1.1.2 on MS-7D25 eligible for updates to heads with heads DES - (regular update only through regular DES): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.1.2" TEST_DES=y DES_TYPE="heads" && dts-boot - ``` - -1. Dasharo v1.1.2 on MS-7D25 not eligible for updates to heads without heads - DES (regular update only through regular DES): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+UEFI) v1.1.2" TEST_DES=n && dts-boot - ``` - -1. Dasharo heads v0.9.0 on MS-7D25 eligible for updates to heads with heads - DES and switch back (regular update and switch-back): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+heads) v0.9.0" TEST_DES=y DES_TYPE="heads" && dts-boot - ``` - -1. Dasharo heads v0.9.0 on MS-7D25 without DES switch back, no heads updates - (regular update and switch-back): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+heads) v0.9.0" TEST_DES=n && dts-boot - ``` - -### MSI MS-7E06 - -```bash -export BOARD_VENDOR="Micro-Star International Co., Ltd." SYSTEM_MODEL="MS-7E06" BOARD_MODEL="PRO Z790-P WIFI (MS-7E06)" -``` - -1. Dasharo heads v0.9.0 on MS-7E06 eligible for updates to heads with heads - DES and switch back (regular update and switch-back only through regular - DES, no community release): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+heads) v0.9.0" TEST_DES=y DES_TYPE=heads && dts-boot - ``` - - Expected output: - + migration to UEFI should be offered first - + if we say `n` to switch, no heads (no more recent update available yet) - -1. Dasharo heads v0.9.0 on MS-7E06 without DES switch back, no heads updates - (regular update and switch-back only through regular DES, no community - release): - - ```bash - export BIOS_VERSION="Dasharo (coreboot+heads) v0.9.0" TEST_DES=n && dts-boot - ``` - - Expected output: - + should print info on DES availability in the shop - + migration to UEFI should be offered - -### PC Engines - -```bash -export BOARD_VENDOR="PC Engines" SYSTEM_MODEL="APU2" BOARD_MODEL="APU2" -``` - -1. Initial deployment from legacy firmware (no DES credentials) - - ```bash - export BIOS_VERSION="v4.19.0.1" TEST_DES=n && dts-boot - ``` - - Expected output: - + no DES - no deployment should be offered - + info on DES availailbity in the shop should be shown - -1. Initial deployment from legacy firmware (UEFI DES credentials) - - ```bash - export BIOS_VERSION="v4.19.0.1" TEST_DES=y DES_TYPE="UEFI" && dts-boot - ``` - - Expected output: - + UEFI deployment should be offered - + info on DES availailbity in the shop should not be shown - -1. Initial deployment from legacy firmware (seabios DES credentials) - - ```bash - export BIOS_VERSION="v4.19.0.1" TEST_DES=y DTS_TYPE="seabios" && dts-boot - ``` - - Expected output: - + Seabios deployment should be offered - + info on DES availailbity in the shop should not be shown - -1. Initial deployment from legacy firmware (correct DES credentials) - - ```bash - export BIOS_VERSION="v4.19.0.1" TEST_DES=n && dts-boot - ``` - - Expected output: - + seabios deployment should be offered - + info on DES availailbity in the shop should not be shown +This folder contains dts-scripts test cases that are still to be implemented in +[Dasharo OSFV](https://github.com/Dasharo/open-source-firmware-validation). diff --git a/tests/README_tests.md b/tests/README_tests.md deleted file mode 100644 index 3dd779fe..00000000 --- a/tests/README_tests.md +++ /dev/null @@ -1,4 +0,0 @@ -# Readme - -This directory contains test cases for some parts of the code in this -repository. TODO: manage repository testing properly. diff --git a/tests/cloud-pass b/tests/cloud-pass deleted file mode 100644 index bed949cf..00000000 --- a/tests/cloud-pass +++ /dev/null @@ -1,3 +0,0 @@ -SHY8Lfteq2bCLGD -diCqE9Q5wL8eLZH -%K5RKof! diff --git a/tests/dasharo-ectool-mock.sh b/tests/dasharo-ectool-mock.sh deleted file mode 100644 index e5023614..00000000 --- a/tests/dasharo-ectool-mock.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -# Function to print usage -usage() { - echo "Usage: $0 info" - exit 1 -} - -# Check if the first argument is 'info' -if [[ "$1" != "info" ]]; then - usage -fi - -# Mock info command output -echo "Dasharo EC Tool Mock - Info Command" -echo "-----------------------------------" -echo "board: novacustom/nv4x_adl" -echo "version: 2023-03-10_c0fe220" -echo "-----------------------------------" - -exit 0 diff --git a/tests/dpp-credentials.example b/tests/dpp-credentials.example deleted file mode 100644 index e2ead919..00000000 --- a/tests/dpp-credentials.example +++ /dev/null @@ -1,24 +0,0 @@ -# NovaCustom heads keys -NCM_HEADS_LOGS_KEY='' -NCM_HEADS_DL_KEY='' -NCM_HEADS_PWD='' - -# MSI heads keys -MSI_HEADS_LOGS_KEY='' -MSI_HEADS_DL_KEY='' -MSI_HEADS_PWD='' - -# MSI UEFI keys -MSI_UEFI_LOGS_KEY='' -MSI_UEFI_DL_KEY='' -MSI_UEFI_PWD='' - -# PC Engines SeaBIOS keys -PCE_SEABIOS_LOGS_KEY='' -PCE_SEABIOS_DL_KEY='' -PCE_SEABIOS_PWD='' - -# PC Engines UEFI keys -PCE_UEFI_LOGS_KEY='' -PCE_UEFI_DL_KEY='' -PCE_UEFI_PWD='' diff --git a/tests/dts-boot b/tests/dts-boot deleted file mode 100644 index f838965c..00000000 --- a/tests/dts-boot +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -source /usr/sbin/dpp-credentials.sh - -SBIN_DIR="/usr/sbin" -export DTS_FUNCS="$SBIN_DIR/dts-functions.sh" -export DTS_ENV="$SBIN_DIR/dts-environment.sh" -export DTS_SUBS="$SBIN_DIR/dts-subscription.sh" - -# QEMU does not support flashrom read/write yet, provide some basic mock to pass flashrom calls -export FLASHROM="/usr/sbin/flashrom-mock.sh" -export DASHARO_ECTOOL="/usr/sbin/dasharo-ectool-mock.sh" -# Skip HCL report in Dasharo deployment, which takes a lot of time -# and creates many reports in cloud. -export LOGS_SENT="1" - -CLOUD_PASS_FILE="/etc/cloud-pass" - -rm -f "${CLOUD_PASS_FILE}" -if [ "$BOARD_VENDOR" = "Notebook" ] && [ "$DPP_TYPE" = "heads" ]; then - echo "$NCM_HEADS_LOGS_KEY" >> "${CLOUD_PASS_FILE}" - echo "$NCM_HEADS_DL_KEY" >> "${CLOUD_PASS_FILE}" - echo "$NCM_HEADS_PWD" >> "${CLOUD_PASS_FILE}" -elif [ "$BOARD_VENDOR" = "Micro-Star International Co., Ltd." ] && [ "$DPP_TYPE" = "heads" ]; then - echo "$MSI_HEADS_LOGS_KEY" >> "${CLOUD_PASS_FILE}" - echo "$MSI_HEADS_DL_KEY" >> "${CLOUD_PASS_FILE}" - echo "$MSI_HEADS_PWD" >> "${CLOUD_PASS_FILE}" -elif [ "$BOARD_VENDOR" = "Micro-Star International Co., Ltd." ] && [ "$DPP_TYPE" = "UEFI" ]; then - echo "$MSI_UEFI_LOGS_KEY" >> "${CLOUD_PASS_FILE}" - echo "$MSI_UEFI_DL_KEY" >> "${CLOUD_PASS_FILE}" - echo "$MSI_UEFI_PWD" >> "${CLOUD_PASS_FILE}" -elif [ "$BOARD_VENDOR" = "PC Engines" ] && [ "$DPP_TYPE" = "UEFI" ]; then - echo "$PCE_UEFI_LOGS_KEY" >> "${CLOUD_PASS_FILE}" - echo "$PCE_UEFI_DL_KEY" >> "${CLOUD_PASS_FILE}" - echo "$PCE_UEFI_PWD" >> "${CLOUD_PASS_FILE}" -elif [ "$BOARD_VENDOR" = "PC Engines" ] && [ "$DPP_TYPE" = "seabios" ]; then - echo "$PCE_SEABIOS_LOGS_KEY" >> "${CLOUD_PASS_FILE}" - echo "$PCE_SEABIOS_DL_KEY" >> "${CLOUD_PASS_FILE}" - echo "$PCE_SEABIOS_PWD" >> "${CLOUD_PASS_FILE}" -fi - -if [ -f /tmp/bios.bin ]; then - rm /tmp/bios.bin -fi - -export HAVE_EC="false" - -$SBIN_DIR/dts diff --git a/tests/flashrom-mock.sh b/tests/flashrom-mock.sh deleted file mode 100644 index a4b36673..00000000 --- a/tests/flashrom-mock.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Initialize variables -PROGRAMMER="" -READ_FLAG="" -OUTPUT_FILE="" -EXTRA_OPTIONS="" - -# Function to print usage -usage() { - echo "Usage: $0 -p PROGRAMMER -r OUTPUT_FILE [EXTRA_OPTIONS]" - exit 1 -} - -# Parse command-line arguments -while [[ "$#" -gt 0 ]]; do - case $1 in - -p) - PROGRAMMER="$2" - shift 2 - ;; - -r) - READ_FLAG="-r" - OUTPUT_FILE="$2" - shift 2 - ;; - *) - EXTRA_OPTIONS+="$1 " - shift - ;; - esac -done - -# Check if required arguments are provided -if [[ -z "$PROGRAMMER" ]]; then - usage -fi - -# Create the directory for the output file if it doesn't exist -OUTPUT_DIR=$(dirname "$OUTPUT_FILE") -mkdir -p "$OUTPUT_DIR" - -# Mock flashrom functionality -echo "Mock flashrom: Programmer = $PROGRAMMER" -echo "Mock flashrom: Extra options = $EXTRA_OPTIONS" - -if [[ -n "$READ_FLAG" ]]; then - if [[ -z "$OUTPUT_FILE" ]]; then - usage - fi - echo "Mock flashrom: Reading BIOS into $OUTPUT_FILE" - - # Create a mock rom.bin file with some dummy data - echo "This is a mock rom.bin file for testing purposes." > "$OUTPUT_FILE" - - # Verify if the file is created - if [ -f "$OUTPUT_FILE" ]; then - echo "Mock flashrom: Successfully created $OUTPUT_FILE" - else - echo "Mock flashrom: Failed to create $OUTPUT_FILE" - exit 1 - fi -fi From 821e7082b3165d689375c8d1ebc24bb6d43c1d58 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Wed, 23 Oct 2024 10:24:48 +0200 Subject: [PATCH 39/58] include: hal: dts-hal: add usage comment for tool_wrapper Signed-off-by: Daniil Klimuk --- include/hal/dts-hal.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/hal/dts-hal.sh b/include/hal/dts-hal.sh index fd8b4398..8430d587 100644 --- a/include/hal/dts-hal.sh +++ b/include/hal/dts-hal.sh @@ -61,6 +61,14 @@ RDMSR="tool_wrapper rdmsr" # Tools wrapper. ################################################################################ tool_wrapper(){ +# Usage: tool_wrapper TOOL_NAME MOCK_FUNC_NAME TOOL_ARGS +# +# TOOL_NAME: the name of the tool being wrapped +# MOCK_FUNC_NAME: the name of mocking function (optional, check comments +# below for more inf.) +# TOOL_ARGS: the arguments that the tool gets if being called, for example +# for dmidecode -s system-vendor it will be "-s system-vendor". +# # This function is a bridge between common DTS logic and hardware-specific DTS # logic or functions. There is two paths a call to this function can be # redirected to: real HAL for running on real platform and Tests HAL for testing From 965a1bf8e18cec8134312c0b1d7e05601980f106 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 28 Oct 2024 10:39:01 +0100 Subject: [PATCH 40/58] scripts: dasharo-deploy: standardize firmware access warn This warning serves as a checkpoint in tests in Dasharo/OSFV repo, it was unconvenient to have different warnings all other dasharo-deploy script, so this commit brings it to one format. Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 59 ++++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 97bcee48..8ab0dd91 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -27,6 +27,40 @@ declare CAN_SWITCH_TO_HEADS CMD="$1" FUM="$2" +print_firm_access_warning() { +# This function prints standard warning informing user that a specific DPP +# firmware is available but he does not have access to it. Arguments: dpp, +# dpp_cap, seabios, and heads: + local _firm_type="$1" + local _firm_type_print + + case $_firm_type in + dpp) + _firm_type_print="coreboot + UEFI" + ;; + dpp_cap) + _firm_type_print="coreboot + UEFI via Capsule Update" + ;; + seabios) + _firm_type_print="coreboot + SeaBIOS" + ;; + heads) + _firm_type_print="coreboot + Heads" + ;; + *) + return 1 + ;; + esac + + print_warning " DPP version (${_firm_type_print}) available but you don't have access" + print_warning " to it, if you are interested, please visit" + print_warning " https://shop.3mdeb.com/product-category/dasharo-pro-package/" + # Just a new line: + echo + + return 0 +} + check_for_firmware_access() { # DPP credentials are being provided outside of this script, this script only # has to check whether the credentials give access to appropriate firmware. The @@ -113,11 +147,7 @@ ask_for_version() { echo " d) DPP version (coreboot + UEFI)" _might_be_dpp="true" else - print_warning " DPP version (coreboot + UEFI) available but you don't have access" - print_warning " to it, if you are interested, please visit" - print_warning " https://shop.3mdeb.com/product-category/dasharo-pro-package/" - - echo + print_firm_access_warning dpp fi fi @@ -126,11 +156,7 @@ ask_for_version() { echo " s) DPP version (coreboot + SeaBIOS)" _might_be_seabios="true" else - print_warning " DPP version (coreboot + SeaBIOS) available but you don't have access" - print_warning " to it, if you are interested, please visit" - print_warning " https://shop.3mdeb.com/product-category/dasharo-pro-package/" - - echo + print_firm_access_warning seabios fi fi @@ -197,9 +223,7 @@ choose_version(){ return 0 else - print_warning "Dasharo Heads firmware version is available, but your" - print_warning "subscription does not give you the access to this firmware." - print_warning "If you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-pro-package/" + print_firm_access_warning heads fi fi @@ -209,10 +233,7 @@ choose_version(){ return 0 else - print_warning "Dasharo Subscription firmware version with UEFI Capsule Update" - print_warning "is available, but your subscription does not give you the access" - print_warning "to this firmware." - print_warning "If you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-pro-package/" + print_firm_access_warning dpp_cap fi fi @@ -222,9 +243,7 @@ choose_version(){ return 0 else - print_warning "Dasharo Subscription firmware version is available, but your" - print_warning "subscription does not give you the access to this firmware." - print_warning "If you are interested, please visit https://shop.3mdeb.com/product-category/dasharo-pro-package/" + print_firm_access_warning dpp fi fi From 09258fb168c202edc74f1ec3815bda22afadf8eb Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 29 Oct 2024 12:07:14 +0100 Subject: [PATCH 41/58] include: hal: dts-hal.sh: use $@ instead of $* MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Michał Iwanicki Signed-off-by: Daniil Klimuk --- include/hal/dts-hal.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hal/dts-hal.sh b/include/hal/dts-hal.sh index 8430d587..f5456882 100644 --- a/include/hal/dts-hal.sh +++ b/include/hal/dts-hal.sh @@ -111,7 +111,7 @@ tool_wrapper(){ fi # Other arguments for this function are the arguments which are sent to a tool # e.g. -s system-vendor for dmidecode, etc.: - local _arguments="$*" + local _arguments=( "$@" ) if [ -n "$DTS_TESTING" ]; then # This is the order of calling mocking functions: From f6ed23873cea0ed5656159fa889dcb1bb0952d9b Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 29 Oct 2024 12:12:03 +0100 Subject: [PATCH 42/58] include: do not modify SHELL env. var. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Michał Iwanicki Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index 9ac57842..a9eadab1 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -96,7 +96,7 @@ OS_VERSION_FILE="/etc/os-release" KEYS_DIR="/tmp/devkeys" # Paths to system commands: -SHELL="bash" +CMD_SHELL="bash" # Paths to DTS commands: CMD_DASHARO_HCL_REPORT="/usr/sbin/dasharo-hcl-report" From 4934117d746705d79aa5dba47739ee20bf9c8b0f Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 29 Oct 2024 12:27:40 +0100 Subject: [PATCH 43/58] include: dts-functions.sh: fix AC adapter mocking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Michał Iwanicki Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 4 ++-- include/hal/common-mock-func.sh | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index e0ab470a..0cde1810 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -42,14 +42,14 @@ check_if_dasharo() { check_if_ac() { local _ac_file="/sys/class/power_supply/AC/online" - if [ ! -e "${_ac_file}" ]; then + if ! $FSREAD_TOOL test -e "${_ac_file}"; then # We want to silently skip if AC file is not there. Most likely this is # not battery-powered device then. return 0 fi while true; do - ac_status=$($FSREAD_TOOL check_if_ac_mock cat ${_ac_file}) + ac_status=$($FSREAD_TOOL cat ${_ac_file}) if [ "$ac_status" -eq 1 ]; then echo "AC adapter is connected. Continuing with firmware update." diff --git a/include/hal/common-mock-func.sh b/include/hal/common-mock-func.sh index 6c54df13..7df956ce 100644 --- a/include/hal/common-mock-func.sh +++ b/include/hal/common-mock-func.sh @@ -422,8 +422,10 @@ fsread_tool_common_mock(){ fsread_tool_test_mock(){ local _arg_d local _arg_f + local _arg_e _arg_d="$(parse_for_arg_return_next -d "$@")" _arg_f="$(parse_for_arg_return_next -f "$@")" + _arg_e="$(parse_for_arg_return_next -e "$@")" if [ "$_arg_d" = "/sys/class/pci_bus/0000:00/device/0000:00:16.0" ]; then # Here we emulate the HCI hardware presence checked by function @@ -438,6 +440,11 @@ fsread_tool_test_mock(){ [ "$TEST_MEI_CONF_PRESENT" = "true" ] && return 0 fi + if [ "$_arg_e" = "/sys/class/power_supply/AC/online" ]; then + # Emulating AC status file presence, check check_if_ac func. for more inf.: + [ "$TEST_AC_PRESENT" = "true" ] && return 0 + fi + return 1 } @@ -455,9 +462,13 @@ fsread_tool_cat_mock(){ elif [ "$_file_to_cat" = "/sys/bus/i2c/devices/Test/firmware_node/path" ] && [ -n "$TEST_TOUCHPAD_PATH" ]; then # Used in touchpad-info script. echo "$TEST_TOUCHPAD_PATH" 1>&1 - elif [ "$_file_to_cat" = "/sys/class/power_supply/AC/online" ] && [ "$TEST_AC_PRESENT" = "true" ]; then + elif [ "$_file_to_cat" = "/sys/class/power_supply/AC/online" ]; then # Emulating AC adadpter presence, used in check_if_ac func.: - echo "1" 1>&1 + if [ "$TEST_AC_PRESENT" = "true" ]; then + echo "1" + else + echo "0" + fi elif [ "$_file_to_cat" = "/sys/class/mei/mei0/fw_status" ] && [ "$TEST_MEI_CONF_PRESENT" = "true" ]; then # Emulating MEI firmware status file, for more inf., check check_if_fused # func.: From 8e05b0f2e2d61cb11e0b197453723d73071821c3 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 29 Oct 2024 12:32:31 +0100 Subject: [PATCH 44/58] delete explicit redirection to stdout (1>&1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Michał Iwanicki Signed-off-by: Daniil Klimuk --- include/hal/common-mock-func.sh | 74 ++++++++++++++++----------------- include/hal/dts-hal.sh | 2 +- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/include/hal/common-mock-func.sh b/include/hal/common-mock-func.sh index 7df956ce..75158d79 100644 --- a/include/hal/common-mock-func.sh +++ b/include/hal/common-mock-func.sh @@ -77,7 +77,7 @@ flashrom_check_flash_lock_mock(){ flashrom_flash_chip_name_mock(){ # For flash chip name check emulation, for more inf. check check_flash_chip # func.: - echo "Test Flash Chip" 1>&1 + echo "Test Flash Chip" return 0 } @@ -85,7 +85,7 @@ flashrom_flash_chip_name_mock(){ flashrom_flash_chip_size_mock(){ # For flash chip size check emulation, for more inf. check check_flash_chip # func.. - echo "$TEST_FLASH_CHIP_SIZE" 1>&1 + echo "$TEST_FLASH_CHIP_SIZE" return 0 } @@ -163,9 +163,9 @@ flashrom_get_ec_firm_version_mock(){ # Emulating wrong EC firmware version, check deploy_ec_firmware func. and # ec_transition script for more inf.: if [ -n "$TEST_COMPATIBLE_EC_VERSION" ]; then - echo "Mainboard EC Version: $COMPATIBLE_EC_FW_VERSION" 1>&1 + echo "Mainboard EC Version: $COMPATIBLE_EC_FW_VERSION" else - echo "Mainboard EC Version: 0000-00-00-0000000" 1>&1 + echo "Mainboard EC Version: 0000-00-00-0000000" fi return 0 @@ -189,11 +189,11 @@ dasharo_ectool_check_for_opensource_firm_mock(){ novacustom_check_sys_model_mock(){ if [ -n "$TEST_NOVACUSTOM_MODEL" ]; then - echo "Dasharo EC Tool Mock - Info Command" 1>&1 - echo "-----------------------------------" 1>&1 - echo "board: novacustom/$TEST_NOVACUSTOM_MODEL" 1>&1 - echo "version: 0000-00-00_0000000" 1>&1 - echo "-----------------------------------" 1>&1 + echo "Dasharo EC Tool Mock - Info Command" + echo "-----------------------------------" + echo "board: novacustom/$TEST_NOVACUSTOM_MODEL" + echo "version: 0000-00-00_0000000" + echo "-----------------------------------" return 0 fi @@ -214,7 +214,7 @@ TEST_BASEBOARD_SERIAL_NUMBER="${TEST_BASEBOARD_SERIAL_NUMBER:-}" dmidecode_common_mock(){ # Emulating dumping dmidecode inf.: - echo "${FUNCNAME[0]}: using dmidecode..." 1>&1 + echo "${FUNCNAME[0]}: using dmidecode..." return 0 } @@ -230,55 +230,55 @@ dmidecode_dump_var_mock(){ [ -z "$TEST_SYSTEM_VENDOR" ] && return 1 - echo "$TEST_SYSTEM_VENDOR" 1>&1 + echo "$TEST_SYSTEM_VENDOR" ;; system-product-name) [ -z "$TEST_SYSTEM_MODEL" ] && return 1 - echo "$TEST_SYSTEM_MODEL" 1>&1 + echo "$TEST_SYSTEM_MODEL" ;; baseboard-version) [ -z "$TEST_BOARD_MODEL" ] && return 1 - echo "$TEST_BOARD_MODEL" 1>&1 + echo "$TEST_BOARD_MODEL" ;; baseboard-product-name) [ -z "$TEST_BOARD_MODEL" ] && return 1 - echo "$TEST_BOARD_MODEL" 1>&1 + echo "$TEST_BOARD_MODEL" ;; processor-version) [ -z "$TEST_CPU_VERSION" ] && return 1 - echo "$TEST_CPU_VERSION" 1>&1 + echo "$TEST_CPU_VERSION" ;; bios-vendor) [ -z "$TEST_BIOS_VENDOR" ] && return 1 - echo "$TEST_BIOS_VENDOR" 1>&1 + echo "$TEST_BIOS_VENDOR" ;; bios-version) [ -z "$TEST_BIOS_VERSION" ] && return 1 - echo "$TEST_BIOS_VERSION" 1>&1 + echo "$TEST_BIOS_VERSION" ;; system-uuid) [ -z "$TEST_SYSTEM_UUID" ] && return 1 - echo "$TEST_SYSTEM_UUID" 1>&1 + echo "$TEST_SYSTEM_UUID" ;; baseboard-serial-number) [ -z "$TEST_BASEBOARD_SERIAL_NUMBER" ] && return 1 - echo "$TEST_BASEBOARD_SERIAL_NUMBER" 1>&1 + echo "$TEST_BASEBOARD_SERIAL_NUMBER" ;; esac @@ -293,7 +293,7 @@ TEST_ME_OFFSET="${TEST_ME_OFFSET:-}" ifdtool_check_blobs_in_binary_mock(){ # Emulating ME offset value check, check check_blobs_in_binary func. for more # inf.: - echo "Flash Region 2 (Intel ME): $TEST_ME_OFFSET" 1>&1 + echo "Flash Region 2 (Intel ME): $TEST_ME_OFFSET" return 0 } @@ -307,8 +307,8 @@ cbmem_check_if_me_disabled_mock(){ # Emulating ME state checked in Coreboot table, check check_if_me_disabled func. # for more inf.: if [ "$TEST_ME_DISABLED" = "true" ]; then - echo "ME is disabled" 1>&1 - echo "ME is HAP disabled" 1>&1 + echo "ME is disabled" + echo "ME is HAP disabled" return 0 fi @@ -327,13 +327,13 @@ cbfstool_layout_mock(){ # Emulating some fields in Coreboot Files System layout table: local _file_to_check="$1" - echo "This image contains the following sections that can be accessed with this tool:" 1>&1 - echo "" 1>&1 + echo "This image contains the following sections that can be accessed with this tool:" + echo "" # Emulating ROMHOLE presence, check romhole_migration function for more inf.: - [ "$TEST_ROMHOLE_MIGRATION" = "true" ] && echo "'ROMHOLE' (test)" 1>&1 + [ "$TEST_ROMHOLE_MIGRATION" = "true" ] && echo "'ROMHOLE' (test)" # Emulating difference in Coreboot FS, check function # set_flashrom_update_params for more inf.: - [ "$TEST_DIFFERENT_FMAP" = "true" ] && [ "$_file_to_check" != "$BIOS_DUMP_FILE" ] && echo "test" 1>&1 + [ "$TEST_DIFFERENT_FMAP" = "true" ] && [ "$_file_to_check" != "$BIOS_DUMP_FILE" ] && echo "test" return 0 } @@ -374,7 +374,7 @@ dmesg_i2c_hid_detect_mock(){ # Emulating touchpad presence and name detection, check touchpad-info script for # more inf.: if [ "$TEST_TOUCHPAD_ENABLED" = "true" ]; then - echo "hid-multitouch: I2C HID Test" 1>&1 + echo "hid-multitouch: I2C HID Test" fi return 0 @@ -456,12 +456,12 @@ fsread_tool_cat_mock(){ # called before fsread_tool_cat_mock in touchpad-info script: if [ "$_file_to_cat" = "/sys/bus/i2c/devices/Test/firmware_node/hid" ] && [ -n "$TEST_TOUCHPAD_HID" ]; then # Used in touchpad-info script. - echo "$TEST_TOUCHPAD_HID" 1>&1 + echo "$TEST_TOUCHPAD_HID" # Note, Test folder here comes from dmesg_i2c_hid_detect_mock, which is being # called before fsread_tool_cat_mock in touchpad-info script: elif [ "$_file_to_cat" = "/sys/bus/i2c/devices/Test/firmware_node/path" ] && [ -n "$TEST_TOUCHPAD_PATH" ]; then # Used in touchpad-info script. - echo "$TEST_TOUCHPAD_PATH" 1>&1 + echo "$TEST_TOUCHPAD_PATH" elif [ "$_file_to_cat" = "/sys/class/power_supply/AC/online" ]; then # Emulating AC adadpter presence, used in check_if_ac func.: if [ "$TEST_AC_PRESENT" = "true" ]; then @@ -472,15 +472,15 @@ fsread_tool_cat_mock(){ elif [ "$_file_to_cat" = "/sys/class/mei/mei0/fw_status" ] && [ "$TEST_MEI_CONF_PRESENT" = "true" ]; then # Emulating MEI firmware status file, for more inf., check check_if_fused # func.: - echo "smth" 1>&1 - echo "smth" 1>&1 - echo "smth" 1>&1 - echo "smth" 1>&1 - echo "smth" 1>&1 + echo "smth" + echo "smth" + echo "smth" + echo "smth" + echo "smth" # Emulating Intel Secure Boot Fuse status, check check_if_fused func. for # more inf. 4... if fused, and 0 if not: - echo "${TEST_INTEL_FUSE_STATUS}0000000" 1>&1 - echo "smth" 1>&1 + echo "${TEST_INTEL_FUSE_STATUS}0000000" + echo "smth" else echo "${FUNCNAME[0]}: ${_file_to_cat}: No such file or directory" @@ -498,7 +498,7 @@ TEST_ME_OP_MODE="${TEST_ME_OP_MODE:-0}" setpci_check_me_op_mode_mock(){ # Emulating current ME operation mode, check functions check_if_me_disabled and # check_me_op_mode: - echo "0$TEST_ME_OP_MODE" 1>&1 + echo "0$TEST_ME_OP_MODE" return 0 } diff --git a/include/hal/dts-hal.sh b/include/hal/dts-hal.sh index f5456882..69e3e45f 100644 --- a/include/hal/dts-hal.sh +++ b/include/hal/dts-hal.sh @@ -192,7 +192,7 @@ check_me_op_mode(){ _mode="$($SETPCI check_me_op_mode_mock -s 00:16.0 42.B 2> /dev/null | cut -c2-)" - echo "$_mode" 1>&1 + echo "$_mode" return 0 } From 332f30f276ffe467c931918bd756211f5ab5e181 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 29 Oct 2024 12:53:48 +0100 Subject: [PATCH 45/58] include: dts-functions.sh: board_config: cleanup Novacustom config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Michał Iwanicki Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 60 +++++++--------------------------------- 1 file changed, 10 insertions(+), 50 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 0cde1810..c34b810b 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -228,20 +228,20 @@ board_config() { echo "Checking if board is Dasharo compatible." case "$SYSTEM_VENDOR" in "Notebook") + # Common settings for all Notebooks: + CAN_USE_FLASHROM="true" + HAVE_EC="true" + NEED_EC_RESET="true" + PLATFORM_SIGN_KEY="customer-keys/novacustom/novacustom-open-source-firmware-release-1.x-key.asc \ + customer-keys/novacustom/dasharo-release-0.9.x-for-novacustom-signing-key.asc" + NEED_SMMSTORE_MIGRATION="true" + case "$SYSTEM_MODEL" in "NV4XMB,ME,MZ") DASHARO_REL_NAME="novacustom_nv4x_tgl" DASHARO_REL_VER="1.5.2" - BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom" - EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom" CAN_INSTALL_BIOS="true" - HAVE_EC="true" - NEED_EC_RESET="true" COMPATIBLE_EC_FW_VERSION="2022-10-07_c662165" - PLATFORM_SIGN_KEY="customer-keys/novacustom/novacustom-open-source-firmware-release-1.x-key.asc \ - customer-keys/novacustom/dasharo-release-0.9.x-for-novacustom-signing-key.asc" - NEED_SMMSTORE_MIGRATION="true" - PROGRAMMER_EC="ite_ec:boardmismatch=force,romsize=128K,autoload=disable" if check_if_dasharo; then # if v1.5.1 or older, flash the whole bios region # TODO: Let DTS determine which parameters are suitable. @@ -259,16 +259,8 @@ board_config() { "NS50_70MU") DASHARO_REL_NAME="novacustom_ns5x_tgl" DASHARO_REL_VER="1.5.2" - BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom" - EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom" CAN_INSTALL_BIOS="true" - HAVE_EC="true" - NEED_EC_RESET="true" COMPATIBLE_EC_FW_VERSION="2022-08-31_cbff21b" - PLATFORM_SIGN_KEY="customer-keys/novacustom/novacustom-open-source-firmware-release-1.x-key.asc \ - customer-keys/novacustom/dasharo-release-0.9.x-for-novacustom-signing-key.asc" - NEED_SMMSTORE_MIGRATION="true" - PROGRAMMER_EC="ite_ec:boardmismatch=force,romsize=128K,autoload=disable" if check_if_dasharo; then # if v1.5.1 or older, flash the whole bios region # TODO: Let DTS determine which parameters are suitable. @@ -286,15 +278,7 @@ board_config() { "NS5x_NS7xPU") DASHARO_REL_NAME="novacustom_ns5x_adl" DASHARO_REL_VER="1.7.2" - BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom" - EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom" - HAVE_EC="true" - NEED_EC_RESET="true" COMPATIBLE_EC_FW_VERSION="2022-08-31_cbff21b" - PLATFORM_SIGN_KEY="customer-keys/novacustom/novacustom-open-source-firmware-release-1.x-key.asc \ - customer-keys/novacustom/dasharo-release-0.9.x-for-novacustom-signing-key.asc" - NEED_SMMSTORE_MIGRATION="true" - PROGRAMMER_EC="ite_ec:boardmismatch=force,romsize=128K,autoload=disable" if check_if_dasharo; then # if v1.7.2 or older, flash the whole bios region # TODO: Let DTS determine which parameters are suitable. @@ -315,15 +299,7 @@ board_config() { HEADS_REL_VER_DPP="0.9.1" HEADS_LINK_DPP="${FW_STORE_URL_DPP}/${DASHARO_REL_NAME}/v${HEADS_REL_VER_DPP}/${DASHARO_REL_NAME}_v${HEADS_REL_VER_DPP}_heads.rom" HEADS_SWITCH_FLASHROM_OPT_OVERRIDE="--ifd -i bios" - BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom" - EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom" - HAVE_EC="true" - NEED_EC_RESET="true" COMPATIBLE_EC_FW_VERSION="2022-08-31_cbff21b" - PLATFORM_SIGN_KEY="customer-keys/novacustom/novacustom-open-source-firmware-release-1.x-key.asc \ - customer-keys/novacustom/dasharo-release-0.9.x-for-novacustom-signing-key.asc" - NEED_SMMSTORE_MIGRATION="true" - PROGRAMMER_EC="ite_ec:boardmismatch=force,romsize=128K,autoload=disable" if check_if_dasharo; then # if v1.7.2 or older, flash the whole bios region # TODO: Let DTS determine which parameters are suitable. @@ -356,14 +332,8 @@ board_config() { # Common configuration for all V54x_6x_TU: DASHARO_REL_VER="0.9.0" - HAVE_EC="true" - NEED_EC_RESET="true" COMPATIBLE_EC_FW_VERSION="2024-07-17_4ae73b9" - PLATFORM_SIGN_KEY="customer-keys/novacustom/novacustom-open-source-firmware-release-1.x-key.asc \ - customer-keys/novacustom/dasharo-release-0.9.x-for-novacustom-signing-key.asc" - NEED_SMMSTORE_MIGRATION="true" NEED_BOOTSPLASH_MIGRATION="true" - PROGRAMMER_EC="ite_ec:boardmismatch=force,romsize=128K,autoload=disable" case $BOARD_MODEL in "V540TU") @@ -377,9 +347,6 @@ board_config() { return 1 ;; esac - - BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom" - EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom" ;; "V5xTNC_TND_TNE") if check_if_dasharo; then @@ -388,13 +355,7 @@ board_config() { ask_for_model V540TNx V560TNx fi - PLATFORM_SIGN_KEY="customer-keys/novacustom/novacustom-open-source-firmware-release-1.x-key.asc \ - customer-keys/novacustom/dasharo-release-0.9.x-for-novacustom-signing-key.asc" - NEED_SMMSTORE_MIGRATION="true" NEED_BOOTSPLASH_MIGRATION="true" - PROGRAMMER_EC="ite_ec:boardmismatch=force,romsize=128K,autoload=disable" - HAVE_EC="true" - NEED_EC_RESET="true" case $BOARD_MODEL in "V540TNx") @@ -412,15 +373,14 @@ board_config() { return 1 ;; esac - - BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom" - EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom" ;; *) print_error "Board model $SYSTEM_MODEL is currently not supported" return 1 ;; esac + BIOS_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_v${DASHARO_REL_VER}.rom" + EC_LINK_COMM="$FW_STORE_URL/$DASHARO_REL_NAME/v$DASHARO_REL_VER/${DASHARO_REL_NAME}_ec_v${DASHARO_REL_VER}.rom" ;; "Micro-Star International Co., Ltd.") case "$SYSTEM_MODEL" in From 55256f51e55d135a8fbef61fbdd4ecd10117101a Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 7 Nov 2024 18:30:53 +0100 Subject: [PATCH 46/58] do not use flashrom with QEMU flashrom does not support QEMU and fails every time. I have not found a better way to handle it, but we should not place hardwere related configs all around the code. Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 17 ++++++++++-- reports/dasharo-hcl-report | 57 ++++++++++++++++++++------------------ scripts/dasharo-deploy | 13 +++++---- 3 files changed, 53 insertions(+), 34 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index c34b810b..d142d4f8 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1357,10 +1357,14 @@ show_main_menu() { echo -e "${BLUE}**${YELLOW} ${HCL_REPORT_OPT})${BLUE} Dasharo HCL report${NORMAL}" if check_if_dasharo; then echo -e "${BLUE}**${YELLOW} ${DASHARO_FIRM_OPT})${BLUE} Update Dasharo Firmware${NORMAL}" - else + # flashrom does not support QEMU. TODO: this could be handled in a better way: + elif [ "${SYSTEM_VENDOR}" != "QEMU" ] && [ "${SYSTEM_VENDOR}" != "Emulation" ]; then echo -e "${BLUE}**${YELLOW} ${DASHARO_FIRM_OPT})${BLUE} Install Dasharo Firmware${NORMAL}" fi - echo -e "${BLUE}**${YELLOW} ${REST_FIRM_OPT})${BLUE} Restore firmware from Dasharo HCL report${NORMAL}" + # flashrom does not support QEMU. TODO: this could be handled in a better way: + if [ "${SYSTEM_VENDOR}" != "QEMU" ] && [ "${SYSTEM_VENDOR}" != "Emulation" ]; then + echo -e "${BLUE}**${YELLOW} ${REST_FIRM_OPT})${BLUE} Restore firmware from Dasharo HCL report${NORMAL}" + fi if [ -n "${DPP_IS_LOGGED}" ]; then echo -e "${BLUE}**${YELLOW} ${DPP_KEYS_OPT})${BLUE} Edit your DPP keys${NORMAL}" else @@ -1406,6 +1410,10 @@ main_menu_options(){ ;; "${DASHARO_FIRM_OPT}") if ! check_if_dasharo; then + # flashrom does not support QEMU, but installation depends on flashrom. + # TODO: this could be handled in a better way: + [ "${SYSTEM_VENDOR}" = "QEMU" ] || [ "${SYSTEM_VENDOR}" = "Emulation" ] && return 0 + if wait_for_network_connection; then echo "Preparing ..." if [ -z "${LOGS_SENT}" ]; then @@ -1424,6 +1432,7 @@ main_menu_options(){ ${CMD_DASHARO_DEPLOY} install fi else + # TODO: This should be placed in dasharo-deploy: # For NovaCustom TGL laptops with Dasharo version lower than 1.3.0, # we shall run the ec_transition script instead. See: # https://docs.dasharo.com/variants/novacustom_nv4x_tgl/releases/#v130-2022-10-18 @@ -1455,6 +1464,10 @@ main_menu_options(){ return 0 ;; "${REST_FIRM_OPT}") + # flashrom does not support QEMU, but restore depends on flashrom. + # TODO: this could be handled in a better way: + [ "${SYSTEM_VENDOR}" = "QEMU" ] || [ "${SYSTEM_VENDOR}" = "Emulation" ] && return 0 + if check_if_dasharo; then ${CMD_DASHARO_DEPLOY} restore fi diff --git a/reports/dasharo-hcl-report b/reports/dasharo-hcl-report index d412175e..4ccf385f 100644 --- a/reports/dasharo-hcl-report +++ b/reports/dasharo-hcl-report @@ -63,8 +63,6 @@ fi FULL_UPLOAD_URL="https://cloud.3mdeb.com/index.php/s/"${CLOUDSEND_LOGS_URL} -check_flash_chip - mkdir logs if [ $DEPLOY_REPORT = "false" ]; then echo "Getting hardware information. It will take a few minutes..." @@ -175,34 +173,39 @@ cat /sys/class/input/input*/id/bustype > logs/input_bustypes.log update_result "Input bus types" logs/ioports.err.log printf '################################ |\r' -# echo "Trying to read firmware image with flashrom..." -# Some regions may be not available so we need to use specific regions to read -check_intel_regions -if [ $BOARD_HAS_FD_REGION -eq 1 ]; then - # Use safe defaults. Descriptor may contain additional regions not detected - # by flashrom and will return failure when attempted to be read. BIOS and - # Flash descriptor regions should always be readable. If not, then we have - # some ugly case, hard to deal with. - FLASHROM_ADD_OPT_READ="--ifd -i fd -i bios" - if [ $BOARD_HAS_ME_REGION -eq 1 ] && [ $BOARD_ME_REGION_LOCKED -eq 0 ]; then - # ME region is not locked, read it as well - FLASHROM_ADD_OPT_READ+=" -i me" - fi - if [ $BOARD_HAS_GBE_REGION -eq 1 ] && [ $BOARD_GBE_REGION_LOCKED -eq 0 ]; then - # GBE region is present and not locked, read it as well - FLASHROM_ADD_OPT_READ+=" -i gbe" +# flashrom does not support QEMU. TODO: this could be handled in a better way: +if [ "${SYSTEM_VENDOR}" != "QEMU" ] && [ "${SYSTEM_VENDOR}" != "Emulation" ]; then + check_flash_chip + check_intel_regions + + # echo "Trying to read firmware image with flashrom..." + # Some regions may be not available so we need to use specific regions to read + if [ $BOARD_HAS_FD_REGION -eq 1 ]; then + # Use safe defaults. Descriptor may contain additional regions not detected + # by flashrom and will return failure when attempted to be read. BIOS and + # Flash descriptor regions should always be readable. If not, then we have + # some ugly case, hard to deal with. + FLASHROM_ADD_OPT_READ="--ifd -i fd -i bios" + if [ $BOARD_HAS_ME_REGION -eq 1 ] && [ $BOARD_ME_REGION_LOCKED -eq 0 ]; then + # ME region is not locked, read it as well + FLASHROM_ADD_OPT_READ+=" -i me" + fi + if [ $BOARD_HAS_GBE_REGION -eq 1 ] && [ $BOARD_GBE_REGION_LOCKED -eq 0 ]; then + # GBE region is present and not locked, read it as well + FLASHROM_ADD_OPT_READ+=" -i gbe" + fi + else + # No descriptor, probably safe to read everything + FLASHROM_ADD_OPT_READ="" fi -else - # No descriptor, probably safe to read everything - FLASHROM_ADD_OPT_READ="" -fi -$FLASHROM -V -p internal:laptop=force_I_want_a_brick ${FLASH_CHIP_SELECT} -r logs/rom.bin ${FLASHROM_ADD_OPT_READ} > logs/flashrom_read.log 2> logs/flashrom_read.err.log -if [ $? -ne 0 ]; then - echo "CRITICAL ERROR: cannot dump firmware" + $FLASHROM -V -p internal:laptop=force_I_want_a_brick ${FLASH_CHIP_SELECT} -r logs/rom.bin ${FLASHROM_ADD_OPT_READ} > logs/flashrom_read.log 2> logs/flashrom_read.err.log + if [ $? -ne 0 ]; then + echo "CRITICAL ERROR: cannot dump firmware" + fi + update_result "Firmware image" logs/flashrom_read.err.log + printf '################################## |\r' fi -update_result "Firmware image" logs/flashrom_read.err.log -printf '################################## |\r' # echo "Probing all I2C buses..." MAX_I2C_ID=$(i2cdetect -l | awk 'BEGIN{c1=0} //{c1++} END{print "",--c1}') diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 8ab0dd91..6890dff9 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -1183,12 +1183,15 @@ if [ "$FUM" == "fum" ]; then wait_for_network_connection fi -# Size of flashchip should be checked before board_config func. because the -# func. assigns some configs based on the chip size detected for ASUS boards -# (FIXME). -check_flash_chip +# flashrom does not support QEMU. TODO: this could be handled in a better way: +if [ "${SYSTEM_VENDOR}" != "QEMU" ] && [ "${SYSTEM_VENDOR}" != "Emulation" ]; then + # Size of flashchip should be checked before board_config func. because the + # func. assigns some configs based on the chip size detected for ASUS boards + # (FIXME). + check_flash_chip +fi + board_config -check_flash_chip if [ -n "$PLATFORM_SIGN_KEY" ]; then get_signing_keys From 84c7b6029e0d2712d5cb3ca47944b067a11db29a Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 7 Nov 2024 18:41:13 +0100 Subject: [PATCH 47/58] include: dts-functions.sh: download_artifacts: delete Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index d142d4f8..5551be88 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -806,13 +806,6 @@ download_ec() { fi } -download_artifacts() { - echo -n "Downloading Dasharo firmware..." - download_bios - download_ec - print_ok "Done" -} - download_keys() { mkdir $KEYS_DIR wget -O $KEYS_DIR/recovery_key.vbpubk https://github.com/Dasharo/vboot/raw/dasharo/tests/devkeys/recovery_key.vbpubk >> $ERR_LOG_FILE 2>&1 From c4e607a015eba8b38d2a6d3597aaea7e4fe0ca88 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 7 Nov 2024 18:57:42 +0100 Subject: [PATCH 48/58] scripts: dasharo-deploy: send logs before trying to reboot Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 2 ++ scripts/dasharo-deploy | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 5551be88..95bac97d 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1588,6 +1588,8 @@ footer_options(){ send_dts_logs(){ if [ "${SEND_LOGS_ACTIVE}" == "true" ]; then + echo "Sending logs..." + log_dir=$(dmidecode -s system-manufacturer)_$(dmidecode -s system-product-name)_$(dmidecode -s bios-version) uuid_string="$(cat /sys/class/net/$(ip route show default | head -1 | awk '/default/ {print $5}')/address)" diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 6890dff9..cd0d82ea 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -916,6 +916,9 @@ install_workflow() { echo -n "Syncing disks... " sync echo "Done." + + send_dts_logs + if [ "$NEED_EC_RESET" == "true" ]; then echo "The computer will shut down automatically in 5 seconds" else @@ -938,7 +941,6 @@ install_workflow() { if [ "$NEED_EC_RESET" == "true" ]; then it5570_shutdown else - send_dts_logs ${REBOOT} fi } @@ -1021,6 +1023,8 @@ update_workflow() { print_ok "Successfully updated Dasharo firmware." fi + send_dts_logs + # Post update routine: if [ "$HAVE_EC" == "true" ]; then echo "Updating Embedded Controller firmware. Your computer will power off automatically when done." @@ -1044,7 +1048,6 @@ update_workflow() { sleep 0.5 echo "Rebooting" sleep 1 - send_dts_logs ${REBOOT} fi } From 0f2abda2357f8598f67b6a16fbf71cb96d05d5c1 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Tue, 12 Nov 2024 11:02:10 +0100 Subject: [PATCH 49/58] include: dts-functions.sh: cleanup download_ec func Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 46 +++++++++++++--------------------------- 1 file changed, 15 insertions(+), 31 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 95bac97d..6fdeb50e 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -768,41 +768,25 @@ download_bios() { download_ec() { if [ "${BIOS_LINK}" = "${BIOS_LINK_COMM}" ] || [ "${BIOS_LINK}" = "${BIOS_LINK_COMM_CAP}" ]; then - if [ "$HAVE_EC" == "true" ]; then - curl -s -L -f "$EC_LINK" -o "$EC_UPDATE_FILE" - error_check "Cannot access $FW_STORE_URL while downloading binary. Please + curl -s -L -f "$EC_LINK" -o "$EC_UPDATE_FILE" + error_check "Cannot access $FW_STORE_URL while downloading binary. Please check your internet connection" - curl -s -L -f "$EC_HASH_LINK" -o $EC_HASH_FILE - error_check "Cannot access $FW_STORE_URL while downloading signature. Please + curl -s -L -f "$EC_HASH_LINK" -o $EC_HASH_FILE + error_check "Cannot access $FW_STORE_URL while downloading signature. Please check your internet connection" - curl -s -L -f "$EC_SIGN_LINK" -o $EC_SIGN_FILE - error_check "Cannot access $FW_STORE_URL while downloading signature. Please + curl -s -L -f "$EC_SIGN_LINK" -o $EC_SIGN_FILE + error_check "Cannot access $FW_STORE_URL while downloading signature. Please check your internet connection" - fi else - if [ "$HAVE_EC" == "true" ]; then - if [ "${EC_LINK}" = "${EC_LINK_COMM}" ] || [ "${EC_LINK}" = "${EC_LINK_COMM_CAP}" ]; then - curl -s -L -f "$EC_LINK" -o "$EC_UPDATE_FILE" - error_check "Cannot access $FW_STORE_URL while downloading binary. Please - check your internet connection" - curl -s -L -f "$EC_HASH_LINK" -o $EC_HASH_FILE - error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection" - curl -s -L -f "$EC_SIGN_LINK" -o $EC_SIGN_FILE - error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection" - else - curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_LINK" -o $EC_UPDATE_FILE - error_check "Cannot access $FW_STORE_URL while downloading binary. Please - check your internet connection and credentials" - curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_HASH_LINK" -o $EC_HASH_FILE - error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection and credentials" - curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_SIGN_LINK" -o $EC_SIGN_FILE - error_check "Cannot access $FW_STORE_URL while downloading signature. Please - check your internet connection and credentials" - fi - fi + curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_LINK" -o $EC_UPDATE_FILE + error_check "Cannot access $FW_STORE_URL while downloading binary. Please + check your internet connection and credentials" + curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_HASH_LINK" -o $EC_HASH_FILE + error_check "Cannot access $FW_STORE_URL while downloading signature. Please + check your internet connection and credentials" + curl -s -L -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$EC_SIGN_LINK" -o $EC_SIGN_FILE + error_check "Cannot access $FW_STORE_URL while downloading signature. Please + check your internet connection and credentials" fi } From 79e40334f9e3b917992cdda6a0f739ae773ad921 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Wed, 13 Nov 2024 12:29:12 +0100 Subject: [PATCH 50/58] check for Capsule Update compatibility with currently installed firm Signed-off-by: Daniil Klimuk --- include/dts-environment.sh | 7 +++++++ include/dts-functions.sh | 3 +++ scripts/dasharo-deploy | 28 +++++++++++++++++++++------- 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/include/dts-environment.sh b/include/dts-environment.sh index a9eadab1..01ebf76f 100644 --- a/include/dts-environment.sh +++ b/include/dts-environment.sh @@ -118,6 +118,13 @@ declare COMPATIBLE_EC_FW_VERSION # and for capsules: declare DASHARO_REL_VER_CAP declare DASHARO_REL_VER_DPP_CAP +# To use capsule update a platform should already run a firmware with capsule +# update support. Therefore DTS should check, from which Dasharo firmware +# version capsule update is supported for the platform and compare with the +# version of the currently installed firmware. This variable holds the version +# from which Dasharo firmware supports capsule update for current patform. It is +# set in board_config: +declare DASHARO_SUPPORT_CAP_FROM # Links to files: declare BIOS_LINK_COMM declare BIOS_HASH_LINK_COMM diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 6fdeb50e..6410bb2b 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -402,6 +402,7 @@ board_config() { # Add capsules: DASHARO_REL_NAME_CAP="$DASHARO_REL_NAME" DASHARO_REL_VER_DPP_CAP="$DASHARO_REL_VER_DPP" + DASHARO_SUPPORT_CAP_FROM="1.1.4" if check_if_dasharo; then # if v1.1.3 or older, flash the whole bios region @@ -452,6 +453,7 @@ board_config() { # Add capsules: DASHARO_REL_NAME_CAP="$DASHARO_REL_NAME" DASHARO_REL_VER_DPP_CAP="$DASHARO_REL_VER_DPP" + DASHARO_SUPPORT_CAP_FROM="0.9.2" if check_if_dasharo; then # if v0.9.1 or older, flash the whole bios region @@ -637,6 +639,7 @@ board_config() { # Download and versioning variables: DASHARO_REL_NAME_CAP="qemu_q35" DASHARO_REL_VER_CAP="0.2.0" + DASHARO_SUPPORT_CAP_FROM="0.2.0" # TODO: wait till the binaries will be uploaded to the server. BIOS_LINK_COMM_CAP="${FW_STORE_URL}/${DASHARO_REL_NAME_CAP}/v${DASHARO_REL_VER_CAP}/" ;; diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index cd0d82ea..43c4c63e 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -228,12 +228,19 @@ choose_version(){ fi if [ -n "$DASHARO_REL_VER_DPP_CAP" ]; then - if check_for_firmware_access dpp_cap; then - FIRMWARE_VERSION="dpp_cap" + [ -z "$DASHARO_SUPPORT_CAP_FROM" ] && print_error "Variable DASHARO_SUPPORT_CAP_FROM must be set!" - return 0 - else - print_firm_access_warning dpp_cap + # Check, whether currently installed firmware supports Capsule Update ( + # check comments for DASHARO_SUPPORT_CAP_FROM in dts-environment.sh for more + # inf): + if compare_versions "$DASHARO_VERSION" "$DASHARO_SUPPORT_CAP_FROM" ; then + if check_for_firmware_access dpp_cap; then + FIRMWARE_VERSION="dpp_cap" + + return 0 + else + print_firm_access_warning dpp_cap + fi fi fi @@ -248,9 +255,16 @@ choose_version(){ fi if [ -n "$DASHARO_REL_VER_CAP" ]; then - FIRMWARE_VERSION="community_cap" + [ -z "$DASHARO_SUPPORT_CAP_FROM" ] && print_error "Variable DASHARO_SUPPORT_CAP_FROM must be set!" - return 0 + # Check, whether currently installed firmware supports Capsule Update ( + # check comments for DASHARO_SUPPORT_CAP_FROM in dts-environment.sh for more + # inf): + if compare_versions "$DASHARO_VERSION" "$DASHARO_SUPPORT_CAP_FROM" ; then + FIRMWARE_VERSION="community_cap" + + return 0 + fi fi # Last resort: From e85031f1a2919781b61267d9c218130732c1dc26 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 14 Nov 2024 10:23:18 +0100 Subject: [PATCH 51/58] scripts: dasharo-deploy: rework update routine to always reboot Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 43 +++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index 43c4c63e..b7d8a4f7 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -689,6 +689,8 @@ deploy_ec_firmware() { return 0 fi + echo "Updating Embedded Controller firmware. Your computer will power off automatically when done." + # Following command will reset device, so the function will not quit: $DASHARO_ECTOOL flash "$EC_UPDATE_FILE" &>> $ERR_LOG_FILE error_check "Failed to update EC firmware" @@ -1041,29 +1043,28 @@ update_workflow() { # Post update routine: if [ "$HAVE_EC" == "true" ]; then - echo "Updating Embedded Controller firmware. Your computer will power off automatically when done." deploy_ec_firmware update - else - echo -n "Syncing disks... " - sync - echo "Done." - echo "The computer will reboot automatically in 5 seconds" - sleep 0.5 - echo "Rebooting in 5s:" - echo "5..." - sleep 1 - echo "4..." - sleep 1 - echo "3..." - sleep 1 - echo "2..." - sleep 1 - echo "1..." - sleep 0.5 - echo "Rebooting" - sleep 1 - ${REBOOT} fi + + echo -n "Syncing disks... " + sync + echo "Done." + echo "The computer will reboot automatically in 5 seconds" + sleep 0.5 + echo "Rebooting in 5s:" + echo "5..." + sleep 1 + echo "4..." + sleep 1 + echo "3..." + sleep 1 + echo "2..." + sleep 1 + echo "1..." + sleep 0.5 + echo "Rebooting" + sleep 1 + ${REBOOT} } restore() { From 8a2fc2f31340836f8dd851f5b35b740e04ef4b48 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Thu, 14 Nov 2024 11:43:09 +0100 Subject: [PATCH 52/58] include: dts-functions: fix pre-commit warnings Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 6410bb2b..50573c58 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1579,13 +1579,13 @@ send_dts_logs(){ log_dir=$(dmidecode -s system-manufacturer)_$(dmidecode -s system-product-name)_$(dmidecode -s bios-version) - uuid_string="$(cat /sys/class/net/$(ip route show default | head -1 | awk '/default/ {print $5}')/address)" + uuid_string="$(cat /sys/class/net/"$(ip route show default | head -1 | awk '/default/ {print $5}')"/address)" uuid_string+="_$(dmidecode -s system-product-name)" uuid_string+="_$(dmidecode -s system-manufacturer)" uuid=`uuidgen -n @x500 -N $uuid_string -s` - log_dir+="_$uuid_$(date +'%Y_%m_%d_%H_%M_%S_%N')" + log_dir+="_${uuid}_$(date +'%Y_%m_%d_%H_%M_%S_%N')" log_dir="${log_dir// /_}" log_dir="${log_dir//\//_}" log_dir="/tmp/${log_dir}" From 7087b789e0d5d31b461e18c119a98b404f0bb5f6 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 18 Nov 2024 16:13:28 +0100 Subject: [PATCH 53/58] include: dts-subscription: add UEFI Capsule Update Signed-off-by: Daniil Klimuk --- include/dts-subscription.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/include/dts-subscription.sh b/include/dts-subscription.sh index 08b972e9..c710b536 100644 --- a/include/dts-subscription.sh +++ b/include/dts-subscription.sh @@ -41,9 +41,15 @@ check_for_dasharo_firmware() { if [ -n "$BIOS_LINK_DPP" ]; then _check_dwn_req_resp_uefi=$(curl -L -I -s -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP" -o /dev/null -w "%{http_code}") fi + + if [ -n "$BIOS_LINK_DPP_CAP" ]; then + _check_dwn_req_resp_uefi_cap=$(curl -L -I -s -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP_CAP" -o /dev/null -w "%{http_code}") + fi + if [ -n "$HEADS_LINK_DPP" ]; then _check_dwn_req_resp_heads=$(curl -L -I -s -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$HEADS_LINK_DPP" -o /dev/null -w "%{http_code}") fi + if [ -n "$BIOS_LINK_DPP_SEABIOS" ]; then _check_dwn_req_resp_seabios=$(curl -L -I -s -f -u "$USER_DETAILS" -H "$CLOUD_REQUEST" "$BIOS_LINK_DPP_SEABIOS" -o /dev/null -w "%{http_code}") fi @@ -51,7 +57,7 @@ check_for_dasharo_firmware() { _check_logs_req_resp=$(curl -L -I -s -f -H "$CLOUD_REQUEST" "$TEST_LOGS_URL" -o /dev/null -w "%{http_code}") # Return 0 if any of Dasharo Firmware binaries is available: - if [ ${_check_dwn_req_resp_uefi} -eq 200 ] || [ ${_check_dwn_req_resp_heads} -eq 200 ] || [ ${_check_dwn_req_resp_seabios} -eq 200 ]; then + if [ ${_check_dwn_req_resp_uefi} -eq 200 ] || [ ${_check_dwn_req_resp_uefi_cap} -eq 200 ] || [ ${_check_dwn_req_resp_heads} -eq 200 ] || [ ${_check_dwn_req_resp_seabios} -eq 200 ]; then if [ ${_check_logs_req_resp} -eq 200 ]; then print_ok "A Dasharo Firmware binary has been found for your platform!" return 0 From adb410e65ebcd89e925d29059a26d21f5571ac71 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 18 Nov 2024 16:14:52 +0100 Subject: [PATCH 54/58] include: dts-subscription: print warning instead of error Signed-off-by: Daniil Klimuk --- include/dts-subscription.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/dts-subscription.sh b/include/dts-subscription.sh index c710b536..4fe6543d 100644 --- a/include/dts-subscription.sh +++ b/include/dts-subscription.sh @@ -95,9 +95,9 @@ login_to_dpp_server(){ # Check if the user is already logged in, log in if not: if [ -z "$(mc alias list | grep ${CLOUDSEND_DOWNLOAD_URL})" ]; then if ! mc alias set $DPP_SERVER_USER_ALIAS $DPP_SERVER_ADDRESS $CLOUDSEND_DOWNLOAD_URL $CLOUDSEND_PASSWORD >> $ERR_LOG_FILE 2>&1 ; then - print_error "Your credentials do not have access to DPP packages. If you bought one, check the" - print_error "credentials you have used, and contact support. If you did not buy any DPP" - print_error "packages - feel free to continue." + print_warning "Your credentials do not have access to DPP packages. If you bought one, check the" + print_warning "credentials you have used, and contact support. If you did not buy any DPP" + print_warning "packages - feel free to continue." read -p "Press enter to continue" return 1 fi From 750629b88de47a15a054b35bc6a3dfebbfc81414 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 18 Nov 2024 16:15:58 +0100 Subject: [PATCH 55/58] scripts: dasharo-deploy: fix version comparison in update workflow Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index b7d8a4f7..f74d746b 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -980,11 +980,23 @@ update_workflow() { prepare_env update print_ok "Current Dasharo version: $DASHARO_VERSION" - print_ok "Latest available Dasharo version: $UPDATE_VERSION" + print_ok "Latest available Dasharo version for your subscribtion: $UPDATE_VERSION" + # TODO: Why do we separate Heads firmware-related code from other code? A # common way to handle this should be found. - handle_fw_switching $CAN_SWITCH_TO_HEADS + # + # Versions should be compared in case we are not switching to Heads, because + # heads version is not set at this moment, it is being set and compared in + # handle_fw_switching: + if [ "$CAN_SWITCH_TO_HEADS" = "true" ]; then + handle_fw_switching $CAN_SWITCH_TO_HEADS + else + compare_versions $DASHARO_VERSION $UPDATE_VERSION + if [ $? -ne 1 ]; then + error_exit "No update available for your machine" + fi + fi # TODO: It is not a good practice to do some target specific work in the code # of a scallable product, this should be handled in a more scallable way: From 0cd3f0a534297477447b621c5560c6e1e06d7bee Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Mon, 18 Nov 2024 17:05:35 +0100 Subject: [PATCH 56/58] Ask only for enter to continue Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 10 +++++----- include/dts-subscription.sh | 2 +- scripts/dasharo-deploy | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 50573c58..0d425ab0 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1384,7 +1384,7 @@ main_menu_options(){ export DEPLOY_REPORT="false" ${CMD_DASHARO_HCL_REPORT} fi - read -p "Press any key to continue." + read -p "Press enter to continue." return 0 ;; @@ -1439,7 +1439,7 @@ main_menu_options(){ # Use regular update process for everything else ${CMD_DASHARO_DEPLOY} update fi - read -p "Press any key to continue." + read -p "Press enter to continue." return 0 ;; @@ -1451,7 +1451,7 @@ main_menu_options(){ if check_if_dasharo; then ${CMD_DASHARO_DEPLOY} restore fi - read -p "Press any key to continue." + read -p "Press enter to continue." return 0 ;; @@ -1477,7 +1477,7 @@ main_menu_options(){ # Parse installed packages for premium submenus: parse_for_premium_submenu - read -p "Press any key to continue." + read -p "Press enter to continue." return 0 ;; "${DPP_SUBMENU_OPT}") @@ -1530,7 +1530,7 @@ footer_options(){ systemctl start sshd.service print_ok "Listening on IPs: $(ip -br -f inet a show scope global | grep UP | awk '{ print $3 }' | tr '\n' ' ')" fi - read -p "Press any key to continue." + read -p "Press enter to continue." return 0 ;; diff --git a/include/dts-subscription.sh b/include/dts-subscription.sh index 4fe6543d..3a8e9896 100644 --- a/include/dts-subscription.sh +++ b/include/dts-subscription.sh @@ -69,7 +69,7 @@ check_for_dasharo_firmware() { print_warning "have access to Dasharo Firmware. If so, consider getting Dasharo" print_warning "Subscription and improving security of your platform!" - read -p "Press any key to continue" + read -p "Press enter to continue" return 1 } diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index f74d746b..f820ed9f 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -1045,7 +1045,7 @@ update_workflow() { print_warning "This is expected. Run OEM Factory Reset / Re-Ownership to finish deploying Heads." ;; esac - read -p "Press any key to continue" # Make sure the user acknowledges. + read -p "Press enter to continue" # Make sure the user acknowledges. else # Regular update flow print_ok "Successfully updated Dasharo firmware." From 472ab6fff200832a3559d074421d6993d0c483a9 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Wed, 20 Nov 2024 10:23:55 +0100 Subject: [PATCH 57/58] include: dts-subscription: move warning print outside login_to_dpp_server login_to_dpp_server should only try to login, the decision to print warning or not should be done outside this function basing on the output of this function. Otherwise every time the function is being called the warning could be printed too, which is not always wanted. Signed-off-by: Daniil Klimuk --- include/dts-functions.sh | 9 ++++++++- include/dts-subscription.sh | 4 ---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/include/dts-functions.sh b/include/dts-functions.sh index 0d425ab0..f7ef8cdc 100644 --- a/include/dts-functions.sh +++ b/include/dts-functions.sh @@ -1464,7 +1464,14 @@ main_menu_options(){ # Try to log in using available DPP credentials, start loop over if login # was not successful: - login_to_dpp_server || return 0 + login_to_dpp_server + if [ $? -ne 0 ]; then + print_warning "Your credentials do not have access to DPP packages. If you bought one, check the" + print_warning "credentials you have used, and contact support. If you did not buy any DPP" + print_warning "packages - feel free to continue." + read -p "Press enter to continue" + return 0 + fi # Check if there is some packages available to install, start loop over if # no packages is available: diff --git a/include/dts-subscription.sh b/include/dts-subscription.sh index 3a8e9896..71d48a9a 100644 --- a/include/dts-subscription.sh +++ b/include/dts-subscription.sh @@ -95,10 +95,6 @@ login_to_dpp_server(){ # Check if the user is already logged in, log in if not: if [ -z "$(mc alias list | grep ${CLOUDSEND_DOWNLOAD_URL})" ]; then if ! mc alias set $DPP_SERVER_USER_ALIAS $DPP_SERVER_ADDRESS $CLOUDSEND_DOWNLOAD_URL $CLOUDSEND_PASSWORD >> $ERR_LOG_FILE 2>&1 ; then - print_warning "Your credentials do not have access to DPP packages. If you bought one, check the" - print_warning "credentials you have used, and contact support. If you did not buy any DPP" - print_warning "packages - feel free to continue." - read -p "Press enter to continue" return 1 fi fi From fd823a96b5763723c5f29a75d90012bb38a2a286 Mon Sep 17 00:00:00 2001 From: Daniil Klimuk Date: Wed, 20 Nov 2024 11:39:04 +0100 Subject: [PATCH 58/58] scripts: dasharo-deploy: got to handle_fw_switching in case of Heads Signed-off-by: Daniil Klimuk --- scripts/dasharo-deploy | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/dasharo-deploy b/scripts/dasharo-deploy index f820ed9f..64b2d865 100644 --- a/scripts/dasharo-deploy +++ b/scripts/dasharo-deploy @@ -986,10 +986,10 @@ update_workflow() { # TODO: Why do we separate Heads firmware-related code from other code? A # common way to handle this should be found. # - # Versions should be compared in case we are not switching to Heads, because - # heads version is not set at this moment, it is being set and compared in - # handle_fw_switching: - if [ "$CAN_SWITCH_TO_HEADS" = "true" ]; then + # Versions should be compared only in case we are not switching to Heads, + # because heads version is not set at this moment, it is being set and + # compared in handle_fw_switching: + if [ "$CAN_SWITCH_TO_HEADS" = "true" ] || [ "$DASHARO_FLAVOR" == "Dasharo (coreboot+heads)" ]; then handle_fw_switching $CAN_SWITCH_TO_HEADS else compare_versions $DASHARO_VERSION $UPDATE_VERSION