diff --git a/Makefile b/Makefile index fd76b0578..0aa8b244c 100644 --- a/Makefile +++ b/Makefile @@ -87,6 +87,18 @@ $(HEADS_GAWK): $(build)/$(gawk_dir)/.configured $(VERBOSE_REDIRECT) endif +# Some things want usernames, we use the current checkout +# so that they are reproducible +GIT_HASH := $(shell git rev-parse HEAD) +GIT_HASH_SHORT := $(shell git rev-parse --short HEAD) +GIT_BRANCH := $(shell git branch --show-current) +GIT_TAG := $(shell git describe --abbrev=0 --tags) +GIT_STATUS := $(shell \ + if git diff --exit-code >/dev/null ; then \ + echo clean ; \ + else \ + echo dirty ; \ + fi) BOARD ?= qemu-coreboot CONFIG := $(pwd)/boards/$(BOARD)/$(BOARD).config @@ -100,16 +112,6 @@ include $(CONFIG) # Unless otherwise specified, we are building for heads CONFIG_HEADS ?= y -# Some things want usernames, we use the current checkout -# so that they are reproducible -GIT_HASH := $(shell git rev-parse HEAD) -GIT_STATUS := $(shell \ - if git diff --exit-code >/dev/null ; then \ - echo clean ; \ - else \ - echo dirty ; \ - fi) - # record the build date / git hashes and other files here HASHES := $(build)/$(BOARD)/hashes.txt @@ -595,6 +597,8 @@ $(initrd_tmp_dir)/etc/config: FORCE $(call do,HASH,$(GIT_HASH) $(GIT_STATUS) $(BOARD), \ echo export GIT_HASH=\'$(GIT_HASH)\' \ >> $@ ; \ + echo export GIT_TAG=\'$(GIT_TAG)\' \ + >> $@ ; \ echo export GIT_STATUS=$(GIT_STATUS) \ >> $@ ; \ echo export CONFIG_BOARD=$(BOARD) \ diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config index ffcddafb0..d67544f3f 100644 --- a/boards/x230-hotp-verification/x230-hotp-verification.config +++ b/boards/x230-hotp-verification/x230-hotp-verification.config @@ -10,6 +10,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.8.1 export CONFIG_LINUX_VERSION=4.14.62 +#export CONFIG_LINUX_VERSION=4.19.139 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-verification.config CONFIG_LINUX_CONFIG=config/linux-x230.config @@ -48,7 +49,7 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_BOOT_GUI_MENU_NAME="NitroPad X230 Heads Boot Menu (v1.1)" +export CONFIG_BOOT_GUI_MENU_NAME="NitroPad X230 Heads Boot Menu ($(GIT_TAG))" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index 6e2a0840a..818dc4705 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -22,10 +22,11 @@ while true; do ;; f|c ) if (whiptail --title 'Flash the BIOS with a new ROM' \ - --yesno "You will need to insert a USB drive containing your BIOS image (*.rom).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 16 90) then + --yesno "You will need to insert a USB drive containing your BIOS image.\nThe image is either a *.rom file or a *.npf archive.\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 16 90) then mount_usb if grep -q /media /proc/mounts ; then - find /media ! -path '*/\.*' -type f -name '*.rom' | sort > /tmp/filelist.txt + find /media ! -path '*/\.*' -type f -name '*.npf' | sort > /tmp/filelist.txt + find /media ! -path '*/\.*' -type f -name '*.rom' | sort >> /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the ROM to flash" if [ "$FILE" == "" ]; then return @@ -33,6 +34,27 @@ while true; do ROM=$FILE fi + # is a .npf provided? + if [ -z "${ROM##*.npf}" ]; then + # unzip to /tmp/verified_rom + mkdir /tmp/verified_rom + unzip $ROM -d /tmp/verified_rom + # check file integrity + if sha256sum -cs /tmp/verified_rom/sha256sum.txt ; then + ROM="$(head -n1 /tmp/verified_rom/sha256sum.txt | cut -d ' ' -f 3)" + else + whiptail --title 'ROM Integrity Check Failed! ' \ + --msgbox "$ROM integrity check failed. Did not flash.\n\nPlease check your file (e.g. re-download).\n" 16 60 + exit + fi + else + # exit if we shall not proceed + if ! (whiptail $CONFIG_ERROR_BG_COLOR --title 'Flash ROM without integrity check?' \ + --yesno "You have provided a *.rom file. The integrity of the file can not be\nchecked for this file.\nIf you do not know how to check the file integrity yourself,\nyou should use a *.npf file instead.\n\nIf the file is damaged, you will not be able to boot anymore.\nDo you want to proceed flashing without file integrity check?" 16 60) then + exit + fi + fi + if (whiptail --title 'Flash ROM?' \ --yesno "This will replace your current ROM with:\n\n$ROM\n\nDo you want to proceed?" 16 60) then if [ "$menu_choice" == "c" ]; then diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index c6705b090..b1ee1ff78 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -393,7 +393,7 @@ while true; do memtotal=$((${memtotal} / 1024 / 1024 + 1)) cpustr=$(cat /proc/cpuinfo | grep 'model name' | uniq | sed -r 's/\(R\)//;s/\(TM\)//;s/CPU //;s/model name.*: //') whiptail --title 'System Info' \ - --msgbox "VER: NitroPad v1.1\n\nCPU: ${cpustr}\nRAM: ${memtotal} GB\n\n$(fdisk -l | grep -e '/dev/sd.:' -e '/dev/nvme.*:' | sed 's/B,.*/B/')" 16 60 + --msgbox "VER: NitroPad $GIT_TAG ($GIT_HASH)\n\nCPU: ${cpustr}\nRAM: ${memtotal} GB\n\n$(fdisk -l | grep -e '/dev/sd.:' -e '/dev/nvme.*:' | sed 's/B,.*/B/')" 16 60 continue fi diff --git a/modules/coreboot b/modules/coreboot index f9134dac7..58baaa2e7 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -83,6 +83,7 @@ $(build)/$(coreboot_dir)/.build: \ $(build)/$(BOARD)/coreboot.rom: $(build)/$(coreboot_dir)/.build "$(build)/$(coreboot_dir)/cbfstool" "$(dir $<)coreboot.rom" print $(call do-copy,$(dir $<)coreboot.rom,$@) + $(call do-copy,$(dir $<)coreboot.rom,$(build)/$(BOARD)/$(GIT_BRANCH)-$(GIT_TAG)-$(GIT_HASH_SHORT).rom) @touch $@ # update the time stamp #