| commit | 74905117bda7c844c1c14ebc110f1bd5e0bb3663 | [log] [tgz] |
|---|---|---|
| author | Julius Werner <jwerner@chromium.org> | Mon Oct 30 17:58:30 2023 -0700 |
| committer | Felix Held <felix-coreboot@felixheld.de> | Mon Nov 20 14:35:00 2023 +0000 |
| tree | 3e3b9287fc15796c727c6d418364d5b866dbfa0f | |
| parent | 0863f7cdb28cd201e7cd6f399fc90165c4600d7b [diff] |
Update vboot submodule to upstream main
Updating from commit id c59794a6:
2023-11-02 Nicholas Bishop sign_uefi: Support signing via pkcs11
to commit id f2b01bf0:
2023-10-27 Julius Werner firmware: Undeprecate VB2_RECOVERY_FW_GET_FW_BODY
This brings in 66 new commits:
c59794a6 sign_uefi: Support signing via pkcs11
68d4aa4b sign_uefi: Skip private key check if it's a pkcs11 URI
6b9d624b sign_uefi: Pass each key path separately
483f65e4 sign_official_build.sh: properly show errors on loem issues
516ee7bc sign_uefi: Use named args instead of positional
0eec8e25 vboot_reference-sys: Switch from Command to bindgen::Builder
46f5aab8 image_signing: support multiple release names
f13af139 sign_official_build: Sudo invocation within bits of android signing
3f165374 futility: updater: Add optional serial number argument to --ccd
64379cc6 sign_official_build: add --debug flag
7160bf9f 2lib: Fix relocation issue when compiling locally with musl libc
0e27cdff vboot_reference-sys: Add vboot_host.h
2c82e73c Override use_apksigner FLAGS
b43469c7 futility/cmd_show: Support --publickey FW_VBLOCK
0eb4da96 tests/futility: Update kern_preamble.bin as kernel_part.bin
68a03355 tests/futility: Move test_show_vs_verify.sh into test_show_and_verify.sh
8daf1474 tests/futility: Move 'futility show' tests to a separate file
34190e3d futility: Exit with error when metadata hash verification not supported
967aa462 firmware/2lib: Fix function comment for vb2api_get_firmware_size()
f2b01bf0 firmware: Undeprecate VB2_RECOVERY_FW_GET_FW_BODY
ef6d02df futility/vb2_helper: Add missing newline for error messages
886d13d7 PRESUBMIT: switch to cros format
ac2e1a75 host/lib: Decouple openssl headers from HOSTLIB
86ec05f7 futility: updater: Add help info for --quirks
2850244e futility: updater: Abort if the unlock_csme_* is used on a locked device
f1b5c88d devkeys: delete old unused firmware_bmpfv.bin
4444c5fe crossystem: Fix tpm_fwver for fwid < 12935
98ef339f 2lib: Prevent overwriting the value of fw_vboot2
c7517eb4 make_dev_ssd: support ChromeOS Kdump
8e3462cc tlcl: Increase the TPM_BUFFER_SIZE
740a2966 vboot_reference: Drop 'host' usage for 'internal' in flashrom.h
57877a44 vboot: Remove comments about physical dev switch
3401d16c 2lib: Fix typos, comments and formats
fdf52d45 scripts/: Drop deprecated {g,s}et_gbb_flags.sh scripts
bf76e9ee 2lib: Output the correct kernel_version
1ac4663e make_dev_firmware.sh: update pattern for matching wp status
c57ab9f7 2lib: Add recovery reason VB2_RECOVERY_WIDEVINE_PREPARE
e094ba31 tlcl: Reduce the variants of TPM2B
b047600d sign_official_build: support key config for pkcs11
f8712b73 vboot: support signing with pkcs11 private key
17fe786f strip_boot_from_image.sh: sfill fast
6c856cd3 futility/updater: Fix EC software write protection logic
1dc5a421 futility: update: Deprecate --unlock_me by --quirk unlock_csme_nissa
f0d88587 futility: update: Refactor the 'unlock ME' quirk(s)
81429ee9 futility: update: Do not update RO when the AP RO is locked
a3beb737 futility: update: Revise the ordering or quirks
2c1844fa futility: update: Remove unused quirk 'unlock_wilco_me_for_update'
75530d32 tests/futility: Test with new signer_config.csv based firmware updater
cba649fa 2lib: Expose 2hmac
ab015448 2lib: Refactor hmac to vb2_hmac_calculate
3545f8b4 Revert "sign_uefi: Remove exception catching"
55f625a9 dump_fmap: Add offset and size to flash_ec format output
a27ee336 keygeneration: add shellcheck source statements to help linting
055f9aa2 keygeneration: replace_recovery_key.sh: make minios key optional
6cb8ab60 scripts: delete unused values kernel command line
1f76c38b vboot: Drop phone recovery support
ccf6b037 scripts: Legacy fix for set_gbb_flags.sh
8f03069e futility: Add basic README.md
88963df8 utility: Query platform wp status with futility
6c3817d2 utility: Drop cros_alias technical debt in dev_debug_vboot
df85f512 scripts: Drop cros_alias technical debt in make_dev_firmware.sh
7395cd68 futility/updater_utils.c: Match on EC path to prepare for split
52518415 crossystem: Recover corrupted RW_NVRAM on flash writes
81f9ddaf futility/cmd_gbb_utility.md: Add basic GBB subcmd doc
c4995268 futility/: Fix define confusion
69dab5a6 crossystem: Avoid writing duplicate entries to RW_NVRAM
6c37b520 Revert "crossystem: stop supporting legacy chromeos_acpi driver"
Change-Id: Ic7ecdabcdd26df349b8abf1c5a77c806facfe1d8
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78865
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
coreboot is a Free Software project aimed at replacing the proprietary firmware (BIOS/UEFI) found in most computers. coreboot performs the required hardware initialization to configure the system, then passes control to a different executable, referred to in coreboot as the payload. Most often, the primary function of the payload is to boot the operating system (OS).
With the separation of hardware initialization and later boot logic, coreboot is perfect for a wide variety of situations. It can be used for specialized applications that run directly in the firmware, running operating systems from flash, loading custom bootloaders, or implementing firmware standards, like PC BIOS services or UEFI. This flexibility allows coreboot systems to include only the features necessary in the target application, reducing the amount of code and flash space required.
All source code for coreboot is stored in git. It is downloaded with the command:
git clone https://review.coreboot.org/coreboot.git.
Code reviews are done in the project's Gerrit instance.
The code may be browsed via coreboot's Gitiles instance.
The coreboot project also maintains a mirror of the project on github. This is read-only, as coreboot does not accept github pull requests, but allows browsing and downloading the coreboot source.
After the basic initialization of the hardware has been performed, any desired "payload" can be started by coreboot.
See https://doc.coreboot.org/payloads.html for a list of some of coreboot's supported payloads.
The coreboot project supports a wide range of architectures, chipsets, devices, and mainboards. While not all of these are documented, you can find some information in the Architecture-specific documentation or the SOC-specific documentation.
For details about the specific mainboard devices that coreboot supports, please consult the Mainboard-specific documentation or the Board Status pages.
Releases are currently done by coreboot every quarter. The release archives contain the entire coreboot codebase from the time of the release, along with any external submodules. The submodules containing binaries are separated from the general release archives. All of the packages required to build the coreboot toolchains are also kept at coreboot.org in case the websites change, or those specific packages become unavailable in the future.
All releases are available on the coreboot download page.
Please note that the coreboot releases are best considered as snapshots of the codebase, and do not currently guarantee any sort of extra stability.
The coreboot build, associated utilities and payloads require many additional tools and packages to build. The actual coreboot binary is typically built using a coreboot-controlled toolchain to provide reproducibility across various platforms. It is also possible, though not recommended, to make it directly with your system toolchain. Operating systems and distributions come with an unknown variety of system tools and utilities installed. Because of this, it isn't reasonable to list all the required packages to do a build, but the documentation lists the requirements for a few different Linux distributions.
To see the list of tools and libraries, along with a list of instructions to get started building coreboot, go to the Starting from scratch tutorial page.
That same page goes through how to use QEMU to boot the build and see the output.
Further details on the project, as well as links to documentation and more can be found on the coreboot website:
You can contact us directly on the coreboot mailing list:
https://doc.coreboot.org/community/forums.html
There are many files in the coreboot tree that we feel are not copyrightable due to a lack of creative content.
"In order to qualify for copyright protection in the United States, a work must satisfy the originality requirement, which has two parts. The work must have “at least a modicum” of creativity, and it must be the independent creation of its author."
https://guides.lib.umich.edu/copyrightbasics/copyrightability
Similar terms apply to other locations.
These uncopyrightable files include:
As non-creative content, these files are in the public domain by default. As such, the coreboot project excludes them from the project's general license even though they may be included in a final binary.
If there are questions or concerns about this policy, please get in touch with the coreboot project via the mailing list.
The copyright on coreboot is owned by quite a large number of individual developers and companies. A list of companies and individuals with known copyright claims is present at the top level of the coreboot source tree in the 'AUTHORS' file. Please check the git history of each of the source files for details.
Because of the way coreboot began, using a significant amount of source code from the Linux kernel, it's licensed the same way as the Linux Kernel, with GNU General Public License (GPL) Version 2. Individual files are licensed under various licenses, though all are compatible with GPLv2. The resulting coreboot image is licensed under the GPL, version 2. All source files should have an SPDX license identifier at the top for clarification.
Files under coreboot/Documentation/ are licensed under CC-BY 4.0 terms. As an exception, files under Documentation/ with a history older than 2017-05-24 might be under different licenses.
Files in the coreboot/src/commonlib/bsd directory are all licensed with the BSD-3-clause license. Many are also dual-licensed GPL-2.0-only or GPL-2.0-or-later. These files are intended to be shared with libpayload or other BSD licensed projects.
The libpayload project contained in coreboot/payloads/libpayload may be licensed as BSD or GPL, depending on the code pulled in during the build process. All GPL source code should be excluded unless the Kconfig option to include it is set.
Since 2017, coreboot has been a member of The Software Freedom Conservancy, a nonprofit organization devoted to ethical technology and driving initiatives to make technology more inclusive. The conservancy acts as coreboot's fiscal sponsor and legal advisor.