RocketGit

libreboot / lbwww (public) (License: Unspecified) (since 2023-04-11) (hash sha1)

libreboot website (markdown files). https://libreboot.org/

Clone URLs: https://rocketgit.com/user/libreboot/lbwww ssh://rocketgit@ssh.rocketgit.com/user/libreboot/lbwww git://git.rocketgit.com/user/libreboot/lbwww

25.04 25.06 master

List of commits:

Subject	Hash	Author	Date (UTC)
further cleanup	12b4f64b1b6a5495dc74870de3cbda8f8d78d1fc	Leah Rowe	2025-01-03 06:58:04
update the vendorfile injection guide	9d018b474a661b8ca3f69843ce4d2c7702435462	Leah Rowe	2025-01-03 05:24:44
update the freedom-status page	c3ad859ea09a00ad6d2709d109daf1d63ab2bdf3	Leah Rowe	2025-01-03 01:07:20
docs/build: Update fedora38 reference to fedora41	6c57ce1586aebdbc79255f1cc023e3eca1e494b4	Leah Rowe	2025-01-01 17:09:20
XBMK_THREADS, not LBMK_THREADS	4d7f0dbb9dd5ad1c84adc9d40fbb36f44ec5a557	Leah Rowe	2025-01-01 16:53:19
docs/build: Mention MIPS XGCC for PCSX-Redux BIOS	a1ff143fe641f7e79a19372ca5ed0dbf3c3c06f3	Leah Rowe	2025-01-01 16:52:00
correction	2c7d4c4df855f85f18ef5998b54ce423d543bfa4	Leah Rowe	2024-12-31 23:58:10
another typo	965baf9bb0b16f10bd9cefc2bcd4115ca7408246	Leah Rowe	2024-12-31 21:46:55
remove obsolete note	c5273bc020247c78a3e406df2b330d1c7ed04506	Leah Rowe	2024-12-31 21:44:38
t's eCryptfs, not cryptfs	ab51fb8ba6ad6b938ae4f22d46c49c9cd426db55	Leah Rowe	2024-12-31 21:43:01
docs/build,ivy_common: mention cryptfs bug	8cdb2f257cca740e90d06e9b3fdaa6974a71c835	Leah Rowe	2024-12-31 20:27:34
document t480/3050 pmc config	3b55fca2c913f5875860fc1397f0b316aa249727	Leah Rowe	2024-12-31 15:44:26
mention refcode fix for hp 820 g2	32c80dae9c9f370cbf205dae409dbd17d7a3591f	Leah Rowe	2024-12-31 15:20:18
install/spi: Document the Raspberry Pi Pico 2	935e5aec1413a7b2d3ddff7d67c8a2974ea5c024	Leah Rowe	2024-12-30 17:28:53
t480 uart: mention the 115200 baud rate	0893abd63554d6b71a0b756e0dba7d2ad0428ef4	Leah Rowe	2024-12-30 16:09:16
Rewrote the T480 thunderbolt flashing instructions	bf443e2e4d1cb0f69ff7cbabc7a79a40aaf26736	Leah Rowe	2024-12-29 18:04:10
Notes pertaining to T480/3050 FSP licensing	19fab472018d2f8315b0236f163b7c7725f575be	Leah Rowe	2024-12-29 16:56:19
also mention that they are 0201 jumpers	6447f5d1831f0b431f7f8ff824b403b4c9c73c73	Leah Rowe	2024-12-29 15:33:54
jumpers, not jumpjumpers, not jumpss	58bab1695b02f1bc5045479330f262a3e8a3a957	Leah Rowe	2024-12-29 15:15:17
thoUART t480	007136a010c4d620d381532914e0d0b60eb79b72	Leah Rowe	2024-12-29 15:12:25

Commit 12b4f64b1b6a5495dc74870de3cbda8f8d78d1fc - further cleanup

i moved the section about fsp injection to the actual
vendor inject guide

and i've generally cleaned up the documentation

Signed-off-by: Leah Rowe <info@minifree.org>

Author: Leah Rowe
Author date (UTC): 2025-01-03 06:58
Committer name: Leah Rowe
Committer date (UTC): 2025-01-03 06:58
Parent(s): 9d018b474a661b8ca3f69843ce4d2c7702435462
Signer:
Signing key:
Signing status: N
Tree: 72548fee8f69f88c5f62ec271a643d9e37c194d5

File	Lines added	Lines deleted
site/docs/build/index.md	2	3
site/docs/build/index.uk.md	2	3
site/docs/install/d945gclf.md	3	3
site/docs/install/dell3050.md	3	61
site/docs/install/dell7010.md	3	3
site/docs/install/dell780.md	4	4
site/docs/install/dell9020.md	4	4
site/docs/install/ga-g41m-es2l.md	3	3
site/docs/install/hp2170p.md	3	3
site/docs/install/hp8200sff.md	3	3
site/docs/install/hp820g2.md	3	3
site/docs/install/hp8460p.md	3	3
site/docs/install/hp8470p.md	3	3
site/docs/install/hp8560w.md	3	3
site/docs/install/ich9utils.md	2	1
site/docs/install/ivy_has_common.md	74	4
site/docs/install/kfsn4-dre.md	3	3
site/docs/install/macbook21.md	3	3
site/docs/install/r400.md	3	3
site/docs/install/t1650.md	3	3
site/docs/install/t400.md	3	3
site/docs/install/t480.md	3	70
site/docs/install/t500.md	3	3
site/docs/install/x200.md	3	3
site/faq.md	4	0
site/faq.uk.md	6	0
site/news/audit3.md	1	1
site/news/libreboot20231021.md	2	2
site/news/libreboot20240126.md	1	1
site/news/libreboot20240612.md	5	5
site/news/policy.de.md	2	2
site/news/policy.md	3	3
site/news/safety.md	41	2
site/tasks/index.md	1	1

File site/docs/build/index.md changed (mode: 100644) (index 8508c9a..201c455)
...	...	WARNING: eCryptfs file name limits
9	9	Do not run the build system on a eCryptfs file system, because it has	Do not run the build system on a eCryptfs file system, because it has
10	10	very short file name limits and Libreboot's build system deals with very	very short file name limits and Libreboot's build system deals with very
11	11	long file names. We commonly get reports from this by Linux Mint users	long file names. We commonly get reports from this by Linux Mint users
12		who encrypt their home directory with cryptfs; use a serious distro like
13		Debian or Arch please. And use a decent file system; ZFS or perhaps LUKS
14		with btrfs will do nicely.
	12		who encrypt their home directory with eCryptfs; regular LUKS encryption will
	13		do nicely.
15	14
16	15	Introduction	Introduction
17	16	============	============

File site/docs/build/index.uk.md changed (mode: 100644) (index 21f727c..a1cca95)
...	...	WARNING: eCryptfs file name limits
9	9	Do not run the build system on a eCryptfs file system, because it has	Do not run the build system on a eCryptfs file system, because it has
10	10	very short file name limits and Libreboot's build system deals with very	very short file name limits and Libreboot's build system deals with very
11	11	long file names. We commonly get reports from this by Linux Mint users	long file names. We commonly get reports from this by Linux Mint users
12		who encrypt their home directory with cryptfs; use a serious distro like
13		Debian or Arch please. And use a decent file system; ZFS or perhaps LUKS
14		with btrfs will do nicely.
	12		who encrypt their home directory with eCryptfs; regular LUKS encryption will
	13		do nicely.
15	14
16	15	Introduction	Introduction
17	16	============	============

File site/docs/install/d945gclf.md changed (mode: 100644) (index d1aad19..7254918)
...	...	x-toc-enable: true
24	24	\| Flash chip \| SOIC-8 512KiB \|	\| Flash chip \| SOIC-8 512KiB \|
25	25
26	26	```	```
27		W+: Works without blobs;
	27		W+: Works without vendor firmware;
28	28	N: Doesn't work;	N: Doesn't work;
29		W*: Works with blobs;
	29		W*: Works with vendor firmware;
30	30	U: Untested;	U: Untested;
31	31	P+: Partially works;	P+: Partially works;
32		P*: Partially works with blobs
	32		P*: Partially works with vendor firmware
33	33	```	```
34	34
35	35	\| *Features* \| \| Notes \|	\| *Features* \| \| Notes \|

File site/docs/install/dell3050.md changed (mode: 100644) (index 2581234..7bb6198)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
28	28
29	29
30	30	```	```
31		W+: Works without blobs;
	31		W+: Works without vendor firmware;
32	32	N: Doesn't work;	N: Doesn't work;
33		W*: Works with blobs;
	33		W*: Works with vendor firmware;
34	34	U: Untested;	U: Untested;
35	35	P+: Partially works;	P+: Partially works;
36		P*: Partially works with blobs
	36		P*: Partially works with vendor firmware
37	37	?: UNKNOWN AT THIS TIME	?: UNKNOWN AT THIS TIME
38	38	```	```
39	39

...	...	SMT is rarely of benefit in practise, but can be useful in some circumstances.
237	237	For example, if you're compiling a large codebase from source that takes hours,	For example, if you're compiling a large codebase from source that takes hours,
238	238	SMT increases the building speed by about 15 percent; for example, a 3 hour	SMT increases the building speed by about 15 percent; for example, a 3 hour
239	239	build job might take about 2 hours and 40 minutes instead.	build job might take about 2 hours and 40 minutes instead.
240
241		Intel FSP copyright
242		===================
243
244		Abstract
245		--------
246
247		The initial Libreboot 20241206 release included Intel FSP directly inside the
248		ROM images. Intel provides the FSP under a license which states (and I
249		paraphrase): you must not modify it, but you can redistribute it freely, so
250		long as the license notice is retained.
251
252		The FSP is a concatenation of three modules: FSP-T, FSP-S and FSP-M. T basically
253		does CAR, S is essentially romstage components, and M is raminit. Due to how
254		coreboot works, these components must be split into single components. Coreboot
255		doesn't use T by default (it implements CAR itself), but has the option to
256		use it. It will use M and S, only.
257
258		Technically, the process of splitting FSP into these three files counts as
259		a modification. Furthermore, coreboot also rebases the M module by modifying
260		certain pointers, so that it can integrate with coreboot to provide raminit.
261
262		Intel themselves own the copyright to the tool for splitting FSP,
263		at `3rdparty/fsp/Tools/SplitFspBin.py`, and it seems that they do intend for
264		the FSP to be used this way. However, until now, those using the Intel FSP
265		have built coreboot images from source, so the issue of modified distributions
266		didn't come up.
267
268		By the strictest possible interpretation of Intel's licensing, Libreboot was
269		technically in violation. To mitigate this, Libreboot 20241206 revision 8 and
270		newer, will no longer include the Intel FSP inside images. Instead, the vendor
271		inject script is used for inserting the FSP into release images, which is what
272		we already do for several other components.
273
274		`_fsp` vs `_vfsp` targets
275		-------------------------
276
277		The original 20241206 release images had `_fsp` in the file name. From rev8
278		onward, `_vfsp` is specified instead.
279
280		Libreboot's inject script verifies checksums on files, when inserting into the
281		images. Because of this, if we inject FSP after the fact, that means anyone
282		using the old images will find errors when they try.
283
284		To mitigate this, the build targets containing `_fsp` in the name have been
285		retained, but these targets are set `release="n"` so that no ROM images are
286		provided in releases. The `_vfsp` images are provided pre-compiled, instead.
287
288		With this re-design, modern lbmk (from Libreboot 20241206 rev8 onward) can still
289		reliably inject Intel ME into the old `_fsp` images, if you already downloaded
290		those before.
291
292		It is extremely unlikely that Intel would have ever cracked down on Libreboot
293		for its previous mistake, since many other projects exist that include FSP
294		directly in coreboot images, even commercially. However, Libreboot wishes to
295		respect Intel's license, in the
296		most [technically correct](https://www.youtube.com/watch?v=0ZEuWJ4muYc) way
297		possible.

File site/docs/install/dell7010.md changed (mode: 100644) (index dc4fb1e..08a1d44)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
33	33
34	34
35	35	```	```
36		W+: Works without blobs;
	36		W+: Works without vendor firmware;
37	37	N: Doesn't work;	N: Doesn't work;
38		W*: Works with blobs;
	38		W*: Works with vendor firmware;
39	39	U: Untested;	U: Untested;
40	40	P+: Partially works;	P+: Partially works;
41		P*: Partially works with blobs
	41		P*: Partially works with vendor firmware
42	42	?: UNKNOWN AT THIS TIME	?: UNKNOWN AT THIS TIME
43	43	```	```
44	44

File site/docs/install/dell780.md changed (mode: 100644) (index 1772b11..22e4a37)
...	...	Dell OptiPlex 780
29	29
30	30
31	31	```	```
32		W+: Works without blobs;
	32		W+: Works without vendor firmware;
33	33	N: Doesn't work;	N: Doesn't work;
34		W*: Works with blobs;
	34		W*: Works with vendor firmware;
35	35	U: Untested;	U: Untested;
36	36	P+: Partially works;	P+: Partially works;
37		P*: Partially works with blobs
	37		P*: Partially works with vendor firmware
38	38	?: UNKNOWN AT THIS TIME	?: UNKNOWN AT THIS TIME
39	39	```	```
40	40

...	...	lack `_truncate` in the file name.
78	78	100% FREE	100% FREE
79	79	=========	=========
80	80
81		This mainboard does not rely on any binary blobs in the flash. It is using
	81		This mainboard is entirely free software in the main boot flash. It is using
82	82	the Intel X4X / ICH10 platform, same as on the already supported	the Intel X4X / ICH10 platform, same as on the already supported
83	83	Gigabyte GA-G41M-ES2L mainboard.	Gigabyte GA-G41M-ES2L mainboard.
84	84

File site/docs/install/dell9020.md changed (mode: 100644) (index a573869..e1baa8a)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
37	37
38	38
39	39	```	```
40		W+: Works without blobs;
	40		W+: Works without vendor firmware;
41	41	N: Doesn't work;	N: Doesn't work;
42		W*: Works with blobs;
	42		W*: Works with vendor firmware;
43	43	U: Untested;	U: Untested;
44	44	P+: Partially works;	P+: Partially works;
45		P*: Partially works with blobs
	45		P*: Partially works with vendor firmware
46	46	?: UNKNOWN AT THIS TIME	?: UNKNOWN AT THIS TIME
47	47	```	```
48	48

...	...	Please note however that the native raminit (libre raminit) provided by
84	84	Libreboot does not yet support ECC. You may be able to use ECC modules,	Libreboot does not yet support ECC. You may be able to use ECC modules,
85	85	but you won't actually have functioning ECC.	but you won't actually have functioning ECC.
86	86
87		ECC support currently requires `mrc.bin`, which is a blob for raminit.
	87		ECC support currently requires `mrc.bin`, which is vendor firmware for raminit.
88	88	Libreboot removed this some time ago, instead favouring only the libre raminit.	Libreboot removed this some time ago, instead favouring only the libre raminit.
89	89	Patches are welcome, otherwise you can use an older revision of Libreboot	Patches are welcome, otherwise you can use an older revision of Libreboot
90	90	with `mrc.bin` if you need ECC; it's unknown whether both the Haswell and	with `mrc.bin` if you need ECC; it's unknown whether both the Haswell and

File site/docs/install/ga-g41m-es2l.md changed (mode: 100644) (index a1398cf..ecf1fa7)
...	...	GA-G41M-ES2L
24	24	\| Flash chip \| 2x8Mbit \|	\| Flash chip \| 2x8Mbit \|
25	25
26	26	```	```
27		W+: Works without blobs;
	27		W+: Works without vendor firmware;
28	28	N: Doesn't work;	N: Doesn't work;
29		W*: Works with blobs;
	29		W*: Works with vendor firmware;
30	30	U: Untested;	U: Untested;
31	31	P+: Partially works;	P+: Partially works;
32		P*: Partially works with blobs
	32		P*: Partially works with vendor firmware
33	33	```	```
34	34
35	35	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/hp2170p.md changed (mode: 100644) (index 90c233b..a1e53f1)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
30	30
31	31
32	32	```	```
33		W+: Works without blobs;
	33		W+: Works without vendor firmware;
34	34	N: Doesn't work;	N: Doesn't work;
35		W*: Works with blobs;
	35		W*: Works with vendor firmware;
36	36	U: Untested;	U: Untested;
37	37	P+: Partially works;	P+: Partially works;
38		P*: Partially works with blobs
	38		P*: Partially works with vendor firmware
39	39	```	```
40	40
41	41	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/hp8200sff.md changed (mode: 100644) (index 7e00111..83239e2)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
26	26	\| Flash chip \| SOIC-8 8MiB \|	\| Flash chip \| SOIC-8 8MiB \|
27	27
28	28	```	```
29		W+: Works without blobs;
	29		W+: Works without vendor firmware;
30	30	N: Doesn't work;	N: Doesn't work;
31		W*: Works with blobs;
	31		W*: Works with vendor firmware;
32	32	U: Untested;	U: Untested;
33	33	P+: Partially works;	P+: Partially works;
34		P*: Partially works with blobs
	34		P*: Partially works with vendor firmware
35	35	```	```
36	36
37	37	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/hp820g2.md changed (mode: 100644) (index afd6454..e8da1b2)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
35	35
36	36
37	37	```	```
38		W+: Works without blobs;
	38		W+: Works without vendor firmware;
39	39	N: Doesn't work;	N: Doesn't work;
40		W*: Works with blobs;
	40		W*: Works with vendor firmware;
41	41	U: Untested;	U: Untested;
42	42	P+: Partially works;	P+: Partially works;
43		P*: Partially works with blobs
	43		P*: Partially works with vendor firmware
44	44	```	```
45	45
46	46	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/hp8460p.md changed (mode: 100644) (index 414a78e..f4a7c22)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
31	31
32	32
33	33	```	```
34		W+: Works without blobs;
	34		W+: Works without vendor firmware;
35	35	N: Doesn't work;	N: Doesn't work;
36		W*: Works with blobs;
	36		W*: Works with vendor firmware;
37	37	U: Untested;	U: Untested;
38	38	P+: Partially works;	P+: Partially works;
39		P*: Partially works with blobs
	39		P*: Partially works with vendor firmware
40	40	```	```
41	41
42	42	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/hp8470p.md changed (mode: 100644) (index 85afd7f..0997c8b)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
31	31
32	32
33	33	```	```
34		W+: Works without blobs;
	34		W+: Works without vendor firmware;
35	35	N: Doesn't work;	N: Doesn't work;
36		W*: Works with blobs;
	36		W*: Works with vendor firmware;
37	37	U: Untested;	U: Untested;
38	38	P+: Partially works;	P+: Partially works;
39		P*: Partially works with blobs
	39		P*: Partially works with vendor firmware
40	40	```	```
41	41
42	42	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/hp8560w.md changed (mode: 100644) (index e5a261a..ebd7eca)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
31	31
32	32
33	33	```	```
34		W+: Works without blobs;
	34		W+: Works without vendor firmware;
35	35	N: Doesn't work;	N: Doesn't work;
36		W*: Works with blobs;
	36		W*: Works with vendor firmware;
37	37	U: Untested;	U: Untested;
38	38	P+: Partially works;	P+: Partially works;
39		P*: Partially works with blobs
	39		P*: Partially works with vendor firmware
40	40	```	```
41	41
42	42	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/ich9utils.md changed (mode: 100644) (index 2be3496..20c2625)
...	...	can modify the ifd file with coreboot's ifdtool. You can use nvmutil to modify
10	10	the GbE NVM MAC address**	the GbE NVM MAC address**
11	11
12	12	**If all you want to do is change the MAC address, you might use `nvmutil`	**If all you want to do is change the MAC address, you might use `nvmutil`
13		instead. See: [nvmutil documentation](../install/nvmutil.md).**
	13		instead. See: [nvmutil documentation](../install/nvmutil.md), or use
	14		the [inject script](ivy_has_common.md).**
14	15
15	16	The documentation below is still valid, if you actually want to use ich9utils.	The documentation below is still valid, if you actually want to use ich9utils.
16	17	You can find it in older Libreboot releases, up to Libreboot 20230625. The only	You can find it in older Libreboot releases, up to Libreboot 20230625. The only

File site/docs/install/ivy_has_common.md changed (mode: 100644) (index c7fc9de..ee877d1)
...	...	recovery via [external flashing](spi.md) - regardless, you are advised to
10	10	also read the external flashing guide just in caes, and have an external	also read the external flashing guide just in caes, and have an external
11	11	flasher handy in case you need it.**	flasher handy in case you need it.**
12	12
	13		Even if your board doesn't need vendor firmware inserted, you can also use this
	14		guide to change the GbE MAC address in the flash, if your board has an Intel
	15		Gigabit Ethernet device (where an Intel Flash Descriptor is used).
	16
13	17	WARNING: eCryptfs file name limits	WARNING: eCryptfs file name limits
14	18	=================================	=================================
15	19
16	20	Do not run the build system on a eCryptfs file system, because it has	Do not run the build system on a eCryptfs file system, because it has
17	21	very short file name limits and Libreboot's build system deals with very	very short file name limits and Libreboot's build system deals with very
18	22	long file names. We commonly get reports from this by Linux Mint users	long file names. We commonly get reports from this by Linux Mint users
19		who encrypt their home directory with cryptfs; use a serious distro like
20		Debian or Arch please. And use a decent file system; ZFS or perhaps LUKS
21		with btrfs will do nicely.
	23		who encrypt their home directory with eCryptfs; regular LUKS encryption will
	24		do nicely.
22	25
23	26	Install build dependencies first	Install build dependencies first
24	27	================================	================================

...	...	boards, for certain functionalities; we cover this more thoroughly in
41	44	the [Freedom Status](../../freedom-status.md) page and in the [Binary Blob	the [Freedom Status](../../freedom-status.md) page and in the [Binary Blob
42	45	Reduction Policy](../../news/policy.md).	Reduction Policy](../../news/policy.md).
43	46
44		Libreboot can't directly distribute all of these blobs, so some of them are
	47		Libreboot can't directly distribute all of these files, so some of them are
45	48	downloaded at build-time, and processed for insertion into the firmware images.	downloaded at build-time, and processed for insertion into the firmware images.
46	49	**On pre-compiled ROM images in releases, these files are removed, and can be	**On pre-compiled ROM images in releases, these files are removed, and can be
47	50	re-added using the same automation that was applied during the build process.**	re-added using the same automation that was applied during the build process.**

...	...	You'll note the small size of the Intel ME, e.g. 84KB on sandybridge platforms.
238	241	This is because lbmk automatically neuters it, disabling it during	This is because lbmk automatically neuters it, disabling it during
239	242	early boot. This is done using `me_cleaner`, which lbmk imports.	early boot. This is done using `me_cleaner`, which lbmk imports.
240	243
	244		Intel FSP copyright
	245		===================
	246
	247		If you just want to inject Intel FSP and ME into your image, ready for
	248		flashing, please read [the guide](ivy_has_common.md).
	249
	250		Abstract
	251		--------
	252
	253		The initial Libreboot 20241206 release included Intel FSP directly inside the
	254		ROM images. Intel provides the FSP under a license which states (and I
	255		paraphrase): you must not modify it, but you can redistribute it freely, so
	256		long as the license notice is retained.
	257
	258		The FSP is a concatenation of three modules: FSP-T, FSP-S and FSP-M. T basically
	259		does CAR, S is essentially romstage components, and M is raminit. Due to how
	260		coreboot works, these components must be split into single components. Coreboot
	261		doesn't use T by default (it implements CAR itself), but has the option to
	262		use it. It will use M and S, only.
	263
	264		Technically, the process of splitting FSP into these three files counts as
	265		a modification. Furthermore, coreboot also rebases the M module by modifying
	266		certain pointers, so that it can integrate with coreboot to provide raminit.
	267
	268		Intel themselves own the copyright to the tool for splitting FSP,
	269		at `3rdparty/fsp/Tools/SplitFspBin.py`, and it seems that they do intend for
	270		the FSP to be used this way. However, until now, those using the Intel FSP
	271		have built coreboot images from source, so the issue of modified distributions
	272		didn't come up.
	273
	274		By the strictest possible interpretation of Intel's licensing, Libreboot was
	275		technically in violation. To mitigate this, Libreboot 20241206 revision 8 and
	276		newer, will no longer include the Intel FSP inside images. Instead, the vendor
	277		inject script is used for inserting the FSP into release images, which is what
	278		we already do for several other components.
	279
	280		`_fsp` vs `_vfsp` targets
	281		-------------------------
	282
	283		The original 20241206 release images had `_fsp` in the file name. From rev8
	284		onward, `_vfsp` is specified instead.
	285
	286		Libreboot's inject script verifies checksums on files, when inserting into the
	287		images. Because of this, if we inject FSP after the fact, that means anyone
	288		using the old images will find errors when they try.
	289
	290		To mitigate this, the build targets containing `_fsp` in the name have been
	291		retained, but these targets are set `release="n"` so that no ROM images are
	292		provided in releases. The `_vfsp` images are provided pre-compiled, instead.
	293
	294		With this re-design, modern lbmk (from Libreboot 20241206 rev8 onward) can still
	295		reliably inject Intel ME into the old `_fsp` images, if you already downloaded
	296		those before.
	297
	298		Therefore, you must be especially careful to get this right. If you're running
	299		the inject script into a tarball, it will generally detect the right one, but
	300		inserting manually into individual image files is also possible; if you do this,
	301		you must remember to correctly specify `t480_vfsp_16mb` or `t480s_vfsp_16mb`,
	302		or to specify the `_fsp` targets if you're doing this on older images.
	303
	304		It is extremely unlikely that Intel would have ever cracked down on Libreboot
	305		for its previous mistake, since many other projects exist that include FSP
	306		directly in coreboot images, even commercially. However, Libreboot wishes to
	307		respect Intel's license, in the
	308		most [technically correct](https://www.youtube.com/watch?v=0ZEuWJ4muYc) way
	309		possible.
	310
241	311	Errata	Errata
242	312	======	======
243	313

File site/docs/install/kfsn4-dre.md changed (mode: 100644) (index 21c979d..d5e854a)
...	...	x-toc-enable: true
24	24	\| Flash chip \| PLCC 1MiB (Upgradable to 2MiB) \|	\| Flash chip \| PLCC 1MiB (Upgradable to 2MiB) \|
25	25
26	26	```	```
27		W+: Works without blobs;
	27		W+: Works without vendor firmware;
28	28	N: Doesn't work;	N: Doesn't work;
29		W*: Works with blobs;
	29		W*: Works with vendor firmware;
30	30	U: Untested;	U: Untested;
31	31	P+: Partially works;	P+: Partially works;
32		P*: Partially works with blobs
	32		P*: Partially works with vendor firmware
33	33	```	```
34	34
35	35	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/macbook21.md changed (mode: 100644) (index 3be1fb5..52e2cac)
...	...	x-toc-enable: true
27	27	\| Flash chip \| SOIC-8 2MiB (Upgradable to 16MiB) \|	\| Flash chip \| SOIC-8 2MiB (Upgradable to 16MiB) \|
28	28
29	29	```	```
30		W+: Works without blobs;
	30		W+: Works without vendor firmware;
31	31	N: Doesn't work;	N: Doesn't work;
32		W*: Works with blobs;
	32		W*: Works with vendor firmware;
33	33	U: Untested;	U: Untested;
34	34	P+: Partially works;	P+: Partially works;
35		P*: Partially works with blobs
	35		P*: Partially works with vendor firmware
36	36	```	```
37	37
38	38	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/r400.md changed (mode: 100644) (index 5c5fa71..875bddb)
...	...	x-toc-enable: true
28	28	\| Flash chip \| SOIC-8/SOIC-16 4MiB/8MiB (Upgradable to 16MiB) \|	\| Flash chip \| SOIC-8/SOIC-16 4MiB/8MiB (Upgradable to 16MiB) \|
29	29
30	30	```	```
31		W+: Works without blobs;
	31		W+: Works without vendor firmware;
32	32	N: Doesn't work;	N: Doesn't work;
33		W*: Works with blobs;
	33		W*: Works with vendor firmware;
34	34	U: Untested;	U: Untested;
35	35	P+: Partially works;	P+: Partially works;
36		P*: Partially works with blobs
	36		P*: Partially works with vendor firmware
37	37	```	```
38	38
39	39	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/t1650.md changed (mode: 100644) (index 6f10b0e..84b410a)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
29	29
30	30
31	31	```	```
32		W+: Works without blobs;
	32		W+: Works without vendor firmware;
33	33	N: Doesn't work;	N: Doesn't work;
34		W*: Works with blobs;
	34		W*: Works with vendor firmware;
35	35	U: Untested;	U: Untested;
36	36	P+: Partially works;	P+: Partially works;
37		P*: Partially works with blobs
	37		P*: Partially works with vendor firmware
38	38	?: UNKNOWN AT THIS TIME	?: UNKNOWN AT THIS TIME
39	39	```	```
40	40

File site/docs/install/t400.md changed (mode: 100644) (index 8af030d..62a67da)
...	...	x-toc-enable: true
27	27	\| Flash chip \| SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable	\| Flash chip \| SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable
28	28	to 16MiB) \|	to 16MiB) \|
29	29	```	```
30		W+: Works without blobs;
	30		W+: Works without vendor firmware;
31	31	N: Doesn't work;	N: Doesn't work;
32		W*: Works with blobs;
	32		W*: Works with vendor firmware;
33	33	U: Untested;	U: Untested;
34	34	P+: Partially works;	P+: Partially works;
35		P*: Partially works with blobs
	35		P*: Partially works with vendor firmware
36	36	```	```
37	37
38	38	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/t480.md changed (mode: 100644) (index 8cd01ba..8580165)
...	...	OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)**
32	32
33	33
34	34	```	```
35		W+: Works without blobs;
	35		W+: Works without vendor firmware;
36	36	N: Doesn't work;	N: Doesn't work;
37		W*: Works with blobs;
	37		W*: Works with vendor firmware;
38	38	U: Untested;	U: Untested;
39	39	P+: Partially works;	P+: Partially works;
40		P*: Partially works with blobs
	40		P*: Partially works with vendor firmware
41	41	?: UNKNOWN AT THIS TIME	?: UNKNOWN AT THIS TIME
42	42	```	```
43	43

...	...	This should also be the case for the T480s.
707	707	If you encounter this issue, check\	If you encounter this issue, check\
708	708	[this page](../../faq.md#thinkpad-acpi)	[this page](../../faq.md#thinkpad-acpi)
709	709	for details as to how to fix this.	for details as to how to fix this.
710
711		Intel FSP copyright
712		===================
713
714		If you just want to inject Intel FSP and ME into your image, ready for
715		flashing, please read [the guide](ivy_has_common.md).
716
717		Abstract
718		--------
719
720		The initial Libreboot 20241206 release included Intel FSP directly inside the
721		ROM images. Intel provides the FSP under a license which states (and I
722		paraphrase): you must not modify it, but you can redistribute it freely, so
723		long as the license notice is retained.
724
725		The FSP is a concatenation of three modules: FSP-T, FSP-S and FSP-M. T basically
726		does CAR, S is essentially romstage components, and M is raminit. Due to how
727		coreboot works, these components must be split into single components. Coreboot
728		doesn't use T by default (it implements CAR itself), but has the option to
729		use it. It will use M and S, only.
730
731		Technically, the process of splitting FSP into these three files counts as
732		a modification. Furthermore, coreboot also rebases the M module by modifying
733		certain pointers, so that it can integrate with coreboot to provide raminit.
734
735		Intel themselves own the copyright to the tool for splitting FSP,
736		at `3rdparty/fsp/Tools/SplitFspBin.py`, and it seems that they do intend for
737		the FSP to be used this way. However, until now, those using the Intel FSP
738		have built coreboot images from source, so the issue of modified distributions
739		didn't come up.
740
741		By the strictest possible interpretation of Intel's licensing, Libreboot was
742		technically in violation. To mitigate this, Libreboot 20241206 revision 8 and
743		newer, will no longer include the Intel FSP inside images. Instead, the vendor
744		inject script is used for inserting the FSP into release images, which is what
745		we already do for several other components.
746
747		`_fsp` vs `_vfsp` targets
748		-------------------------
749
750		The original 20241206 release images had `_fsp` in the file name. From rev8
751		onward, `_vfsp` is specified instead.
752
753		Libreboot's inject script verifies checksums on files, when inserting into the
754		images. Because of this, if we inject FSP after the fact, that means anyone
755		using the old images will find errors when they try.
756
757		To mitigate this, the build targets containing `_fsp` in the name have been
758		retained, but these targets are set `release="n"` so that no ROM images are
759		provided in releases. The `_vfsp` images are provided pre-compiled, instead.
760
761		With this re-design, modern lbmk (from Libreboot 20241206 rev8 onward) can still
762		reliably inject Intel ME into the old `_fsp` images, if you already downloaded
763		those before.
764
765		Therefore, you must be especially careful to get this right. If you're running
766		the inject script into a tarball, it will generally detect the right one, but
767		inserting manually into individual image files is also possible; if you do this,
768		you must remember to correctly specify `t480_vfsp_16mb` or `t480s_vfsp_16mb`,
769		or to specify the `_fsp` targets if you're doing this on older images.
770
771		It is extremely unlikely that Intel would have ever cracked down on Libreboot
772		for its previous mistake, since many other projects exist that include FSP
773		directly in coreboot images, even commercially. However, Libreboot wishes to
774		respect Intel's license, in the
775		most [technically correct](https://www.youtube.com/watch?v=0ZEuWJ4muYc) way
776		possible.

File site/docs/install/t500.md changed (mode: 100644) (index 78014f8..5226153)
...	...	x-toc-enable: true
27	27	\| Flash chip \| SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable	\| Flash chip \| SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable
28	28	to 16MiB) \|	to 16MiB) \|
29	29	```	```
30		W+: Works without blobs;
	30		W+: Works without vendor firmware;
31	31	N: Doesn't work;	N: Doesn't work;
32		W*: Works with blobs;
	32		W*: Works with vendor firmware;
33	33	U: Untested;	U: Untested;
34	34	P+: Partially works;	P+: Partially works;
35		P*: Partially works with blobs
	35		P*: Partially works with vendor firmware
36	36	```	```
37	37
38	38	\| *Features* \| \|	\| *Features* \| \|

File site/docs/install/x200.md changed (mode: 100644) (index e9ce29d..8c65f11)
...	...	x-toc-enable: true
25	25	\| Flash chip \| SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable	\| Flash chip \| SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable
26	26	to 16MiB) \|	to 16MiB) \|
27	27	```	```
28		W+: Works without blobs;
	28		W+: Works without vendor firmware;
29	29	N: Doesn't work;	N: Doesn't work;
30		W*: Works with blobs;
	30		W*: Works with vendor firmware;
31	31	U: Untested;	U: Untested;
32	32	P+: Partially works;	P+: Partially works;
33		P*: Partially works with blobs
	33		P*: Partially works with vendor firmware
34	34	```	```
35	35
36	36	\| *Features* \| \|	\| *Features* \| \|

File site/faq.md changed (mode: 100644) (index bc6c583..8a0e0db)
...	...	This may result the following effects, including or not limited to:
679	679	* Fan speed reporting not working	* Fan speed reporting not working
680	680	* Fan control not working	* Fan control not working
681	681
	682		**However, enabling it on the ThinkPad T480 may cause the following issues,
	683		as of Libreboot 20241206rev8: it might turn off rfkill making you have to
	684		manually unblock wlan, and the Fn keys through F9 to F12 may stop working.**
	685
682	686	For these systems, add the line	For these systems, add the line
683	687
684	688	```	```

File site/faq.uk.md changed (mode: 100644) (index fb79bdf..dc3d784)
...	...	GRUB (наприклад, флеш-накопичувач USB). Для
693	693	Неможливість виконати modprobe thinkpad\_acpi на Haswell	Неможливість виконати modprobe thinkpad\_acpi на Haswell
694	694	===============================================	===============================================
695	695
	696		This pertains to ThinkPad T480, T440p and W541.
	697
	698		**However, enabling it on the ThinkPad T480 may cause the following issues,
	699		as of Libreboot 20241206rev8: it might turn off rfkill making you have to
	700		manually unblock wlan, and the Fn keys through F9 to F12 may stop working.**
	701
696	702	Про це повідомив користувач, який використовує Debian 11 з	Про це повідомив користувач, який використовує Debian 11 з
697	703	ядром `5.19.0-0.deb11.2-amd64`. Модуль `thinkpad_acpi` не завантажувався	ядром `5.19.0-0.deb11.2-amd64`. Модуль `thinkpad_acpi` не завантажувався
698	704	з таким повідомленням:	з таким повідомленням:

File site/news/audit3.md changed (mode: 100644) (index 74553ea..12b57c9)
...	...	are also repeated below but in more detail:
158	158	* Don't use the `-B` option in make commands.	* Don't use the `-B` option in make commands.
159	159	* Where no-microcode ROM images are provided, ensure that the ROM hashes still	* Where no-microcode ROM images are provided, ensure that the ROM hashes still
160	160	match when running the vendor inject script. This is only useful on the	match when running the vendor inject script. This is only useful on the
161		Dell Latitude E6400, which is otherwise blob-free but (in Libreboot)
	161		Dell Latitude E6400, which is otherwise entirely free software but (in Libreboot)
162	162	comes with or without microcode updates, and with or without the Nvidia VGA	comes with or without microcode updates, and with or without the Nvidia VGA
163	163	ROM (handled by vendor inject/download scripts) for dGPU variants. Verification	ROM (handled by vendor inject/download scripts) for dGPU variants. Verification
164	164	previously failed, under certain conditions, when inserting that VGA ROM.	previously failed, under certain conditions, when inserting that VGA ROM.

File site/news/libreboot20240126.md changed (mode: 100644) (index 9869c12..243b518)
...	...	changes first):
221	221	changed to match the 68\* naming scheme.	changed to match the 68\* naming scheme.
222	222	* `config/vendor/sources`: document HP laptop ROM families, for certain models,	* `config/vendor/sources`: document HP laptop ROM families, for certain models,
223	223	according to name scheme 68SFC, 68SCE, 68ICE and 68ICF. Some of these boards	according to name scheme 68SFC, 68SCE, 68ICE and 68ICF. Some of these boards
224		iare part of the same families, and use the same blobs. Patch courtesy of
	224		iare part of the same families, and use the same files. Patch courtesy of
225	225	Riku Viitanen.	Riku Viitanen.
226	226	* `script/build/roms`: remove the `modify_coreboot_rom` function. Fake PIKE2008	* `script/build/roms`: remove the `modify_coreboot_rom` function. Fake PIKE2008
227	227	ROMs are now inserted by defining option roms in the coreboot config, where	ROMs are now inserted by defining option roms in the coreboot config, where

File site/news/policy.de.md changed (mode: 100644) (index c3b071a..1ad4405)
...	...	The libreboot project has the following policy:
107	107	to tell people how to neuter the ME, if possible on a given board.	to tell people how to neuter the ME, if possible on a given board.
108	108	The `me_cleaner` program is very useful, and provides a much more secure ME	The `me_cleaner` program is very useful, and provides a much more secure ME
109	109	configuration.	configuration.
110		* Vendor blobs should never be deleted, even if they are unused. In the
	110		* Such vendor files should never be deleted, even if they are unused. In the
111	111	coreboot project, a set of `3rdparty` submodules are available, with vendor	coreboot project, a set of `3rdparty` submodules are available, with vendor
112		blobs for init tasks on many boards. These must all be included in libreboot
	112		files for init tasks on many boards. These must all be included in libreboot
113	113	releases, even if unused. That way, even if the Libreboot build system does	releases, even if unused. That way, even if the Libreboot build system does
114	114	not yet integrate support for a given board, someone who downloads libreboot	not yet integrate support for a given board, someone who downloads libreboot
115	115	can still make changes to their local version of the build system, if they	can still make changes to their local version of the build system, if they

File site/news/safety.md changed (mode: 100644) (index 193213d..ce6e1a9)
2	2	% Leah Rowe	% Leah Rowe
3	3	% 7 July 2023	% 7 July 2023
4	4
	5		New safety features
	6		===============
	7
	8		NOTE: This page is mostly completely obsolete, as of 3 January 2025; changes
	9		made in the vendor inject script for Libreboot 20241206 rev8 or higher (and
	10		releases newer than the 20241206 series) make the script almost completely
	11		safe to use, as described in the section pertaining to this on
	12		the [main guide](../docs/install/ivy_has_common.md).
	13
	14		To summarise, those new safety features are as follows:
	15
	16		* Newer release ROMs (20241206rev8 or higher, or releases newer than 20241206
	17		series) have 1-byte padding on non-inject images, to trigger an error in
	18		flashprog due to a size mismatch versus chip size, and they have the
	19		words `DO_NOT_FLASH` in the image file names. (older release images don't
	20		have this, so watch out)
	21		* Injects directly into the tarballs, and replaces the given tarball with
	22		one containing the injected images. Older versions left the tarball
	23		untouched and outputted images to `bin/release/` (directory), whereas many
	24		users wrongly believed they could use the tarball; the new version therefore
	25		adheres accordingly to the user's natural expectation, in this regard.
	26		* Avoids replacing the tarball, where errors are observed, and prints much more
	27		pedantic error messages, to let the user know that they must stop and take
	28		note.
	29
	30		With this in mind, the original article written below is largely obsolete, and
	31		the steps below (which would require extreme over-engineering) are probably not
	32		going to be implemented.
	33
	34		Now, continue reading the article below, if you wish!
	35
	36		NOTE: The sections in the article below are still important to read, so please
	37		do read it, and note that **you must
	38		still [insert vendor files](../docs/install/ivy_has_common.md) regardless,
	39		prior to Libreboot installation, if required on your board.**
	40
	41		Article
	42		=======
	43
5	44	Please also follow this guide if using Dell Latitude laptops.	Please also follow this guide if using Dell Latitude laptops.
6	45
7	46	**If unsure, just follow this guide. If you follow this guide on a board that	**If unsure, just follow this guide. If you follow this guide on a board that

...	...	BIOS region is coreboot.
113	152	Per the issue page, I intend to implement the following regime in future	Per the issue page, I intend to implement the following regime in future
114	153	Libreboot releases, on the affected machines:	Libreboot releases, on the affected machines:
115	154
116		* If BIOS region blob-free (no MRC/EC firmware needed): set IFD, GbE and BIOS
117		regions read-write by default, but lock the ME region.
	155		* BIOS region doesn't need vendor files (no MRC/EC firmware needed): set IFD,
	156		GbE and BIOS regions read-write by default, but lock the ME region.
118	157	* If BIOS region requires vendor files: set IFD and GbE regions read-write	* If BIOS region requires vendor files: set IFD and GbE regions read-write
119	158	by default, but lock the ME and BIOS regions.	by default, but lock the ME and BIOS regions.
120	159

File site/tasks/index.md changed (mode: 100644) (index c86f27d..4da9ffb)
...	...	the way it's configured is very complicated.
1404	1404	See: [Vendor file guide](../docs/install/ivy_has_common.html)	See: [Vendor file guide](../docs/install/ivy_has_common.html)
1405	1405
1406	1406	The way the Libreboot build system works, the Intel ME and other firmware is	The way the Libreboot build system works, the Intel ME and other firmware is
1407		automatically downloaded at build time. At release time, blobs such as these
	1407		automatically downloaded at build time. At release time, files such as these
1408	1408	are deleted, but an extra insert script is provided that can provide the	are deleted, but an extra insert script is provided that can provide the
1409	1409	same auto-download and auto-insert on release ROMs.	same auto-download and auto-insert on release ROMs.
1410	1410

Hints:
Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://rocketgit.com/user/libreboot/lbwww

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@ssh.rocketgit.com/user/libreboot/lbwww

Clone this repository using git:

git clone git://git.rocketgit.com/user/libreboot/lbwww

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:

... clone the repository ...
... make some changes and some commits ...
git push origin main

File site/news/libreboot20231021.md changed (mode: 100644) (index 25ee50a..d8fdb64)
...	...	logs, combined:
303	303	* Don't use the `-B` option in make commands.	* Don't use the `-B` option in make commands.
304	304	* Where no-microcode ROM images are provided, ensure that the ROM hashes still	* Where no-microcode ROM images are provided, ensure that the ROM hashes still
305	305	match when running the vendor inject script. This is only useful on the	match when running the vendor inject script. This is only useful on the
306		Dell Latitude E6400, which is otherwise blob-free but (in Libreboot)
	306		Dell Latitude E6400, which is otherwise 100% free software but (in Libreboot)
307	307	comes with or without microcode updates, and with or without the Nvidia VGA	comes with or without microcode updates, and with or without the Nvidia VGA
308	308	ROM (handled by vendor inject/download scripts) for dGPU variants. Verification	ROM (handled by vendor inject/download scripts) for dGPU variants. Verification
309	309	previously failed, under certain conditions, when inserting that VGA ROM.	previously failed, under certain conditions, when inserting that VGA ROM.

...	...	logs, combined:
346	346	* Don't support removal of microcode (during release time) on untested targets.	* Don't support removal of microcode (during release time) on untested targets.
347	347	Set `microcode_required="y"` on most boards, but leave it set to `"n"` on	Set `microcode_required="y"` on most boards, but leave it set to `"n"` on
348	348	platfroms such as GM45 (ThinkPad X200/T400, Dell E6400, etc); anything that	platfroms such as GM45 (ThinkPad X200/T400, Dell E6400, etc); anything that
349		can be blob-free, in other words.
	349		can be entirely free software in the main boot flash, in other words.
350	350	* Improved Dell Latitude E6400 support; the same image now provides iGPU and	* Improved Dell Latitude E6400 support; the same image now provides iGPU and
351	351	dGPU support, since it's SeaBIOS-only anyway, so a VGA ROM is inserted into	dGPU support, since it's SeaBIOS-only anyway, so a VGA ROM is inserted into
352	352	the same ROM that also enables libgfxinit, enabling the Intel or Nvidia GPU	the same ROM that also enables libgfxinit, enabling the Intel or Nvidia GPU

File site/news/libreboot20240612.md changed (mode: 100644) (index ed9808c..6a5550d)
...	...	Feature changes
221	221	* Print a two-line break before confirming the location of the generated	* Print a two-line break before confirming the location of the generated
222	222	release archive, when running release builds. This makes it more obvious	release archive, when running release builds. This makes it more obvious
223	223	to the operator.	to the operator.
224		* Removed the MRC (raminit blob) on Intel Haswell (4th generation)
	224		* Removed the MRC (vendor raminit code) on Intel Haswell (4th generation)
225	225	hardware, namely the ThinkPad T440p, W541, Dell OptiPlex 9020 MT	hardware, namely the ThinkPad T440p, W541, Dell OptiPlex 9020 MT
226	226	and Dell OptiPlex 9020 SFF; the libre raminit now works well, and S3 works.	and Dell OptiPlex 9020 SFF; the libre raminit now works well, and S3 works.
227	227	* Removed all status checks from script/roms (formerly script/build/roms),	* Removed all status checks from script/roms (formerly script/build/roms),

...	...	The changes are, from newest to earliest:
360	360	fixing a bug that was actually triggered, and a preventative bug fix as the	fixing a bug that was actually triggered, and a preventative bug fix as the
361	361	original code wasn't correct either, even on AMD64 hosts (where it happened	original code wasn't correct either, even on AMD64 hosts (where it happened
362	362	to compile anyway).	to compile anyway).
363		* include/vendor.sh: Skip a given blob if the path to it is `/dev/null` - this
	363		* include/vendor.sh: Skip a given file if the path to it is `/dev/null` - this
364	364	fixes a bug exposed by the previous change two bullet points down (fine	fixes a bug exposed by the previous change two bullet points down (fine
365	365	grained error control), because VGA ROMs are handled but the KGPE-D16 target	grained error control), because VGA ROMs are handled but the KGPE-D16 target
366	366	mitigates a crash bug when PIKE2008's option ROM is executed by SeaBIOS, by	mitigates a crash bug when PIKE2008's option ROM is executed by SeaBIOS, by

...	...	these changes relative to the old one:
619	619	* 192e23b7 vbe: implement function 09h (get/set palette data)	* 192e23b7 vbe: implement function 09h (get/set palette data)
620	620	* 3722c21d vgasrc: round up save/restore size	* 3722c21d vgasrc: round up save/restore size
621	621	* 5d87ff25 vbe: Add VBE 2.0+ OemData field to struct vbe_info	* 5d87ff25 vbe: Add VBE 2.0+ OemData field to struct vbe_info
622		* 163fd9f0 fix smbios blob length overflow
	622		* 163fd9f0 fix smbios data length overflow
623	623	* 82faf1d5 Add LBA 64bit support for reads beyond 2TB.	* 82faf1d5 Add LBA 64bit support for reads beyond 2TB.
624	624	* 3f082f38 Add AHCI Power ON + ICC_ACTIVE into port setup code	* 3f082f38 Add AHCI Power ON + ICC_ACTIVE into port setup code
625	625	* 3ae88886 esp-scsi: terminate DMA transfer when ESP data transfer completes	* 3ae88886 esp-scsi: terminate DMA transfer when ESP data transfer completes

...	...	The latest changes are listed first, going all the way down to earlier changes:
802	802	* \| f6cbc501 import nuke() from cbmk cdce8ba70b	* \| f6cbc501 import nuke() from cbmk cdce8ba70b
803	803	\|/	\|/
804	804	* 7fbcb7be coreboot t440p/w541: enable nvme in grub_scan_disk	* 7fbcb7be coreboot t440p/w541: enable nvme in grub_scan_disk
805		* 47f582d4 ./vendor download: skip if blob path is /dev/null
	805		* 47f582d4 ./vendor download: skip if file path is /dev/null
806	806	* e7cb10d6 do not allow dashes in coreboot target names	* e7cb10d6 do not allow dashes in coreboot target names
807	807	* e9b9e825 ./vendor download: more fine-tuned error control	* e9b9e825 ./vendor download: more fine-tuned error control
808	808	* 0dd0dfaf vendor.sh: don't error on main targets	* 0dd0dfaf vendor.sh: don't error on main targets

...	...	The latest changes are listed first, going all the way down to earlier changes:
919	919	* 190495d2 disable x301 for next release (for now)	* 190495d2 disable x301 for next release (for now)
920	920	* 03fae0cf mrc.sh: remove redundant function extract_ref()	* 03fae0cf mrc.sh: remove redundant function extract_ref()
921	921	* f66ceef6 print two line breaks before confirming release	* f66ceef6 print two line breaks before confirming release
922		* cc339741 remove haswell mrc blob (libre raminit stable now)
	922		* cc339741 remove haswell mrc file (libre raminit stable now)
923	923	* 05fbd392 remove all status checks. only handle release.	* 05fbd392 remove all status checks. only handle release.
924	924	* 8ba0fd83 git.sh: remove errant comment	* 8ba0fd83 git.sh: remove errant comment
925	925	* d7ce26dc move script// to script/	* d7ce26dc move script// to script/

File site/news/policy.md changed (mode: 100644) (index 2777c0f..7db07c3)
...	...	The libreboot project has the following policy:
98	98	to tell people how to neuter the ME, if possible on a given board.	to tell people how to neuter the ME, if possible on a given board.
99	99	The `me_cleaner` program is very useful, and provides a much more secure ME	The `me_cleaner` program is very useful, and provides a much more secure ME
100	100	configuration.	configuration.
101		* Vendor blobs should never be deleted, even if they are unused. In the
	101		* Such vendor files should never be deleted, even if they are unused. In the
102	102	coreboot project, a set of `3rdparty` submodules are available, with vendor	coreboot project, a set of `3rdparty` submodules are available, with vendor
103	103	code for init tasks on many boards. These must all be included in libreboot	code for init tasks on many boards. These must all be included in libreboot
104	104	releases, even if unused. That way, even if the Libreboot build system does	releases, even if unused. That way, even if the Libreboot build system does

...	...	examples of how this very policy is implemented in Libreboot:
154	154	* Newer Intel platforms have Intel ME, which is a coprocessor inside the	* Newer Intel platforms have Intel ME, which is a coprocessor inside the
155	155	machine that handles many functions including certain power management, and	machine that handles many functions including certain power management, and
156	156	it can provides useful remote management features with Intel AMT for example.	it can provides useful remote management features with Intel AMT for example.
157		This is a giant 5MB+ blob in the flash, and the ME has full access to your
	157		This is a giant 5MB+ section in the flash, and the ME has full access to your
158	158	RAM and other peripherals; more is documented about this in the Libreboot	RAM and other peripherals; more is documented about this in the Libreboot
159	159	FAQ. On older ME4-based platforms such as Intel GM45 platforms, e.g.	FAQ. On older ME4-based platforms such as Intel GM45 platforms, e.g.
160	160	ThinkPad X200/T400, we remove the ME firmware entirely from the flash, leaving	ThinkPad X200/T400, we remove the ME firmware entirely from the flash, leaving

...	...	examples of how this very policy is implemented in Libreboot:
170	170	actually run anything. ME Cleaner is required, instead of full removal,	actually run anything. ME Cleaner is required, instead of full removal,
171	171	because the machines don't boot reliably without at least the BUP/ROMP	because the machines don't boot reliably without at least the BUP/ROMP
172	172	modules present in flash.	modules present in flash.
173		* On Intel Haswell platform (Intel 4th gen), a binary blob is available for
	173		* On Intel Haswell platform (Intel 4th gen), vendor firmware is available for
174	174	memory controller initialisation, called the Intel MRC or System Agent. We	memory controller initialisation, called the Intel MRC or System Agent. We
175	175	previously included this in Libreboot; nowadays, we have free initialisation	previously included this in Libreboot; nowadays, we have free initialisation
176	176	code written by Angel Pons. The libre code, called NRI (Native RAM	code written by Angel Pons. The libre code, called NRI (Native RAM