Merge pull request #2119 from tlaurion/dasharo-shared-toolchain

circleci,modules/coreboot,doc: share crossgcc toolchain across Dasharo 24.12 forks; blobs: add lib.sh and unify hash pre-checks

Author: tlaurion

.circleci/config.yml

@@ -0,0 +1,43 @@
+# Common functions for blob download/processing scripts.
+# Source this file from individual blob scripts.
+#   source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
+
+# Verify sha256sum for a file.  Exit with error on mismatch.
+chk_sha256sum() {
+	local sha256_hash="$1"
+	local filename="$2"
+	echo "$sha256_hash" "$filename" "$(pwd)"
+	sha256sum "$filename"
+	if ! echo "${sha256_hash} ${filename}" | sha256sum --check; then
+		echo "ERROR: SHA256 checksum for ${filename} doesn't match."
+		exit 1
+	fi
+}
+
+# Check that output files exist and match expected hashes.
+# Each arg is "<hash> <path>" (hash optionally followed by filename).
+# Returns 0 if all files exist AND hashes match.
+# Prints which files are missing and which have mismatched hashes.
+check_outputs() {
+	local all_ok=y
+	local pair hash path
+	for pair in "$@"; do
+		pair="$(echo "$pair" | tr -s ' ')"
+		hash="${pair%% *}"
+		path="${pair#* }"
+		echo -n "CHECKING: ${path}... "
+		if [[ ! -f "$path" ]]; then
+			echo "MISSING"
+			all_ok=
+		elif echo "${hash} ${path}" | sha256sum --check >/dev/null 2>&1; then
+			echo "OK"
+		else
+			echo "HASH MISMATCH"
+			all_ok=
+		fi
+	done
+	if [[ -n "$all_ok" ]]; then
+		return 0
+	fi
+	return 1
+}

blobs/lib.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
 # P7 ASUS
 
 function printusage {
@@ -44,13 +45,15 @@ fi
 
 CAP_ZIP_SHA256SUM="baf7f513227542c507e46735334663f63a0df5be9f6632d7b0f0cca5d3b9f980  P8Z77-M-PRO-ASUS-2203.zip"
 CAP_FILE_SHA256SUM="d9bf292778655d4e20f5db2154cd6a2229e42b60ce670a68d759f1dac757aaf0  P8Z77-M-PRO-ASUS-2203.CAP"
-FINAL_IFD_SHA256SUM="702570d59c11b9b70ab9d54b26ff0906a07edf15eebe63f40bcecb04b955969f  ifd.bin"
-FINAL_ME_SHA256SUM="8dda1e8360fbb2da05bfcd187f6e7b8a272a67d66bc0074bbfd1410eb35e3e17  me.bin"
+FINAL_IFD_SHA256SUM="702570d59c11b9b70ab9d54b26ff0906a07edf15eebe63f40bcecb04b955969f  $BLOB_DIR/ifd.bin"
+FINAL_ME_SHA256SUM="8dda1e8360fbb2da05bfcd187f6e7b8a272a67d66bc0074bbfd1410eb35e3e17  $BLOB_DIR/me.bin"
 ZIPURL="https://dlcdnets.asus.com/pub/ASUS/mb/LGA1155/P8Z77-M_PRO/P8Z77-M-PRO-ASUS-2203.zip"
 
 ZIPFILENAME=`echo $ZIPURL | sed 's/.*\///'`
 ROMFILENAME=`echo $ZIPFILENAME | sed 's/\.zip$/\.ROM/'`
 
+check_outputs "$FINAL_IFD_SHA256SUM" "$FINAL_ME_SHA256SUM" && { echo "All outputs match. Nothing to do."; exit 0; }
+
 extractdir=$(mktemp -d)
 echo "### Creating temp dir $extractdir "
 cd "$extractdir"
@@ -73,18 +76,15 @@ echo "### Applying me_cleaner to neuter and truncate."
 $MECLEAN -S -r -t -d -O  /tmp/unneeded.bin -D "ifd.bin" -M "me.bin" P8Z77-M-PRO-ASUS-2203.ROM
 
 if [[ "${CONFIG_ZERO_IFD_VSCC}" =~ ^(Y|y)$ ]]; then
-	FINAL_IFD_SHA256SUM="092caeee117de27c0eb30587defcb6449a33c7c325b6f3c47b5a7a79670b5c3f  ifd.bin"
+	FINAL_IFD_SHA256SUM="092caeee117de27c0eb30587defcb6449a33c7c325b6f3c47b5a7a79670b5c3f  $BLOB_DIR/ifd.bin"
 	echo "### Modifying VSCC length and identifiers"
 	printf '\x00' | dd of=ifd.bin bs=1 seek=3837 count=1 conv=notrunc
 	printf '\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF' | dd of=ifd.bin bs=1 seek=3568 count=32 conv=notrunc
-	echo "### Verifying expected hashes"
-else
-	echo "###  Skipping VSCC modification by config"
 fi
-echo "$FINAL_IFD_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated IFD bin..." && exit 1; }
-mv ifd.bin $BLOB_DIR/ifd.bin
-echo "$FINAL_ME_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated ME binary..." && exit 1; }
-mv me.bin $BLOB_DIR/me.bin
+mv ifd.bin $BLOB_DIR/ifd.bin || { echo "ERROR: failed to move ifd.bin to $BLOB_DIR"; exit 1; }
+mv me.bin $BLOB_DIR/me.bin || { echo "ERROR: failed to move me.bin to $BLOB_DIR"; exit 1; }
+check_outputs "$FINAL_IFD_SHA256SUM" || exit 1
+check_outputs "$FINAL_ME_SHA256SUM" || exit 1
 
 echo "###Cleaning up..."
 cd -

blobs/p8z77-m_pro/download_BIOS_clean.sh

@@ -1,21 +1,13 @@
 #!/usr/bin/env bash
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
 
 BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 FINAL_ME_BIN_SHA256SUM="1eef6716aa61dd844d58eca15a85faa1bf5f82715defd30bd3373e79ca1a3339  $BLOBDIR/me.bin"
 ME_EXE_SHA256SUM="48f18d49f3c7c79fa549a980f14688bc27c18645f64d9b6827a15ef5c547d210  83rf46ww.exe"
 ME7_5M_UPD_PRODUCTION_SHA256SUM="760b0776b99ba94f56121d67c1f1226c77f48bd3b0799e1357a51842c79d3d36  app/ME7_5M_UPD_Production.bin"
 
-if [ -e "$BLOBDIR/me.bin" ]; then
-  echo "$BLOBDIR/me.bin found..."
-  if ! echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check; then
-    echo "$BLOBDIR/me.bin doesn't pass integrity validation. Continuing..."
-    rm -f "$BLOBDIR/me.bin"
-  else
-    echo "$BLOBDIR/me.bin already extracted and neutered outside of BUP"
-    exit 0
-  fi
-fi
+check_outputs "$FINAL_ME_BIN_SHA256SUM" && { echo "All outputs match. Nothing to do."; exit 0; }
 
 echo "### Creating temp dir"
 extractdir=$(mktemp -d)
@@ -36,8 +28,7 @@ echo "$ME7_5M_UPD_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sh
 echo "###Generating neuter+deactivate+maximize reduction of ME on app/ME7_5M_UPD_Production.bin, outputting minimized ME under $BLOBDIR/me.bin... "
 ( python3 "$BLOBDIR/me7_update_parser.py" -O "$BLOBDIR/me.bin" app/ME7_5M_UPD_Production.bin ) || { echo "Failed to generate ME binary..." && exit 1; }
 
-echo "### Verifying expected hash of me.bin"
-echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; }
+check_outputs "$FINAL_ME_BIN_SHA256SUM" || exit 1
 
 
 echo "###Cleaning up..."

blobs/xx20/download_parse_me.sh

@@ -1,20 +1,12 @@
 #!/usr/bin/env bash
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
 
-function printusage {
+function usage {
   echo "Usage: $0 -m <me_cleaner>(optional)"
 }
 
 ME_BIN_HASH="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4"
 
-if [ -e "${output_dir}/me.bin" ]; then
-  echo "me.bin already exists"
-  if echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then
-    echo "SKIPPING: SHA256 checksum for me.bin matches."
-    exit 0
-  fi
-  echo "me.bin exists but checksum doesn't match. Continuing..."
-fi
-
 if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
   if [[ "${1:-}" == "--help" ]]; then
     usage
@@ -26,34 +18,29 @@ if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
 
     output_dir="$(realpath "${1:-./}")"
 
-    if [[ ! -f "${output_dir}/me.bin" ]]; then
-      # Unpack Lenovo's Windows installer into a temporary directory and
-      # extract the Intel ME blob.
-      pushd "$(mktemp -d)" || exit
-
-      curl -O https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe
-      innoextract g1rg24ww.exe
-
-      mv app/ME8_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner"
-      rm -rf ./*
-      popd || exit
-
-      # Neutralize and shrink Intel ME. Note that this doesn't include
-      # --soft-disable to set the "ME Disable" or "ME Disable B" (e.g.,
-      # High Assurance Program) bits, as they are defined within the Flash
-      # Descriptor.
-      # https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot
-      pushd "${COREBOOT_DIR}/util/me_cleaner" || exit
-
-      python me_cleaner.py -r -t -O me_shrinked.bin ME8_5M_Production.bin
-      rm -f ME8_5M_Production.bin
-      mv me_shrinked.bin "${output_dir}/me.bin"
-      popd || exit
-    fi
+    check_outputs "${ME_BIN_HASH} ${output_dir}/me.bin" && { echo "All outputs match. Nothing to do."; exit 0; }
 
-    if ! echo "${ME_BIN_HASH} ${output_dir}/me.bin" | sha256sum --check; then
-      echo "ERROR: SHA256 checksum for me.bin doesn't match."
-      exit 1
-    fi
+    pushd "$(mktemp -d)" || exit
+
+    curl -O https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe
+    innoextract g1rg24ww.exe
+
+    mv app/ME8_5M_Production.bin "${COREBOOT_DIR}/util/me_cleaner"
+    rm -rf ./*
+    popd || exit
+
+    # Neutralize and shrink Intel ME. Note that this doesn't include
+    # --soft-disable to set the "ME Disable" or "ME Disable B" (e.g.,
+    # High Assurance Program) bits, as they are defined within the Flash
+    # Descriptor.
+    # https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot
+    pushd "${COREBOOT_DIR}/util/me_cleaner" || exit
+
+    python me_cleaner.py -r -t -O me_shrinked.bin ME8_5M_Production.bin
+    rm -f ME8_5M_Production.bin
+    mv me_shrinked.bin "${output_dir}/me.bin"
+    popd || exit
+
+    check_outputs "${ME_BIN_HASH} ${output_dir}/me.bin" || exit 1
   fi
 fi

blobs/xx30/download_clean_me.sh

@@ -1,15 +1,12 @@
 #!/usr/bin/env bash
-
-function printusage {
-  echo "Usage: $0 -m <me_cleaner>(optional)"
-}
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
 
 BLOBDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 FINAL_ME_BIN_SHA256SUM="c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  $BLOBDIR/me.bin"
 ME_EXE_SHA256SUM="f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153  g1rg24ww.exe"
 ME8_5M_PRODUCTION_SHA256SUM="821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa  app/ME8_5M_Production.bin"
 
-if [ "$#" -eq 0 ]; then printusage; fi
+if [ "$#" -eq 0 ]; then echo "Usage: $0 -m <me_cleaner>(optional)"; fi
 
 while getopts ":m:" opt; do
   case $opt in
@@ -23,16 +20,7 @@ while getopts ":m:" opt; do
   esac
 done
 
-if [ -e "$BLOBDIR/me.bin" ]; then
-  echo "$BLOBDIR/me.bin found..."
-  if ! echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check; then
-    echo "$BLOBDIR/me.bin doesn't pass integrity validation. Continuing..."
-    rm -f "$BLOBDIR/me.bin"
-  else
-    echo "$BLOBDIR/me.bin already extracted and neutered outside of ROMP and BUP"
-    exit 0
-  fi
-fi
+check_outputs "$FINAL_ME_BIN_SHA256SUM" && { echo "All outputs match. Nothing to do."; exit 0; }
 
 if [ -z "$MECLEAN" ]; then
   MECLEAN=$(command -v "$BLOBDIR/../../build/x86/coreboot-"*/util/me_cleaner/me_cleaner.py 2>&1 | head -n1)
@@ -56,12 +44,9 @@ innoextract ./g1rg24ww.exe || { echo "Failed calling innoextract. Tool installed
 echo "### Verifying expected hash of app/ME8_5M_Production.bin"
 echo "$ME8_5M_PRODUCTION_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; }
 
-bioscopy="some_value" # Assign a value to the bioscopy variable
-
-echo "### Applying me_cleaner to neuter+deactivate+maximize reduction of ME on $bioscopy, outputting minimized ME under $BLOBDIR/me.bin... "
+echo "### Applying me_cleaner to neuter+deactivate+maximize reduction of ME, outputting minimized ME under $BLOBDIR/me.bin... "
 "$MECLEAN" -r -t -O "$BLOBDIR/me.bin" app/ME8_5M_Production.bin
-echo "### Verifying expected hash of me.bin"
-echo "$FINAL_ME_BIN_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on final binary..." && exit 1; }
+check_outputs "$FINAL_ME_BIN_SHA256SUM" || exit 1
 
 echo "### Cleaning up..."
 cd - >/dev/null

blobs/xx30/download_clean_me_manually.sh

@@ -1,11 +1,17 @@
 #!/usr/bin/env bash
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
+
 EC_BLOB_HASH=20060eba91367b71a21c7757271ac642fa0376809f8c1b51066510246ac97bdb
 ACM_BLOB_HASH=b00d10f6615cf1b28f4fb4adac6631bf6e332db524e45dfafb92e539767d22a0
 SINIT_BLOB_HASH=1e888aebc78d637d119c489adffa95387b53429125dc3ad61f10a5cad0496834
 
 output_dir="$(realpath "${1:-./}")"
 
-if [[ ! -f "${output_dir}/IVB_BIOSAC_PRODUCTION.bin" ]] || [[ ! -f "${output_dir}/sch5545_ecfw.bin" ]] || [[ ! -f "${output_dir}/SNB_IVB_SINIT_20190708_PW.bin" ]] ; then
+check_outputs \
+	"${EC_BLOB_HASH} ${output_dir}/sch5545_ecfw.bin" \
+	"${ACM_BLOB_HASH} ${output_dir}/IVB_BIOSAC_PRODUCTION.bin" \
+	"${SINIT_BLOB_HASH} ${output_dir}/SNB_IVB_SINIT_20190708_PW.bin" && { echo "All outputs match. Nothing to do."; exit 0; }
+
     # Unpack Dell's Windows installer into a temporary directory and
     # extract the EC and ACM blobs
 
@@ -45,25 +51,9 @@ if [[ ! -f "${output_dir}/IVB_BIOSAC_PRODUCTION.bin" ]] || [[ ! -f "${output_dir
       echo "Can't download sinit blob, failing"
       exit 1
     fi
-fi
-
-if ! echo "${EC_BLOB_HASH} ${output_dir}/sch5545_ecfw.bin" | sha256sum --check; then
-      echo "ERROR: SHA256 checksum for sch5545_ecfw.bin doesn't match. Try again"
-      rm -f "${output_dir}/sch5545_ecfw.bin"
-      exit 1
-fi
-
 
-if ! echo "${ACM_BLOB_HASH} ${output_dir}/IVB_BIOSAC_PRODUCTION.bin" | sha256sum --check; then
-      echo "ERROR: SHA256 checksum for IVB_BIOSAC_PRODUCTION.bin doesn't match. Try again"
-      rm -f "${output_dir}/IVB_BIOSAC_PRODUCTION.bin"
-      exit 1
-fi
-
-
-if ! echo "${SINIT_BLOB_HASH} ${output_dir}/SNB_IVB_SINIT_20190708_PW.bin" | sha256sum --check; then
-      echo "ERROR: SHA256 checksum for SNB_IVB_SINIT_20190708_PW.bin doesn't match. Try again"
-      rm -f "${output_dir}/SNB_IVB_SINIT_20190708_PW.bin"
-      exit 1
-fi
+check_outputs \
+	"${EC_BLOB_HASH} ${output_dir}/sch5545_ecfw.bin" \
+	"${ACM_BLOB_HASH} ${output_dir}/IVB_BIOSAC_PRODUCTION.bin" \
+	"${SINIT_BLOB_HASH} ${output_dir}/SNB_IVB_SINIT_20190708_PW.bin" || exit 1
 

blobs/xx30/optiplex_7010_9010.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
 
 BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 ROMPARSER="94a615302f89b94e70446270197e0f5138d678f3"
@@ -9,8 +10,10 @@ ROM_PARSER_SHA256SUM="f3db9e9b32c82fea00b839120e4f1c30b40902856ddc61a84bd3743996
 UEFI_EXTRACT_SHA256SUM="c9cf4066327bdf6976b0bd71f03c9e049ae39ed19ea3b3592bae3da8615d26d7  UEFIExtract_NE_A58_linux_x86_64.zip"
 VBIOS_FINDER_SHA256SUM="bd07f47fb53a844a69c609ff268249ffe7bf086519f3d20474087224a23d70c5  c2d764975115de466fdb4963d7773b5bc8468a06.zip"
 BIOS_UPDATE_SHA256SUM="6fc652b5fa10e5ea1ddc0e8477a2f1cfe56e00df76a94629f9b736faaee6199c  g4uj41us.exe"
-DGPU_ROM_SHA256SUM="3efe4886530086c0b612d1e669fbb4459ec93ec949b25a909e7ad273f4f01015  vbios_10de_0def_1.rom"
-IGPU_ROM_SHA256SUM="10b292c19322e7bb7db53350d2775d37b72a784292ea5686cd0f92af929f4916  vbios_8086_0106_1.rom"
+DGPU_ROM_SHA256SUM="3efe4886530086c0b612d1e669fbb4459ec93ec949b25a909e7ad273f4f01015  $BLOBDIR/10de,0def.rom"
+IGPU_ROM_SHA256SUM="10b292c19322e7bb7db53350d2775d37b72a784292ea5686cd0f92af929f4916  $BLOBDIR/8086,0106.rom"
+
+check_outputs "$DGPU_ROM_SHA256SUM" "$IGPU_ROM_SHA256SUM" && { echo "All outputs match. Nothing to do."; exit 0; }
 
 echo "### Creating temp dir"
 extractdir=$(mktemp -d)
@@ -63,14 +66,11 @@ innoextract "$extractdir"/rom-parser-"$ROMPARSER"/VBiosFinder-"$VBIOSFINDER"/"$B
 echo "### Finding, extracting and saving vbios"
 sudo ./vbiosfinder extract "$extractdir"/rom-parser-"$ROMPARSER"/VBiosFinder-"$VBIOSFINDER"/"app/G4ETB7WW/\$01D5100.FL1" || { echo "Failed to extract FL1" && exit 1; }
 
-echo "Verifying expected hash of extracted roms"
 cd output
-echo "$DGPU_ROM_SHA256SUM" | sha256sum --check || { echo "dGPU rom failed sha256sum verification..." && exit 1; }
-echo "$IGPU_ROM_SHA256SUM" | sha256sum --check || { echo "iGPU rom Failed sha256sum verification..." && exit 1; }
-
 echo "### Moving extracted roms to blobs directory"
 sudo mv vbios_10de_0def_1.rom $BLOBDIR/10de,0def.rom
 sudo mv vbios_8086_0106_1.rom $BLOBDIR/8086,0106.rom
+check_outputs "$DGPU_ROM_SHA256SUM" "$IGPU_ROM_SHA256SUM" || exit 1
 
 echo "### Cleaning Up"
 cd "$BLOBDIR"

blobs/xx30/vbios_t530.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../lib.sh"
 
 BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 ROMPARSER="94a615302f89b94e70446270197e0f5138d678f3"
@@ -9,9 +10,11 @@ ROM_PARSER_SHA256SUM="f3db9e9b32c82fea00b839120e4f1c30b40902856ddc61a84bd3743996
 UEFI_EXTRACT_SHA256SUM="c9cf4066327bdf6976b0bd71f03c9e049ae39ed19ea3b3592bae3da8615d26d7  UEFIExtract_NE_A58_linux_x86_64.zip"
 VBIOS_FINDER_SHA256SUM="bd07f47fb53a844a69c609ff268249ffe7bf086519f3d20474087224a23d70c5  c2d764975115de466fdb4963d7773b5bc8468a06.zip"
 BIOS_UPDATE_SHA256SUM="4769fdcfe34c40d285b8c7290305f04eb91d692f4bf25acd291d114353a958c2  g5uj39us.exe"
-K2000M_ROM_SHA256SUM="5005b582019b16d2073cec8cd384ec908d8ff38ab286a6dd65eadc0e89bfb4a8  vbios_10de_0ffb_1.rom"
-K1000M_ROM_SHA256SUM="6e28abb61cd4c69be7bd64e487681164cb487a48d77276f3108e3f192ceeee16  vbios_10de_0ffc_1.rom"
-IGPU_ROM_SHA256SUM="10b292c19322e7bb7db53350d2775d37b72a784292ea5686cd0f92af929f4916  vbios_8086_0106_1.rom"
+K2000M_ROM_SHA256SUM="5005b582019b16d2073cec8cd384ec908d8ff38ab286a6dd65eadc0e89bfb4a8  $BLOBDIR/10de,0ffb.rom"
+K1000M_ROM_SHA256SUM="6e28abb61cd4c69be7bd64e487681164cb487a48d77276f3108e3f192ceeee16  $BLOBDIR/10de,0ffc.rom"
+IGPU_ROM_SHA256SUM="10b292c19322e7bb7db53350d2775d37b72a784292ea5686cd0f92af929f4916  $BLOBDIR/8086,0106.rom"
+
+check_outputs "$K2000M_ROM_SHA256SUM" "$K1000M_ROM_SHA256SUM" "$IGPU_ROM_SHA256SUM" && { echo "All outputs match. Nothing to do."; exit 0; }
 
 echo "### Creating temp dir"
 extractdir=$(mktemp -d)
@@ -64,16 +67,12 @@ innoextract "$extractdir"/rom-parser-"$ROMPARSER"/VBiosFinder-"$VBIOSFINDER"/"$B
 echo "### Finding, extracting and saving vbios"
 sudo ./vbiosfinder extract "$extractdir"/rom-parser-"$ROMPARSER"/VBiosFinder-"$VBIOSFINDER"/"app/G5ETB6WW/\$01D5200.FL1" || { echo "Failed to extract FL1" && exit 1; }
 
-echo "Verifying expected hash of extracted roms"
 cd output
-echo "$K2000M_ROM_SHA256SUM" | sha256sum --check || { echo "K2000M rom failed sha256sum verification..." && exit 1; }
-echo "$K1000M_ROM_SHA256SUM" | sha256sum --check || { echo "K1000M rom failed sha256sum verification..." && exit 1; }
-echo "$IGPU_ROM_SHA256SUM" | sha256sum --check || { echo "iGPU rom Failed sha256sum verification..." && exit 1; }
-
 echo "### Moving extracted roms to blobs directory"
 sudo mv vbios_10de_0ffb_1.rom "$BLOBDIR"/10de,0ffb.rom
 sudo mv vbios_10de_0ffc_1.rom "$BLOBDIR"/10de,0ffc.rom
 sudo mv vbios_8086_0106_1.rom "$BLOBDIR"/8086,0106.rom
+check_outputs "$K2000M_ROM_SHA256SUM" "$K1000M_ROM_SHA256SUM" "$IGPU_ROM_SHA256SUM" || exit 1
 
 echo "### Cleaning Up"
 cd "$BLOBDIR"