November 2017 - coreboot - mail.coreboot.org

Optiplex 790 now has preliminary support by coreboot
by Taiidan＠gmx.com Jan. 15, 2020

Jan. 15, 2020

https://review.coreboot.org/21774 In case anyone else didn't notice - It is a sandy/ivy system with IOMMU. This is great and should help get coreboot in to the corporate user world.

2 1

Lenovo T410 Coreboot
by A. Veek Dec. 14, 2018

Dec. 14, 2018

2 1

FOSDEM Hardware Enablement Devroom
by Paul Kocialkowski Dec. 4, 2018

Dec. 4, 2018

A Hardware Enablement devroom will be taking place at FOSDEM this year, on Sunday 10 December 2017. This newly-created devroom is the result of 3 proposals that were merged together. It is co-organized by several individuals. The devroom covers all aspects related to hardware enablement and support with free software, including aspects related to boot software, firmwares, drivers and userspace tools and adaptation. Proposals for talks related to these topics are welcome and can be submitted until Sunday 26 November 2017 via the pentabarf interface. Short talks are encouraged over longer ones in order to cover a wide range of topics. The announcement for the devroom, that contains all the useful information, was published at: https://lists.fosdem.org/pipermail/fosdem/2017-October/002649.html Cheers and see you at FOSDEM! -- Paul Kocialkowski, developer of free digital technology and hardware support Website: https://www.paulk.fr/ Coding blog: https://code.paulk.fr/ Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/

3 3

Is Goryachy's JTAG hack a chance for free firmware ?
by Enrico Weigelt, metux IT consult Dec. 12, 2017

Dec. 12, 2017

Hi folks, i'm curios whether Goryachy's JTAG hack is a chance for getting rid of all proprietary ME/UEFI firmware. If i'm correct, the ME firmware (or parts of it) is signed, and the CPU won't run (or switches off) if signatures don't match. Can the JTAG channel be used to get around that ? thx. --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info(a)metux.net -- +49-151-27565287

5 6

Re: [coreboot] Is Goryachy's JTAG hack a chance for free firmware ?
by Enrico Weigelt, metux IT consult Dec. 1, 2017

Dec. 1, 2017

On 30.11.2017 07:40, Zoran Stojsavljevic wrote: > You can fully use UEFI BIOS without any signatures. With so-called slim > TXE engine. Can we completely replace UEFI w/o any signatures ? And what about ME ? I've read that the cpu itself verifies the signature of ME firmware, so we cant completely replace it. If it would be possible to read out the privkey or burn in another one, that blockade would be fallen. --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info(a)metux.net -- +49-151-27565287

4 4

Intel SGX support
by Zahra Tarkhani Nov. 30, 2017

Nov. 30, 2017

Hello, I was looking at the coreboot git repo and it seems that you have added the Intel SGX support for it. Is it ready to use? May I know on which devices you have tested it? Thank you, zahra

1 0

Quality network interfaces?
by Taiidan＠gmx.com Nov. 30, 2017

Nov. 30, 2017

This is kind of off topic but I don't know of any other ML with such a level of hardware knowledge. I am looking for dual port gigabit and 10 gigabit PCI-e NIC's that aren't made by intel but don't require silly binary drivers or what not (ie: the closest thing to free) What would be my best option? I know raptor/tim uses broadcom netxtreme's on the TALOS 2, has anyone gotten a pci-e card version of these? and if so do they work well? (ie: high performance, low interrupts, at least 100MB/s) I don't want to support futher intel anti-feature development and I am tired of ending up stuck with counterfeit intel NIC's which have even made it in to the non-grey market supply chain.

1 0

Re: [coreboot] Creating PIRQ table
by Gergely Kiss Nov. 30, 2017

Nov. 30, 2017

I have enabled CSM in the vendor BIOS and booted a "combined" (UEFI+MBR) live Linux in MBR mode which actually helped to get the PIRQ table. So far so good. :) Seems like this board has 9 IRQ slots and a somewhat different PIRQ table compared to the one your board has. Thanks a lot for your assistance, I'm going to try building Coreboot with verbose debugging enabled and flash it to see how well it performs. Hopefully the on-board serial port will work with the current SIO code. Looks like the internals of the serial interface are quite similar (identical?) for all ITE chips so maybe I can make it work without the datasheet. Regards, Gergely On 29 November 2017 at 16:05, Sergej Ivanov <getinaks(a)gmail.com> wrote: > Hello, > > Try to boot linux in legacy mode(enable CSM and set all boot options to > legacy mode), and run getpir, i've made my table this way. I also recommend > to enable AGESA debug output to serial port, it can help you with ddr > training problems. > > 29 нояб. 2017 г. 12:40 пользователь "Gergely Kiss" <mail.gery(a)gmail.com> > написал: > > Hi Sergej, >> >> thanks a lot for your feedback, it's much appreciated. >> >> As far as I can tell, my board only has 8 IRQ slots while the one you >> ported has 10. I believe this is (partially) due to the number of PCI-e >> slots does not match (the Biostar board has one extra PCI-e x16 slot) so >> there definitely is a difference regardless of sharing the same chipset. >> >> Can you please share some information on how you fetched the PIRQ table >> from the vendor firmware? I have tried the (now deprecated) getpir utility >> but it could not find a PIRQ table neither in the vendor firmware nor in >> the memory. >> >> Is there some other tool I could use? >> >> Thanks, >> Gergely >> >> On 28 November 2017 at 19:59, Sergej Ivanov <getinaks(a)gmail.com> wrote: >> >>> Hello, >>> >>> Almost everyone socket AM1 boards have same PIRQ tables. While porting >>> Biostar AM1ML i've dumped this table from vendor UEFI (using old method, >>> that was depricated long time ago). BTW don't forget to remove additional >>> SIO config code from romstage. >>> >>> 28 нояб. 2017 г. 19:16 пользователь "Gergely Kiss" <mail.gery(a)gmail.com> >>> написал: >>> >>>> Hi All, >>>> >>>> my name is Gergely Kiss and I'm currently working on porting Coreboot >>>> to the ASUS AM1I-A board. >>>> >>>> I'm a great fan of open source software, I've contributed a few times >>>> to some well-known projects like Squid, Monodevelop and Openwrt, just to >>>> name a few. >>>> >>>> I would need a little bit of help from the devs about how to create the >>>> PCI IRQ routing table for my board (the easiest way possible). >>>> >>>> I'm using the Biostar AM1ML board as a template as it looks to be a >>>> very similar board as the one I have. The only differences I can see is the >>>> SuperIO (ITE 8623E) & the audio chip (Realtek ALC887-VD) and also some >>>> minor things with the board layout so I'm not expecting to have too much >>>> difficulties. >>>> >>>> Looking at the file https://review.coreboot.org/cg >>>> it/coreboot.git/tree/src/mainboard/biostar/am1ml/irq_tables.c, the >>>> following questions came to my mind: >>>> >>>> * Do I really have to follow the "long way" as outlined in the Wiki >>>> page at https://www.coreboot.org/Creating_Valid_IRQ_Tables? Couldn't I >>>> just fetch the routing table from the OEM BIOS somehow and implement it in >>>> the source? >>>> * What's the meaning of the fields "link" & "bitmap"? Are these common >>>> for all boards with the same chipset? Where should I look up this >>>> information? >>>> * I believe I have to create as many entries within the struct as many >>>> IRQ slots exist for the board. Am I right? >>>> >>>> I found a table in the board's manual (attached) which looks useful but >>>> I'm afraid it might not contain all the information I need to construct a >>>> valid routing table. >>>> >>>> As for the SuperIO chip, I think I won't have too much issues getting >>>> it to work as it looks like ITE SIO chips are quite similar from the >>>> developer's perspective but I still miss having a datasheet available. I'll >>>> try to reach out to the vendor to see if they are willing to share a >>>> datasheet with me. >>>> >>>> Any help from you guys is much appreciated. >>>> >>>> Thanks & Regards, >>>> Gergely >>>> >>>> >>>> -- >>>> coreboot mailing list: coreboot(a)coreboot.org >>>> https://mail.coreboot.org/mailman/listinfo/coreboot >>>> >>> >>

1 0

Re: [coreboot] Lenovo G505s AMD Hardware Virtualization
by awokd Nov. 30, 2017

Nov. 30, 2017

On Wed, November 29, 2017 16:35, Ivan Ivanov wrote: > Hi awokd, Hi and thanks for your reply! > are you sure that your HVM is correctly installed / has a > correct config ? > Because: you may have heard about Qubes OS - excellent OS which is based > on Xen, > has the same and even stronger security than Xen in some cases, and it > is working perfectly > at Lenovo G505S laptop with coreboot installed Qubes 4.0 is actually my end target usage scenario, however it defaults to using HVMs (vs. 3.2 which defaulted to PV) so I was unable to run it at all until I managed to switch everything to PV. I ruled the freezes out as a Qubes issue by performing a fresh install of Fedora 26, and installing Xen 4.8.2 from repository on it. Creating and starting PVs worked but I was able to recreate the lock up by creating a HVM on Xen and trying to start it. > Please go to Qubes HCL hardware compatibility list page - > https://www.qubes-os.org/hcl/ , > and look at G505S report for Qubes R3.2 version - both HVM and IOMMU > and even SLAT : > all these hardware virtualization functions are working perfectly. Mine reports they are enabled as well, it's just when I attempt to use an HVM I'm experiencing the freeze! Thus my plea for help to the list to see if anyone has actually tried to use an HVM on this Corebooted hardware. > also please read this message: > https://groups.google.com/forum/#!msg/qubes-users/TS1zfKZ7q8w/JQFkVF4xBgAJ > it contains a link to a forum post with attachments, not just .config > but also the coreboot G505S binaries > which have been tested with Qubes OS > (yes they have been done almost 1 year ago, outdated, but they contain > some nice extra stuff) I did see that post, thank you. It was one of the ones that convinced me to buy this particular laptop for Qubes usage. I followed the guide in the forum link to build Coreboot. I've tried it with and without Yabel and multiple other settings but they've all resulted in the freeze. > about 0 bytes cpu_microcode_blob.bin - if you look at the memory map > of 1 year old coreboot G505S build, > (provided below), there is no microcode. My guess is that no microcode > is needed for A10-5750M APU, > it is Richland architecture which is pretty refined, not even sure if > the microcode updates exist for this one - > please tell me if I'm wrong here Maybe there isn't one at all. The processor isn't that old but it's already hard to find vendor documentation on it. If I can't find anyone who can verify success with HVMs, my next step will be to try KVM and ESXi on it to see if I can recreate the issue. Last resort is to flash back the OEM image but I'm hoping to avoid that.

2 1

Re: [coreboot] Would This Work With Coreboot?
by Peter Stuge Nov. 29, 2017

Nov. 29, 2017

Jay Goldfrapp wrote: > Chipset Mobile Intel PM965 No. If you can do chipset development there exists a started 965 work-in-progress, which hasn't progressed in a couple of years. > It has Intel AMT which I would like disabled. I heard that with older AMT > implementations like this the flash can be slightly modified to disable. This is not one of those. AFAIK there's no flash for the 965 AMT, but I'm not completely sure on that. You'll have to study hard-to-find documentation for the 965 chipset as well as the particular companion LAN PCI chip on the mainboard. > So using Coreboot seems a relatively safe way. Don't ask what coreboot can do for you, ask what you can do for coreboot. ;) //Peter

2 1