March 2018 - coreboot - mail.coreboot.org

How to start GRUB2 in graphic mode as primary payload?
by G March 25, 2018

March 25, 2018

Hello, i'm trying to run GRUB2 in graphic mode as coreboot payload on a Thinkpad x220, attached are the relevant coreboot/grub config. When on GRUB2 console i run 'videoinfo' it returns an empty list so i guess it actually doesn't start in video mode (so it also doesn't set the background image) Still i can't figure out what i'm missing. Here's the relevant grub part set prefix=(memdisk)/boot/grub insmod nativedisk insmod ehci insmod ohci insmod uhci insmod usb insmod usbms insmod chain terminal_input --append at_keyboard terminal_output --append cbmemc set menu_color_normal=white/black set menu_color_highlight=white/cyan gfxpayload=keep terminal_output --append gfxterm set gfxmode=1366x768x32 load_video insmod gfxterm set default="0>0" set timeout=1 set pager=1 insmod jpeg background_image (cbfsdisk)/bg.jpg loadfont (memdisk)/dejavusansmono.pf2 keymap usqwerty

2 5

Re: [coreboot] Server systems shipped with coreboot
by Taiidan＠gmx.com March 25, 2018

March 25, 2018

On 03/24/2018 09:21 AM, Alberto Bursi wrote: > I was writing within context of this mail thread. > > This mail "thread" is about Coreboot on server systems, and no major > manufacturer I know of, apart from IBM and the board from Raptor > Engineering ever used Coreboot on server systems, so yeah, on server > boards it is nearly always retrofitted by the end user or some third > party that resells it. They haven't sold boards with it and I am not entirely sure if it was an official effort but people from Supermicro and AMD worked on the coreboot ports for the H8SCM and maybe a couple other devices.

1 0

Re: [coreboot] Server systems shipped with coreboot
by ron minnich March 25, 2018

March 25, 2018

On Sat, Mar 24, 2018 at 6:22 AM Alberto Bursi <alberto.bursi(a)outlook.it> wrote: > I was writing within context of this mail thread. > > This mail "thread" is about Coreboot on server systems, and no major > manufacturer I know of, apart from IBM and the board from Raptor > Engineering ever used Coreboot on server systems, so yeah,\ > Linux NetworX shipped several hundred thousand server boards in the early to mid 2000s with linuxbios supplied. Most were x86, mixed intel and AMD, and some were Alpha. There were also a few others but no one on that scale. But, it happened. ron

1 0

Re: [coreboot] Server systems shipped with coreboot
by thierry.laurion＠gmail.com March 25, 2018

March 25, 2018

Sorry for the previous mistypings. Redoing this mail properly. On 03/24/2018 07:41 PM, Thierry Laurion wrote: > Hi all, > > Le ven. 23 mars 2018 13:56, <tpearson(a)raptorengineering.com <mailto:tpearson@raptorengineering.com>> a écrit : > > I am not a lawyer, but have some understanding of the relevant liability > law. This is not legal advice. > > If damage is cause to the hardware that the ME would have prevented, very > likely. > Damage prevented by ME? > > Same goes for any security holes opened by removing the ME. > Security holes opened by removing the ME? fTPM? What else is implied here? > > This > is not a supported option by Intel, so (practically*) they have no further > liability for anything that goes wrong on ME scrubbed systems. > > * You would need to prove in an airtight manner that the same defect shows > up on fully updated ME-enabled systems. Given the closed nature of the ME > this may be difficult in a legal environment short of reproducing a defect > across multiple ME-enabled identical systems. > > > Hi all, > > > > Searching legal implications of reselling deblobbed hardware, and can't > > fight straight answers. > > > > If the bios is replaced, and ME is disabled with its modules erased, could > > the maker pursue the seller for having made those modifications? > > > > Thanks, > > Thierry > > > > Le mar. 23 janv. 2018 13:56, Timothy Pearson > > <tpearson(a)raptorengineering.com <mailto:tpearson@raptorengineering.com>> > > a écrit : > > > 4 cores, SMT4. There's an 8-core available for $190 more, and AFAIK > there are plans to start offering an 18-core server chip very shortly. > > These are the OpenPOWER machines, so there is hardware virtualization > support (including I/O passthrough) that works well with kvm and QEMU. > I haven't really heard anything referred to as "LPAR" on these newer > POWER8/POWER9 machines outside of legacy documents. > > On 01/23/2018 12:47 PM, ron minnich wrote: > > how many cores is that? Does it come with LPAR? > > > On Mon, Jan 22, 2018 at 9:48 PM Taiidan(a)gmx.com <mailto:Taiidan@gmx.com> > <mailto:Taiidan@gmx.com <mailto:Taiidan@gmx.com>> > > <Taiidan(a)gmx.com <mailto:Taiidan@gmx.com> <mailto:Taiidan@gmx.com > <mailto:Taiidan@gmx.com>>> wrote: > > > In case anyone wants to know the (non-coreboot) libre firmware > TALOS > 2 > > single CPU/board combo is now only 2.5K. > > > I still can't figure out how they managed to make it so > affordable, > this > > is seriously great. > > > -- > > coreboot mailing list: coreboot(a)coreboot.org > <mailto:coreboot@coreboot.org> > > <mailto:coreboot@coreboot.org <mailto:coreboot@coreboot.org>> > > https://mail.coreboot.org/mailman/listinfo/coreboot > > > > >> > >> -- > >> coreboot mailing list: coreboot(a)coreboot.org <mailto:coreboot@coreboot.org> > >> https://mail.coreboot.org/mailman/listinfo/coreboot > >> > > > >

1 0

Re: [coreboot] Server systems shipped with coreboot
by tpearson＠raptorengineering.com March 24, 2018

March 24, 2018

I am not a lawyer, but have some understanding of the relevant liability law. This is not legal advice. If damage is cause to the hardware that the ME would have prevented, very likely. Same goes for any security holes opened by removing the ME. This is not a supported option by Intel, so (practically*) they have no further liability for anything that goes wrong on ME scrubbed systems. * You would need to prove in an airtight manner that the same defect shows up on fully updated ME-enabled systems. Given the closed nature of the ME this may be difficult in a legal environment short of reproducing a defect across multiple ME-enabled identical systems. > Hi all, > > Searching legal implications of reselling deblobbed hardware, and can't > fight straight answers. > > If the bios is replaced, and ME is disabled with its modules erased, could > the maker pursue the seller for having made those modifications? > > Thanks, > Thierry > > Le mar. 23 janv. 2018 13:56, Timothy Pearson > <tpearson(a)raptorengineering.com> > a écrit : > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> 4 cores, SMT4. There's an 8-core available for $190 more, and AFAIK >> there are plans to start offering an 18-core server chip very shortly. >> >> These are the OpenPOWER machines, so there is hardware virtualization >> support (including I/O passthrough) that works well with kvm and QEMU. >> I haven't really heard anything referred to as "LPAR" on these newer >> POWER8/POWER9 machines outside of legacy documents. >> >> On 01/23/2018 12:47 PM, ron minnich wrote: >> > how many cores is that? Does it come with LPAR? >> > >> > On Mon, Jan 22, 2018 at 9:48 PM Taiidan(a)gmx.com >> <mailto:Taiidan@gmx.com> >> > <Taiidan(a)gmx.com <mailto:Taiidan@gmx.com>> wrote: >> > >> > In case anyone wants to know the (non-coreboot) libre firmware >> TALOS >> 2 >> > single CPU/board combo is now only 2.5K. >> > >> > I still can't figure out how they managed to make it so >> affordable, >> this >> > is seriously great. >> > >> > -- >> > coreboot mailing list: coreboot(a)coreboot.org >> > <mailto:coreboot@coreboot.org> >> > https://mail.coreboot.org/mailman/listinfo/coreboot >> > >> >> >> - -- >> Timothy Pearson >> Raptor Engineering >> +1 (415) 727-8645 (direct line) >> +1 (512) 690-0200 (switchboard) >> https://www.raptorengineering.com >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEcBAEBAgAGBQJaZ4U2AAoJEK+E3vEXDOFbBUEIAKxL6cD2L27yZh63OhM0TD8h >> BZD2r0nYF/NLfGi50KuMZPNzb2lpzgLHc06ZHZmJBU0sFUbTdI3WrYibDPtY4lva >> 1uG3gedN2u+sUCzTKrLILOyrstlJ2lQ4+8jxyO8PncK9Zx3LtgbSlGVGq+pvxsXI >> Ac8Yqm+de6Is8aaAHMMzaT9UNxcjXCAs/zZm3iWcPkA2B0CVVUoKnsFuhtGG1cGd >> j4bukGJrojkUMEFxIG93qphcurdP2AjuvOaUdZVuoC0uxdVL2az77SgRUH8Vmxdd >> SFhAzG7j4LsqGMwiZBkubBZpSMPj6kPyRQUIxwwAk/vRLpOxoPdaEbrI/9wyIaM= >> =PFaf >> -----END PGP SIGNATURE----- >> >> -- >> coreboot mailing list: coreboot(a)coreboot.org >> https://mail.coreboot.org/mailman/listinfo/coreboot >> >

3 2

Can the TPM work with only GRUB2 as payload?
by G March 24, 2018

March 24, 2018

Hello, I'm currently using coreboot with GRUB2 as a primary ad only payload an a ThinkPad X220 with Qubes OS. Everything works fairly smoothly except i can't get the TPM to work. From dmesg: [ 4.997508] tpm_tis 00:06: 1.2 TPM (device-id 0x0, rev-id 78) [ 5.029507] tpm tpm0: A TPM error (6) occurred attempting to read a pcr value [ 5.029514] tpm tpm0: TPM is disabled/deactivated (0x6) Relevant coreboot build config CONFIG_TPM_PIRQ=0x0 # CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set # CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set CONFIG_LPC_TPM=y CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 # CONFIG_TPM_INIT_FAILURE_IS_FATAL is not set # CONFIG_SKIP_TPM_STARTUP_ON_NORMAL_BOOT is not set # CONFIG_TPM_DEACTIVATE is not set # CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set # CONFIG_TPM is not set # CONFIG_MAINBOARD_HAS_TPM_CR50 is not set CONFIG_MAINBOARD_HAS_LPC_TPM=y # CONFIG_MAINBOARD_HAS_TPM2 is not set I tries setting CONFIG_TPM_DEACTIVATE=n and CONFIG_TPM=y but it looks like it has no effect. Also if using 'make menuconfig' the submenu relative to the TPM configuration is empty. Giulio

1 0

Re: [coreboot] Server systems shipped with coreboot
by Nico Huber March 24, 2018

March 24, 2018

On 23.03.2018 22:37, Alberto Bursi wrote: > I wanted to say what I said. > Dell, HP, Supermicro, Tyan, and whatever other OEM making commercial > servers I know of > is highly unlikely to accept a RMA or provide any support on their > hardware if you install Coreboot. What I was trying to tell you was that they might already ship hardware with coreboot. You make the impression that you have no idea about how much coreboot is already used in products. What you mean, I guess, is installing coreboot on hardware that didn't ship with it. But you make it sound like coreboot is always something retrofitted. Nico

2 1

Re: [coreboot] Server systems shipped with coreboot
by Taiidan＠gmx.com March 24, 2018

March 24, 2018

On 03/23/2018 06:33 PM, Alberto Bursi wrote: > Yeah, getting an RMA isn't hard if you just lie. Won't work for non-RMA support requests though. It isn't lying if OEM never stated pre-purchase that you aren't allowed to flash your own firmware. It is the same as how many laptop OEM's want you to have windows installed when you RMA a laptop. This type of issue was actually debated quite a bit back in the 70's (and now recently again) when car manufacturers tried to prevent people from using after-market parts or tuning their vehicle. https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty_Act https://www.sema.org/sema-enews/2011/01/ftc-validates-right-to-install-afte… http://www.dummies.com/home-garden/car-repair/keeping-your-mods-warranty-in… "Further, under the act, aftermarket equipment that improves performance does not automatically void a vehicle manufacturer’s original warranty, unless the warranty clearly states the addition of aftermarket equipment automatically voids your vehicle’s warranty, or if it can be proven that the aftermarket device is the direct cause of the failure." It is more relevant than ever considering how computerized a modern vehicle is and that making basic repairs these days requires firmware modifications on some vehicles (ex: the john deere tractor problem) and I am sure it will eventually end up in the supreme court. It is a damn shame now even cars have been made very complex and computerized for no real reason.

2 1

Re: [coreboot] Server systems shipped with coreboot
by Taiidan＠gmx.com March 23, 2018

March 23, 2018

On 03/23/2018 05:37 PM, Alberto Bursi wrote: > I wanted to say what I said. Dell, HP, Supermicro, Tyan, and whatever other OEM making commercial servers I know of is highly unlikely to accept a RMA or provide any support on their hardware if you install Coreboot. > Therefore any seller of such devices would have to provide such support and warranty on their own. > > If you just tampered the UEFI firmware is much less of an issue for RMA and support (in my experience), depending on how bad you tampered with it, anyway. Which is why you re-flash the original factory firmware before you RMA it >:D

2 1

Re: [coreboot] Server systems shipped with coreboot
by Nico Huber March 23, 2018

March 23, 2018

On 23.03.2018 20:28, Alberto Bursi wrote: > Of course they will have to be able to provide any warranty and support > over the devices they sell because Intel or whoever actually made the > server/board will not really support nor accept RMAs of stuff with > Coreboot on it. That's some unfortunate wording. I guess what you wanted to say is something like "stuff with tampered firmware". coreboot isn't strange to every manufacturer. Why would it be? it's the best firmware you can get for your hardware. Nico

2 1