Issue #420 has been reported by Krystian Hebel.
----------------------------------------
Feature #420: Use standard format of TPM event log
https://ticket.coreboot.org/issues/420
* Author: Krystian Hebel
* Status: New
* Priority: Normal
* Target version: none
* Start date: 2022-10-12
* Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementa…
[2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05…
----------------------------------------
Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account
Issue #433 has been reported by Michał Żygowski.
----------------------------------------
Feature #433: Unify TPM drivers in coreboot
https://ticket.coreboot.org/issues/433
* Author: Michał Żygowski
* Status: New
* Priority: Normal
* Target version: none
* Start date: 2022-10-24
----------------------------------------
Add an option to compile all drivers for TPM 1.2, 2.0 TIS and CRB. The motivation is to not build multiple coreboot ROMs for each possible TPM supported by the platform.
The tasks would include:
- runtime TPM detection (probing TPM_INTF_CAPABILITY and TPM_INTERFACE_ID)
- rename the TPM driver functions, make them static and expose them as a driver structure, e.g.
struct tpm_driver {
void (*init)(void);
int (*open)(void);
int (*close)(void);
int (*sendrecv)(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf, size_t *recv_len);
}
- based on the detected TPM, hook the tpm_driver functions to provide the global TPM API: tis_open, tis_close, tis_init, tis_sendrecv. Some additional API to get vendor/device name could also be considered.
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account
If I use a default config for i440fx/piix4, building a 16MB ROM works
fine, but 32MB or 64MB doesn't work anymore:
...
CC postcar/southbridge/intel/common/rtc.o
LINK cbfs/fallback/postcar.debug
OBJCOPY cbfs/fallback/romstage.elf
CREATE build/mainboard/emulation/qemu-i440fx/cbfs-file.vqaXlP.out
(from /home/my_custom_path_to/coreboot/.config)
CC+STRIP src/lib/cbfs_master_header.c
OBJCOPY cbfs/fallback/bootblock.elf
OBJCOPY bootblock.raw.elf
OBJCOPY bootblock.raw.bin
Created CBFS (capacity = 33553892 bytes)
BOOTBLOCK
CBFS cbfs_master_header
CBFS fallback/romstage
cbfstool: /home/my_custom_path_to/coreboot/util/cbfstool/cbfstool.c:1145:
cbfstool_convert_mkstage: Assertion
`IS_HOST_SPACE_ADDRESS(host_space_address)' failed.
make: *** [Makefile.inc:1116: build/coreboot.pre] Aborted
--
Best regards, Mike Banon
Open Source Community Manager of 3mdeb - https://3mdeb.com/
Dear friends, please take a look at this change:
https://review.coreboot.org/c/coreboot/+/76832
This script reverts the opensource AGESA AMD boards removal that happened
after 5e8e911b7caee021faff96c4e82a77a42544ea62 (0 point of history, or 0 PoH)
- by git-reverting:
1) the "bad commits" (marked as "CBF" = coreboot build failure)
- that either remove or break a code needed for our boards
2) the "unlucky commits" (marked as "GRF" = git revert failure)
- that are a roadblock for git-reverting the "bad commits"
Right now at 3bd83b27afbc840f184b652a1dd8ed539623a258 (3765 PoH), it takes
38 CBF git reverts - just 1% of 3765 commits since the OSS AGESA removal! -
- making this removal look questionable and the idea of restoration viable.
Btw plenty of these git reverts could be avoided if the changes to the
"dropped code" are allowed: i.e. instead of git reverting the four
patches numbered 497-500 at the script above, one could simply add a
single " #define SPEEDSTEP_APIC_MAGIC 0xACAC " somewhere. Therefore
the real number of "bad commits" (which either remove our boards or
break the things for us) isn't that great and the opensource AGESA
boards really can be brought back to coreboot with a bunch of ifdef's
etc. Please let me know if you're interested in such a quest...
SUCCESSFUL TESTS for the opensource AGESA boards which I own (Lenovo G505S -
- fam15 laptop, ASUS A88XM-E - fam15 desktop, ASUS AM1I-A - fam16 desktop) :
1) only build:
69ffebf5ccf123bc0b3fb28b485985af0597761d (3698 PoH) for AM1I-A,
most likely boot works too but I didn't have the time to test
2) build & boot:
69ffebf5ccf123bc0b3fb28b485985af0597761d (3698 PoH) for G505S and A88XM-E
11ba8ebbcc662ebd1dc8e14372a020eb32f26561 (3741 PoH) for G505S test only
--
Best regards, Mike Banon
Open Source Community Manager of 3mdeb - https://3mdeb.com/
Issue #475 has been reported by Bill XIE.
----------------------------------------
Bug #475: mainboard_vbt_filename() in src/mainboard/lenovo/x200/blc.c does not work as intended
https://ticket.coreboot.org/issues/475
* Author: Bill XIE
* Status: New
* Priority: Normal
* Assignee: Arthur Heymans
* Category: board support
* Target version: master
* Start date: 2023-03-30
* Affected versions: 4.15, 4.16, 4.17, 4.18, 4.19, master
* Affected hardware: x200
----------------------------------------
Date back to coreboot 4.9, mainboard_vbt_filename() in src/mainboard/lenovo/x200/blc.c calls get_blc_pwm_freq_value(NULL), making the following if condition always falling to the first, not to mention null dereference on strcmp() in get_blc_pwm_freq_value().
In order to determine the correct vbt filename at runtime, edid ascii string should be obtained first.
This issue may be distantly related to #474.
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account
Issue #485 has been reported by Rajat Dongre.
----------------------------------------
Support #485: Request for Support for Intel Xeon 1700 D Processor Family in Coreboot(Ice Lake)
https://ticket.coreboot.org/issues/485
* Author: Rajat Dongre
* Status: New
* Priority: Immediate
* Assignee: Rajat Dongre
* Target version: none
* Start date: 2023-04-27
----------------------------------------
Hi,
I am writing this email to request support for the Intel Xeon 1700 D processor family (Ice Lake) in Coreboot. As you may be aware, the support for the IceLake SOC has been removed, and I am using a processor from the same family.
I would appreciate any help or guidance on how to bring up my processor using Coreboot. I have been using Coreboot for some time and am familiar with its functionalities, but I am facing difficulties with the processor mentioned above. and Can I used to older version of coreboot where you give support for the Ice lake but the Intel Xeon 1700 D processor family launch in Dec 2022. so I have doubt I will work for this SOC as the Icelake is not updated from last 4 years in coreboot.
I would be grateful if you could provide any relevant documentation, code, or instructions to help me with my request. I believe that my request will not only benefit me but also other members of the community who are facing similar challenges.
Thank you for your time and consideration, and I look forward to hearing from you soon.
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account
Issue #479 has been reported by Jonas Termansen.
----------------------------------------
Other #479: [legal] ISC License copyright violation in ubsan
https://ticket.coreboot.org/issues/479
* Author: Jonas Termansen
* Status: New
* Priority: Normal
* Target version: none
* Start date: 2023-04-09
----------------------------------------
Hi :)
coreboot has removed my copyright statement from the ubsan implementation, which violates my copyright as licensed to you under the terms of the ISC License:
```
* Copyright (c) 2014, 2015 Jonas 'Sortie' Termansen.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* ...
```
The file in question is: https://github.com/coreboot/coreboot/blob/master/src/lib/ubsan.c
The file does clearly state it's forked from my original ubsan implementation: https://gitlab.com/sortix/sortix/-/blob/master/libc/ubsan/ubsan.c
However, the coreboot copy has removed my copyright notice, which is one of only two terms of the license. It's fine that the permission notice has been changed to `SPDX-License-Identifier: ISC` which is unambiguously information preserving, but removing my copyright notice is a loss of information.
The copyright notice was removed in https://github.com/coreboot/coreboot/commit/16849bbe0c8a79277e1a682dcb42eaf… which moved my name to AUTHORS. Although a mention in AUTHORS is appreciated, it removes the association between the file's contents and my identity and my moral rights to my work. Although the full information is available in the git history, that's not good enough. I'm concerned that further copies of the file in other projects may lose the authorship information entirely.
Please restore my copyright notice at the top of the file :)
Jonas 'Sortie' Termansen
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account
Issue #500 has been reported by Thierry Laurion.
----------------------------------------
Bug #500: libgfxinit bootsplash only supports jpeg and does not support extended resolutions
https://ticket.coreboot.org/issues/500
* Author: Thierry Laurion
* Status: New
* Priority: Normal
* Assignee: Patrick Georgi
* Category: coreboot common code
* Target version: master
* Start date: 2023-07-13
* Related links: https://github.com/coreboot/coreboot/blob/master/src/lib/jpeg.chttps://git.seabios.org/seabios.git/https://github.com/osresearch/heads/pull/1403/commits/659308eff53f39633ffad…
WiP PoC: https://github.com/osresearch/heads/pull/1403
* Affected hardware: iGPU driven by libgfxinit
* Affected OS: All
----------------------------------------
For those of you on matrix, the discussion happened at https://matrix.to/#/!BZxDFuoBnMKnzVZwEp:libera.chat/$pQoGnN9DnokZ875fTbHiAt…
Short version:
- libgfxinit bootsplash through jpeg.c supports VESA old resolutions (1024x768)
- libgfxinit bootsplash through jpeg.c doesn't support native resolutions (1366x768)
- libgfxinit bootsplash image creation requires voodoo skills explained at https://puri.sm/posts/librem-13-coreboot-report-february-25th-2017
- Basically, I do not think libgfxinit bootsplash is currently used otherwise there would be way more bug reports. Seabios is mostly used.
- Seabios bootsplash code should be borrowed (lgplv3) which supports both BMP and JPEG and is not 13yo.
- Coreboot should permit stiching of compressed bmp by default and deprecate old jpeg.c in tree
- By doing so, more people could promote coreboot directly from coreboot raminit (Heads currently does that)
Longer version:
- OSes are attacking legacy BIOS mode for a while now, and the next steps are to deprecate DRM drivers in initrd
- To phase DRM out, simplefb and simpledrm are promoted instead where final OS will be in charge of deploying bigger unified kernels containing/initrd which will contain the accelerated DRM and fb drivers
- Currently deploying DRM drivers inside of linuxboot (heads) on Intel iGPU requires to include i915drmfb, coreboot linux command lines hacks to have the FB address exposed (tainting the kernel) and kexec hacked to expose exposed fb address to next kernel (see https://github.com/osresearch/heads/pull/1378)
- Doing currently adds more then 500kb of in-kernel drivers, which bloats the firmware. In case of measured boot, that bigger payload needs to be measured prior of being read and jumped into (8-10 seconds under 5.10 kernel compared to 4-6 seconds under 4.14)
- To have legacy BIOS survive this ecosystem attack against legacy boot, coreboot needs to push for a more generic way to provide a framebuffer (GOP/Native unified approach)
- With libgfxinit/GOP/native gfx init and the kernel config adapted, linux can efficiently be used as a bootloader and be enabled by simplefb (https://github.com/osresearch/heads/pull/1403/commits/659308eff53f39633ffad…)
- The part missing is having coreboot drive the framebuffer with a native size bootsplash as everyone else does so that the waiting time to boot in kernel/payload is not a scary moment, and that the bootsplash doesn't restrict the size of the framebuffer configured under coreboot nor limit the UX.
Actual state:
- libgfxinit needs to have jpeg supported resolution to bootsplash (CONFIG_LINEAR_FRAMEBUFFER_MAX_HEIGHT=768 CONFIG_LINEAR_FRAMEBUFFER_MAX_WIDTH=1024)
- libgfxinit bootsplash needs to have a 1024x768 voodoo crafted jpeg (https://github.com/osresearch/heads/blob/master/blobs/ThePlexus-bootsplash-…)
- Problem is that doing so, the whole console is limited to that resolution showing black borders on each side of the screen to compensate (1366 != 1024, so (1366-1024)/2 is the loss pixel width on each side of the screen for 1366x764, same applying to all other resolutions since needs to be 4x4 for jpeg.c to do its job.
Desired state:
- flat bmp support in native format just like seabios support, where coreboot compressed them prior of adding it into CBFS.
- support for all crazy resolutions we currently have, not being stuck in 2000.
- Be able to promote coreboot from raminit code.
---Files--------------------------------
signal-2023-07-13-164022.jpeg (269 KB)
signal-2023-07-13-164047.jpeg (416 KB)
VID_20230713_154446.mp4 (3.78 MB)
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account
Issue #511 has been reported by Elias Souza.
----------------------------------------
Bug #511: [STM/PE][BUG][SMMSTORE] Coreboot doesn't boot if SMMSTOREv2 driver Kconfig option is enabled
https://ticket.coreboot.org/issues/511
* Author: Elias Souza
* Status: Needs Testing
* Priority: High
* Category: coreboot common code
* Target version: 4.21
* Start date: 2023-10-09
* Affected hardware: is necessary testing in newest hardwares include Haswell and Kaby Lake, but idk if affect other platforms different than Sandybridge
* Affected OS: All
----------------------------------------
For some reason the SMMSTOREv2 looks to break SMMSTORE support in STM/PE during boot.
Coreboot: 4.21
HARDWARE: Gigabyte H61M-DS2 with Ivybridge processor
Payload: EDK2
SMMSTORE: SMMSTOREv2
A example with other guy using https://www.reddit.com/r/coreboot/comments/10rakni/comment/k444jz1/?context…
* According with the reddit user crazyfox-ua " The same for me on T440p & X230t (both with edk2) - just blank screen. Disabled STM brings both laptops back to life. CB logs says nothing strange IMO (last record is "[DEBUG] Jumping to boot code at <hex here>".
Is necessary to test if others payloads is affected by this bug
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account
Issue #512 has been reported by Bill XIE.
----------------------------------------
Bug #512: 1MiB heap breaks TSEG stage cache resume on many platforms
https://ticket.coreboot.org/issues/512
* Author: Bill XIE
* Status: Needs Testing
* Priority: High
* Assignee: Patrick Georgi
* Category: coreboot common code
* Target version: master
* Start date: 2023-10-27
* Affected versions: master
* Related links: https://review.coreboot.org/c/coreboot/+/78270https://review.coreboot.org/c/coreboot/+/78623
* Affected hardware: GM45, Ivy Bridge
* Affected OS: GNU/Linux
----------------------------------------
commit 44a48ce7a46c ("Kconfig: Bring HEAP_SIZE to a common, large value") proves to break S3 resume from TSEG stage cache on many platforms, including GM45 and Ivy Bridge.
```
coreboot-4.21-587-g9b230ae29557 Fri Oct 13 18:35:11 UTC 2023 x86_32 postcar starting (log level: 7)...
Timestamp - start of postcar: 248582576
Timestamp - end of postcar: 248589814
S3 Resume
Error: Can't find stage_cache 57a9e100 in imd
ramstage cache invalid.
board_reset() called!
system_reset() called!
```
It seems that the commit above has not experienced many test for S3 resume before getting merged.
The default heap size may have to be reconsidered.
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://ticket.coreboot.org/my/account