coreboot August 2023

coreboot@coreboot.org

23 participants
41 discussions

[coreboot - Feature #420] (New) Use standard format of TPM event log
by Krystian Hebel 07 Aug '24

07 Aug '24

Issue #420 has been reported by Krystian Hebel. ---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420 * Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementa… [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05… ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot. Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code. These changes could break assumptions made by existing platforms, so they should be made as Kconfig options. This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

4 12

[coreboot - Feature #433] (New) Unify TPM drivers in coreboot
by Michał Żygowski 24 Apr '24

24 Apr '24

Issue #433 has been reported by Michał Żygowski. ---------------------------------------- Feature #433: Unify TPM drivers in coreboot https://ticket.coreboot.org/issues/433 * Author: Michał Żygowski * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-24 ---------------------------------------- Add an option to compile all drivers for TPM 1.2, 2.0 TIS and CRB. The motivation is to not build multiple coreboot ROMs for each possible TPM supported by the platform. The tasks would include: - runtime TPM detection (probing TPM_INTF_CAPABILITY and TPM_INTERFACE_ID) - rename the TPM driver functions, make them static and expose them as a driver structure, e.g. struct tpm_driver { void (*init)(void); int (*open)(void); int (*close)(void); int (*sendrecv)(const uint8_t *sendbuf, size_t send_size, uint8_t *recvbuf, size_t *recv_len); } - based on the detected TPM, hook the tpm_driver functions to provide the global TPM API: tis_open, tis_close, tis_init, tis_sendrecv. Some additional API to get vendor/device name could also be considered. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

4 6

QEMU x86 i440fx/piix4 build fails for >= 32MB ROMs - Assertion IS_HOST_SPACE_ADDRESS(host_space_address) failed
by Mike Banon 20 Feb '24

20 Feb '24

If I use a default config for i440fx/piix4, building a 16MB ROM works fine, but 32MB or 64MB doesn't work anymore: ... CC postcar/southbridge/intel/common/rtc.o LINK cbfs/fallback/postcar.debug OBJCOPY cbfs/fallback/romstage.elf CREATE build/mainboard/emulation/qemu-i440fx/cbfs-file.vqaXlP.out (from /home/my_custom_path_to/coreboot/.config) CC+STRIP src/lib/cbfs_master_header.c OBJCOPY cbfs/fallback/bootblock.elf OBJCOPY bootblock.raw.elf OBJCOPY bootblock.raw.bin Created CBFS (capacity = 33553892 bytes) BOOTBLOCK CBFS cbfs_master_header CBFS fallback/romstage cbfstool: /home/my_custom_path_to/coreboot/util/cbfstool/cbfstool.c:1145: cbfstool_convert_mkstage: Assertion `IS_HOST_SPACE_ADDRESS(host_space_address)' failed. make: *** [Makefile.inc:1116: build/coreboot.pre] Aborted -- Best regards, Mike Banon Open Source Community Manager of 3mdeb - https://3mdeb.com/

6 11

Restoring the opensource AGESA boards takes just 1% of git reverts since their removal
by Mike Banon 26 Nov '23

26 Nov '23

Dear friends, please take a look at this change: https://review.coreboot.org/c/coreboot/+/76832 This script reverts the opensource AGESA AMD boards removal that happened after 5e8e911b7caee021faff96c4e82a77a42544ea62 (0 point of history, or 0 PoH) - by git-reverting: 1) the "bad commits" (marked as "CBF" = coreboot build failure) - that either remove or break a code needed for our boards 2) the "unlucky commits" (marked as "GRF" = git revert failure) - that are a roadblock for git-reverting the "bad commits" Right now at 3bd83b27afbc840f184b652a1dd8ed539623a258 (3765 PoH), it takes 38 CBF git reverts - just 1% of 3765 commits since the OSS AGESA removal! - - making this removal look questionable and the idea of restoration viable. Btw plenty of these git reverts could be avoided if the changes to the "dropped code" are allowed: i.e. instead of git reverting the four patches numbered 497-500 at the script above, one could simply add a single " #define SPEEDSTEP_APIC_MAGIC 0xACAC " somewhere. Therefore the real number of "bad commits" (which either remove our boards or break the things for us) isn't that great and the opensource AGESA boards really can be brought back to coreboot with a bunch of ifdef's etc. Please let me know if you're interested in such a quest... SUCCESSFUL TESTS for the opensource AGESA boards which I own (Lenovo G505S - - fam15 laptop, ASUS A88XM-E - fam15 desktop, ASUS AM1I-A - fam16 desktop) : 1) only build: 69ffebf5ccf123bc0b3fb28b485985af0597761d (3698 PoH) for AM1I-A, most likely boot works too but I didn't have the time to test 2) build & boot: 69ffebf5ccf123bc0b3fb28b485985af0597761d (3698 PoH) for G505S and A88XM-E 11ba8ebbcc662ebd1dc8e14372a020eb32f26561 (3741 PoH) for G505S test only -- Best regards, Mike Banon Open Source Community Manager of 3mdeb - https://3mdeb.com/

2 3

[coreboot - Bug #475] (New) mainboard_vbt_filename() in src/mainboard/lenovo/x200/blc.c does not work as intended
by Bill XIE 16 Nov '23

16 Nov '23

Issue #475 has been reported by Bill XIE. ---------------------------------------- Bug #475: mainboard_vbt_filename() in src/mainboard/lenovo/x200/blc.c does not work as intended https://ticket.coreboot.org/issues/475 * Author: Bill XIE * Status: New * Priority: Normal * Assignee: Arthur Heymans * Category: board support * Target version: master * Start date: 2023-03-30 * Affected versions: 4.15, 4.16, 4.17, 4.18, 4.19, master * Affected hardware: x200 ---------------------------------------- Date back to coreboot 4.9, mainboard_vbt_filename() in src/mainboard/lenovo/x200/blc.c calls get_blc_pwm_freq_value(NULL), making the following if condition always falling to the first, not to mention null dereference on strcmp() in get_blc_pwm_freq_value(). In order to determine the correct vbt filename at runtime, edid ascii string should be obtained first. This issue may be distantly related to #474. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

2 4

[coreboot - Support #485] (New) Request for Support for Intel Xeon 1700 D Processor Family in Coreboot(Ice Lake)
by Rajat Dongre 16 Nov '23

16 Nov '23

Issue #485 has been reported by Rajat Dongre. ---------------------------------------- Support #485: Request for Support for Intel Xeon 1700 D Processor Family in Coreboot(Ice Lake) https://ticket.coreboot.org/issues/485 * Author: Rajat Dongre * Status: New * Priority: Immediate * Assignee: Rajat Dongre * Target version: none * Start date: 2023-04-27 ---------------------------------------- Hi, I am writing this email to request support for the Intel Xeon 1700 D processor family (Ice Lake) in Coreboot. As you may be aware, the support for the IceLake SOC has been removed, and I am using a processor from the same family. I would appreciate any help or guidance on how to bring up my processor using Coreboot. I have been using Coreboot for some time and am familiar with its functionalities, but I am facing difficulties with the processor mentioned above. and Can I used to older version of coreboot where you give support for the Ice lake but the Intel Xeon 1700 D processor family launch in Dec 2022. so I have doubt I will work for this SOC as the Icelake is not updated from last 4 years in coreboot. I would be grateful if you could provide any relevant documentation, code, or instructions to help me with my request. I believe that my request will not only benefit me but also other members of the community who are facing similar challenges. Thank you for your time and consideration, and I look forward to hearing from you soon. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

5 6

[coreboot - Other #479] (New) [legal] ISC License copyright violation in ubsan
by Jonas Termansen 16 Nov '23

16 Nov '23

Issue #479 has been reported by Jonas Termansen. ---------------------------------------- Other #479: [legal] ISC License copyright violation in ubsan https://ticket.coreboot.org/issues/479 * Author: Jonas Termansen * Status: New * Priority: Normal * Target version: none * Start date: 2023-04-09 ---------------------------------------- Hi :) coreboot has removed my copyright statement from the ubsan implementation, which violates my copyright as licensed to you under the terms of the ISC License: ``` * Copyright (c) 2014, 2015 Jonas 'Sortie' Termansen. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * ... ``` The file in question is: https://github.com/coreboot/coreboot/blob/master/src/lib/ubsan.c The file does clearly state it's forked from my original ubsan implementation: https://gitlab.com/sortix/sortix/-/blob/master/libc/ubsan/ubsan.c However, the coreboot copy has removed my copyright notice, which is one of only two terms of the license. It's fine that the permission notice has been changed to `SPDX-License-Identifier: ISC` which is unambiguously information preserving, but removing my copyright notice is a loss of information. The copyright notice was removed in https://github.com/coreboot/coreboot/commit/16849bbe0c8a79277e1a682dcb42eaf… which moved my name to AUTHORS. Although a mention in AUTHORS is appreciated, it removes the association between the file's contents and my identity and my moral rights to my work. Although the full information is available in the git history, that's not good enough. I'm concerned that further copies of the file in other projects may lose the authorship information entirely. Please restore my copyright notice at the top of the file :) Jonas 'Sortie' Termansen -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

2 4

[coreboot - Bug #500] (New) libgfxinit bootsplash only supports jpeg and does not support extended resolutions
by Thierry Laurion 16 Nov '23

16 Nov '23

Issue #500 has been reported by Thierry Laurion. ---------------------------------------- Bug #500: libgfxinit bootsplash only supports jpeg and does not support extended resolutions https://ticket.coreboot.org/issues/500 * Author: Thierry Laurion * Status: New * Priority: Normal * Assignee: Patrick Georgi * Category: coreboot common code * Target version: master * Start date: 2023-07-13 * Related links: https://github.com/coreboot/coreboot/blob/master/src/lib/jpeg.c https://git.seabios.org/seabios.git/ https://github.com/osresearch/heads/pull/1403/commits/659308eff53f39633ffad… WiP PoC: https://github.com/osresearch/heads/pull/1403 * Affected hardware: iGPU driven by libgfxinit * Affected OS: All ---------------------------------------- For those of you on matrix, the discussion happened at https://matrix.to/#/!BZxDFuoBnMKnzVZwEp:libera.chat/$pQoGnN9DnokZ875fTbHiAt… Short version: - libgfxinit bootsplash through jpeg.c supports VESA old resolutions (1024x768) - libgfxinit bootsplash through jpeg.c doesn't support native resolutions (1366x768) - libgfxinit bootsplash image creation requires voodoo skills explained at https://puri.sm/posts/librem-13-coreboot-report-february-25th-2017 - Basically, I do not think libgfxinit bootsplash is currently used otherwise there would be way more bug reports. Seabios is mostly used. - Seabios bootsplash code should be borrowed (lgplv3) which supports both BMP and JPEG and is not 13yo. - Coreboot should permit stiching of compressed bmp by default and deprecate old jpeg.c in tree - By doing so, more people could promote coreboot directly from coreboot raminit (Heads currently does that) Longer version: - OSes are attacking legacy BIOS mode for a while now, and the next steps are to deprecate DRM drivers in initrd - To phase DRM out, simplefb and simpledrm are promoted instead where final OS will be in charge of deploying bigger unified kernels containing/initrd which will contain the accelerated DRM and fb drivers - Currently deploying DRM drivers inside of linuxboot (heads) on Intel iGPU requires to include i915drmfb, coreboot linux command lines hacks to have the FB address exposed (tainting the kernel) and kexec hacked to expose exposed fb address to next kernel (see https://github.com/osresearch/heads/pull/1378) - Doing currently adds more then 500kb of in-kernel drivers, which bloats the firmware. In case of measured boot, that bigger payload needs to be measured prior of being read and jumped into (8-10 seconds under 5.10 kernel compared to 4-6 seconds under 4.14) - To have legacy BIOS survive this ecosystem attack against legacy boot, coreboot needs to push for a more generic way to provide a framebuffer (GOP/Native unified approach) - With libgfxinit/GOP/native gfx init and the kernel config adapted, linux can efficiently be used as a bootloader and be enabled by simplefb (https://github.com/osresearch/heads/pull/1403/commits/659308eff53f39633ffad…) - The part missing is having coreboot drive the framebuffer with a native size bootsplash as everyone else does so that the waiting time to boot in kernel/payload is not a scary moment, and that the bootsplash doesn't restrict the size of the framebuffer configured under coreboot nor limit the UX. Actual state: - libgfxinit needs to have jpeg supported resolution to bootsplash (CONFIG_LINEAR_FRAMEBUFFER_MAX_HEIGHT=768 CONFIG_LINEAR_FRAMEBUFFER_MAX_WIDTH=1024) - libgfxinit bootsplash needs to have a 1024x768 voodoo crafted jpeg (https://github.com/osresearch/heads/blob/master/blobs/ThePlexus-bootsplash-…) - Problem is that doing so, the whole console is limited to that resolution showing black borders on each side of the screen to compensate (1366 != 1024, so (1366-1024)/2 is the loss pixel width on each side of the screen for 1366x764, same applying to all other resolutions since needs to be 4x4 for jpeg.c to do its job. Desired state: - flat bmp support in native format just like seabios support, where coreboot compressed them prior of adding it into CBFS. - support for all crazy resolutions we currently have, not being stuck in 2000. - Be able to promote coreboot from raminit code. ---Files-------------------------------- signal-2023-07-13-164022.jpeg (269 KB) signal-2023-07-13-164047.jpeg (416 KB) VID_20230713_154446.mp4 (3.78 MB) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

4 10

[coreboot - Bug #508] (New) Dojo fails to boot from NVMe with CONFIG_RESOURCE_ALLOCATION_TOP_DOWN enabled
by Yu-Ping Wu 17 Oct '23

17 Oct '23

Issue #508 has been reported by Yu-Ping Wu. ---------------------------------------- Bug #508: Dojo fails to boot from NVMe with CONFIG_RESOURCE_ALLOCATION_TOP_DOWN enabled https://ticket.coreboot.org/issues/508 * Author: Yu-Ping Wu * Status: New * Priority: Normal * Assignee: Nico Huber * Target version: none * Start date: 2023-08-31 * Affected versions: 4.21 ---------------------------------------- Similar to #499, after https://review.coreboot.org/c/coreboot/+/75012, Dojo fails to boot. Disabling CONFIG_RESOURCE_ALLOCATION_TOP_DOWN fixes the problem. However I'm not sure how to fix it from MediaTek's PCIe functions or settings (for example mtk_pcie_domain_read_resources). ---Files-------------------------------- ap-bad.log (32.8 KB) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

2 5

[coreboot - Bug #505] (New) Intel Harcuvar CRB Denverton_NS С3000. Only 15 cores of a 16 core processor is defined in the operating system.
by Dmitry Ponamorev 15 Sep '23

15 Sep '23

Issue #505 has been reported by Dmitry Ponamorev. ---------------------------------------- Bug #505: Intel Harcuvar CRB Denverton_NS С3000. Only 15 cores of a 16 core processor is defined in the operating system. https://ticket.coreboot.org/issues/505 * Author: Dmitry Ponamorev * Status: New * Priority: Normal * Assignee: Angel Pons * Category: board support * Target version: 4.15 * Start date: 2023-08-22 * Affected versions: 4.15 * Affected hardware: Intel Harcuvar CRB, Intel(R) Atom(TM) CPU C3958 * Affected OS: Debian 11, Ubunto 20.04 (and later) ---------------------------------------- Found a bug with the definition of not all processor cores of the Intel(R) Atom(TM) CPU C3958 processor in operating systems. The Debian or Ubuntu operating system defines only 15 cores. The problem concerns exactly the 16th core processor. For processors with fewer cores, the number of cores is determined correctly. The problem was found in coreboot version 4.14 and later. Version coreboot 4.11 did not have this problem. Most likely this is due to incorrect initialization of apic_id. (apic_id 0) An example of the initialization output of the processor cores is below: Will perform SMM setup. CPU: Intel(R) Atom(TM) CPU C3958 @ 2.00GHz. AP: slot 1 apic_id 6, MCU rev: 0x00000034 AP: slot 13 apic_id 1e, MCU rev: 0x00000034 AP: slot 6 apic_id a, MCU rev: 0x00000034 AP: slot 14 apic_id e, MCU rev: 0x00000034 AP: slot 5 apic_id 4, MCU rev: 0x00000034 AP: slot 2 apic_id 10, MCU rev: 0x00000034 AP: slot 4 apic_id 14, MCU rev: 0x00000034 AP: slot 11 apic_id 1c, MCU rev: 0x00000034 AP: slot 15 apic_id 8, MCU rev: 0x00000034 AP: slot 8 apic_id 16, MCU rev: 0x00000034 AP: slot 10 apic_id c, MCU rev: 0x00000034 AP: slot 3 apic_id 1a, MCU rev: 0x00000034 AP: slot 9 apic_id 2, MCU rev: 0x00000034 AP: slot 7 apic_id 12, MCU rev: 0x00000034 AP: slot 12 apic_id 18, MCU rev: 0x00000034 smm_place_entry_code: smbase 7ffe8400, stack_top 7fe08000 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffec000, cpu = 0 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffe9000, cpu = 12 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffe8800, cpu = 14 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffe9c00, cpu = 9 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffe8400, cpu = 15 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffeb800, cpu = 2 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffe9400, cpu = 11 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffe8c00, cpu = 13 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffea000, cpu = 8 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffeb400, cpu = 3 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffeb000, cpu = 4 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffea400, cpu = 7 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffe9800, cpu = 10 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffebc00, cpu = 1 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffea800, cpu = 6 smm_do_relocation : curr_smbase 0x30000 perm_smbase 0x7ffeac00, cpu = 5 Initializing CPU #0 Turbo is unavailable CPU #0 initialized Initializing CPU #8 Initializing CPU #12 Initializing CPU #14 Initializing CPU #4 Initializing CPU #9 Initializing CPU #10 Initializing CPU #1 Initializing CPU #15 Initializing CPU #7 Initializing CPU #11 Initializing CPU #3 Initializing CPU #2 Initializing CPU #13 Initializing CPU #6 CPU #7 initialized CPU #14 initialized CPU #15 initialized CPU #2 initialized CPU #6 initialized CPU #12 initialized Initializing CPU #5 CPU #3 initialized CPU #1 initialized CPU #10 initialized CPU #4 initialized CPU #11 initialized CPU #5 initialized CPU #9 initialized CPU #8 initialized CPU #13 initialized -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

1 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

coreboot August 2023