coreboot

coreboot@coreboot.org

2 participants
39736 discussions

(preping to coreboot) laptop X230 stuck on 2.75 - I cannot downgrade to 2.60!
by bruno＠slingshotsecurity.pro 02 Mar '25

02 Mar '25

I think I got myself in trouble stuck on 2.75 - I cannot downgrade to 2.60 (X230) via IVprep or the lenovo tool (I get "This app can't run on your PC"). Is there a way forward, please? Here is what I did and was planning to do (1vyrain, skulls and clean/disable/break the Intel ME): ## 1. EC Patching (accept all batteries and keyboards) https://github.com/hamishcoleman/thinkpad-ec/ It recomends using on the last modifiable version: x230 -BIOS 2.75 (G2ETB5WW) EC 1.14 (G2HT35WW) Therefore I upgraded from my 2.55 to 2.75, by downloading g2uj31us.exe, saving on a usb stick and running on the target machine's windows (the bootable iso would not dd well to the usb stick). https://support.lenovo.com/ec/en/downloads/ds029187 ## 2. Downgrade from 2.75 to 2.60 (X230) (I cannot perform from here onwards): https://github.com/n4ru/IVprep/tree/master Downloaded both IVprep and g2uj17us.exe and saved on the usb stick to run on target machine's windows but then I get I get "This app can't run on your PC". I have tested with both: BIOS Setup -> Security -> UEFI BIOS Update Option. Set Flash BIOS Updating by End-Users to Enabled, and Secure RollBack Prevention to Disabled BIOS Setup -> Security -> UEFI BIOS Update Option. Set Flash BIOS Updating by End-Users to Enabled, and Secure RollBack Prevention to Enabled ## 3. Get rid of the ME https://github.com/corna/me_cleaner I gues for this one, I should boot the target machine with a Live Linux, clone the repo and execute ## 4. Install Skulls via 1vyrain https://github.com/n4ru/1vyrain This would be burn the usb stick to the 1vyrain, use the ethernet cable and the skulls release URL https://github.com/merge/skulls/releases ## This question has been also posted on: - https://github.com/n4ru/1vyrain/issues/144- https://forum.qubes-os.org/t/how-to-use-ivprep-and-1vyrain-and-disable-inte… https://github.com/merge/skulls/issues/302 - https://github.com/hamishcoleman/thinkpad-ec/issues/266

1 0

[coreboot - Bug #579] (New) MAC address programmed by coreboot to onboard RTL8111F does not persist
by Keith Hui 01 Mar '25

01 Mar '25

Issue #579 has been reported by Keith Hui. ---------------------------------------- Bug #579: MAC address programmed by coreboot to onboard RTL8111F does not persist https://ticket.coreboot.org/issues/579 * Author: Keith Hui * Status: New * Priority: Normal * Category: chipset configuration * Target version: none * Start date: 2025-03-01 * Related links: https://review.coreboot.org/c/coreboot/+/86172 * Affected hardware: Asus P8Z77-V LE PLUS w/ RTL8111F * Affected OS: Linux kernel 6.12.7 ---------------------------------------- I am producing a coreboot port on Asus P8Z77-V LE PLUS on which this issue is observed. It has a RTL8111F ethernet controller without EEPROM for vital product data. I enabled the rtl8168 driver in coreboot so I can configure the LEDs and MAC address. Lights work great, but the MAC address always revert to `00:00:00:00:00:05` by the Linux r8169 kernel module. I would then have to reassign its proper MAC address using `ip link change eno0 address <mac>`. The device appears to be taking the address I programmed, but r8169 reverts it both on init and teardown, insisting that `00:00:00:00:00:05` is its permanent MAC address. Survival of coreboot programmed MAC address before r8169 driver is confirmed by a debug read back I inserted in the coreboot rtl81xx driver, as well as by temporarily blacklisting r8169. Vendor firmware is unaffected. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account

1 0

Re: PC with coreboot - boot menu locked
by Paul Menzel 28 Feb '25

28 Feb '25

Dear Andrea, Welcome to coreboot. Please do not send messages over 500 kB (definitely not more than 1 MB) to mailing lists. Am 16.02.25 um 18:30 schrieb Andrea Battelli: > I have an embedded system that I want to reuse but the bios is locked up > and when I press the f12 key, it shows only a boot option (payload). How > can I disassemble the bios or rebuild another one? > > Attached is the dump of the rom and the screenshot of the boot menu It’d be great if you just copied the text output from the payload. SeaBIOS (version SageBIOS-20161017_085144-ttyree-dev-gtk-gtech-com) Select boot device: 1. Payload [igt_secure] Sage Engineering [1] *was* a company offering coreboot development a long time ago. No idea, if they upstreamed this board, or how to get the source code. What board is it exactly? Anyway, your attached dump has a coreboot image (CBFS – coreboot file system), you can dump with `cbfstool`: ``` $ ~/src/coreboot/util/cbfstool/cbfstool bios_igt_orig.bin print FMAP REGION: COREBOOT bios_igt_orig.bin: 16384 kB, bootblocksize 1024, romsize 16777216, offset 0xc00000 alignment: 64 bytes, architecture: x86 Name Offset Type Size Comp roothashes 0xc00000 (unknown) 192 none fallback/romstage 0xc00100 stage 60241 none fallback/ramstage 0xc0ecc0 stage 94548 none fallback/payload 0xc25e80 simple elf 49158 none bootsplash.jpg 0xc31ec0 bootsplash 48411 none etc/boot-menu-wait 0xc3dc40 raw 8 none (empty) 0xc3dc80 null 4888 none keyupdate 0xc3efc0 mma 8192 none (empty) 0xc41000 null 3992 none keystore 0xc41fc0 mrc 131072 none img/igt_secure 0xc62000 simple elf 83362 none vgaroms/videobios.rom 0xc76600 optionrom 65536 none (empty) 0xc86640 null 51544 none bootorder 0xc92fc0 raw 4096 none (empty) 0xc94000 null 2604952 none cpu_microcode_blob.bin 0xf0ffc0 microcode 38912 none (empty) 0xf19800 null 157592 none mrc.cache 0xf3ffc0 mrc_cache 65536 none (empty) 0xf50000 null 65432 none fsp.bin 0xf5ffc0 spd 524288 none (empty) 0xfe0000 null 12248 none bootorder_sata 0xfe3000 raw 4096 none bootorder_usb 0xfe4040 raw 4096 none bootorder_sec 0xfe5080 raw 4096 none (empty) 0xfe60c0 null 24 none rootpub 0xfe6100 fsp 2064 none (empty) 0xfe6940 null 103000 none ``` It does not seem to contain the build configuration, but you might be able to boot from a USB device. From there you should be able to read the logs with `cbmem` and find out the coreboot version and board name. Maybe that brings you further. I have never heard of `igt_secure`. As you can access the dump, you can at least build the payload yourself, and replace `fallback/payload` or add it under `img/`. Maybe that works. No idea if the keys/hashes verify anything from this. Anyway, the above should get you going. Kind regards, Paul [1]: https://se-eng.com/ [2]:

3 2

[p8x7x port] Realtek loses its mind & Marvell not going with times.
by Keith Hui 28 Feb '25

28 Feb '25

(Catchy subject eh? There's some truth to both.) My coreboot port to Asus P8Z77-V LE PLUS is almost ready, but I still have two outstanding problems. The board is losing its MAC address, partly because it doesn't have an EEPROM for vital product data. I enabled the rtl8168 driver in coreboot so I can configure the LEDs and MAC address. Lights work great, but the MAC address always revert to 00:00:00:00:00:05 by the time Linux kernel sees it. I would then have to reassign its proper MAC address using "ip link change eno0 address <mac>". I added a debug read back in the rtl81xx driver and the device appears to be taking the MAC I programmed. Board also has a Marvell 88SE9120 for two extra SATA ports. It came up in legacy mode and pata_marvell driver isn't able to operate it. I find no documentation on how to switch to AHCI mode like ASM1061. Needless to say those two ports are currently useless. Ideas? I'm hoping to get this and a few supporting patches in for next release. https://review.coreboot.org/c/coreboot/+/86172 Thanks Keith

1 0

Re: PC with coreboot - boot menu locked
by p db 27 Feb '25

27 Feb '25

This is NOT free hardware, that is, tying people to solutions: "Digital Restricted Management", when people will understand that they will have to start relying on free hardware solutions, as usual, it will always be too late. Best Regards, Paolo Del Bene Il Gio 27 Feb 2025, 19:57 Andrea Battelli <battelli2(a)gmail.com> ha scritto: > Hi, > > I have an embedded system that I want to reuse but the bios is locked up > and when I press the f12 key, it shows only a boot option (payload). How > can I disassemble the bios or rebuild another one? > > Attached is the dump of the rom and the screenshot of the boot menu > > Thanks > Andrea > > PS: I don't how if it helps but the cpu is a Intel Core i3 4010U > _______________________________________________ > coreboot mailing list -- coreboot(a)coreboot.org > To unsubscribe send an email to coreboot-leave(a)coreboot.org >

1 0

2025_02_26 coreboot Group Review Sesssion
by mina＠coreboot.org 24 Feb '25

24 Feb '25

Hello coreboot! Our upcoming biweekly group review meeting is scheduled for Wednesday, February 26. https://meet.google.com/kpu-yozw-gtt Please check the coreboot calendar for the time in your timezone: https://coreboot.org/calendar.html As usual, we'll begin by reviewing a few patches together, then switch to individual reviews. However, everyone will still be available if you have questions about the patch you're reviewing. Here is the link to the list of patches to be reviewed this week: (https://docs.google.com/spreadsheets/d/1io-tewVlkX3PAkhR9ttCKjJXiXR9Emy6qsY…). Kindly add any specific patches you'd like the group to review to the top of the sheet. Thank you. Best regards, Mina.

1 0

Change in coreboot leadership
by David Hendricks 22 Feb '25

22 Feb '25

Hi everyone, After six years on the coreboot leadership team I've decided it's time to pass the torch. I joined the leadership team in 2019 while on a mission to get coreboot back on servers and am pleased with the progress that's been made. Now it's time for me to focus on family and other things and make room for somebody more hands-on with the day-to-day activities of the entire community. I'm happy to announce that Martin Roth will be taking over my spot on the leadership team. Though there are several strong contributors in our community, the leadership team has unanimously selected Martin for this position based on his exceptional qualifications: * Over 26 years of combined firmware development experience, including 13 years in the coreboot community and 13 years of BIOS development prior, mostly at Cyrix/National Semiconductor and AMD. * Significant technical contributions through thousands of patches and thoughtful code reviews, along with mentoring several community members. * Martin has maintained coreboot infrastructure for many years, working behind the scenes to keep the whole project going on a shoestring budget. This included years of maintaining our build infrastructure on servers in his basement. * Extensive experience working with (or at) silicon vendors on the foundational components needed to enable coreboot on bleeding-edge x86 platforms (FSP, AGESA, OpenSIL). * Experience at a variety of companies serving various market segments, ranging from embedded systems at National Semiconductor and Sage, to laptops at AMD and Google, and servers at AMD. * Strong commitment to open-source principles combined with technical expertise to achieve the best possible outcomes in our challenging industry. I'll continue in an advisory role and am also ramping up on some administrative tasks to lighten Martin's load so that he has more time to focus on the codebase. Thanks everyone, and congratulations to Martin!

2 1

2025-02-19 - coreboot Leadership Meeting Minutes
by mina＠coreboot.org 20 Feb '25

20 Feb '25

# 2025-02-19 - coreboot Leadership Meeting ## Attendees Felix Singer, Andre, Martin Roth, David Hendricks, Alicja Michalska, Julius Werner, Werner Zeh, Matt DeVillier, Andy Ebrahiem, Mina Asante, Karthik Ramasubramanian, Jeremy Compostella. ## Open Action Items * 2024-11-27 * [Open] Send out poll with regards to LLM usage (requested by SFC) * 2024-10-30 * [Open] Add clarification to docs, “do not use gerrit change-id or CB: format in reference to already-merged patches”. * 2024-10-16 * [Open] Matt: Set up a meeting to discuss board status alternatives and send out invites. * Decouple data collection with uploading * Require gerrit credentials or other auth to push * Json format? * https://github.com/chrultrabook/linux-tools/blob/main/debugging.sh * 2024-09-18 * [Open] Jon: Schedule a dedicated meeting to discuss the Coverity defects and action plan. * Werner: Send out an invite for the meeting. Sent out a poll to find a time slot: https://rallly.co/invite/1c8J3azXAcje * 2024-05-01 * [Open] Nick Van Der Harst volunteered for Dutch. "gogo gogo" would like to translate to Russian (?) * 2024-01-10 * Nico: (https://review.coreboot.org/q/topic:enforce_region_api) * [Open] Daniel: Look at how we want to localize (non-console) strings for coreboot. Long term project. ## Minutes ### [Werner] Update on Intel’s plans around signing their FSP binaries * Currently not POR for API-mode binary, only for dispatch mode * It should not impact the coreboot flow. However, NDA customers need to keep an eye on it since if it does impact coreboot then that will be a drastic change. * Doc #830299 and #827444 ### [David] Change in coreboot leadership * Martin Roth will take my spot ### [Martin] AMD releasing Phoenix and Turin OpenSIL * Hopefully in February or early March * Somewhat more detail: (https://github.com/openSIL/openSIL/issues/24) * It'll be a while before releasing another one as they switch from proof-of-concept (POC) to plan-of-record (POR), migrating from AGESA to OpenSIL on next-gen SOCs. * Limits of POC * No graphics init, but could use the GOP driver with some effort in creating a wrapper. * Graphics init will be done in GOP driver (UEFI-specific) moving forward * coreboot needs a way to deal with this * We have yabel, x86emu, etc. for legacy graphics init. * uGOP or previous efforts? * AMD doesn't do graphics init before memory is up. * uGOP replaced open-source graphics init, which is the cause of the earlier pushback. * [Alicja] u-boot might have a workable solution? * Need to see what the current status is and potentially borrow parts of it to deal with graphics init. * Linux might be able to init graphics, but AtomBIOS tables still need to be filled in for kernel drivers to read. * [Alicja] On Intel side, there are video BIOS tables as well that fills in things like ports present. Alicja has gotten this working with coreboot + EDK2 by using GOP driver. * [Martin] Another option is to run GOP driver once in the tianocore payload to generate AtomBIOS tables, store the info, and then skip GOP driver on subsequent boots. * It's just a 64KiB chunk of data. * People with AMD NDA support can get a customized AtomBIOS table for their platform. Workarounds to run the GOP driver are more for the community to use. # Next Leadership Meeting * March 5, 2025. * [coreboot Calendar](https://coreboot.org/calendar.html). # Notice Decisions shown here are not necessarily final, and are based on the current information available. If there are questions or comments about decisions made, or additional information to present, please put it on the leadership meeting agenda and show up if possible to discuss it. Of course, items may also be discussed on the mailing list, but as it's difficult to interpret tone over email, controversial topics frequently do not have good progress in those discussions. For particularly difficult issues, it may be best to try to schedule another meeting. # coreboot leadership meeting minutes https://docs.google.com/document/d/1NRXqXcLBp5pFkHiJbrLdv3Spqh1Hu086HYkKrgK…

1 0

coreboot on Intel Leafhill (APL)
by Corvin Köhne 17 Feb '25

17 Feb '25

Hi, I'd like to get used to coreboot. Therefore, I'd like to be able to boot Linux and Windows on any platform yet. I've checked the coreboot tree and an Intel Apollo Lake CRB, namely Leafhill, is currently the only platform I have access to and coreboot has a mainboard folder for. So far, I'm able to boot Linux. It has some issues, e.g. the external PCIe slot of the board is not working yet, but it boots. Windows 10 dies with a BSOD and complains about UNSUPPORTED_PROCESSOR. Has anyone seen this issue before or can help me debug this issue? I've attached a boot log when trying to boot a Windows 10 Installer. What I did so far: I'm using a BIOS published by Intel, LEAFHILD.X64.0071.R01.1809030849.bin [1], for IFWI stitching of coreboot. I've verified that the Intel BIOS itself is working on my board. I've extracted the VBT and flashdescriptor of the Intel BIOS and passed it to my coreboot config shown below [2]. I've also applied some patches [3][4] to the coreboot tree itself because the USB port was not working on Linux and the flash layout does not fit to the flashdescriptor extracted by the Intel BIOS. [1] https://www.intel.com/content/www/us/en/developer/articles/tool/uefi-firmwa… [2] CONFIG_CCACHE=y CONFIG_VENDOR_INTEL=y CONFIG_INTEL_GMA_VBT_FILE="i915_vbt" CONFIG_IFD_BIN_PATH="flashregion_0_flashdescriptor.bin" CONFIG_BOARD_INTEL_LEAFHILL=y CONFIG_NEED_IFWI=y CONFIG_IFWI_FILE_NAME="leafhill.rom" CONFIG_VALIDATE_INTEL_DESCRIPTOR=y CONFIG_RUN_FSP_GOP=y CONFIG_BOOTSPLASH=y CONFIG_PAYLOAD_EDK2=y CONFIG_EDK2_USE_EDK2_PLATFORMS=y CONFIG_EDK2_SERIAL_SUPPORT=y CONFIG_DISPLAY_FSP_CALLS_AND_STATUS=y [3] https://review.coreboot.org/c/coreboot/+/28547/1/src/mainboard/intel/leafhi… [4] diff --git a/src/mainboard/intel/leafhill/brd_gpio.h b/src/mainboard/intel/leafhill/brd_gpio.h index 7c6298f266a..df85752c056 100644 --- a/src/mainboard/intel/leafhill/brd_gpio.h +++ b/src/mainboard/intel/leafhill/brd_gpio.h @@ -33,4 +33,9 @@ static const struct pad_config gpio_table[] = { PAD_CFG_NF(SMB_CLK, NATIVE, DEEP, NF1), PAD_CFG_NF(SMB_DATA, NATIVE, DEEP, NF1), + + /// Added feature to enable USB power for USB devices, specifically keyboard + /// and mouse. + PAD_CFG_GPO_IOSSTATE_IOSTERM(GPIO_23, 1, DEEP, DN_20K, TxLASTRxE, + SAME), /// Feature: LB USB Power in LFH }; diff --git a/src/mainboard/intel/leafhill/leafhill.16384.fmd b/src/mainboard/intel/leafhill/leafhill.16384.fmd index a91ba9a6d85..7feddef49e0 100644 --- a/src/mainboard/intel/leafhill/leafhill.16384.fmd +++ b/src/mainboard/intel/leafhill/leafhill.16384.fmd @@ -1,14 +1,10 @@ -FLASH 16M { +FLASH@0xff000000 0x1000000 { SI_DESC@0x0 0x1000 - IFWI@0x1000 0x2ff000 - FMAP@0x300000 0x800 - COREBOOT(CBFS)@0x300800 0xc1d800 - UNIFIED_MRC_CACHE@0xf1e000 0x21000 { - RECOVERY_MRC_CACHE@0x0 0x10000 - RW_MRC_CACHE@0x10000 0x10000 - RW_VAR_MRC_CACHE@0x20000 0x1000 + SI_BIOS@0x1000 0x6fe000 { + IFWI@0x0 0x2ff000 + RW_MRC_CACHE@0x2ff000 0x10000 + SMMSTORE@0x30f000 0x40000 + FMAP@0x34f000 0x800 + COREBOOT(CBFS)@0x34f800 0x36b800 } - BIOS_UNUSABLE@0xf3f000 0x40000 - DEVICE_EXTENSION@0xf7f000 0x7f000 - UNUSED_HOLE@0xfff000 0x1000 } -- Kind regards, Corvin

1 0

coreboot Meetings Announcement And Agenda Call
by mina＠coreboot.org 14 Feb '25

14 Feb '25

Dear coreboot Community, We are pleased to announce that our next leadership meeting is scheduled for February 19, 2025. [1] Please update the agenda with matters you wish to see addressed during the meeting. [2] Thank you. Best regards, Mina Asante. [1](https://coreboot.org/calendar.html) [2](https://docs.google.com/document/d/1NRXqXcLBp5pFkHiJbrLdv3Spqh1Hu086HYkK….

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

coreboot