It's just software, so it could certainly be done. How much work would be involved is the right question. Alas, I have no idea. One needs to study the AGESA sources to tell, I guess.
This question has come up time and time again: What would actually be involved in {"cleaning up","doing a 'real' port","whatever else makes sense'} to make these platforms based on AGESA as maintainable as corresponding intel platforms?
I'll happily buy a round of beer (or equivalent) for anyone who can provide a clear picture of what the road forward looks like. Then we can at least talk in grounded terms.
-Matt
On Wed, Dec 1, 2021 at 12:51 PM ron minnich rminnich@gmail.com wrote:
We've always deprecated platforms. And they're still in tree -- you can build for DEC Alpha if you want. There's no shame in not being in the latest release.
Given unlimited time and money and people, we could fix all the problems. We live in a world of limits, and must do what we can with the resources we have.
Nobody is stopping anyone from cleaning up the AGESA code. But it's been about 10 years since it came in, and such cleanup has yet to happen.
We should move forward with the resource allocator, and if a board can't work with v4, and nobody is willing to do the work, that board should be left out of new releases. Having v3 and v4 both in-tree is not a viable long term strategy.
On Wed, Dec 1, 2021 at 8:43 AM Nico Huber nico.h@gmx.de wrote:
On 01.12.21 15:57, Ivan Ivanov wrote:
Thank you, these seem to be good points. However, in regards to:
If you have any hope of open-source coreboot for newer platforms, you
shouldn't make it harder for coreboot to advance.
Where to advance? Are there any "newer platforms" that are as worthy as the "older platforms":
Not sure how to compare that, nobody has written native coreboot code for the platforms that you deem worthy either. Also, ...
- as secure: no Intel ME / AMD PSP "security" co-processors, which
are seen as harmful to real security by many ;
...open-source AGESA seems worse to me. In theory one could review it, but did anyone? AIUI, it even provides runtime code for the OS (ACPI DSDT), i.e. tells the OS what to do.
So what you call "real security" seems more like wishful security to me. Presence of ME or PSP does not provide a security issue per se. It depends on your threat model and if they are your weakest spot. There are plenty of controllers even in older machines that run code from ROM masks. What's the difference? Can we trust vendors with code in ROM masks but not with code in flash? These are subtle considerations. So far, it doesn't make older hardware more attractive to me.
Did I mention that at least one of the pre-PSP platforms already has a PSP, just hidden? Ok, I admit I didn't look at the silicon to check, but it's common that a silicon vendor puts new stuff early into chips to test it. So it seems very likely to be true. We generally don't know what exactly lives in these chips. I rather trust what I can see.
- as affordable: the older devices are possible to get used for like
$100-$200. Meanwhile - because of Boot Guard etc. - the "newer platforms" are unlikely to have coreboot without vendor's involvement, who will gladly charge a big extra for "coreboot support".
Last time I checked BootGuard wasn't a big issue, i.e. not so many devices ship with it. Did that change?
Devices sold today will be as affordable tomorrow (well, on a slightly larger timescale). What's your point?
- as available: these generic consumer electronics, which have been
shipped with a proprietary UEFI but got coreboot support later, have a huge numbers all over the world - compared to the quite limited availability of newer coreboot platforms.
I don't understand this point either. This will change, earth keeps turning, right? Also, I'm quite sure that your numbers are wrong anyway. Please check how many Chromebooks are sold, for instance. These, are sold by people who actually support the project btw.
Sorry, I don't see any "newer platforms" which would match the "older platforms" on these critically-important points.
You seem to be too much used to look behind. Please look ahead from time to time. And regarding security, don't trust what you read on the internet. It's far more subtle than non-PSP is secure, PSP is insecure.
Also, it's not about old vs. new hardware anyway. There's much older hardware than the AGESA ports that will stay maintained. It's about hardware that nobody took the time to write a proper, long-term main- tainable coreboot for. And I can't blame anyone for it. Everything AMD Bulldozer based always seemed like the most unattractive hard- ware to me.
So it doesn't seem reasonable to drop the "crappy code" of "older platforms" in favor of the "beautiful code" of "newer platforms", if they could never become as worthy.
You made it clear that they are worthy to *you* (even your arguments seem extremely fragile, so maybe that changed), so you are free to look after their code. Why not start with that instead of complaining that nobody else does it for you?
Well, maybe some corporation sees their newer platform as "more worthy" - despite it's losing on all 3 points above and there are blobs-over-blobs. But they can't speak for the community of opensource hobbyists all over the world, people like you and me. And pleasing the corporations by easing their "burden" - while dropping the "older platforms" which are more worthy - doesn't seem wise, at least to me...
You are blaming and talking to the wrong people. Deprecating old code was always driven by the most libre developers in this community, FWIW. They shoulder the hard work to keep the code base maintainable, so I think they should decide what is worthy and what isn't (hopefully not based on some weak, wishful arguments).
Keeping the code clean makes life easier for other people too, sure, but that's what happens when people work together on a project.
Nico _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org