there is no way for me to compare AMD patches directly since it appears AMD doesn't publish them
There is a way: a bit later I will privately share a small list of AMD boards that are still getting the UEFI updates (to help you to obtain these microcodes by yourself), and will also share a small C program that converts a hexadecimal arrays provided by my patches (could be copy-pasted) back to a binary. After you'll successfully get both of these, you could SHA256 compare them between each other by yourself - to see that they are indeed 1:1 matching.
I'm willing to accept the patches if they are harvested, reviewed and then signed by the coreboot project
Both the new AMD microcodes and AtomBIOS binaries haven't been released officially yet and waiting for the official release by AMD to get them merged to coreboot master. They can't be merged until the official release. Currently we are in the talks with AMD, but these matters are advancing slowly - so the people who don't want to wait and need them now, could be using them locally and unofficially. Some of these patches are almost 1 year old already, I guess this is enough time for the concerned people from a coreboot community to quickly look through theses patches to at least see that there is nothing harmful. Also you could see that I'm a coreboot community member for > 3 years and of course not going to ruin my hard earned reputation by intentionally submitting something harmful :P So, if you trust - you can use these patches, but if don't trust - can wait, perhaps a lot... And I don't think any extra signature is necessary, also because these tiny scripts which are downloading/extracting the patches - also check their SHA256.
I don't know when or if they will be merged
We don't know too, Chris, it all depends on AMD...
I don't know which patches are considered necessary and which are listed because they are nice to have.
Perhaps all of these patches could be considered as optional, since the people somehow built and used coreboot on their G505S before these patches even existed. However, you told that you are going to use a QubesOS which relies on good function of low level virtualization, that means a new AMD microcode is required for you - otherwise you'll run into the freezing problems.
Looking through a list of patches at our DangerousPrototypes "Lenovo G505S hacking" page:
1) AMD microcode updates - required for you, could get by yourself to check
2) Discrete GPU support - optional, and you can verify these 10+67+20 = 97 lines of source code by yourself
3) AMD GPU AtomBIOS blobs - perhaps the AtomBIOS blob for integrated GPU is required for you - because it seems you don't want to run G505S in a headless mode - but you could easily get it by yourself ; also could for a discrete GPU, however it is significantly more difficult and time consuming
4) tint build system - optional, however it adds the important checksum verification for a tint archive that is downloaded from FSF server. Sorry that I forgot to write a readme at DP wiki for this one, still it is available at my tint patch commit message. And "tint" is a small opensource tetris game that will be available at your SeaBIOS boot menu, to have a lot of fun and maybe to show off to your friends what your new awesome BIOS can do ;-)
5) Unofficial SeaBIOS patches - optional because it seems you are not going to have more than 10 menu entries, however your mind could change if you'd also become interested at these floppy-based operating systems. Mostly for fun (e.g. MichalOS has a cool built-in piano), but some of their features could be useful to your for the real purposes: e.g. as soon as the KolibriOS networking driver will be completed for the network controller of our G505S, it will be possible to access the Internet and chat with your friends using IRCC. And it seems that all these listed floppy-based OS, with the exception of a plop bootloader floppy, are 100% open source which already gives some trust to them
6) Sample G505S .config - optional, since you could configure by yourself, but of course this config is 100% open source and you could look through it to verify that there are no harmful options enabled, and I'm using such a config by myself without any problems.
Best regards, Mike Banon
On Mon, May 20, 2019 at 4:32 AM Chris Laprise tasket@posteo.net wrote:
On 5/16/19 2:35 PM, Mike Banon wrote:
Hi Chris, if you'd like to verify the microcodes inside my AMD ucode patch: convert the hexadecimal arrays at their .c files back to binary, extract the microcodes from proprietary UEFI updates for those few AMD boards that are still getting them ( or get them already extracted by platomav from platomav's CPUMicrocodes repository - https://github.com/platomav/CPUMicrocodes ), and compare. They will match 1:1. And if you have any questions about any other parts of my patches, I'll try my best to address them.
Thanks. I'm a neophyte when it comes to firmware, and I'm just now inferring that there is no way for me to compare AMD patches directly since it appears AMD doesn't publish them.
I'm willing to accept the patches if they are harvested, reviewed and then signed by the coreboot project. But I don't know when or if they will be merged and available this way in the upcoming 4.10 release.
I also don't know which patches are considered necessary and which are listed because they are nice to have.
For reference, I intend to run Qubes OS, so I don't need discrete graphics, but it appears I'll need AtomBIOS. Will AtomBIOS be merged with the upcoming 4.10 release? I can't tell. Going down the list, "tint" is indicated but there is no What or Why or a link, and I can't turn up any background info by searching. OTOH, it looks like I can skip the SeaBIOS patch.
--
Chris Laprise, tasket@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886