Hey Raymond,

you can now start to ship coreboot with LinuxBoot easily https://review.coreboot.org/#/c/coreboot/+/23071/.

Which gives you a whole Linux environment instead of TFTP. See www.linuxboot.org for more details.

Regarding my work, I have implemented measured boot support into coreboot. You can already use Google's verified boot without

pulling changes from coreboot gerrit review. If you want to have a deeper look into VBoot2, checkout:

https://www.youtube.com/watch?v=4EvTcfcYfMY

We covered this aspect since 2010 ;)

Also if you have questions or problems you can talk to us via IRC, my IRC handle is zaolin.

Happy Hacking, Philipp

Thanks David for the detailed response.

My main motivation to go down Coreboot/UBOOT route is to attempt to simplify the remaining boot-up to Linux.  Instead of using PXE-BOOT, we could use tftp only.  Am I correct to say that?

If we're to use whatever that is available today, instead of waiting for Philipp's work to complete, does coreboot/UBOOT provide secure boot support?  I'd tend to think so, but want to confirm.  UEFI seems to already have this aspect covered.

Raymond

---

From: David Hendricks <david.hendricks@gmail.com>
Sent: Wednesday, April 11, 2018 6:03 PM
To: Raymond Yeung
Cc: coreboot@coreboot.org
Subject: Re: [coreboot] BIOS/CoreBoot/UBOOT

 

On Wed, Apr 11, 2018 at 3:39 PM, Raymond Yeung <rksyeung@hotmail.com> wrote:

I currently have a board that uses Intel Xeon D (previously codenamed Broadwell DE).  It boots up with BIOS/UEFI. I 'm exploring other oot-up options here.

I'm not familiar with this early stage of system initialization.  It seems BIOS/UEFI to Linux needs to use PXE, with the need to configure DHCP (and possibly Proxy DHCP), TFTP server PXELINUX, Linux initial RAM disk (initrd) configuration file, and then Linux.  Previously, I'd been using Coreboot/UBOOT environment (as a user, not developer).  Prerequisite seemed much simpler.

A few questions -

1. Is there even a coreboot support for this CPU already available and stable that I could download and reflash?  Or are we talking about some serious re-development?

Yes - See src/mainboard/intel/camelbackmountain_fsp/ for the reference platform.

You'll need the Intel FSP blob from https://github.com/IntelFsp/FSP/tree/Broadwell-DE. You'll also need microcode which you can download from developer.intel.com.

 

1. Is it possible to go from BIOS/UEFI to UBOOT (on-board)?  How?

I haven't tried uboot as a payload, but yes, it is possible. There are other options available to consider depending on your use case.

 

1. Support for Secure Boot - would one approach be simpler than another?

It depends on what you want/need. Philipp Deppenwiese is working on "vboot" (Google's verified boot implementation) integration with upstream: https://review.coreboot.org/#/c/coreboot/+/24993/

More about that approach here: https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot

 

1. Am I even on the right track thinking this way?

You seem to be off to a good start :-)