Why does it have to be done by Seabios as opposed to Linux? It is easy to create a USB stick which would boot Linux compiled with permissions needed and with startup files which will program the new firmware image. This would be much easier to debug and modify when needed, right?
-vb
On Thu, Feb 14, 2019 at 9:30 AM Matt B matthewwbradley6@gmail.com wrote:
Hi,
I was helping a friend with a bios issue (we may have an involuntary coreboot convert on our hands ;) ) and realized that a lot of BIOSs provide a way for the BIOS to flash itself but Coreboot doesn't.
For Coreboot afaik the only two methods available are to flash with a programmer or to flash internally from linux with iomem=relaxed. For most proprietary BIOSs, you can boot a utility that knows what USB drives are and flash from there.
What I'm thinking of trying, and would appreciate feedback on, is the idea of making a Seabios floppy image specifically intended for flashing Coreboot.
I figure this has a few advantages: -It's OS-agnostic, meaning you can reflash the BIOS regardless of what you boot into, or even if there's nothing to boot at all (without running to grab some jumper cables) -It means you don't have to fiddle with setting iomem=relaxed on your main install and un-setting it when you're done (I don't fancy leaving it on all the time) -Some level of confidence that you can trust the flashing environment, being as it's stripped down and purpose built, while also residing on the flash itself
Might be a security advantage if flashing could be restricted to only this pathway (and not say, through the main OS), but let's not get ahead of ourselves.
I figure the easiest way would be to build a floppy image for seabios with a kernel and a copy of busybox, with the bare essentials to find an image on a usb drive and run flashrom. (maybe even a convenient shell script :P) What I'm not sure on (not having built an install completely from scratch) is what else those bare essentials might include.
Eventually something akin to (or included in?) LinuxBoot might be better, integrating everything into a single payload and cutting out the dependency on seabios.
-Matt _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org