Hi
I have been working on building a Petitboot, a kexec bootloader, [0] based Linux payload using the Buildroot build system to produce a nice bzImage that contains both linux and the initrd. It is inspired by the Raptor Enginering HOWTO [0] and is based on op-build [1], the tool for building OpenPOWER firmware, which also uses Buildroot and Petitboot.
One of the advantages of Petitboot is that it is fairly simple and intuitive to use and does not require complex configuration like grub does, while still providing a large range of hardware support since it uses linux at its core.
A disadvantage is that a Linux + initrd payload takes up quite a bit of space. A fairly stripped down kernel + initrd takes up ~6.9M in the current Buildroot + Linux configuration I have. So a large flash chip or replacing the flash with a larger one is recommended.
Coreboot can directly use this Linux payload or first load SeaBIOS which can then chainload the Linux payload.
It is still very much a WIP and is currently aimed at Intel hardware, but with a kernel configuration tuned to your target it should work fine.
The repo + initial documentation: https://github.com/ArthurHeymans/petitboot_for_coreboot
[0] Petitboot: A kexec based bootloader, https://www.kernel.org/pub/linux/kernel/people/geoff/petitboot/petitboot.htm...
[1] Creating firmware images with petitboot and coreboot https://secure.raptorengineering.com/content/kb/1.html
[2] OpenPower Firmware Build Environment https://github.com/open-power/op-build
Kind Regards -- Arthur Heymans
A disadvantage is that a Linux + initrd payload takes up quite a bit of space. A fairly stripped down kernel + initrd takes up ~6.9M in the current Buildroot + Linux configuration I have. So a large flash chip or replacing the flash with a larger one is recommended.
I see here PROs and CONTRAs.
One huge PRO is that petit/smallboot is excellent for consumer electronics. For the ones which will NEVER change SW as current release of the device. With the new device release (new version), the new enhanced SW will be put into device. Excellent for ASICs.
One CONTRA is that it is impossible to upgrade SW in the current ASIC context. If there will be another SW (kind of EC) with HW extension which can control flash upgrade, which will make this device substantially more expensive.
In other words, petitboot mainly targets consumer electronics. :-)
Best Regards, Zoran
On Wed, Oct 26, 2016 at 3:18 AM, Arthur Heymans arthur@aheymans.xyz wrote:
Hi
I have been working on building a Petitboot, a kexec bootloader, [0] based Linux payload using the Buildroot build system to produce a nice bzImage that contains both linux and the initrd. It is inspired by the Raptor Enginering HOWTO [0] and is based on op-build [1], the tool for building OpenPOWER firmware, which also uses Buildroot and Petitboot.
One of the advantages of Petitboot is that it is fairly simple and intuitive to use and does not require complex configuration like grub does, while still providing a large range of hardware support since it uses linux at its core.
A disadvantage is that a Linux + initrd payload takes up quite a bit of space. A fairly stripped down kernel + initrd takes up ~6.9M in the current Buildroot + Linux configuration I have. So a large flash chip or replacing the flash with a larger one is recommended.
Coreboot can directly use this Linux payload or first load SeaBIOS which can then chainload the Linux payload.
It is still very much a WIP and is currently aimed at Intel hardware, but with a kernel configuration tuned to your target it should work fine.
The repo + initial documentation: https://github.com/ArthurHeymans/petitboot_for_coreboot
[0] Petitboot: A kexec based bootloader, https://www.kernel.org/pub/linux/kernel/people/geoff/ petitboot/petitboot.html
[1] Creating firmware images with petitboot and coreboot https://secure.raptorengineering.com/content/kb/1.html
[2] OpenPower Firmware Build Environment https://github.com/open-power/op-build
Kind Regards
Arthur Heymans
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
On Wed, Oct 26, 2016 at 03:18:44AM +0200, Arthur Heymans wrote:
I have been working on building a Petitboot, a kexec bootloader, [0] based Linux payload using the Buildroot build system to produce a nice bzImage that contains both linux and the initrd. It is inspired by the Raptor Enginering HOWTO [0] and is based on op-build [1], the tool for building OpenPOWER firmware, which also uses Buildroot and Petitboot.
Very interesting -- it is similar to my Heads bootloader / configuration project, which is focused on how to use all of the security features of commodity x86 systems (fully encrypted disks, TPM sealing and attestation, SPI BP bits, tamper switches, etc), to make a slightly more secure laptop:
[...] A disadvantage is that a Linux + initrd payload takes up quite a bit of space. A fairly stripped down kernel + initrd takes up ~6.9M in the current Buildroot + Linux configuration I have. So a large flash chip or replacing the flash with a larger one is recommended.
My current coreboot + Linux + initrd is about 3.8 MB, which will fit into the top 4 MB SPI flash on the x230 and can kexec into Qubes. It has no legacy BIOS, which required a few hacks to the Xen kernel to work.
It is still very much a WIP and quite rough around the edges; there is no menuing system right now, nor any sort of GUI. The installation guide is definitely a draft.
Neat! This was the original linuxbios model from 1999: kernel + minimal initramfs in flash, so it's nice to see it coming back.
I've got something similar too, save the userland is not petitboot (I no longer want to use C for user mode code) but Go. It's also bigger than I'd like (about the size of the petitboot) but the security folks I talk to like the fact that I use Go, not C. It's at github.com/u-root/u-root. In one mode u-root is a combined binary, using a tool that rewrites all the individual Go tools into one tool; in another mode, the only user mode binary in flash is the go toolchain, and programs are compiled on demand into a tmpfs. Go is fast enough to make that first compile painless. In this second mode, the scripting language is also Go.
It's really nice to see projects using coreboot going back to putting a real kernel in the flash. Back at Los Alamos we put linux, Plan 9, and even some hypervisors in flash and enjoyed the flexibility it got us. We had many thousand HPC nodes running with this model. It's not just consumer, although there are linuxbios-based consumer systems too.
With a big enough flash the recovery and reflash is easy; you have a fallback kernel/initramfs just as you have a fallback coreboot. I learned the value of this the day I flash 1023 nodes with a bad image.
Thanks Arthur, that's neat stuff!
ron
-
Arthur Heymans -
ron minnich -
Trammell Hudson -
Zoran Stojsavljevic