Hi 799,
On 29.09.2017 13:34, One7two99 wrote:
Hello Nico,
I suspect some misconfiguration or that something confuses the libpay- load VGA driver (which these two secondary payload rely on).
This might be true, but I don't understand why I can see the SeaBios Menu (Press ESC) and can also use graphical boot (Windows and Qubes OS) but the secondary payloads don't work. Can you check my .config especially the setting for the VGA device?
you might have to accept that adding VGA compatibility for Windows may break compatibility with the secondary payloads. That's not generally the case but about the last thing that gets tested.
If you don't get this setup with SeaBIOS running, there are alterna- tives. One that comes to mind: Do native GFX init in coreboot, add the VGA blob (so far your config below) but use GRUB as primary payload and run SeaBIOS as secondary. You'd have to hand-craft your grub.cfg, some- thing like four choices: 1. Run your favorite open source OS 2. SeaBIOS for legacy compatibility 3. coreinfo 4. nvramcui
If you thing I"ve missed out important steps, I am happy to hear your comments.
Don"t think you missed anything [...] But you might do too much already. Especially flashing anything but the BIOS region when you want to track down coreboot issues makes things harder to reason about.
I had the seconday payloads booting when lynxis did the coreboot flashing. But we flashed without adding a vga-rom so that I couldn't boot into windows. I've extracted the vga rom and then tried to rebuild coreboot, but I seem to miss some configuration to get graphical boot (vga rom) and secondary payload boot running.
I've seen the following option in make nconfig for coreboot under "General Setup": │ [*] Include the coreboot .config file into the ROM image │
QUESTION: How can I extract this .config file? I could then extract this from my first flashing together with lynxis to see which settings have been applied there.
You can do that with cbfstool, e.g.
$ build/cbfstool build/coreboot.rom extract -n config -f config.txt
where your replace `build/coreboot.rom` with the path of your image and `config.txt` with the path to the output file.
Another question about your setup, do you configure anything in SeaBIOS that is not visible from your coreboot .config? Anything GFX related? splashscreen? VESA mode?
Nico
(Some comments on your config below.)
Please attach your .config file. Nobody can say anything for sure with-out knowing what you chose.
I've attached the config file and will also list the activated options here: (only enabled options are shown):
[General Setup] │ [*] Use CMOS for configuration values │ [*] Compress ramstage with LZMA │ [*] Include the coreboot .config file into the ROM image │ [*] Create a table of timestamps collected during boot │ -*- Build the ramstage to be relocatable in 32-bit address space
[Mainboard] │ Mainboard vendor (Lenovo) │ Mainboard model (ThinkPad X230) │ ROM chip size (12288 KB (12 MB)) │ (0x400000) Size of CBFS filesystem in ROM
[Chipset] │ *** CPU *** │ [*] Enable VMX for virtualization │ [*] Set lock bit after configuring VMX │ Include CPU microcode in CBFS (Generate from tree) │ *** Northbridge *** │ -*- Use native raminit │ *** Southbridge *** │ Flash locking during chipset lockdown (Don't lock flash sections) │ [*] Lock down chipset in coreboot │ *** Embedded Controllers *** │ [*] Beep on fatal error │ [*] Flash LEDs on fatal error │ *** Intel Firmware *** │ [*] Add Intel descriptor.bin file │ (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin) │ [*] Add Intel ME/TXE firmware │ (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin) │ [*] Verify the integrity of the supplied ME/TXE firmware │ [*] Add gigabit ethernet firmware │ (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin) │ [*] Lock ME/TXE section │ Verified Boot (vboot) │ Bootblock behaviour (Always load fallback)
[Devices] │ Graphics initialization (Use native graphics init)
With this option you let coreboot initialize GFX. But you also let Sea- BIOS run the VGA BIOS. The former will be completely overrun. I doubt that it causes your secondary payload trouble, though.
| --> Framebuffer mode (Legacy VGA text mode) │ Display │ -*- Enable PCIe Common Clock │ │ -*- Enable PCIe ASPM [*] Add a VGA BIOS image │ (./3rdparty/blobs/mainboard/lenovo/x230/pci8086,0166.rom) VGA BIOS │ (8086,0166) VGA device PCI IDs
[Generic Drivers] │ [*] Serial port on SuperIO
WTF?
│ [*] Support Intel PCI-e WiFi adapters │ [*] PS/2 keyboard init
Is this required? It's odd to set it when using SeaBIOS.
│ [*] Enable TPM support
[Console] │ [*] Squelch AP CPUs from early console. │ [*] Send console output to a CBMEM buffer │ (0x20000) Room allocated for console output in CBMEM │ [*] Send POST codes to an external device │ Device to send POST codes to (None) │ [*] Send POST codes to an IO port │ (0x80) IO port for POST codes
[System tables] │ [*] Generate SMBIOS tables
[Payload] │ Add a payload (SeaBIOS) ---> │ │ SeaBIOS version (1.10.2) ---> │ │ (0) PS/2 keyboard controller initialization timeout (milliseconds) │
Why override the default? If it works that's just fine. I'm just wondering if we should have different defaults then.
│ [*] Hardware init during option ROM execution │ │ () SeaBIOS config file │ │ () SeaBIOS bootorder file │ │ (-1) SeaBIOS debug level (verbosity) │ │ *** Using default SeaBIOS log level *** │ │ [*] Use LZMA compression for payloads │ │ Secondary Payloads ---> │ [*] Load coreinfo as a secondary payload │ [*] Load nvramcui as a secondary payload
[Debugging] all deactivated
kind regards
[788]
huh?
Hello Nico,
you might have to accept that adding VGA compatibility for Windows may break compatibility with the secondary payloads. That"s not generally the case but about the last thing that gets tested.
From what I have learned so far it seems that the usecase Coreboot + Windows is that common which I can understand as it may sound strange to reduce the possible attacks via BIOS/AMT but then use an OS like Windows.
If you don"t get this setup with SeaBIOS running, there are alterna- tives. One that comes to mind: Do native GFX init in coreboot, add the VGA blob (so far your config below) but use GRUB as primary payload and run SeaBIOS as secondary. You"d have to hand-craft your grub.cfg, some- thing like four choices: 1. Run your favorite open source OS 2. SeaBIOS for legacy compatibility 3. coreinfo 4. nvramcui
using grub as primary payload (instead of SeaBIOS) means that I have small linux running from my BIOS? honestly this sounds like this is something that can be done by Coreboot Pro's to which I wouldn't count myself yet. As my current Coreboot installation (SeaBIOS + VGA.rom) has not only break secondary payloads but also standby/resume, I want to rebuild my BIOS from scratch - unfortunately I need to wait until I have a new Clip for flashing as my old broke.
I"ve seen the following option in make nconfig for coreboot under "General Setup": │ [*] Include the coreboot .config file into the ROM image │ QUESTION: How can I extract this .config file?
You can do that with cbfstool, e.g. $ build/cbfstool build/coreboot.rom extract -n config -f config.txt where your replace `build/coreboot.rom` with the path of your image and `config.txt` with the path to the output file.
I've done this but the resulting config is very short and doesn't include all settings which have been made in the first place. A good approach might be: 1) Use a recommended config for X230 which will run Linux as OS and 2ndary payloads and Standby/Resume running 2) Change the config slightly to get windows boot running (adding a vga.rom) Then do troubleshooting in case that the boot of secondary payloads and/or Standby/Resume is broken (with an included VGA.rom). This is the config for Coreboot on a X230 which is in the coreboot wiki. Is this the "best practise" configuration or just "a" configuration which has been stored there? https://review.coreboot.org/cgit/board-status.git/tree/lenovo/x230/4.6-938-g... I tried to build a rom with this config but run into errors when building the ROM.
Another question about your setup, do you configure anything in SeaBIOS that is not visible from your coreboot .config? Anything GFX related? splashscreen? VESA mode?
I haven't configured SeaBIOS I've just git'ed coreboot, run make nconfig and added SeaBIOS as Payload there. Haven't tweaked any SeaBIOS configs. I have seen that I can also get Seabios via GIT and then use nconfig to adapt that configuration, but this wasn't covered in the wiki for the x230 and as such I have only used the coreboot configuration screen. Any guidance how to build a specific SeaBIOS and how to include this in coreboot?
[Devices] │ Graphics initialization (Use native graphics init)
With this option you let coreboot initialize GFX. But you also let Sea- BIOS run the VGA BIOS. The former will be completely overrun. I doubt that it causes your secondary payload trouble, though.
Ok, as soon as I have a new flash clip, I will try to investigate this. Which settings to you suggest in "Devices > Graphics initialization"?
| --> Framebuffer mode (Legacy VGA text mode) │ Display │ -*- Enable PCIe Common Clock │ │ -*- Enable PCIe ASPM [*] Add a VGA BIOS image │ (./3rdparty/blobs/mainboard/lenovo/x230/pci8086,0166.rom) VGA BIOS │ (8086,0166) VGA device PCI IDs
[Generic Drivers] │ [*] Serial port on SuperIO
WTF?
What is the problem here? Is this a bad choice? I took this from existing documentation without knowing what the last option is. All other optiions
│ [*] Support Intel PCI-e WiFi adapters │ [*] PS/2 keyboard init
Is this required? It"s odd to set it when using SeaBIOS.
The PS/2 Keyboard init was suggested in one of the howtos. regarding Intel PCI-e Wifi, I am not sure - I can make a test without this option and look if this has impact to my wifi card.
│ [*] Enable TPM support
[Console] │ [*] Squelch AP CPUs from early console. │ [*] Send console output to a CBMEM buffer │ (0x20000) Room allocated for console output in CBMEM │ [*] Send POST codes to an external device │ Device to send POST codes to (None) │ [*] Send POST codes to an IO port │ (0x80) IO port for POST codes
[System tables] │ [*] Generate SMBIOS tables
[Payload] │ Add a payload (SeaBIOS) ---> │ │ SeaBIOS version (1.10.2) ---> │ │ (0) PS/2 keyboard controller initialization timeout (milliseconds) │
Why override the default? If it works that"s just fine. I"m just wondering if we should have different defaults then.
What do you mean with overriding? Which option is not correct or might be optimized? Will there coreboot configuration file be optimized for all settings when choosing the mainboard? If so this would mean that I start from scratch to look what is working with the default settings and then slowly modify the configuration to get windows running and see what breaks at which point (2ndary payloads / standby resume etc).
[799]
-
Nico Huber -
One7two99