2025-03-05 - coreboot Leadership Meeting Minutes - coreboot

6 Mar 2025


      # 2025-03-05 - coreboot Leadership Meeting
## Attendees
Mina Asante, Jon Murphy, Felix Singer, Benjamin Doron, Felix Held, Andre, Andy Ebrahiem, Jeremy
Compostella, Martin Roth, Matt DeVillier, David Hendricks, Jay Talbott, Julius Werner, Karthik R.
## Open Action Items
* 2024-11-27
    * [Open] Send out poll with regards to  LLM usage (requested by SFC)
  * 2024-10-30
    * [Open] Add clarification to docs, “do not use gerrit change-id or CB: format in reference to
already-merged patches”.
  * 2024-10-16
    * [Open] Matt: Set up a meeting to discuss board status alternatives and send out invites. 
      * Decouple data collection with uploading
      * Require gerrit credentials or other auth to push
      * Json format?
      * https://github.com/chrultrabook/linux-tools/blob/main/debugging.sh
  * 2024-09-18
    * [Open] Jon: Schedule a dedicated meeting to discuss the Coverity defects and action plan.
      * Werner: Send out an invite for the meeting. 
        Sent out a poll to find a time slot: https://rallly.co/invite/1c8J3azXAcje
  * 2024-05-01
    * [Open] Nick Van Der Harst volunteered for Dutch. "gogo gogo" would like to translate to Russian
(?)
  * 2024-01-10
    * Nico: (https://review.coreboot.org/q/topic:enforce_region_api)
          *  [Open] Daniel: Look at how we want to localize (non-console) strings for coreboot. Long term project.
## Minutes
### [Benjamin] Add support for sharing SMM with the payload
  * To support UEFI secure boot effectively, we need to perform the verify and write steps of its
variables together, in SMM. Consequently, we propose a solution where coreboot ‘owns’ SMM
(initialises and installs all its regular SMI handlers), and the payload is permitted to install
its own SMI handlers within a dedicated SMRAM region that coreboot will call into (and return from)
for payload-specific use-cases. While this was developed for EDK2, to support secure boot, note
that it’s not UEFI-specific, and contains nothing specific to secure boot. This is a superior
solution to one we proposed in 2023, called “[Add support for calling SMM payloads.](https://docs.google.com/document/d/1S1hLGc7nhBIaD3wN3eylyjhMMqEoI44TGy0zHj_h...
    * Earlier proposal handed SMM control to the payload, which caused issues since some things like
suspend/resume and EC functionality needed to be provided in SMM controlled by coreboot.
    * This new approach allows EDK2 to read, verify, and potentially write secure boot related
variables in an "atomic" manner (using coreboot's SPI driver on the backend?). This solves a
problem from the earlier solution where secure boot variables could be changed by an attacker in
between EDK2 and coreboot interactions.
    * [A.I] Benjamin to publish a[ blog post at the 9E blog](https://9elements.com/blog/) about this so that
we can review the design in more detail. (DFAD/ETA: unknown, probably after university exams)
### [Martin] Updating website
  * Privacy Policy
  * Leadership page
  * Trademark & logo
### [Martin] Email server
  * As we agreed previously, the email service remained on Stefan’s server. This includes the mailing
list
  * Stefan, Patrick and myself are admins there.
### [Jon] cbmem updates
  * Google is pursuing testing of coreboot with Android.  As such, we do need to make some changes to
coreboot mechanisms to facilitate a slightly different OS. Can we get review on some cbmem changes
to add support in sysfs:
(https://review.coreboot.org/q/topic:%22cb
em-in-sysfs%22)
### [Martin] We can post blogs on the coreboot blog if people are interested in writing things.
  * Don’t want to make it an advertising area, but we’d like news about devices using coreboot.
  * Martin can write something about opensil with coreboot after the Phoenix & Turin Proof-of-Concept (Non-production) openSIL releases.
# Next Leadership Meeting
  * March 19, 2025.
  * [coreboot Calendar](https://coreboot.org/calendar.html).
# Notice
Decisions shown here are not necessarily final, and are based on the current information available.
If there are questions or comments about decisions made, or additional information to present, 
please put it on the leadership meeting agenda and show up if possible to discuss it. 
Of course, items may also be discussed on the mailing list, but as it's difficult to interpret 
tone over email, controversial topics frequently do not have good progress in those discussions. 
For particularly difficult issues, it may be best to try to schedule another meeting.
# coreboot leadership meeting minutes
https://docs.google.com/document/d/1NRXqXcLBp5pFkHiJbrLdv3Spqh1Hu086HYkKrgKj...