[coreboot] BIOS/CoreBoot/UBOOT

Taiidan at gmx.com Taiidan at gmx.com
Thu Apr 12 03:03:54 CEST 2018

On 04/11/2018 06:39 PM, Raymond Yeung wrote:

> I currently have a board that uses Intel Xeon D (previously codenamed Broadwell DE).  It boots up with BIOS/UEFI. I 'm exploring other oot-up options here.
Let us know what you are attempting to accomplish.
> I'm not familiar with this early stage of system initialization.  It seems BIOS/UEFI to Linux needs to use PXE
Hm? do you want to boot over the network? why would you need PXE just to
boot linux on your local machine?
I believe there is a neat petietboot coreboot payload with some network
booting features that is better than PXE....there is also iSCSI as an
option of course either a coreboot payload or part of a networking card.
>  with the need to configure DHCP (and possibly Proxy DHCP), TFTP server PXELINUX, Linux initial RAM disk (initrd) configuration file, and then Linux.  Previously, I'd been using Coreboot/UBOOT environment (as a user, not developer).  Prerequisite seemed much simpler.
I am sorry I do not understand what you wish to do?
> A few questions -
>   1.  Is there even a coreboot support for this CPU already available and stable that I could download and reflash?  Or are we talking about some serious re-development?
The issue isn't support for the CPU it is support for your board, there
are a few broadwell boards in coreboot but they are only development
boards with no board status so I have no idea if the platform port even

FYI the hardware initiation for the newer intel stuff is done entirely
by intels FSP binary blob in case you are wondering so there isn't
really much to change or poke around with.
>   2.  Is it possible to go from BIOS/UEFI to UBOOT (on-board)?  How?
Without coreboot no it isn't.
>   3.  Support for Secure Boot - would one approach be simpler than another?
SB was invented by MS for DRM, it serves no real security purpose IMO
and such a thing is better served by for example a grub payload with
kernel code signing enabled where you sign your own kernels.
"pointless? why?" Any hypothetical rootkit could simply infect some
other key system component that is always loaded and used every time the
computer is running.
"DRM?" SB 2.0 has removed the owner control mandate from MS leaving
OEM's free to not offer it, eventually only "developer" computers that
cost much more will let you install linux leaving the next generation of
computer programmer kids out in the cold and only able to create
programs for windows in a walled garden....even wealthy families
probably wouldn't know to get their kid a special computer and most
would just give up when faced with a "you cant do that" error.
>   4.  Am I even on the right track thinking this way?
Ports for coreboot cost a lot of money (think 50K+) or if you have the
necessary firmware development skills 6months+ of time and effort
honestly I would just buy a board that already has what you want if you
want to play around with firmware programming - the entirely open source
being the very fast TALOS 2 (factory libre firmware but not coreboot)
and the not as fast KGPE-D16 (libre coreboot and OpenBMC ports are
available) unfortunately "coreboot" in general no longer means open
source firmware for most boards so be aware if you want to buy something

Anyways welcome to the community :]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDF372A17.asc
Type: application/pgp-keys
Size: 5247 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180411/4019bc8d/attachment.skr>

More information about the coreboot mailing list