[coreboot] BIOS/CoreBoot/UBOOT

Raymond Yeung rksyeung at hotmail.com
Thu Apr 12 03:54:34 CEST 2018 

Thanks David for the detailed response.


My main motivation to go down Coreboot/UBOOT route is to attempt to simplify the remaining boot-up to Linux.  Instead of using PXE-BOOT, we could use tftp only.  Am I correct to say that?


If we're to use whatever that is available today, instead of waiting for Philipp's work to complete, does coreboot/UBOOT provide secure boot support?  I'd tend to think so, but want to confirm.  UEFI seems to already have this aspect covered.


Raymond


________________________________
From: David Hendricks <david.hendricks at gmail.com>
Sent: Wednesday, April 11, 2018 6:03 PM
To: Raymond Yeung
Cc: coreboot at coreboot.org
Subject: Re: [coreboot] BIOS/CoreBoot/UBOOT



On Wed, Apr 11, 2018 at 3:39 PM, Raymond Yeung <rksyeung at hotmail.com<mailto:rksyeung at hotmail.com>> wrote:

I currently have a board that uses Intel Xeon D (previously codenamed Broadwell DE).  It boots up with BIOS/UEFI. I 'm exploring other oot-up options here.


I'm not familiar with this early stage of system initialization.  It seems BIOS/UEFI to Linux needs to use PXE, with the need to configure DHCP (and possibly Proxy DHCP), TFTP server PXELINUX, Linux initial RAM disk (initrd) configuration file, and then Linux.  Previously, I'd been using Coreboot/UBOOT environment (as a user, not developer).  Prerequisite seemed much simpler.


A few questions -


  1.  Is there even a coreboot support for this CPU already available and stable that I could download and reflash?  Or are we talking about some serious re-development?

Yes - See src/mainboard/intel/camelbackmountain_fsp/ for the reference platform.

You'll need the Intel FSP blob from https://github.com/IntelFsp/FSP/tree/Broadwell-DE. You'll also need microcode which you can download from developer.intel.com<http://developer.intel.com>.


  1.  Is it possible to go from BIOS/UEFI to UBOOT (on-board)?  How?

I haven't tried uboot as a payload, but yes, it is possible. There are other options available to consider depending on your use case.


  1.  Support for Secure Boot - would one approach be simpler than another?

It depends on what you want/need. Philipp Deppenwiese is working on "vboot" (Google's verified boot implementation) integration with upstream: https://review.coreboot.org/#/c/coreboot/+/24993/

More about that approach here: https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot


  1.  Am I even on the right track thinking this way?

You seem to be off to a good start :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180412/7dff74e6/attachment.html>

More information about the coreboot mailing list