[SeaBIOS] [PATCH 2/2] Add PCI option ROM blacklist in CBFS

Timothy Pearson tpearson at raptorengineeringinc.com
Fri Feb 13 23:42:44 CET 2015


On 02/13/2015 03:40 PM, Kevin O'Connor wrote:
> On Fri, Feb 13, 2015 at 02:16:13PM -0600, Timothy Pearson wrote:
>> On 02/13/2015 02:10 PM, Kevin O'Connor wrote:
>>> On Wed, Feb 11, 2015 at 05:32:36PM -0600, Timothy Pearson wrote:
>>>> File:
>>>> pci_optrom_blacklist.txt
>>>>
>>>> Syntax:
>>>> <bus>,<device>,<function>
>>>> Numbers or a single wildcard ('*') are allowed
>>>> Each blacklisted device is placed on separate line
>>>>
>>>> Examples:
>>>> Blacklist device 01:04.0:
>>>> 1,4,0
>>>> Blacklist all devices on bus 5:
>>>> 5,*,*
>>>>
>>>> TEST: Booted ASUS KFSN4-DRE with iPXE ROMs built in to CBFS;
>>>> with the two add-on network devices blacklisted the add-on
>>>> network ROMs were ignored while the on-board iPXE ROMs executed
>>>> normally.
>>>
>>> Thanks for submitting.
>>>
>>> It's possible to blacklist the execution of an option rom on a
>>> particular device today by creating a dummy option rom for that device
>>> in CBFS.  Given this, is this patch still needed?
>>
>> As mentioned in my previous message yes, I believe the additional
>> functionality offered by this patch is needed.  At least on my
>> coreboot-based board here the BDFs are stable and it is useful to, for
>> example, blacklist the option ROMs on the add-on slots to avoid a potential
>> failure to boot when the hardware is inevitably reconfigured in the future.
>
> I think I need to better understand your use-case.  Can you further
> describe the problem you are seeing.  Is there some option rom that
> works on a proprietary BIOS, but fails to work on SeaBIOS?  I'm
> particularly interested in the situation you face as opposed to
> features a possible future user may desire.
>
> Thanks,
> -Kevin

This particular patch was a favor to Peter Stuge; as such I don't have a 
use case myself for it.  However the initial patch to disable all option 
ROMs was for a system on which I did not want any unknown binary code to 
ever execute. This has multiple applications ranging from useful 
(high-security systems) to informational (proving that yes, you can have 
a fully functional system utilizing only open source software).

-- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645
http://www.raptorengineeringinc.com



More information about the SeaBIOS mailing list