Difference between revisions of "User:GNUtoo"

From coreboot
Jump to: navigation, search
(Howtos)
(AMD/ATI/Nvidia GPU with SeaBIOS without running the option rom)
 
(78 intermediate revisions by the same user not shown)
Line 1: Line 1:
= For coreboot users =
+
== Contributions ==
 +
In the [https://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=Documentation/gerrit_guidelines.md;h=1833b0a8f0dc89001547c73457d113a4a56fbd31;hb=refs/heads/master#l31 gerrit guidelines] there the follwing line: "Don't modify other people's patches without their consent."
 +
I consent to the modification of my patches by anybody. I work on specific things because no one wants to do what I want to do. Else I'd be happy to pick the next task in my huge TODO list.
  
This section is mainly usefull for finding informations for:
 
* running a free version of coreboot on the lenovo x60.
 
* knowing the machines I've been working on, in order to ask questions on them.
 
* Usefull howto for using coreboot.
 
 
== Lenovo x60 ==
 
I've a [git://gitorious.org/gnutoo-for-coreboot/coreboot.git git tree] with branches that have features that are not yet merged to coreboot.
 
 
The only interesting branch is the production+v5 branch, it contains:
 
* The native GPU init for it
 
* The new fallback mecanism
 
* The removal of the microcode for the Lenovo x60
 
 
=== Native GPU init ===
 
With the native (intel) GPU initialisation, coreboot itself initialises the GPU.
 
{| class="wikitable"  border="1"
 
! Initialisation method
 
! Free software, based on
 
! Advantages
 
! Drawbacks
 
|-
 
| non-free VGA option rom
 
| {{no}}, extracted from the BIOS.
 
|
 
* compatible with everything
 
* works with the official coreboot.
 
|
 
* non-free
 
* even yabel cannot contain it
 
|-
 
| Linux kernel i915 driver
 
| {{yes}}, in the linux kernel
 
|
 
* works with the official coreboot.
 
|
 
* The screen content is only visible after the i915, so you cannot see grub.
 
* It worked with trisquel6 kernel, and had issues with some recent kernels.
 
** TODO: investigate the memory_corruption_check kernel parameter.
 
|-
 
| Native GPU initialisation (by coreboot)
 
| {{yes}}, based on a replay of the kernel initialisation
 
|
 
* compatible payloads can use the screen.
 
|
 
* not in the official coreboot yet.
 
* only compatible payload will be able to use the screen, like:
 
** libpayload based payloads
 
** recent grub versions
 
|-
 
|}
 
 
==== Yabel issue ====
 
Yabel works well for tracing.
 
But the GPUs in the Lenovo x60 and t60 have a bar that gives access to the whole memory:
 
Region 1: I/O ports at 50a0 [size=8]
 
 
== Hardware ==
 
 
I've contributed to the following ports:
 
I've contributed to the following ports:
 
* M4A785T-M: I've been the main person working on it.
 
* M4A785T-M: I've been the main person working on it.
* Lenovo x60: I've been working on the native GPU init, and various other improvements.
+
* Lenovo X60: I've been working on the native GPU init, and various other improvements.
* Lenovo t60: I've been working on some improvements.
+
* Lenovo T60: I've been working on some improvements.
 
* Alix 1.C: I've been working on some improvements.
 
* Alix 1.C: I've been working on some improvements.
 +
 +
Interests:
 +
* 100% Free computers(Laptops, Desktops, Home Servers, routers).
 +
* Security
 +
** Secure boot trough GRUB with full disk encryption (no /boot in clear)
 +
** Protect against DMA and other attacks that have access to the x86 cpu's RAM.
 +
* Making it possible for end user to be able to use coreboot/libreboot:
 +
** Making it easy or scalable to install coreboot/libreboot.
 +
** Making it usable.
 +
* Making less risky to reflash, permitting users without an external programmer to easily reflash, and developers to develop anywhere without a huge setup consisting of another computer and the coreboot computer beeing worked on. I'm also interested in getting the cbmem logs written to flash to make debugging easier when no other computer is available(for instance while the developer is traveling to a conference).
  
 
== Howtos ==
 
== Howtos ==
* [[User:Fchmmr|Howto install the coreboot with native GPU init]]
 
 
=== make recent intel BIOS flash writable and/or extract its pieces ===
 
=== make recent intel BIOS flash writable and/or extract its pieces ===
 
Coreboot has an uttility in util/ifdtool for that.
 
Coreboot has an uttility in util/ifdtool for that.
Line 73: Line 27:
 
* run ifdtool on the extracted chip content
 
* run ifdtool on the extracted chip content
 
* reflash the modified content
 
* reflash the modified content
 +
=== AMD/ATI/Nvidia GPU with SeaBIOS without running the option rom ===
 +
The idea is to keep the option rom in memory while making SeaBIOS not run it.
 +
This has the effect of permitting linux(-libre) to initalize the GPU on all AMD/ATI and Nvidia GPU I tried it with. The downside is the lack of graphics before that. That means no graphics in GRUB.
 +
 +
==== Patch ====
 +
From 73aae33b7e70d15b595b3f127ffe98bd76f9a646 Mon Sep 17 00:00:00 2001
 +
From: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
 +
Date: Sat, 7 Mar 2015 15:39:52 +0100
 +
Subject: [PATCH] Kconfig: Add option not to run option roms
 +
 +
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
 +
---
 +
  src/Kconfig      | 8 ++++++++
 +
  src/optionroms.c | 2 ++
 +
  2 files changed, 10 insertions(+)
 +
 +
diff --git a/src/Kconfig b/src/Kconfig
 +
index 95bf087..1988f56 100644
 +
--- a/src/Kconfig
 +
+++ b/src/Kconfig
 +
@@ -403,6 +403,14 @@ menu "BIOS interfaces"
 +
          default y
 +
          help
 +
              Support Post Memory Manager (PMM) entry point.
 +
+    config OPTIONROMS_NORUN
 +
+        depends on OPTIONROMS
 +
+        bool "Put the option roms in memory, but don't run them"
 +
+        default n
 +
+        help
 +
+            Some GPU drivers are capable of initializing the display alone,
 +
+            but they still require some data from the option rom.
 +
+
 +
      config BOOT
 +
          bool "Boot interface"
 +
          default y
 +
diff --git a/src/optionroms.c b/src/optionroms.c
 +
index c81eff2..c7c89da 100644
 +
--- a/src/optionroms.c
 +
+++ b/src/optionroms.c
 +
@@ -53,7 +53,9 @@ __callrom(struct rom_header *rom, u16 offset, u16 bdf)
 +
  void
 +
  callrom(struct rom_header *rom, u16 bdf)
 +
  {
 +
+#if (!CONFIG_OPTIONROMS_NORUN)
 +
      __callrom(rom, OPTION_ROM_INITVECTOR, bdf);
 +
+#endif
 +
  }
 +
 
 +
  // Execute a BCV option rom registered via add_bcv().
 +
--
 +
2.6.4
 +
 +
= X60/I945 native GPU init History =
 +
The Lenovo X60 GPU init has been merged a long time ago.
 +
Since then it has been rewriten/improved a lot by other people (See git log for more details).
 +
Thanks to all that work it's now a proper driver.
 +
 +
So I've moved the X60 GPU init information in [[/X60_GPU_init|a subpage]]
 +
 +
== Personal oppinions ==
 +
=== Microcode ===
 +
The issue about the CPU microcodes is that they are non-free, and under a license that is incompatible with coreboot's license.
 +
 +
Practically speaking, I guess that if the microcode is in the cbfs(coreboot filesystem) instead of beeing integrated directly in coreboot, that would count as agrgate work and should be safe, but I'm not a lawyer(so ask a good one instead).
 +
The solution would then be to remove the microcodes from the coreboot repositories.
 +
 +
(I guess that it would then end up in the blob repository instead which is a separate repository, and would then be included in the coreboot filesytem).
 +
 +
Some people say that the microcode is the equivalent of having a more recent CPU, as a justification for using it.
 +
Though since Intel microcodes are encrypted and signed, its meaning is not public, therefore we can't really know what's inside, so people usually trust what the CPU vendor say about it, such as that it fixes some bugs(erratas for such bugs are published).
 +
 +
My goal is to have a 100% free computer, and also to spread that code, so that other people can have a 100% free computer too.
 +
According to the FSF, and the FSF criterias for differenciating software from hardware, that microcode is software.
 +
So since they consider it as non-free, a coreboot image containing that microcode would not be considered free by the FSF.
 +
 +
On my Lenovo x60, the microcode was easy to remove, and it worked fine, beside printing a scary kernel message pointing to an Intel errata.
 +
Practically speaking, after resuming(so after suspend to ram), the temperatures reading will not be updated, and the temperature overheat will not be reported. The hardware issues you may encounter will depend on your specific CPU, not the model, but instead the date at which it was manufactured.
 +
 +
The result of it is that the FSF certified the gluglug's lenovo x60: gluglug removed the last microcodes(that were not used by the x60), sent that source code to the FSF, which certified it.
 +
So instead of debating trough huge flames aobut the fact that we should use, or not use the microcode, it was more effective to remove it.
 +
The benefit is the publicity arround that laptop that can be made 100% free software, which makes users aware of it and willing to switch to it.
 +
 +
=== Yabel ===
 +
Yabel is great for tracing what the GPU does.
 +
 +
But the GPUs in the Lenovo x60 and t60 have a bar that gives access to the whole memory:
 +
Region 1: I/O ports at 50a0 [size=8]
 +
 +
So using Yabel to prevent the VGA option rom from doing nasty tricks is probably not safe enough.
 +
 +
I was told that many other GPU also have that issue.
 +
 +
The way to fix that is to get rid of the proprietary VGA option rom. On some boards it's possible and coreboot has a replacement for it. On some other boards, the kernel can initialize the GPU with or without tricks.
  
 
= For coreboot developers =
 
= For coreboot developers =
Line 93: Line 140:
 
! Serial/output
 
! Serial/output
 
! flash recovery mecanism
 
! flash recovery mecanism
! My work / area of interest
+
! My area of interest
 
|-
 
|-
| M4A785T-M
+
| Asrock E350M1
 +
|
 +
* Serial
 +
* Some other outputs may work but I didn't test them.
 +
|
 +
* External programmer
 +
* Swapping the flash chip
 +
|
 +
* Powering off the GPU
 +
* Low noise home server use case
 +
|-
 +
| Asus F2A85-M PRO
 +
|
 +
* cbmem -c
 +
|
 +
* External programmer
 +
* Swapping the flash chip
 +
|
 +
* I've been the main porter.
 +
* Usability improvements
 +
|-
 +
| Asus M4A785T-M
 
|
 
|
 
* Serial
 
* Serial
Line 103: Line 171:
 
|
 
|
 
* I've been the main porter.
 
* I've been the main porter.
 +
* Usability improvements
 +
|-
 +
| Lenovo T60
 +
|
 +
* Serial on the dock
 +
* USB debug
 +
* spkmodem(untried but should work)
 +
| External programmer with pomona clip(untried but should work)
 +
|
 +
* Native GPU init
 +
* Usability improvements.
 +
|-
 +
| Lenovo X200T
 +
|
 +
* None tried yet
 +
* I've no compatbile dock
 +
| I didn't flash it yet.
 +
|
 +
* Making it easier to flash.
 +
* Checking its security and freedom to see how it can compare to the Lenovo X60.
 
|-
 
|-
 
| Lenovo X60
 
| Lenovo X60
Line 112: Line 200:
 
|
 
|
 
* Native GPU init
 
* Native GPU init
* Various other improvements.
+
* Secure boot with grub.
 +
* Usability improvements.
 
|-
 
|-
| Lenovo T60
+
| Lenovo X60T
 
|
 
|
* USB debug
+
* None tried yet
* spkmodem(untried but should work)
+
* I've no compatbile dock
| External programmer with pomona clip(untried but should work)
+
| External programmer with pomona clip
 
|
 
|
* Various improvements.
+
* Native GPU init
 +
* Touchscreen support
 +
* Usability improvements.
 
|-
 
|-
| Alix 1.C
+
| PC Engines Alix 1.C
 
|
 
|
 
* Serial
 
* Serial
 
| Hot swap with the LPC dongle
 
| Hot swap with the LPC dongle
 
|
 
|
* Various improvements.
+
* Usability improvements.
|-
+
| E350M1
+
|
+
* Serial
+
* Some other outputs may work but I didn't test them.
+
|
+
* External programmer
+
* Swapping the flash chip
+
|
+
* None(I just use it).
+
 
|-
 
|-
 
|}
 
|}
  
 
=== Mainboard/Devices not running coreboot (yet?) ===
 
=== Mainboard/Devices not running coreboot (yet?) ===
* HP nc6320
+
* <s>HP nc6320</s> Not worth it. I don't have this laptop anymore. Less prone to dis disassembly and reassembly than the Lenvo X60,X60T,T60. So doing a port will probably break the laptop due to the high number of disassemblies and reassemblies.
* Asus N71JQ
+
* <s>Asus N71JQ</s> Broken by messing with the 3.3V line while flashing.
  
 
Note that they will probably never run coreboot, as I don't think they're worth the time.
 
Note that they will probably never run coreboot, as I don't think they're worth the time.
Line 158: Line 239:
 
** a bug20 (omap3530)
 
** a bug20 (omap3530)
 
** a GTA04 A3 (DM370)
 
** a GTA04 A3 (DM370)
 
== Interesting git trees ==
 
* http://www.gitorious.org/gnutoo-for-coreboot/coreboot/ : I push there the code that is not yet ready for review.
 
** production+v5 is a branch for the Lenovo x60 containing:
 
*** The native GPU init for it
 
*** The new fallback mecanism
 
*** The removal of the microcode for the Lenovo x60
 
=== Way less interesting trees ===
 
* http://git.stuge.se/?p=gnutoo-chromiumos-coreboot.git;a=summary : it's an historic tree, containing code that is based on the replay of the option rom, before the native GPU init worked(so it doesn't work).
 
* http://git.stuge.se/?p=gnutoo-i915tool-x60.git;a=summary : contains an historic version of the i915tool
 
  
 
==  My TODO list ==
 
==  My TODO list ==
Line 179: Line 250:
 
* Add cmos.default<s>(require disassembling the laptop for testing)</s>
 
* Add cmos.default<s>(require disassembling the laptop for testing)</s>
 
* Add native graphics init(require waiting that Peter stuge push his part for review)
 
* Add native graphics init(require waiting that Peter stuge push his part for review)
 +
* Export reboot_bits in cmos
  
 
=== X60 ===
 
=== X60 ===
* native GPU init and new fallback are pushed for review: Address the concerns.
+
* new fallback are pushed for review: Address the concerns.
** I pushed the new and complete native GPU init on gitorious, Peter Stuge will work on merging it while I finish addressing the fallback comments.
+
** <s>I pushed the new and complete native GPU init on gitorious, Peter Stuge will work on merging it while I finish addressing the fallback comments.</s> Merged, also improved a lot by Vladimir for instance.
 
* fix the CPU microcode issue.
 
* fix the CPU microcode issue.
* update http://www.coreboot.org/Thinkpad_X60s
+
* <s>update http://www.coreboot.org/Thinkpad_X60s</s> Has been taken care of by other people.
* Create a Native graphics<->VGA option rom.
+
* <s>Create a Native graphics<->VGA option rom.</s> Kevin did one in SeaBIOS.
* Make backlight work without the non-free option rom.
+
* <s>Make backlight work without the non-free option rom.</s> Now works, probably fixed by Vladimir. I've no idea why just writing to the backlight register didn't work before his work.
  
 
==== Later ====
 
==== Later ====
 
* Improve the patch for SerialIce in order to get it merged.
 
* Improve the patch for SerialIce in order to get it merged.
 
* SD detection fix for my X60 version.
 
* SD detection fix for my X60 version.
* Hotkey patch to clean and merge.
+
* <s>Hotkey patch to clean and merge.</s> thinkpad_acpi loads nowadays. The patch was from Peter.
  
 
=== Alix 1.C ===
 
=== Alix 1.C ===
* Add cbmem -c support
+
* <s>Add cbmem -c support</s> This is now generic. So it was fixed for free.
 
* port the VSA to fasm?
 
* port the VSA to fasm?
  
Line 201: Line 273:
 
* Find the USB debug port
 
* Find the USB debug port
 
* Find how to extract the BIOS pieces from the BIOS region
 
* Find how to extract the BIOS pieces from the BIOS region
== Native X60 GPU init stuff ==
+
==== fallback improvements ====
=== scripts to help getting rid of the vbios of the x60 ===
+
All the patches necessary to make it work got merged but one:
==== Script 1: generate the io access for the coreboot driver ====
+
* follow "Case study: new laptop (not complete, sorry)" in https://docs.google.com/document/d/1g8FMob25VZYxbWri2iFB8YiSL8gwF9vKJH3HGxr0xQU/edit?pli=1
+
* pacman -S plan9port
+
* cp /opt/plan9/bin/ssam ./
+
* replace the following line in ./ssam:
+
#!/usr/local/plan9/bin/rc
+
by the following line:
+
#!/opt/plan9/bin/rc
+
* create the ssamfix file with:
+
  ,s/\[ *[0-9]+\..[0-9]+\]//g
+
  ,s/^ *//g
+
y/^[RWU]/s/^/M /g
+
  ,s/\nU/ ;;;UDELAY/g
+
  ,|uniq -c
+
  ,s/^ *//g
+
  ,s/(^[0-9]+) ([MRW])/\2 \1/g
+
  ,s/"/\\"/g
+
  ,s/^M ([0-9]+) *(\[.*)/{M, \1, "\2"},/g
+
  ,s/^M ([0-9]+) *(.*)/{M, \1, "\2"},/g
+
  ,s/:  */:/g
+
  ,s/...UDELAY *([0-9]+)/\1/g
+
  ,s/^([RW]) ([0-9]+) (.*):0x([0-9a-f]+)(.*)/{\1, \2, "", \3, 0x\4, \5},/g
+
* run the following commands:
+
. /etc/profile.d/plan9.sh
+
cat dmesg| ./ssam  -f ssamfix > foo.c
+
  
==== Script2: compare the io access that were too fast ====
+
The remaining patch<ref>lenovo/x60: Require only one failed boot to switch to fallback in X86_BOOTBLOCK_NORMAL mode.
* Replace {V,0,}, with {V,7,}, in src/mainboard/vendor/device/i915io.c
+
</ref> add the following to the x60's Kconfig<ref>src/mainboard/lenovo/x60/Kconfig</ref>:
* cat /dev/ttyUSB0 > accesses.txt
+
  config MAX_REBOOT_CNT
* Use that script against accesses.txt to find the guilty accesses:
+
        int
  #!/usr/bin/env python2
+
        default 1
import sys,re
+
 
 
+
Another optional patch didn't get merged:
def main(args):
+
* "Move set_boot_successful to drivers/pc80/mc146818rtc.c"
try:
+
f = open(args[1],'ro')
+
except:
+
print args[0], " <file>"
+
+
for line in f:
+
if re.match("0x[0-9]*: Got .*, expect .*",line):
+
line = line.replace('\r\n','').replace(", expect ",':').replace(": Got ",':')
+
split = line.split(':')
+
#print split
+
if split[1] != split[2]:
+
print line
+
if __name__ == '__main__':
+
main(sys.argv)
+
  
=== How to get semantic IOs ===
 
In i915tool:
 
* import your IOs in prettyregs.c
 
* compile prettyregs.c
 
* run prettyregs
 
  
=== How to get rid of the vbios of the x60 [New Version] ===
+
* An old pushed topic branch can be found [http://review.coreboot.org/#/q/status:open+project:coreboot+branch:master+topic:falback-patches-v2,n,z in gerrit]
WARNING: DO NOT ATTEMPT TO DO THAT WITHOUT A FLASH RECOVERY MECANISM
+
  
Apply the [http://review.coreboot.org/#/c/3277/ coreboot patches], and adapt them for your mainboard
+
===== References =====
 +
<references/>
  
Then configure coreboot with:
+
==== Patches that need more work ====
[*] Output verbose x86emu debug messages
+
* I use a deblob patch, instead the various microcode should be moved out of coreboot repository, they are inside headers.
[ ]  Trace JMP/RETF
+
[ ]  Trace all opcodes
+
[ ]  Log Plug&Play accesses
+
[ ]  Log Disk I/O
+
[ ]  Log PMM
+
[ ]  Debug VESA BIOS Extensions
+
[ ]  Redirect INT10 output to console
+
[ ]  Log intXX calls
+
[ ]  Log special memory accesses
+
[ ]  Log all memory accesses
+
[*]  Log IO accesses
+
Build and flash coreboot.
+
  
git clone [https://code.google.com/r/gnutoo-i915tool-x60/source/list my fork of the i915tool] until the code is merged in the [https://code.google.com/p/i915tool/ official i915tool].
+
==== Infrastructure ====
 +
* "Add grub.cfg"
  
Get the [http://www.coreboot.org/images/4/42/Dennis.tar.gz tarball] that contains the generated code, extract it.
+
=== SerialICE ===
 +
=== Flashrom ===
  
Also get the [http://www.coreboot.org/images/3/39/I915_reg.h.gz i915_regs.h.gz] file, decompress it and put it in final/
 
  
Then go into i915tool and apply some patches for the x60 or redo them for your mainboard.
+
== Other ==
 +
00:52 < phcoder-screen> GNUtoo-irssi: once you asked why upper 128bytes of cmos behave in strange way: you have to enable them in rcba
  
Run make:
+
=== To verify ===
$ cd i915tool
+
* I have bad memory on this, but I was probably told by someone who talked to peter stuge, or by peter stuge that if you blank the flash chip holding the BIOS, in an X61, power off the computer and power it on again, an IPV6 packet would come out of the (wired) NIC. This was due to AMT, which is on the NIC (X61 is old, and at that time AMT was on the intel ethernet NICs).
$ make
+
** Once verified, the goal would be to reproduce that on an x200:
Then go into the x60 directory(or the directory of your device):
+
*** blank the BIOS flash chip, power off the computer, boot it.
$ cd x60
+
*** observe an ipv6 packet
use picocom -b 115200 /dev/ttyUSB0 or stty to set the bauds of the Serial port.
+
*** blank the NIC flash chip that holds its fimrware
Then get logs:
+
*** hopefully observe no ipv6 packet
$ cat /dev/ttyUSB0 | tee coreboot.log
+
*** reflash coreboot inisde the BIOS flash chip
Then remove the binary symbols, dos2unix will help identifying where they are:
+
=> That may be able to produce a test case for knowing if the AMT firmware of the NIC was gone or not, but it does requires external reflashing. Would that be enough to be sure about the intel NIC of the laptops with a similar chipset?
$ dos2unix coreboot.log
+
dos2unix: Binary symbol found at line 136332
+
dos2unix: Skipping binary file coreboot.log
+
Then do:
+
$ dos2unix coreboot.log
+
Then remove the lines before and after the log, the log looks like that:
+
[0047229e]c000:51cb outl(0x80001014, 0x0cf8)
+
[0047325f]c000:51d4 inw(0x0cfc) = 0x50a1
+
Then run make and fix the errors:
+
$ make
+
Then copy to coreboot as it says.
+
Then if necessary try to compact the source code a bit, here for me I have a really long list of:
+
io_i915_write32(0xcffbe001,0x8001);
+
io_i915_write32(0xcffbe001,0x8005);
+
io_i915_write32(0xcffbe001,0x8009);
+
io_i915_write32(0xcffbe001,0x800d);
+
io_i915_write32(0xcffbe001,0x8011);
+
That can be replaced with:
+
int i = 0;
+
for (i=0x8001;i<0x3fffa;i+=4){
+
io_i915_write32(0xcffbe001,i);
+
}
+
  
Import the final code into the chromium fork of coreboot with my patches on top.
+
== Sandbox ==
 +
[[/sandbox]]

Latest revision as of 00:45, 24 January 2016

Contributions

In the gerrit guidelines there the follwing line: "Don't modify other people's patches without their consent." I consent to the modification of my patches by anybody. I work on specific things because no one wants to do what I want to do. Else I'd be happy to pick the next task in my huge TODO list.

I've contributed to the following ports:

  • M4A785T-M: I've been the main person working on it.
  • Lenovo X60: I've been working on the native GPU init, and various other improvements.
  • Lenovo T60: I've been working on some improvements.
  • Alix 1.C: I've been working on some improvements.

Interests:

  • 100% Free computers(Laptops, Desktops, Home Servers, routers).
  • Security
    • Secure boot trough GRUB with full disk encryption (no /boot in clear)
    • Protect against DMA and other attacks that have access to the x86 cpu's RAM.
  • Making it possible for end user to be able to use coreboot/libreboot:
    • Making it easy or scalable to install coreboot/libreboot.
    • Making it usable.
  • Making less risky to reflash, permitting users without an external programmer to easily reflash, and developers to develop anywhere without a huge setup consisting of another computer and the coreboot computer beeing worked on. I'm also interested in getting the cbmem logs written to flash to make debugging easier when no other computer is available(for instance while the developer is traveling to a conference).

Howtos

make recent intel BIOS flash writable and/or extract its pieces

Coreboot has an uttility in util/ifdtool for that.

  • power off the laptop totally (remove the power, the battery etc...)
  • connect an external programmer to the BIOS flash chip.
  • dump the chip content with flashrom and that external programmer.
  • run ifdtool on the extracted chip content
  • reflash the modified content

AMD/ATI/Nvidia GPU with SeaBIOS without running the option rom

The idea is to keep the option rom in memory while making SeaBIOS not run it. This has the effect of permitting linux(-libre) to initalize the GPU on all AMD/ATI and Nvidia GPU I tried it with. The downside is the lack of graphics before that. That means no graphics in GRUB.

Patch

From 73aae33b7e70d15b595b3f127ffe98bd76f9a646 Mon Sep 17 00:00:00 2001
From: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
Date: Sat, 7 Mar 2015 15:39:52 +0100
Subject: [PATCH] Kconfig: Add option not to run option roms

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
---
 src/Kconfig      | 8 ++++++++
 src/optionroms.c | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/src/Kconfig b/src/Kconfig
index 95bf087..1988f56 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -403,6 +403,14 @@ menu "BIOS interfaces"
         default y
         help
             Support Post Memory Manager (PMM) entry point.
+    config OPTIONROMS_NORUN
+        depends on OPTIONROMS
+        bool "Put the option roms in memory, but don't run them"
+        default n
+        help
+            Some GPU drivers are capable of initializing the display alone,
+            but they still require some data from the option rom.
+
     config BOOT
         bool "Boot interface"
         default y
diff --git a/src/optionroms.c b/src/optionroms.c
index c81eff2..c7c89da 100644
--- a/src/optionroms.c
+++ b/src/optionroms.c
@@ -53,7 +53,9 @@ __callrom(struct rom_header *rom, u16 offset, u16 bdf)
 void
 callrom(struct rom_header *rom, u16 bdf)
 {
+#if (!CONFIG_OPTIONROMS_NORUN)
     __callrom(rom, OPTION_ROM_INITVECTOR, bdf);
+#endif
 }
 
 // Execute a BCV option rom registered via add_bcv().
-- 
2.6.4

X60/I945 native GPU init History

The Lenovo X60 GPU init has been merged a long time ago. Since then it has been rewriten/improved a lot by other people (See git log for more details). Thanks to all that work it's now a proper driver.

So I've moved the X60 GPU init information in a subpage

Personal oppinions

Microcode

The issue about the CPU microcodes is that they are non-free, and under a license that is incompatible with coreboot's license.

Practically speaking, I guess that if the microcode is in the cbfs(coreboot filesystem) instead of beeing integrated directly in coreboot, that would count as agrgate work and should be safe, but I'm not a lawyer(so ask a good one instead). The solution would then be to remove the microcodes from the coreboot repositories.

(I guess that it would then end up in the blob repository instead which is a separate repository, and would then be included in the coreboot filesytem).

Some people say that the microcode is the equivalent of having a more recent CPU, as a justification for using it. Though since Intel microcodes are encrypted and signed, its meaning is not public, therefore we can't really know what's inside, so people usually trust what the CPU vendor say about it, such as that it fixes some bugs(erratas for such bugs are published).

My goal is to have a 100% free computer, and also to spread that code, so that other people can have a 100% free computer too. According to the FSF, and the FSF criterias for differenciating software from hardware, that microcode is software. So since they consider it as non-free, a coreboot image containing that microcode would not be considered free by the FSF.

On my Lenovo x60, the microcode was easy to remove, and it worked fine, beside printing a scary kernel message pointing to an Intel errata. Practically speaking, after resuming(so after suspend to ram), the temperatures reading will not be updated, and the temperature overheat will not be reported. The hardware issues you may encounter will depend on your specific CPU, not the model, but instead the date at which it was manufactured.

The result of it is that the FSF certified the gluglug's lenovo x60: gluglug removed the last microcodes(that were not used by the x60), sent that source code to the FSF, which certified it. So instead of debating trough huge flames aobut the fact that we should use, or not use the microcode, it was more effective to remove it. The benefit is the publicity arround that laptop that can be made 100% free software, which makes users aware of it and willing to switch to it.

Yabel

Yabel is great for tracing what the GPU does.

But the GPUs in the Lenovo x60 and t60 have a bar that gives access to the whole memory:

Region 1: I/O ports at 50a0 [size=8]

So using Yabel to prevent the VGA option rom from doing nasty tricks is probably not safe enough.

I was told that many other GPU also have that issue.

The way to fix that is to get rid of the proprietary VGA option rom. On some boards it's possible and coreboot has a replacement for it. On some other boards, the kernel can initialize the GPU with or without tricks.

For coreboot developers

This section is mainly usefull for finding informations for:

  • Asking me to test some code (that's why I listed all my hardware).
  • Find my work in progress code.
  • Find legacy code.
  • Find what I'm interested in working on:
    • If you want to work on the same thing than me, you could contact me if you want so:
      • I could help if I have time.
      • I could test if I have time.
      • I may have some pointers.
  • HOWTO that documents how to do a native VGA init for the Lenovo x60:
    • It probably applies to the Lenovo t60 that have an Intel GPU, with no or very minor modifications.

Hardware

Mainboard/Devices running coreboot

Device/Mainboard Serial/output flash recovery mecanism My area of interest
Asrock E350M1
  • Serial
  • Some other outputs may work but I didn't test them.
  • External programmer
  • Swapping the flash chip
  • Powering off the GPU
  • Low noise home server use case
Asus F2A85-M PRO
  • cbmem -c
  • External programmer
  • Swapping the flash chip
  • I've been the main porter.
  • Usability improvements
Asus M4A785T-M
  • Serial
  • External programmer
  • Swapping the flash chip
  • I've been the main porter.
  • Usability improvements
Lenovo T60
  • Serial on the dock
  • USB debug
  • spkmodem(untried but should work)
External programmer with pomona clip(untried but should work)
  • Native GPU init
  • Usability improvements.
Lenovo X200T
  • None tried yet
  • I've no compatbile dock
I didn't flash it yet.
  • Making it easier to flash.
  • Checking its security and freedom to see how it can compare to the Lenovo X60.
Lenovo X60
  • Serial on the dock
  • USB debug
  • spkmodem
External programmer with pomona clip
  • Native GPU init
  • Secure boot with grub.
  • Usability improvements.
Lenovo X60T
  • None tried yet
  • I've no compatbile dock
External programmer with pomona clip
  • Native GPU init
  • Touchscreen support
  • Usability improvements.
PC Engines Alix 1.C
  • Serial
Hot swap with the LPC dongle
  • Usability improvements.

Mainboard/Devices not running coreboot (yet?)

  • HP nc6320 Not worth it. I don't have this laptop anymore. Less prone to dis disassembly and reassembly than the Lenvo X60,X60T,T60. So doing a port will probably break the laptop due to the high number of disassemblies and reassemblies.
  • Asus N71JQ Broken by messing with the 3.3V line while flashing.

Note that they will probably never run coreboot, as I don't think they're worth the time.

Debugging tools

  • External programmers :
    • Arduino duemillanove (serprog based)
    • Arduino uno (serprog based)
    • openmoko debug board (FTDI based)
    • bug20 (linux_spi)
  • A pomona clip
  • a null-modem serial cable and 2 USB<->Serial adapters
  • USB debug compatible devices:
    • a bug20 (omap3530)
    • a GTA04 A3 (DM370)

My TODO list

See also TODO of the respectives machines on their dedicated wiki page.

All machines

  • Add a working and easily usable normal/fallback selection. pushed for review
  • Port a logging mecanism from chromebooks to all devices in order to be able to retrive the log of the failed boot at the next reboot.

T60

  • Find out why the machine hang when the power supply is removed(only does it when the linux kernel is started) Fixed by ./nvramtool -w first_battery=Primary
  • Add cmos.default(require disassembling the laptop for testing)
  • Add native graphics init(require waiting that Peter stuge push his part for review)
  • Export reboot_bits in cmos

X60

  • new fallback are pushed for review: Address the concerns.
    • I pushed the new and complete native GPU init on gitorious, Peter Stuge will work on merging it while I finish addressing the fallback comments. Merged, also improved a lot by Vladimir for instance.
  • fix the CPU microcode issue.
  • update http://www.coreboot.org/Thinkpad_X60s Has been taken care of by other people.
  • Create a Native graphics<->VGA option rom. Kevin did one in SeaBIOS.
  • Make backlight work without the non-free option rom. Now works, probably fixed by Vladimir. I've no idea why just writing to the backlight register didn't work before his work.

Later

  • Improve the patch for SerialIce in order to get it merged.
  • SD detection fix for my X60 version.
  • Hotkey patch to clean and merge. thinkpad_acpi loads nowadays. The patch was from Peter.

Alix 1.C

  • Add cbmem -c support This is now generic. So it was fixed for free.
  • port the VSA to fasm?

Asus N71JQ

Probably not worth it...

  • Find the USB debug port
  • Find how to extract the BIOS pieces from the BIOS region

fallback improvements

All the patches necessary to make it work got merged but one:

The remaining patch[1] add the following to the x60's Kconfig[2]:

config MAX_REBOOT_CNT
       int
       default 1

Another optional patch didn't get merged:

  • "Move set_boot_successful to drivers/pc80/mc146818rtc.c"


  • An old pushed topic branch can be found in gerrit
References
  1. lenovo/x60: Require only one failed boot to switch to fallback in X86_BOOTBLOCK_NORMAL mode.
  2. src/mainboard/lenovo/x60/Kconfig

Patches that need more work

  • I use a deblob patch, instead the various microcode should be moved out of coreboot repository, they are inside headers.

Infrastructure

  • "Add grub.cfg"

SerialICE

Flashrom

Other

00:52 < phcoder-screen> GNUtoo-irssi: once you asked why upper 128bytes of cmos behave in strange way: you have to enable them in rcba

To verify

  • I have bad memory on this, but I was probably told by someone who talked to peter stuge, or by peter stuge that if you blank the flash chip holding the BIOS, in an X61, power off the computer and power it on again, an IPV6 packet would come out of the (wired) NIC. This was due to AMT, which is on the NIC (X61 is old, and at that time AMT was on the intel ethernet NICs).
    • Once verified, the goal would be to reproduce that on an x200:
      • blank the BIOS flash chip, power off the computer, boot it.
      • observe an ipv6 packet
      • blank the NIC flash chip that holds its fimrware
      • hopefully observe no ipv6 packet
      • reflash coreboot inisde the BIOS flash chip

=> That may be able to produce a test case for knowing if the AMT firmware of the NIC was gone or not, but it does requires external reflashing. Would that be enough to be sure about the intel NIC of the laptops with a similar chipset?

Sandbox

/sandbox