Recently there was a blog post by MALIBAL, a disgruntled laptop vendor who attempted to port coreboot to their rebranded white label laptop. The cause of the kerfuffle they describe is that they failed in their own attempt to port coreboot to their laptop, then approached a few of our consultants and community members claiming the code was “80+%” complete and that they just needed help with “debugging.”
Each attempt was terminated in the evaluation phase, however, as the consultants and vendor disagreed on the amount of remaining effort and the supplied hardware had problems (flash read/write problems, UART access barely possible) which could not be resolved easily. Additionally, this person’s attitude and communication style was, to put it mildly, very off-putting.
We won’t do a point-by-point rebuttal of their screed since others have already done so in various other forums. However, it is important to emphasize that aside from NDAs which are common for new product development, no contracts or statements of work were signed and no money changed hands. Any suggestion from this vendor’s blog that a coreboot consultant failed to deliver on work they were hired or paid to do is false and defamatory.
Our consultants have a strong track record of delivering for their customers on a variety of platforms including embedded systems, laptops and desktops, networking equipment, and servers. They’re also very friendly and will be happy to help scope out your next product needing simple, fast, and secure firmware.
We are pleased to announce the release of coreboot 24.08, another significant milestone in our ongoing commitment to delivering open-source firmware solutions. This release includes over 900 commits, contributed by more than 130 dedicated individuals from our global community. The updates in 24.08 bring various enhancements, optimizations, and new features that further improve the reliability and performance of coreboot across supported platforms.
We extend our sincere thanks to the patch authors, reviewers, and everyone involved in the coreboot community for their hard work and dedication. Your contributions continue to advance and refine coreboot with each release. As always, thank you for your support and collaboration in driving the future of open-source firmware.
The next coreboot release, 24.11 is planned for mid-November.
We introduce two new functions to create region objects. They allow us to check for integer overflows (region_create_untrusted()) or assert their absence (region_create()).
This fixes potential overflows in region_overlap() checks in SMI handlers, where we would wrongfully report MMIO as not overlapping SMRAM.
Also, two cases of strtol() in parse_region() (cbfstool), where the results were implicitly converted to size_t, are replaced with the unsigned strtoul().
FIT payload support is left out, as it doesn’t use the region API (only the struct).
This adds some helper functions for FDT (Flattened Device Tree) , since more and more mainboards seem to need FDT nowadays. For example our QEMU boards need it in order to know how much RAM is available. Also all RISC-V boards in our tree need FDT.
This also adds some tests in order to test said functions.
device_tree: Add function to get top of memory from a FDT blob
coreboot needs to figure out top of memory to place CBMEM data. On some non-x86 QEMU virtual machines, this is achieved by probing the RAM space to find where the VM starts discarding data since it’s not backed by actual RAM. This behavior seems to have changed on the QEMU side since then, VMs using the “virt” model have started raising exceptions/errors instead of silently discarding data (likely [1] for example) which has previously broken coreboot on these emulation boards.
The qemu-aarch64 and qemu-riscv mainboards are intended for the “virt” models and had this issue, which was mostly fixed by using exception handlers in the RAM detection process [2][3]. But on 32-bit RISC-V we fail to initialize CBMEM if we have 2048 MiB or more of RAM, and on 64-bit RISC-V we had to limit probing to 16383 MiB because it can run into MMIO regions otherwise.
The qemu-armv7 mainboard code is intended for the “vexpress-a9” model VM which doesn’t appear to suffer from this issue. Still, the issue can be observed on the ARMv7 “virt” model via a port based on qemu-aarch64.
QEMU docs for ARM and RISC-V “virt” models [4][5] recommend reading the device tree blob it provides for device information (incl. RAM size). Implement functions that parse the device tree blob to find described memory regions and calculate the top of memory in order to use it in mainboard code as an alternative to probing RAM space. ARM64 code initializes CBMEM in romstage where malloc isn’t available, so take care to do parsing without unflattening the blob and make the code available in romstage as well.
drivers/wifi: Support Bluetooth Regulator Domain Settings
The ‘Bluetooth Increased Power Mode – SAR Limitation’ feature provides ability to utilize increased device Transmit power capability for Bluetooth applications in coordination with Wi-Fi adhering to product SAR (Specific Absorption Rate) limit when Bluetooth and Wi-Fi run together.
This commit introduces a `bluetooth_companion’ field to the generic Wi-Fi drivers chip data. This field can be set in the board design device tree to supply the bluetooth device for which the BRDS function must be created.
superio/ite/common: Add common driver for GPIO and LED configuration
Add a generic driver to configure GPIOs and LEDs on common ITE SuperIOs. The driver supports most ITE SuperIOs, except Embedded Controllers. The driver allows configuring every GPIO property with pin granularity.
Verified against datasheets of all ITE SIOs currently supported by coreboot, except IT8721F (assumed to be the same as IT8720F), IT8623E and IT8629E.
linux_trampoline.c generation is broken with latest crossgcc-i386 toolchain. Fix the issue to enable the building.
../cbfstool/linux_trampoline.S: Assembler messages:
../cbfstool/linux_trampoline.S:100: Error: no instruction mnemonic
suffix given and no register operands; can't size instruction
<builtin>: recipe for target '../cbfstool/linux_trampoline.o' failed
This adds another external payload to coreboot. The payload has been heavily based on u-boots UEFI implementation.
The LeanEFI payload is basically a translator from coreboot to UEFI. It takes the coreboot tables and transforms them into UEFI interfaces. Although it can potentially load any efi application that can handle the minimized interface that LeanEFI provides, it has only been tested with LinuxBoot (v6.3.5) as a payload. It has been optimized to support only those interfaces that Linux requires to start.
Among other LeanEFI does not support:
efi capsule update (also efi system resource table)
efi variables
efi text input protocol (it can only output)
most boot services. mostly memory services are left (e.g. alloc/free)
all runtime services (although there is still a very small runtime footprint that is planned to be removed in the near future)
TCG2/TPM (although that is mostly because of laziness) The README.md currently provides more details on why.
The payload currently only supports arm64 and has only been tested on emulation/simulator targets. The original motivation was to get ACPI on arm64 published to the OS without using EDK2. It is however also possible to supply the LeanEFI with a FDT that is published to the OS. At that point one would however probably use coreboot only instead of this shim layer on top. It would be way nicer to have Linux support something other than UEFI to propagate the ACPI tables, but it requires getting the Linux maintainer/community on board. So for now this shim layer circumvents that.
LBBR Test:
dump FDT from QEMU like mentioned in aarch64 coreboot doc
compile u-root however you like (aarch64)
compile Linux (embed u-root initramfs via Kconfig)
copy Linux kernel to payloads/leanefi/Image
copy following coreboot defconfig to configs/defconfig:
The coreboot project is pleased to announce the release of coreboot version 24.05. This update represents three months of hard work and commitment from our community. With over 20 new members and contributions from more than a hundred fifty other people in coding, reviewing patches, and other areas, this release showcases the strength of our collaborative efforts.
With this release, coreboot has expanded its support, adding 25 new platforms or variants and 2 new processors, further demonstrating our dedication to offering flexible and adaptable firmware solutions. From laptops and servers to embedded devices, coreboot 24.05 is designed to enhance a variety of hardware platforms with its strong features.
We are grateful to all the contributors who have made this release possible. Your expertise and collaborative efforts continue to propel the coreboot project forward. We value the participation of everyone in the community, from long-time developers to those new to the project, and encourage you to explore the new opportunities that coreboot 24.05 offers.
Our next release will be 24.08, scheduled for mid-August.
A significant amount of work has gone into fully supporting 64-bit coreboot builds. There are still additional pieces that are happening, but with SMM holding page tables itself, we can consider SMM support stable and safe enough for general use.
security/tpm: support compiling in multiple TPM drivers
Previously, boards could only be built with code supporting TPM 1.x or TPM 2.x specifications. This has been updated with code allowing both to be built in simultaneously, allowing the system to query the TPM. For systems with soldered-down TPMs or firmware TPM solutions, it’s still possible to specify a single TPM version so that the code for the other version isn’t included.
// Add entries for future releases here. const releaseList = [ { version: ‘24.05’, date: ’14. May 2024′ }, { version: ‘24.02.01’, date: ’29. February 2024′ }, { version: ‘4.22.01’,date: ’24. November 2023′ },
Previously, boards could only be built with code supporting TPM 1.x or TPM 2.x specifications. This has been updated with code allowing both to be built in simultaneously, allowing the system to query the TPM. For systems with soldered-down TPMs or firmware TPM solutions, it’s still possible to specify a single TPM version so that the code for the other version isn’t included.
arch/arm64: Add EL1/EL2/EL3 support for arm64
Previously, arch/arm64 required coreboot to run on EL3 due to EL3 register access. This might be an issue when, for example, one boots into TF-A first and drops into EL2 for coreboot afterwards.
This patch aims at making arch/arm64 more versatile by removing the current EL3 constraint and allowing arm64 coreboot to run on EL1, EL2 and EL3.
The strategy is to add a Kconfig option (ARM64_CURRENT_EL) which allows us to specify coreboot’s EL upon entry. Based on that, we access the appropriate ELx registers. So, for example, when running coreboot on EL1, we would not access vbar_el3 or vbar_el2 but instead vbar_el1. This way, we don’t generate faults when accessing higher-EL registers.
Additional coreboot changes
util/smmstoretool: support processing ROMs
cpu/x86: Link page tables in stage if possible
lib/lzmadecode: Allow for 8 byte reads on 64bit to speed up decompression
The coreboot project is happy to announce our release for February 2024. Over the past three months, our contributors have focused on refining the coreboot codebase, generally prioritizing cleanup and quality enhancements. We extend our gratitude to all the contributors who have dedicated their time and expertise. Thank you for your invaluable contributions to this vital phase of maintenance and optimization.
The next release is scheduled for mid-May.
Release number format update
The previous release was the last to use the incrementing 4.xx release name scheme. For this and future releases, coreboot has switched to a Year.Month.Sub-version naming scheme. As such, the next release, scheduled for May of 2024 will be numbered 24.05, with the sub-version of 00 implied. If we need to do a fix or incremental release, we’ll append the values .01, .02 and so on to the initial release value.
The master branch is being deleted
The coreboot project changed from master to main roughly 6 months ago, and has been keeping the two branches in sync since then to ease the transition. As of this release, we are getting rid of the master branch completely. Please make sure any scripts you’re using that reference the ‘master’ branch have been switched to ‘main’.
Release 24.02.1
lib/rtc: Fix off-by-one error in February day count in leap year
The month argument passed to rtc\_month\_days is 0-based, not 1-based. This results in the RTC being reverted to the build date constantly on 29th February 2024.
Significant or interesting changes
acpi: Add Arm IO Remapping Table structures
Input Output Remapping Table (IORT) represents the IO topology of an Arm based system.
Document number: ARM DEN 0049E.e, Sep 2022
acpi: Add PPTT support
This patch adds code to generate Processor Properties Topology Tables (PPTT) compliant to the ACPI 6.4 specification.
The ‘acpi_get_pptt_topology’ hook is mandatory once ACPI_PPTT is selected. Its purpose is to return a pointer to a topology tree, which describes the relationship between CPUs and caches. The hook can be provided by, for example, mainboard code.
Background: We are currently working on mainboard code for qemu-sbsa and Neoverse N2. Both require a valid PPTT table. Patch was tested against the qemu-sbsa board.
acpi: Add support for WDAT table
This commit lays the groundwork for implementing the ACPI WDAT (Watchdog Action Table) table specification. The WDAT is a special ACPI table introduced by Microsoft that describes the watchdog for the OS.
Platforms that need to implement the WDAT table must describe the hardware watchdog management operations as described in the specification. See “Links to ACPI-Related Documents” (http://uefi.org/acpi) under the heading “Watchdog Action Table”.
lib/jpeg: Replace decoder with Wuffs’ implementation
To quote its repo[0]: Wuffs is a memory-safe programming language (and a standard library written in that language) for Wrangling Untrusted File Formats Safely. Wrangling includes parsing, decoding and encoding.
It compiles its library, written in its own language, to a C/C++ source file that can then be used independently without needing support for the language. That library is now imported to src/vendorcode/wuffs/.
This change modifies our linters to ignore that directory because it’s supposed to contain the wuffs compiler’s result verbatim.
Nigel Tao provided an initial wrapper around wuffs’ jpeg decoder that implements our JPEG API. I further changed it a bit regarding data placement, dropped stuff from our API that wasn’t ever used, or isn’t used anymore, and generally made it fit coreboot a bit better. Features are Nigel’s, bugs are mine.
This commit also adapts our jpeg fuzz test to work with the modified API. After limiting it to deal only with approximately screen sized inputs, it fuzzed for 25 hours CPU time without a single hang or crash. This is a notable improvement over running the test with our old decoder which crashes within a minute.
Finally, I tried the new parser with a pretty-much-random JPEG file I got from the internet, and it just showed it (once the resolution matched), which is also a notable improvement over the old decoder which is very particular about the subset of JPEG it supports.
In terms of code size, a QEmu build’s ramstage increases from 128060 bytes decompressed (64121 bytes after LZMA) to 172304 bytes decompressed (82734 bytes after LZMA).
[0] https://github.com/google/wuffs
Additional coreboot changes
Rename Makefiles from .inc to .mk to better identify them
SPI: Add GD25LQ255E and IS25WP256D chip support
device: Add support for multiple PCI segment groups
device: Drop unused multiple downstream link support
device: Rename bus and link_list to upstream and downstream
Updated devicetree files for modern Intel platforms to use chipset.cb
Updated xeon-sp to use the coreboot allocator
Changes to external resources
Toolchain updates
Add buildgcc support for Apple M1/M2 devices
Upgrade GCC from 11.4.0 to 13.2.0
Update CMake from 3.26.4 to 3.27.7
Uprev to Kconfig from Linux 6.7
Git submodule pointers
3rdparty/amd_blobs: Update from commit id e4519efca7 to 64cdd7c8ef (5 commits)
3rdparty/arm-trusted-firmware: Update from commit id 88b2d81345 to 17bef2248d (701 commits)
3rdparty/fsp: Update from commit id 481ea7cf0b to 507ef01cce (16 commits)
3rdparty/intel-microcode: Update from commit id 6788bb07eb to ece0d294a2 (1 commit)
3rdparty/vboot: Update from commit id 24cb127a5e to 3d37d2aafe (121 commits)
External payloads
payload/grub2: Update from 2.06 to 2.12
payload/seabios: Update from 1.16.2 to 1.16.3
Platform Updates
Added mainboards
Google: Dita
Google: Xol
Lenovo: ThinkPad X230 eDP Mod (2K/FHD)
Removed mainboards
Google -> Primus4ES
Statistics from the 4.22 to the 24.02 release
Total Commits: 815
Average Commits per day: 8.63
Total lines added: 105433
Average lines added per commit: 129.37
Number of patches adding more than 100 lines: 47
Average lines added per small commit: 41.34
Total lines removed: 16534
Average lines removed per commit: 20.29
Total difference between added and removed: 88899
Total authors: 111
New authors: 19
Significant Known and Open Issues
AMD chromebooks will not work with the signed PSP_verstage images and the version of verstage used in coreboot 24.02.
Issues from the coreboot bugtracker: ticket.coreboot.org
coreboot-wide or architecture-wide issues
#
Subject
522
‘region_overlap()’ issues due to an integer overflow.
519
make gconfig – could not find glade file
518
make xconfig – g++: fatal error: no input files
Payload-specific issues
#
Subject
499
edk2 boot fails with RESOURCE_ALLOCATION_TOP_DOWN enabled
496
Missing malloc check in libpayload
484
No USB keyboard support with secondary payloads
414
X9SAE-V: No USB keyboard init on SeaBIOS using Radeon RX 6800XT
Platform-specific issues
#
Subject
517
lenovo x230 boot stuck with connected external monitor
509
SD Card hotplug not working on Apollo Lake
507
Windows GPU driver fails on Google guybrush & skyrim boards
506
APL/GML don’t boot OS when CPU microcode included “from tree”
505
Harcuvar CRB – 15 of 16 cores present in the operating system
499
T440p – EDK2 fails with RESOURCE_ALLOCATION_TOP_DOWN enabled
495
Stoney Chromebooks not booting PSPSecureOS
478
X200 booting Linux takes a long time with TSC
474
X200s crashes after graphic init with 8GB RAM
457
Haswell (t440p): CAR mem region conflicts with CBFS_SIZE > 8mb
453
Intel HDMI / DP Audio not present in Windows after libgfxinit
449
ThinkPad T440p fail to start, continuous beeping & LED blinking
448
Thinkpad T440P ACPI Battery Value Issues
446
Optiplex 9010 No Post
439
Lenovo X201 Turbo Boost not working (stuck on 2,4GHz)
The next release is planned for the 19th of February, 2024
These notes cover the latest updates and improvements to coreboot over the past three months. A big thank you to the returning contributors as well as the 14 individuals who committed code for the first time. We greatly appreciate everyone’s dedication and expertise. As with past releases, this one reflects a commitment to open source innovation, security enhancements, and expanding hardware support.
4.22.01 release
The week between tagging a release and announcing it publicly is used to test the tagged version and make sure everything is working as we expect. This is done instead of freezing the tree and doing release candidates before the release.
For the 4.22 release cycle we found an uninitialized variable error on the sandybridge/ivybridge platforms and rolled that into the 4.22.01 release package.
coreboot version naming update
This release is the last release to use the incrementing 4.xx release name scheme. For future releases, coreboot is switching to a Year.Month.Sub-version naming scheme. As such, the next release, scheduled for February of 2024 will be numbered 24.02, with the sub-version of 00 implied. If we need to do a fix or future release of the 24.02 release, we’ll append the values .01, .02 and so on to the initial release value.
coreboot default branch update
Immediately after the 4.21 release, the coreboot project changed the default git branch from ‘master’ to ‘main’. For the first couple of months after the change, The master branch was synced with the main branch several times a day, allowing people time to update any scripts. As of 2023-11-01, the sync rate has slowed to once a week. This will continue until the next release, at which time the master branch will be removed.
Significant or interesting changes
x86: support .data section for pre-memory stages
x86 pre-memory stages did not support the .data section and as a result developers were required to include runtime initialization code instead of relying on C global variable definitions.
Other platforms do not have that limitation. Hence, resolving it helps to align code and reduce compilation-based restrictions (cf. the use of ENV_HAS_DATA_SECTION compilation flag in various places of coreboot code).
There were three types of binary to consider:
eXecute-In-Place pre-memory stages
bootblock stage is a bit different as it uses Cache-As-Ram but the memory mapping and its entry code different
pre-memory stages loaded in and executed from Cache-As-RAM (cf. CONFIG_NO_XIP_EARLY_STAGES).
eXecute-In-Place pre-memory stages (#1) rely on a new ELF segment as the code segment Virtual Memory Address and Load Memory Address are identical but the data needs to be linked in cache-As-RAM (VMA) to be stored right after the code (LMA).
bootblock (#2) also uses this new segment to store the data right after the code and it loads it to Cache-As-RAM at runtime. However, the code involved is different.
Not eXecute-In-Place pre-memory stages (#3) did not need any special work other than enabling a .data section as the code and data VMA / LMA translation vector is the same.
Related important commits:
c9cae530e5 (“cbfstool: Make add-stage support multiple ignore sections”)
79f2e1fc8b (“cbfstool: Make add-stage support multiple loadable segments”)
b7832de026 (“x86: Add .data section support for pre-memory stages”)
x86: Support CBFS cache for pre-memory stages and ramstage
The CBFS cache scratchpad offers a generic way to decompress CBFS files through the cbfs_map() function without having to reserve a per-file specific memory region.
CBFS cache x86 support has been added to pre-memory stages and ramstage.
pre-memory stages: The new PRERAM_CBFS_CACHE_SIZE Kconfig can be used to set the pre-memory stages CBFS cache size. A cache size of zero disables the CBFS cache feature for all pre-memory stages. The default value is 16 KiB which seems a reasonable minimal value enough to satisfy basic needs such as the decompression of a small configuration file. This setting can be adjusted depending on the platform’s needs and capabilities. Note that we have set this size to zero for all the platforms without enough space in Cache-As-RAM to accommodate the default size.
ramstage: The new RAMSTAGE_CBFS_CACHE_SIZE Kconfig can be used to set the ramstage CBFS cache size. A cache size of zero disables the CBFS cache feature for ramstage. Similarly to pre-memory stages support, the default size is 16 KiB. As we want to support the S3 suspend/resume use case, the CBFS cache memory cannot be released to the operating system and therefore cannot be an unreserved memory region. The ramstage CBFS cache scratchpad is defined as a simple C static buffer as it allows us to keep the simple and robust design of the static initialization of the cbfs_cache global variable (cf. src/lib/cbfs.c). However, since some AMD SoCs (cf. SOC_AMD_COMMON_BLOCK_NONCAR Kconfig) already define a _cbfs_cache region we also introduced a POSTRAM_CBFS_CACHE_IN_BSS Kconfig to gate the use of a static buffer as the CBFS cache scratchpad.
Allow romstage to be combined into the bootblock
Having a separate romstage is only desirable:
with advanced setups like vboot or normal/fallback
boot medium is slow at startup (some ARM SOCs)
bootblock is limited in size (Intel APL 32K)
When this is not the case there is no need for the extra complexity that romstage brings. Including the romstage sources inside the bootblock substantially reduces the total code footprint. Often the resulting code is 10-20k smaller.
This is controlled via a Kconfig option.
soc/intel/cmn/gfx: Add API to report presence of external display
This implements an API to report the presence of an external display on Intel silicon. The API uses information from the transcoder and framebuffer to determine if an external display is connected.
For example, if the transcoder is attached to any DDI ports other than DDI-A (eDP), and the framebuffer is initialized, then it is likely that an external display is present.
This information can be used by payloads to determine whether or not to power on the display, even if eDP is not initialized.
device/pci_rom: Set VBIOS checksum when filling VFCT table
AMD’s Windows display drivers validate the checksum of the VBIOS data in the VFCT table (which gets modified by the FSP GOP driver), so ensure it is set correctly after copying the VBIOS into the table if the FSP GOP driver was run. Without the correct checksum, the Windows GPU drivers will fail to load with a code 43 error in Device Manager.
Additional coreboot changes
Move all ‘select’ statements from Kconfig.name files to Kconfig
acpigen now generates variable-length PkgLength fields instead of a fixed 3-byte size to improve compatibility and to bring it in line with IASL
Work to allow Windows to run on more Chromebooks
General cleanup and reformatting
Add initial AMD openSIL implementation
Add ACPI table generation for ARM64
Stop resetting CMOS during s3 resume even if marked as invalid
Comply with ACPI specification by making _STR Unicode strings
Fix SMM get_save_state calculation, which was broken when STM was enabled
SNB+MRC boards: Migrate MRC settings to devicetree
Work on chipset devicetrees for all platforms
Changes to external resources
Toolchain updates
Upgrade GMP from 6.2.1 to 6.3.0
Upgrade binutils from 2.40 to 2.41
Upgrade MPFR from 4.2.0 to 4.2.1
Git submodule pointers
amd_blobs: Update from commit id 6a1e1457af to e4519efca7 (16 commits)
arm-trusted-firmware: Update from commit id 37366af8d4 to 88b2d81345 (214 commits)
fsp: Update from commit id 3beceb01f9 to 481ea7cf0b (15 commits)
intel-microcode: Update from commit id 6f36ebde45 to 6788bb07eb (1 commit)
vboot: Update from commit id 0c11187c75 to 24cb127a5e (24 commits)
genoa_poc/opensil: New submodule updated to 0411c75e17 (41 commits)
External payloads
U-Boot: Use github mirror and the latest version
edk2: Update default branch for MrChromebox repo to 2023-09
Platform Updates
Added 17 mainboards
AMD Onyx
Google: Anraggar
Google: Brox
Google: Chinchou
Google: Ciri
Google: Deku
Google: Deku4ES
Google: Dexi
Google: Dochi
Google: Nokris
Google: Quandiso
Google: Rex4ES EC ISH
Intel: Meteorlake-P RVP with Chrome EC for non-Prod Silicon
Purism Librem 11
Purism Librem L1UM v2
Siemens FA EHL
Supermicro X11SSW-F
Added 1 SoC
src/soc/amd/genoa
Statistics from the 4.21 to the 4.22 release
Total Commits: 977
Average Commits per day: 10.98
Total lines added: 62993
Average lines added per commit: 64.48
Number of patches adding more than 100 lines: 60
Average lines added per small commit: 37.55
Total lines removed: 30042
Average lines removed per commit: 30.75
Total difference between added and removed: 32951
Total authors: 135
New authors: 14
Significant Known and Open Issues
Issues from the coreboot bugtracker: https://ticket.coreboot.org/
Payload-specific issues
Bug #
Subject
499
edk2 boot fails with RESOURCE_ALLOCATION_TOP_DOWN enabled
496
Missing malloc check in libpayload
484
No USB keyboard support with secondary payloads
414
X9SAE-V: No USB keyboard init on SeaBIOS using Radeon RX 6800XT
Platform-specific issues
Bug #
Subject
509
SD Card hotplug not working on Apollo Lake
507
Windows GPU driver fails on Google guybrush & skyrim boards
506
APL/GML don’t boot OS when CPU microcode included “from tree”
505
Harcuvar CRB – 15 of 16 cores present in the operating system
499
T440p – EDK2 fails with RESOURCE_ALLOCATION_TOP_DOWN enabled
495
Stoney Chromebooks not booting PSPSecureOS
478
X200 booting Linux takes a long time with TSC
474
X200s crashes after graphic init with 8GB RAM
457
Haswell (t440p): CAR mem region conflicts with CBFS_SIZE > 8mb
453
Intel HDMI / DP Audio not present in Windows after libgfxinit
449
ThinkPad T440p fail to start, continuous beeping & LED blinking
448
Thinkpad T440P ACPI Battery Value Issues
446
Optiplex 9010 No Post
439
Lenovo X201 Turbo Boost not working (stuck on 2,4GHz)
In this blog post, I will give an insight into my Google Summer of Code project, where I worked on coreboot. My target goals were updating compression and decompression algorithms LZ4 and LZMA to their newest version.
In the whole process, I learned a lot about coreboot as an open-source community, and about GSoC, which could help students considering applying for a GSoC themselves.
This blog won’t be addressing technical details, there will be a section at the end about my work and the results of it, but the rest of the blog will be a bit more meta.
What did I learn about open-source communities?
Before this project, I never contributed to any open-source project. My studies don’t involve much programming, therefore I’m not that professional, my programming skills are homebrewed. Now open source communities, especially as big as coreboot, really intimidated me (they still do somehow). There are many people, all of them probably better programmers than me, having more knowledge of the project as well. How could I help them with anything useful at all? And what if I push my first patch and it’s just embarrassing? Having a mentor helped, I think without someone to talk to, I would have never stuck my nose into any big open-source project.
And all the people I met were very kind and helpful if needed. And I learned that critics, especially in text form, may sound harsher in my head than they are meant to.
Thoughts about Google’s Summer of Code
GSoC is a really good opportunity to get a feeling for working on open source. If you are a student searching for insight into open source, guided by a mentor, a GSoC project can be just right for you.
But something I underestimated, was, how time-intensive such a project (even a medium one) is. I probably was too naive, but beforehand, I just talked myself into “Yeah this won’t be a problem, I can just work around two days a week for this, just shift stuff to other days.” Well, it turns out, that’s not how workload and mental load work. For me at least. I do work besides my studies and in the first weeks of GSoC, I was overwhelmed by the combination. Besides having fewer hours to do other things, just having more things to think about can be quite stressful under some conditions.
GSoC allows you to stretch your project, so there is less work per week. In total, the project hours stay the same. This opportunity really helped me because I underestimated the load the weekly hours would apply.
If I were to apply to GSoC again, I would double-check if such a commitment in terms of work is feasible for me. And that I would recommend to everyone thinking about applying. GSoC can be interesting and fun, but you need to be able to provide the time needed for the project.
What did I do and achieve?
I started my project by updating LZ4 code in coreboot. After that, I planned to move on to another compression algorithm, LZMA. My hopes were to increase the decompression speed and the compression ratio at the same time. Looking at the release notes for LZ4 since the version currently used by coreboot (spanning 8 years of releases), they stated an increase in speed and compression factor.
To get an overview, I first searched for all places where LZ4 was used and checked the version which the code was from. I found out, that there are five files containing code from the LZ4 repository, where every file contains another subset of functions from the original file. 3 of these files were imported from LZ4 wrapper files.
Then I fetched LZ4 code from the newest LZ4 release and merged it into the files where old LZ4 code was used. After merging, there were many LZ4 functions never used in our use case. Therefore I searched for each source file through each wrapper file to find out which functions were used and which I could remove. This way I could ensure there was no unused code in these files, providing a better overview
After that, there still were many errors that needed to be resolved. That took the most time, being more complicated than I assumed. In the end, all tests passed, and building a rom and running it with QEMU worked just fine, my last ToDo was to test how much the new version was faster than the old if it was at all.
Release notes stated many speed improvements, so I hoped this would show up after my work.
The whole process took longer than I thought. Therefore I will miss the goal of updating LZMA. As I am writing this, my patch is open for review and I am in the process of creating statistics that may show that there is a speed improvement. If there is not, maybe there is no good reason to change to a newer LZ4 version. As one comment states, coreboot does require safe in-place decompression, which may be a problem with the new version and thus would have to be checked.
My work is public on the coreboot Gerrit under this link https://review.coreboot.org/c/coreboot/+/77148. I do hope my patch will be merged, as I want to contribute to this project. But even if a merge may be rejected, that is part of open-source work too. I’ll try to improve on my next patch. This is my first open source contribution and it’s not perfect, but it certainly won’t be my last.
What could be done in the future?
As stated in a comment on my patch, in-place decompression is important for coreboot. There is a merged pull request from 2016 resolving that issue, but its functionality may have been lost in further development. Therefore, the new LZ4 version has to be checked for in-place safety.
To tweak compression/decompression speeds and compression factor one might want to edit compression parameters. One could do this using a Kconfig entry.
Also, it occurred that after building coreboot (running make in coreboot dictionary), when memory regions and sizes of the coreboot.rom are printed, there is no compression listed for the payload, even when it certainly has been compressed.
Statistics
I tested this on my laptop with KVM and QEMU, on an AMD® Ryzen 5 5500u. I changed my system’s CPU affiliation, to make 2 of my cores unused (they still got used, but not much, usually ~1%). Then I assigned these 2 CPUs to my VM to make different runs more comparable. Still, different runs got different timings, so I made 6 runs for the old LZ4 and the new LZ4 version each.
Avg ramstage decompression time
Ramstage decompression time std dev
Avg payload decompression time
Payload decompression time std dev
Current version
420µs
54µs
229µs
64µs
Updated version
520µs
113µs
219µs
4µs
Ramstage compression ratio
Payload compression ratio
Current version
1,507
1,452
Updated version
1,51
1,454
These values indicate that there is a very small improvement in the compression ratio. Regarding decompression time, most tests have a relatively high standard deviation, which makes the results less statistically relevant. Ramstage decompression seems to have slowed down (~24%) while average payload decompression got 4-5% faster.
All in all, these results are everything but exciting to me. Although a newer version may have other advantages, it seems that there is no decompression time improvement as I hoped and compression ratio improvements are so small, that they might not be noticeable.
"Why does ACPI exist" - - the greatest thread in the history of forums, locked by a moderator after 12,239 pages of heated debate, wait no let me start again.
Why does ACPI exist? In the beforetimes power management on x86 was done by jumping to an opaque BIOS entry point and hoping it would do the right thing. It frequently didn't. We called this Advanced Power Management (Advanced because before this power management involved custom drivers for every machine and everyone agreed that this was a bad idea), and it involved the firmware having to save and restore the state of every piece of hardware in the system. This meant that assumptions about hardware configuration were baked into the firmware - failed to program your graphics card exactly the way the BIOS expected? Hurrah! It's only saved and restored a subset of the state that you configured and now potential data corruption for you. The developers of ACPI made the reasonable decision that, well, maybe since the OS was the one setting state in the first place, the OS should restore it.
So far so good. But some state is fundamentally device specific, at a level that the OS generally ignores. How should this state be managed? One way to do that would be to have the OS know about the device specific details. Unfortunately that means you can't ship the computer without having OS support for it, which means having OS support for every device (exactly what we'd got away from with APM). This, uh, was not an option the PC industry seriously considered. The alternative is that you ship something that abstracts the details of the specific hardware and makes that abstraction available to the OS. This is what ACPI does, and it's also what things like Device Tree do. Both provide static information about how the platform is configured, which can then be consumed by the OS and avoid needing device-specific drivers or configuration to be built-in.
The main distinction between Device Tree and ACPI is that Device Tree is purely a description of the hardware that exists, and so still requires the OS to know what's possible - if you add a new type of power controller, for instance, you need to add a driver for that to the OS before you can express that via Device Tree. ACPI decided to include an interpreted language to allow vendors to expose functionality to the OS without the OS needing to know about the underlying hardware. So, for instance, ACPI allows you to associate a device with a function to power down that device. That function may, when executed, trigger a bunch of register accesses to a piece of hardware otherwise not exposed to the OS, and that hardware may then cut the power rail to the device to power it down entirely. And that can be done without the OS having to know anything about the control hardware.
How is this better than just calling into the firmware to do it? Because the fact that ACPI declares that it's going to access these registers means the OS can figure out that it shouldn't, because it might otherwise collide with what the firmware is doing. With APM we had no visibility into that - if the OS tried to touch the hardware at the same time APM did, boom, almost impossible to debug failures (This is why various hardware monitoring drivers refuse to load by default on Linux - the firmware declares that it's going to touch those registers itself, so Linux decides not to in order to avoid race conditions and potential hardware damage. In many cases the firmware offers a collaborative interface to obtain the same data, and a driver can be written to get that. this bug comment discusses this for a specific board)
Unfortunately ACPI doesn't entirely remove opaque firmware from the equation - ACPI methods can still trigger System Management Mode, which is basically a fancy way to say "Your computer stops running your OS, does something else for a while, and you have no idea what". This has all the same issues that APM did, in that if the hardware isn't in exactly the state the firmware expects, bad things can happen. While historically there were a bunch of ACPI-related issues because the spec didn't define every single possible scenario and also there was no conformance suite (eg, should the interpreter be multi-threaded? Not defined by spec, but influences whether a specific implementation will work or not!), these days overall compatibility is pretty solid and the vast majority of systems work just fine - but we do still have some issues that are largely associated with System Management Mode.
One example is a recent Lenovo one, where the firmware appears to try to poke the NVME drive on resume. There's some indication that this is intended to deal with transparently unlocking self-encrypting drives on resume, but it seems to do so without taking IOMMU configuration into account and so things explode. It's kind of understandable why a vendor would implement something like this, but it's also kind of understandable that doing so without OS cooperation may end badly.
This isn't something that ACPI enabled - in the absence of ACPI firmware vendors would just be doing this unilaterally with even less OS involvement and we'd probably have even more of these issues. Ideally we'd "simply" have hardware that didn't support transitioning back to opaque code, but we don't (ARM has basically the same issue with TrustZone). In the absence of the ideal world, by and large ACPI has been a net improvement in Linux compatibility on x86 systems. It certainly didn't remove the "Everything is Windows" mentality that many vendors have, but it meant we largely only needed to ensure that Linux behaved the same way as Windows in a finite number of ways (ie, the behaviour of the ACPI interpreter) rather than in every single hardware driver, and so the chances that a new machine will work out of the box are much greater than they were in the pre-ACPI period.
There's an alternative universe where we decided to teach the kernel about every piece of hardware it should run on. Fortunately (or, well, unfortunately) we've seen that in the ARM world. Most device-specific simply never reaches mainline, and most users are stuck running ancient kernels as a result. Imagine every x86 device vendor shipping their own kernel optimised for their hardware, and now imagine how well that works out given the quality of their firmware. Does that really seem better to you?
It's understandable why ACPI has a poor reputation. But it's also hard to figure out what would work better in the real world. We could have built something similar on top of Open Firmware instead but the distinction wouldn't be terribly meaningful - we'd just have Forth instead of the ACPI bytecode language. Longing for a non-ACPI world without presenting something that's better and actually stands a reasonable chance of adoption doesn't make the world a better place.
comments
One of the big challenges with the use of IT hardware such as computer servers in broadcasting is excessively long boot times of up to ten minutes. In reactive broadcasting environments this may cause problems or be frustrating for operators. Most of the boot time in a server consists of the BIOS boot time plus the boot time of the Operating System. In our case the boot time of the OS is relatively small compared to the BIOS so this article will focus on BIOS changes.
A computer BIOS (or something more modern like UEFI) is doing a very complex job setting up hardware and doing things like memory training. However, most BIOSes on servers are written by third-party vendors and arguably there is an incentive for third-party BIOS vendors to add features (that some would see as unnecessary complexity) to their BIOSes which increases boot time.
This is where coreboot comes in. Coreboot is an Open Source BIOS implementation (and so much more) with a substantially smaller footprint compared to vendor BIOSes. This allows for faster boot times amongst many other benefits. But its downside is that every motherboard must be added manually, quite a challenge for a company with lots of different motherboards in use. It also only supports entry-level servers for the time being. Servers with Xeon Scalable CPUs are not supported owing to limitations from Intel.
Coreboot thankfully supported the X11 series from Supermicro, and we had a similar old server in our lab, although we had an X11SSW-F, a model that was not supported. As these motherboards are similar, after some work understanding the differences between PCI Express (PCIe) slots and USB ports compared to other boards it was possible to write a patch that booted successfully.
There was an obvious difference in boot time but it was time to measure. This was done by a cronjob running every five minutes and logging the date of reboot and logging the first message from the Linux kernel in syslog. Note that we were only measuring “warm” boot times and the test was run 15 times.
Vendor BIOS boot time
Coreboot BIOS boot time
83±10s
38±5s
Twice as fast!
It’s likely there are possible settings changes to both the Vendor BIOS and Coreboot to reduce boot time further. The bigger issue is that in both BIOSes a substantial amount of time is spent in the closed Intel Firmware Support Package that can’t be modified.
We also need to check that Coreboot doesn’t affect functionality of servers, so we wrote a script to reboot the server and start up an 8-channel decoder every 30 minutes. After 730 reboots (around two weeks nonstop!), we saw from logs that every single reboot was successful and the decoders started successfully.
We also have plans to add coreboot support to more modern motherboards and roll this out to customers on request. Coreboot also has some benefits for debugging PCIe related issues, but more on that another day.