Announcing coreboot 4.17

coreboot 4.17

The coreboot 4.17 release was done on June 3, 2022.

Since the 4.16 release, we’ve had over 1300 new commits by around 150 contributors. Of those people, roughly 15 were first-time contributors.

As always, we appreciate everyone who has contributed and done the hard work to make the coreboot project successful.

Major Bugfixes in this release

New Mainboards

  • Clevo L140MU / L141MU / L142MU
  • Dell Precision T1650
  • Google Craask
  • Google Gelarshie
  • Google Kuldax
  • Google Mithrax
  • Google Osiris
  • HP Z220 CMT Workstation
  • Star Labs LabTop Mk III (i7-8550u)
  • Star Labs LabTop Mk IV (i3-10110U and i7-10710U)
  • Star Labs Lite Mk III (N5000)
  • Star Labs Lite Mk IV (N5030)

Removed Mainboards

  • Google Deltan
  • Google Deltaur

Significant or interesting changes

These changes are a few that were selected as a sampling of particularly interesting commits.

CBMEM init hooks changed

Instead of having per stage x_CBMEM_INIT_HOOK, we now have only 2 hooks:

  • CBMEM_CREATION_HOOK: Used only in the first stage that creates cbmem, typically romstage. For instance code that migrates data from cache as ram to dram would use this hook.
  • CBMEM_READY_HOOK: Used in every stage that has cbmem. An example would be initializing the cbmem console by appending to what previous stages logged. The reason for this change is improved flexibility with regards to which stage initializes cbmem.


  • SeaBIOS: Update stable release from 1.14.0 to 1.16.0
  • iPXE: Update stable release from 2019.3 to 2022.1
  • Add “GRUB2 atop SeaBIOS” aka “SeaGRUB” option, which builds GRUB2 as a secondary payload for SeaBIOS with GRUB2 set as the default boot entry. This allows GRUB2 to use BIOS callbacks provided by SeaBIOS as a fallback method to access hardware that the native GRUB2 payload cannot access.
  • Add option to build SeaBIOS and GRUB2 as secondary payloads
  • Add new coreDOOM payload. See commit message below.

payloads/external: Add support for coreDOOM payload

coreDOOM is a port of DOOM to libpayload, based on the doomgeneric source port. It renders the game to the coreboot linear framebuffer, and loads WAD files from CBFS.

cpu/x86/smm_module_load: Rewrite setup_stub

This code was hard to read as it did too much and had a lot of state to keep track of.

It also looks like the staggered entry points were first copied and only later the parameters of the first stub were filled in. This means that only the BSP stub is actually jumping to the permanent smihandler. On the APs the stub would jump to wherever c_handler happens to point to, which is likely 0. This effectively means that on APs it’s likely easy to have arbitrary code execution in SMM which is a security problem.

Note: This patch fixes CVE-2022-29264 for the 4.17 release.

cpu/x86/smm_module_loader.c: Rewrite setup

This code is much easier to read if one does not have to keep track of mutable variables.

This also fixes the alignment code on the TSEG smihandler setup code. It was aligning the code upwards instead of downwards which would cause it to encroach a part of the save state.

cpu/x86/smm: Add sinkhole mitigation to relocatable smmstub

The sinkhole exploit exists in placing the lapic base such that it messes with GDT. This can be mitigated by checking the lapic MSR against the current program counter.

cpu/x86/64bit: Generate static page tables from an assembly file

This removes the need for a tool to generate simple identity pages. Future patches will link this page table directly into the stages on some platforms so having an assembly file makes a lot of sense.

This also optimizes the size of the page of each 4K page by placing the PDPE_table below the PDE.

cpu/x86/smm,lib/cbmem_console: Enable CBMEMC when using DEBUG_SMI

This change will allow the SMI handler to write to the cbmem console buffer. Normally SMIs can only be debugged using some kind of serial port (UART). By storing the SMI logs into cbmem we can debug SMIs using ‘cbmem -1’. Now that these logs are available to the OS we could also verify there were no errors in the SMI handler.

Since SMM can write to all of DRAM, we can’t trust any pointers provided by cbmem after the OS has booted. For this reason we store the cbmem console pointer as part of the SMM runtime parameters. The cbmem console is implemented as a circular buffer so it will never write outside of this area.

security/tpm/crtm: Add a function to measure the bootblock on SoC level

On platforms where the bootblock is not included in CBFS anymore because it is part of another firmware section (IFWI or a different CBFS), the CRTM measurement fails.

This patch adds a new function to provide a way at SoC level to measure the bootblock. Following patches will add functionality to retrieve the bootblock from the SoC related location and measure it from there. In this way the really executed code will be measured.

soc/amd/common/block/psp: Add platform secure boot support

Add Platform Secure Boot (PSB) enablement via the PSP if it is not already enabled. Upon receiving psb command, PSP will program PSB fuses as long as BIOS signing key token is valid. Refer to the AMD PSB user guide doc# 56654, Revision# 1.00. Unfortunately this document is only available with NDA customers.

drivers/intel/fsp2_0: Add native implementation for FSP Debug Handler

This patch implements coreboot native debug handler to manage the FSP event messages.

‘FSP Event Handlers’ feature introduced in FSP to generate event messages to aid in the debugging of firmware issues. This eliminates the need for FSP to directly write debug messages to the UART and FSP might not need to know the board related UART port configuration. Instead FSP signals the bootloader to inform it of a new debug message. This allows the coreboot to provide board specific methods of reporting debug messages, example: legacy UART or LPSS UART etc.

This implementation has several advantages as:

  1. FSP relies on XIP ‘DebugLib’ driver even while printing FSP-S debug messages, hence, without ROM being cached, post ‘romstage’ would results into sluggish boot with FSP debug enabled. This patch utilities coreboot native debug implementation which is XIP during FSP-M and relocatable to DRAM based resource for FSP-S.
  2. This patch simplifies the FSP DebugLib implementation and remove the need to have serial port library. Instead coreboot ‘printk’ can be used for display FSP serial messages. Additionally, unifies the debug library between coreboot and FSP.
  3. This patch is also useful to get debug prints even with FSP non-serial image (refer to ‘Note’ below) as FSP PEIMs are now leveraging coreboot debug library instead FSP ‘NULL’ DebugLib reference for release build.
  4. Can optimize the FSP binary size by removing the DebugLib dependency from most of FSP PEIMs, for example: on Alder Lake FSP-M debug binary size is reduced by ~100KB+ and FSP-S debug library size is also reduced by ~300KB+ (FSP-S debug and release binary size is exactly same with this code changes). The total savings is ~400KB for each FSP copy, and in case of Chrome AP firmware with 3 copies, the total savings would be 400KB * 3 = ~1.2MB.

Note: Need to modify FSP source code to remove ‘MDEPKG_NDEBUG’ as compilation flag for release build and generate FSP binary with non-NULL FSP debug wrapper module injected (to allow FSP event handler to execute even with FSP non-serial image) in the final FSP.fd.

security/tpm: Add vendor-specific tis functions to read/write TPM regs

In order to abstract bus-specific logic from TPM logic, the prototype for two vendor-specific tis functions are added in this patch. tis_vendor_read() can be used to read directly from TPM registers, and tis_vendor_write() can be used to write directly to TPM registers.

arch/x86: Add support for catching null dereferences through debug regs

This commit adds support for catching null dereferences and execution through x86’s debug registers. This is particularly useful when running 32-bit coreboot as paging is not enabled to catch these through page faults. This commit adds three new configs to support this feature: DEBUG_HW_BREAKPOINTS, DEBUG_NULL_DEREF_BREAKPOINTS and DEBUG_NULL_DEREF_HALT.

drivers/i2c/generic: Add support for i2c device detection

Add ‘detect’ flag which can be attached to devices which may or may not be present at runtime, and for which coreboot should probe the i2c bus to confirm device presence prior to adding an entry for it in the SSDT.

This is useful for boards which may utilize touchpads/touchscreens from multiple vendors, so that only the device(s) present are added to the SSDT. This relieves the burden from the OS to detect/probe if a device is actually present and allows the OS to trust the ACPI _STA value.

util/cbmem: Add FlameGraph-compatible timestamps output

Flame graphs are used to visualize hierarchical data, like call stacks. Timestamps collected by coreboot can be processed to resemble profiler-like output, and thus can be feed to flame graph generation tools.

Generating flame graph using

   cbmem -S > trace.txt
   FlameGraph/ --flamechart trace.txt > output.svg

src/console/Kconfig: Add option to disable loglevel prefix

This patch adds an option to disable loglevel prefixes. This patch helps to achieve clear messages when low loglevel is used and very few messages are displayed on a terminal. This option also allows to maintain compatibility with log readers and continuous integration systems that depend on fixed log content.

If the code contains: printk(BIOS_DEBUG, “This is a debug message!\n”) it will show as: [DEBUG] This is a debug message! but if the Kconfig contains: CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=n the same message will show up as This is a debug message!

util/cbmem: add an option to append timestamp

Add an option to the cbmem utility that can be used to append an entry to the cbmem timestamp table from userspace. This is useful for bookkeeping of post-coreboot timing information while still being able to use cbmem-based tooling for processing the generated data.

-a | --add-timestamp ID: append timestamp with ID\n

Additional changes

The following are changes across a number of patches, or changes worth noting, but not needing a full description.

  • As always, general documentation, code cleanup, and refactoring
  • Remove doxygen config files and targets
  • Get clang compile working for all x86 platforms
  • Work on updating checkpatch to match the current Linux version
  • Timestamps: Rename timestamps to make names more consistent
  • Continue updating ACPI code to ASL 2.0
  • Remove redundant or unnecessary headers from C files
  • arch/x86/acpi_bert_storage.c: Use a common implementation
  • Postcar stage improvements
  • arch/x86/acpi: Consolidate POST code handling
  • intel/common: Enable ROM caching in ramstage
  • vendorcode/amd/agesa: Fix improper use of .data (const is important)
  • sandybridge & gm45: Support setting PCI bars above 4G

Plans for Code Deprecation

Intel Icelake

Intel Icelake is unmaintained. Also, the only user of this platform ever was the CRB board. From the looks of it the code never was ready for production as only engineering sample CPUIDs are supported.

Thus, to reduce the maintanence overhead for the community, it is deprecated from this release on and support for the following components will be dropped with the release 4.19.

  • Intel Icelake SoC
  • Intel Icelake RVP mainboard


As of release 4.18 (August 2022) we plan to deprecate LEGACY_SMP_INIT. This also includes the codepath for SMM_ASEG. This code is used to start APs and do some feature programming on each AP, but also set up SMM. This has largely been superseded by PARALLEL_MP, which should be able to cover all use cases of LEGACY_SMP_INIT, with little code changes. The reason for deprecation is that having 2 codepaths to do the virtually the same increases maintenance burden on the community a lot, while also being rather confusing.

No platforms in the tree have any hardware limitations that would block migrating to PARALLEL_MP / a simple !CONFIG_SMP codebase.


  • Total Commits: 1305
  • Average Commits per day: 13.42
  • Total lines added: 51422
  • Average lines added per commit: 39.40
  • Number of patches adding more than 100 lines: 59
  • Average lines added per small commit: 24.73
  • Total lines removed: 66206
  • Average lines removed per commit: 50.73
  • Total difference between added and removed: -14784
  • Total authors: 146
  • New authors: 17

coreboot accepted for GSoC 2022

Hello coreboot community,

We have great news: The coreboot project has been accepted for this year’s Google Summer of Code! Thanks to everyone who made this possible!

You can find our GSoC organization page here [1] (unfortunately, newlines were removed from the description, but that’s true for all of the accepted orgs).

Looking at the GSoC timeline [2], this means the next step is discussing our exciting projects. We have about a month for this, from now until April 3rd, when the application phase starts.

We’re still looking for mentors! If you are interested, please have a look at the mail that Felix Singer, GSoC 2022 admin, sent earlier [3]. You also can help with code reviews or working out a project (writing description, defining project scope and tasks, …). Every bit of help counts.

For people interested in being GSoC candidates, we have set up a page [4] with all kinds of information and documentation. Please have a look at this, it’s really worth reading it 🙂

We have also prepared a list of projects [5] and started brainstorming more project ideas [6]. No matter whether you want to participate as a GSoC contributor or mentor, if you are interested, please let us know. Also, in case you have your own project idea, feel free to reach out.

We are excited to have great discussions with you!

Your Org Admins,

Felix Singer, Martin Roth, David Hendricks


P.S. The Flashrom project, which has been included as a part of coreboot in past GSoC programs has also been accepted as a separate GSoC 2022 participating organization. Congratulations!

Announcing coreboot 4.16

coreboot 4.16 release

coreboot's first quarterly release in a number of years, version 4.16 was tagged on February 25th, 2022.

Since 4.15 there have been more than 1770 new commits by more than 170
developers.  Of these, more than 35 contributed to coreboot for the
first time.

Welcome to the project!

Thank you to all the developers who continue to make coreboot the
great open source firmware project that it is.

New mainboards:
* Acer Aspire VN7-572G
* AMD Chausie
* ASROCK H77 Pro4-M
* ASUS P8Z77-M
* Emulation QEMU power9
* Google Agah
* Google Anahera4ES
* Google Banshee
* Google Beadrix
* Google Brya4ES
* Google Crota
* Google Dojo
* Google Gimble4ES
* Google Herobrine_Rev0
* Google Kingler
* Google Kinox
* Google Krabby
* Google Moli
* Google Nereid
* Google Nivviks
* Google Primus4ES
* Google Redrix4ES
* Google Skyrim
* Google Taeko4ES
* Google Taniks
* Google Vell
* Google Volmar
* Intel Alderlake-N RVP
* Prodrive Atlas
* Star Labs Star Labs StarBook Mk V (i3-1115G4 and i7-1165G7)
* System76 gaze16 3050
* System76 gaze16 3060
* System76 gaze16 3060-b

Removed mainboards:
* Google ->  Corsola
* Google ->  Nasher
* Google ->  Stryke

Added processors:
* src/cpu/power9
* src/soc/amd/sabrina

Submodule Updates
* /3rdparty/amd_blobs (6 commits)
* /3rdparty/arm-trusted-firmware (965 commits)
* /3rdparty/blobs (30 commits)
* /3rdparty/chromeec (2212 commits)
* /3rdparty/intel-microcode (1 commits)
* /3rdparty/qc_blobs (13 commits)
* /3rdparty/vboot (44 commits)

Plans to move platform support to a branch:
After the 4.18 release in November 2022, we plan to move support for any
boards still requiring RESOURCE_ALLOCATOR_V3 to the 4.18 branch.  V4 was
introduced more than a year ago and with minor changes most platforms
were able to work just fine with it. A major difference is that V3 uses
just one continuous region below 4G to allocate all PCI memory BAR's. V4
uses all available space below 4G and if asked to, also above 4G too.
This makes it important that SoC code properly reports all fixed

Currently only AGESA platforms have issues with it. On Gerrit both
attempts to fix AMD AGESA codebases to use V4 and compatibility modes
inside the V4 allocator have been proposed, but both efforts seem
stalled. See the (not yet merged) documentation
CB:43603 [1] on it's
details. It looks like properly reporting all fixed resources is the

At this point, we are not specifying which platforms this will include
as there are a number of patches to fix these issues in flight.
Hopefully, all platforms will end up being migrated to the v4 resource
allocator so that none of the platforms need to be supported on the

Additionally, even if the support for the platform is moved to a branch,
it can be brought back to ToT if they're fixed to support the v4

Plans for Code Deprecation
As of release 4.18 (November 2022) we plan to deprecate LEGACY_SMP_INIT.
This also includes the codepath for SMM_ASEG. This code is used to start
APs and do some feature programming on each AP, but also set up SMM.
This has largely been superseded by PARALLEL_MP, which should be able to
cover all use cases of LEGACY_SMP_INIT, with little code changes. The
reason for deprecation is that having 2 codepaths to do the virtually
the same increases maintenance burden on the community a lot, while also
being rather confusing.

A few things are lacking in PARALLEL_MP init:
- Support for !CONFIG_SMP on single core systems. It's likely easy to
  extend PARALLEL_MP or write some code that just does CPU detection on
  the BSP CPU.
- Support SMM in the legacy ASEG (0xa0000 - 0xb0000) region. A POC
  showed that it's not that hard to do with PARALLEL_MP CB:58700 [2]

No platforms in the tree have any hardware limitations that would block
migrating to PARALLEL_MP / a simple !CONFIG_SMP codebase.

Significant changes
This is, of course, not a complete list of all changes in the 4.16
coreboot release, but a sampling of some of the more interesting and
significant changes.

### Option to disable Intel Management Engine
Disable the Intel (Converged Security) Management Engine ((CS)ME) via
HECI based on Intel Core processors from Skylake to Alder Lake. State is
set based on a CMOS value of `me_state`. A value of `0` will result in a
(CS)ME state of `0` (working) and value of `1` will result in a (CS)ME
state of `3` (disabled). For an example CMOS layout and more info, see

### Add AMD apcb_v3_edit tool tool edits APCB V3 binaries. Specifically it will inject
up to 16 SPDs into an existing APCB. The APCB must have a magic number
at the top of each SPD slot.

### Allow enable/disable ME via CMOS
Add .enable method that will set the CSME state. The state is based on
the new CMOS option me_state, with values of 0 and 1. The method is very
stable when switching between different firmware platforms.

This method should not be used in combination with USE_ME_CLEANER.

State 1 will result in:
ME: Current Working State   : 4
ME: Current Operation State : 1
ME: Current Operation Mode  : 3
ME: Error Code              : 2

State 0 will result in:
ME: Current Working State   : 5
ME: Current Operation State : 1
ME: Current Operation Mode  : 0
ME: Error Code              : 0

### Move LAPIC configuration to MP init
Implementation for setup_lapic() did two things -- call enable_lapic()
and virtual_wire_mode_init().

In PARALLEL_MP case enable_lapic() was redundant as it was already
executed prior to initialize_cpu() call.  For the !PARALLEL_MP case
enable_lapic() is added to AP CPUs.

### Add ANSI escape sequences for highlighting
Add ANSI escape sequences to highlight a log line based on its loglevel
to the output of "interactive" consoles that are meant to be displayed
on a terminal (e.g. UART). This should help make errors and warnings
stand out better among the usual spew of debug messages. For users whose
terminal or use case doesn't support these sequences for some reason (or
who simply don't like them), they can be disabled with a Kconfig.

While ANSI escape sequences can be used to add color, minicom (the
presumably most common terminal emulator for UART endpoints?) doesn't
support color output unless explicitly enabled (via -c command line
flag), and other terminal emulators may have similar restrictions, so in
an effort to make this as widely useful by default as possible I have
chosen not to use color codes and implement this highlighting via
bolding, underlining and inverting alone (which seem to go through in
all cases). If desired, support for separate color highlighting could be
added via Kconfig later.

### Add cbmem_dump_console
This function is similar to cbmem_dump_console_to_uart except it uses
the normally configured consoles. A console_paused flag was added to
prevent the cbmem console from writing to itself.

### Add coreboot-configurator
A simple GUI to change CMOS settings in coreboot's CBFS, via the
nvramtool utility.  Testing on Debian, Ubuntu and Manjaro with coreboot
4.14+, but should work with any distribution or coreboot release that
has an option table. For more info, please check the

### Update live ISO configs to NixOS 21.11
Update configs so that they work with NixOS 21.11. Drop `iasl` package
since it was replaced with `acpica-tools`.

### Move to U-Boot v2021.10
Move to building the latest U-Boot.

### Support systems with >128 cores
Each time the spinlock is acquired a byte is decreased and then the
sign of the byte is checked. If there are more than 128 cores the sign
check will overflow. An easy fix is to increase the word size of the
spinlock acquiring and releasing.

### Add [samsung] sx9360 [proximity sensor] driver
Add driver for setting up Semtech sx9360 SAR sensor.
The driver is based on sx9310.c. The core of the driver is the same, but
the bindings are slightly different.

Registers are documented in the kernel tree. [4]

### Add driver for Genesys Logic [SD Controller] GL9750
The device is a PCIe Gen1 to SD 3.0 card reader controller to be
used in the Chromebook. The datasheet name is GL9750S and the revision
is 01.

The patch disables ASPM L0s.

### Add support for Realtek RT8125
The Realtek RT8168 and RT8125 have a similar programming interface,
therefore add the PCI device ID for the RT8125 into driver for support.

### Add Fibocom 5G WWAN ACPI support
Support PXSX._RST and PXSX.MRST._RST for warm and cold reset.
PXSX._RST is invoked on driver removal.

build dependency:

This driver will use the rtd3 methods for the same parent in the device
tree. The rtd3 chip needs to be added on the same root port in the
devicetree separately.

### Fix bug in vr_config
The `cpu_get_power_max()` function returns the TDP in milliwatts, but
the vr_config code interprets the value in watts. Divide the value by
1000 to fix this.

This also fixes an integer overflow when `cpu_get_power_max()` returns
a value greater than 65535 (UINT16_MAX).

### Make mixed topology work
When using a mixed memory topology with DDR4, it's not possible to boot
when no DIMMs are installed, even though memory-down is available. This
happens because the DIMM SPD length defaults to 256 when no DIMM SPD is
available. Relax the length check when no DIMMs are present to overcome
this problem.

### Add FSP 2.3 support
FSP 2.3 specification introduces following changes:

1. FSP_INFO_HEADER changes
   Updated SpecVersion from 0x22 to 0x23
   Updated HeaderRevision from 5 to 6
   Added ExtendedImageRevision
   FSP_INFO_HEADER length changed to 0x50


Following changes are implemented in the patch to support FSP 2.3:

- Add Kconfig option
- Update FSP build binary version info based on ExtendedImageRevision
  field in header
- New NV HOB related changes will be pushed as part of another patch

### Join hash calculation for verification and measurement
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT
is enabled from the lookup step into the code where a file is actually
loaded or mapped from flash. This has the advantage that CBFS routines
which just look up a file to inspect its metadata (e.g. cbfs_get_size())
do not cause the file to be measured twice. It also removes the existing
inefficiency that files are loaded twice when measurement is enabled
(once to measure and then again when they are used). When CBFS
verification is enabled and uses the same hash algorithm as the TPM, we
are even able to only hash the file a single time and use the result for
both purposes.

### Skip FSP Notify APIs
Alder Lake SoC deselects Kconfigs as below:
to skip FSP notify APIs (Ready to boot and End of Firmware) and make
use of native coreboot driver to perform SoC recommended operations
prior booting to payload/OS.

Additionally, created a helper function `heci_finalize()` to keep HECI
related operations separated for easy guarding again config.

TODO: coreboot native implementation to skip FSP notify phase API (post
pci enumeration) is still WIP.

### Add support for PCIe Resizable BARs
Section 7.8.6 of the PCIe spec (rev 4) indicates that some devices can
indicates support for "Resizable BARs" via a PCIe extended capability.

When support this capability is indicated by the device, the size of
each BAR is determined in a different way than the normal "moving
bits" method. Instead, a pair of capability and control registers is
allocated in config space for each BAR, which can be used to both
indicate the different sizes the device is capable of supporting for
the BAR (powers-of-2 number of bits from 20 [1 MiB] to 63 [8 EiB]), and
to also inform the device of the size that the allocator actually
reserved for the MMIO range.

This patch adds a Kconfig for a mainboard to select if it knows that it
will have a device that requires this support during PCI enumeration.
If so, there is a corresponding Kconfig to indicate the maximum number
of bits of address space to hand out to devices this way (again, limited
by what devices can support and each individual system may want to
support, but just like above, this number can range from 20 to 63) If
the device can support more bits than this Kconfig, the resource request
is truncated to the number indicated by this Kconfig.


coreboot 4.15 to 4.16 visualized

Announcing coreboot 4.8 & 4.8.1

coreboot 4.8 was released on May 15, 2018.  An issue with payloads was found immediately after the release was complete, requiring the release of an updated version, 4.8.1.  The release tarballs and gpg signatures are available in the usual place at

coreboot 4.8 & 4.8.1 release notes

The 4.8.1 release contains 2 commits: 5f0b80b880 and 6794ce02d4. This minor release fixes an issue with adding payloads. The 4.8 release covers commit 6dd2f69878 to commit ebdeb4d07d Since the last release, the coreboot project had 1198 commits by 124 authors.

There are PGP signed 4.8 and 4.8.1 tags in the git repository. A branch for 4.8 releases (4.8_branch) has been created.

A big thank you to everyone involved in making this release happen. We couldn’t have done this without the 35 new commit authors, the experienced developers, the many reviewers, documentation writers and the fantastic community supporting users on both the mailing list and the IRC channel.

In general, this has been a calm release cycle. Several old devices were removed from the master branch early in the release, as they hinder development and nobody stepped up doing the porting effort or was willing to test coreboot on them. If there is the desire to get a board back, it isn’t lost as it’s still in the git history.

Intel i945 platform

  • On Intel 945 devices, native graphics initialization is now skipped saving around 100 ms during resume from S3. The OS drivers need to be able to handle that. Linux’ i915 driver is able to handle it, but not the frame buffer driver.

AMD Stoney Ridge

  • Significant cleanup from older AGESA based platforms
  • Fixes to get S3 working
  • Updates to GPIO code to match other modern coreboot chips
  • AGESA interface cleanup – Use native coreboot functions when possible

Lenovo mainboards

  • Started integration of VBT (Video Bios Table) binary files to support native graphics initialisation

Internal changes

  • Rename of payload type ‘payload’ to ‘simple_elf’
  • Progress in removing typedef device_t
  • Migrated all Intel platforms to a common VBT codebase
  • Ongoing cleanup of whitespace, spelling and formatting
  • Support for PCI in ramstage on non-x86
  • Ongoing Intel platform code deduplication

Console changes

  • Reduce default loglevel to DEBUG
  • Introduce a way for mainboard to override the loglevel
  • Restrict console messages to after console initialization

Fixed Bugs

  • qemu-i440fx: Fix ACPI checksum corruption
  • intelmetool: Fix crash, support ME11+ platforms, fix bootguard detection
  • tpm: Fix TPM software stack vulnerability in tlcl_read() for TPM 1.2 (
  • asrock/b75pro3-m: Fixed HDMI
  • Intel/ibexpeak: Fix missing ACPI PIRQ entries
  • Intel/nehalem: Fix freeze during chipset lockdown


  • Bumped SeaBIOS to 1.11.1
  • Improved TianoCore integration


  • Start of refactoring the TPM software stack
  • Introduced coreboot security section in kconfig
  • VBoot & TPM code moved into src/security


  • Add Intel Boot Guard status support


Added 17 mainboards

  • Asus MAXIMUS_IV_GENE_Z Intel Sandybridge
  • Google ATLAS Intel Kabylake
  • Google BIP Intel Geminilake
  • Google CHEZA Qualcomm SDM845
  • Google NOCTURNE Intel Kabylake
  • Google OCTOPUS Intel Geminilake
  • Google PHASER Intel Geminilake
  • Google YORP Intel Geminilake
  • HP 8770W Intel Ivybridge
  • HP FOLIO_9470M Intel Ivybridge
  • Intel KBLRVP8 Intel Skylake
  • Lenovo W520 Intel Sandybridge
  • OCP MONOLAKE Intel Broadwell DE
  • OCP WEDGE100S Intel Broadwell DE
  • Purism Librem 15 v2 Intel Broadwell
  • Scaleway TAGADA Intel Denverton

Removed 39 mainboards

  • Abit BE6_II_V2_0
  • Asus DSBF
  • Asus MEW_AM
  • Asus MEW_VM
  • A-trend ATC_6220
  • A-trend ATC_6240
  • Biostar M6TBA
  • Compaq DESKPRO_EN_SFF_P600
  • DMP EX
  • Gigabyte GA_6BXC
  • Gigabyte GA_6BXE
  • HP E_VECTRA_P2706T
  • Intel D810E2CB
  • Intel MTARVON
  • Intel TRUXTON
  • Iwave RAINBOW_G6
  • Lanner EM8510
  • Mitac 6513WU
  • MSI MS_6119
  • MSI MS_6147
  • MSI MS_6156
  • MSI MS_6178
  • Nokia IP530
  • RCA RM4100
  • Soyo SY_6BA_PLUS_III
  • Supermicro H8QGI
  • Supermicro H8SCM
  • Supermicro X7DB8
  • Thomson IP1000
  • Tyan S1846
  • Tyan S8226
  • Wyse S50

Added 2 socs

  • Qualcomm sdm845
  • SiFive fu540

Removed 2 socs

  • DMP vortex86ex
  • Intel sch

Removed 5 processors

  • AMD agesa-family15
  • AMD geode-gx2
  • Intel ep80579
  • Intel model-f0x
  • Intel model-f1x


  • Total commits: 1198
  • Average Commits per day: 9.85
  • Total authors: 124
  • New authors: 35
  • Total lines added: 386113
  • Total lines removed: 291201
  • Total lines difference: 94912

Announcing coreboot 4.6

We are happy to announce the April 2017 release of coreboot, version 4.6.

The 4.6 release covers commit e74f5eaa to commit db508565

Since the last release in October 2016, the coreboot project had 1708 commits by 121 authors.
The release tarballs and gpg signatures are available in the usual place at

There is a pgp signed 4.6 tag in the git repository, and a branch will be created as needed.

Changes: Past, ongoing, and future

CBMEM console development and the Linux Kernel

Our cbmem debug console was updated with some nice features. The cbmem console now persists between reboots and is able to be used on some platforms via late init. Also there is a new Linux kernel driver which removes the need for the old cbmem tool to read from the cbmem area. You can find the patch here and it can be enabled via GOOGLE_MEMCONSOLE_COREBOOT kconfig option in your kernel – Note that this name may change going forward.

Critical bugs in TPM 1.2 support

coreboot currently has issues with the TPM 1.2 LPC driver implementation. This leads to a misbehavior in SeaBIOS where the TPM gets temporarily deactivated. We plan to publish the bugfix release 4.6.1 when we have these issues sorted out.

Native graphics and ram init improvements

The native graphics was reworked a while ago and should finally support Windows. Numerous bug fixes and EDID support is also now available. Finally, the native ram initialization for sandybridge/ivybridge platforms got patched and supports more RAM modules.

New and fresh payloads

SeaBIOS, FiLO, and iPXE were all recently updated to the latest versions. Https downloads are the default for all payloads now. We provide the libpayload project which is used for writing own payloads from scratch. The library is MOSTLY licensed under BSD and recently received new functionality in order to prepare for the upcoming replacement for the old nvramcui payload. This new payload is called cbui and is based on the nuklear graphics library including keyboard and mouse support. The cbui payload is currently expected to be merged into the main coreboot tree before the next release.  The upstream repository is here:

UEFI support: A long road to go

coreboot can be used with the Tianocore EDK2 UEFI implementation which is open source and available at Github. Sadly it is not currently integrated into the coreboot build. This has several reasons:

  • EDK2 only supports GCC 4.8 profile. coreboot is now running on GCC 6.3.0.
  • Incompatibilities with code inside the EDK2 which has not been updated.

We started to make progress with the integration into our sources and the hope is that by the end of the summer, we finally support the EDK2 payload out-of-the-box. See the current patch state at

Fighting blobs and proprietary HW components

coreboot’s ultimate goal would be to replace any closed source firmware stack with free software components. Unfortunately this is not always possible due to signed binaries such as the Intel ME firmware, the AMD PSP and microcode. Recently, a way was discovered to let the Intel ME run in a functional error state and reduce it from 1.5/5MB to 80KB. It’s not perfect but it works from Nehalem up to Skylake based Intel systems. The tool is now integrated into the coreboot build system. The upstream repository is

Another ongoing improvement is the new utility blobtool. It is currently used for generating the flash descriptor and GbE configuration data on older mainboard which are known to be free software. It can easily be extended for different binaries with well-defined specifications.

Did you say Ada?

coreboot now supports Ada, and a lot work was done integrating Ada into our toolchain. At the moment only the support for formal verification is missing and will be soon added. At that point, we can prove the absence of runtime errors in our Ada code. In short, everybody can start developing Ada code for our project.

The existing Ada code which can be used from now on is another native graphics initialization which will replace in the long term the current implementation. The native graphics code supports all Intel platforms up to skylake. We offer support for HDMI, VGA, DVI and DP external interfaces as well and is ready to be integrated into our mainboard implementations.

Toolchain updates

A new coreboot toolchain is out. The major toolchain change was going from GCC version 5.3.0 to 6.3.0. There were also minor version updates to GMP, MPFR, Binutils, GDB, IASL, and Clang.

Deprecation policy for boards

Starting with this release there will be a policy for deprecating unmaintained boards. See the end of this announcement for details.

Change Summary

Build system (20 commits)

  • Clean up Kconfig
  • Show more useful error messages

Codebase cleanup (94 commits)

  • Many fixes for files to pass checkpatch. Lots more to do here.
  • Remove commented out code
  • Updates to transition away from device_t
  • Work to get rid of included C files

Documentation (6 commits)

  • Start adding technotes/Design docs
  • Add Kconfig documentation

ACPI & acpigen library

  • Add GPIO macros
  • Clean up and add more functions to ACPIGEN library

EC (26 commits)

  • Add roda/it8518 embedded controller

TPM (41 commits)

  • Cleanup
  • Update ACPI ASL, Runtime generate ACPI table for TPM driver
  • Make SPI TPM driver CAR-safe
  • Update TPM init sequence

Devices (24 commits)

  • Add a new SPI device type
  • Allow devicetree accesses in postcar stage
  • PCIEXP_ASPM: Unify code with other PCI-e tuning

Lib (28 commits)

  • Add option to use Ada code in ramstage
  • bootstate: add arch specific hook at coreboot exit
  • cbfs: Add API to locate a file from specific region
  • Add library to handle SPD data in CBFS or DIMM
  • Add region file support
  • Turn CBMEM console into a ring buffer that can persist across reboots

Commonlib (11 commits)

  • Add xmalloc, xzmalloc and dma routines
  • Add input and output buffer helpers

Drivers (29 commits)

  • i2c: Pass in i2c_generic_config into i2c_generic_fill_ssdt
  • i2c/alps: Add support for ALPS Touchpad driver
  • i2c/generic: Add support for GPIO IRQ
  • i2c/generic: Enable support for adding PowerResource for device
  • i2c/hid: Add generic I2C HID driver
  • i2c/max98927: add i2c driver for Maxim 98927 codec
  • i2c/wacom_ts: Add support for WCOM touchscreen device driver
  • pc80/rtc: Check cmos checksum BEFORE reading cmos value
  • regulator: Add driver for handling GPIO-based fixed regulator
  • storage: Add SD/MMC/eMMC driver based upon depthcharge

SPI interface

  • Significant cleanup and refactoring

Include (17 commits)

  • cpu/intel: Add MSR to support enabling turbo frequency
  • elog: Add all EC event codes

SuperIO (12 commits)

  • Updates for ITE SIOs
  • Add 2 new chips
  • Consolidate code to use common routines

Vboot (23 commits)

  • Add support for recovery hash space in TPM

RISC-V (25 commits)

  • Add lowRISC System On Chip support
  • Cbmem patches, move to common architectural code

ARM (16 commits)

  • Init new serial struct variables for samsung exynos5420 & allwinner a10
  • Fix verstage to use proper assembly versions of mem*()

RockChip RK3399 & platforms (46 commits)

  • Memory, I2C, USB, SD & Display fixes

X86 Intel (193 commits)

  • Broadwell/Sata: Add support for setting IOBP registers for Ports 2 and 3.
  • cpu/intel/common: Add/Use common function to set virtualization
  • drivers/intel/fsp1_1: Fix boot failure for non-verstage case
  • drivers/intel/fsp2_0: Reset on invalid stage cache.
  • drivers/intel/gma: Add textmode using libgfxinit & use scaling to simplify config
  • drivers/intel/mipi_camera: Add MIPI CSI camera SSDT generator
  • broadwell_de: Add SMM code
  • intelblocks/msr: Move intel x86 MSR definition into common location
  • intel/broadwell: Use the correct SATA port config for setting IOBP register
  • intel/wifi: Create ACPI objects for wifi SAR configuration
  • lynxpoint bd82x6x: Enable PCI-to-PCI bridge
  • mrc: Add support for separate training cache in recovery mode
  • nb/i945/early_init.c: Add FSB800 and 1067 to Egress Port Virtual Channel
  • nb/i945/raminit: Add fixes for 800MHz & 1067MHz FSB CPUs
  • nb/intel/gm45: Fix panel-power-sequence clock divisor
  • nb/intel/i945: Fix PEG port on 945gc & sdram_enhanced_addressing for channel1
  • nb/intel/pineview: Move to early cbmem
  • nb/pineview/raminit: Skip Jedec init on resume, fix hot reset path
  • nb/intel/sandybridge/gma: Always initialize DP buffer translation
  • sb/ich7: Use common/gpio.h to set up GPIOs
  • sb/intel/bd82x6x: Add TCO_Lock in finalize step
  • sb/intel/common/gpio: Support ICH9M and prior
  • sb/intel/i82801gx: Add i2c_block_read to smbus.h


  • Fix CAS Write Latency, disable_channel, normalize_training & odt stretch
  • Separate Sandybridge and Ivybridge
  • Reset internal state on fallback attempts
  • Find CMD rate per channel


  • Add common routines for HECI, ITSS, PCR, RTC, systemagent, UART, XHCI, & LPSS
  • Save Memory DIMM Information in SMBIOS table

Apollolake (183 commits)

  • Switch to common routines for LPSS, RTC, ITSS, UART, XHCI, & PCR
  • Enable turbo
  • Add save/restore variable MRC cache
  • Allow ApolloLake SoC to use FSP CAR Init
  • Allow USB2 eye pattern configuration in devicetree

Quark & platforms (14 commits)

  • Fix I2c & Serial port config
  • Add vboot support

ga-g41m-es2l, x4x northbridge & LGA775 (23 commits)

  • Memory fixes
  • Add S3 suspend/resume

Skylake / Kabylake (208 commits)

  • Add devicetree settings for acoustic noise mitigation
  • Perform CPU MP Init before FSP-S Init
  • Add support for GSPI controller & add GSPI controller get_config support
  • Enable Systemagent IMGU
  • Add USB Port Over Current support & Expand USB OC pins support PCH-H
  • Extract DIMM Information from FSP MEM INFO HOB
  • Add support for eSPI SMI events
  • Update ACPI & various methods

X86 amd (116 commits)

  • ACPI S3: Remove HIGH_MEMORY_SAVE where possible
  • AMD fam10 binaryPI: Remove invalid PCI ops on CPU domain
  • binaryPI platforms: Drop ACPI S3 support
  • sb/amd/sb700: Disable LPC ROM mapping when SPI Flash is used
  • southbridge/amd: Add LPC bridge acpi path for Family14 and SB800
  • arch/x86: remove CAR global migration when postcar stage is used
  • x86/acpi: Add VFCT table

AMD: vendorcode, AGESA, binaryPI (72 commits)

  • Cleanup & consolidate duplicate code
  • Fork for new cache-as-ram init code & Fix binaryPI cache-as-ram
  • Refactor S3 support functions and Delay ACPI S3 backup until ramstage loader


  • Fix CsMux45 configuration, maximum read latency, & DQ mask calculation

Mainboards (198 commits)

  • asus/f2a85-m_le: Activate IOMMU support
  • lenovo/h8: Add USB Always On
  • google/oak: Enable dual DSI for rowan and the BOE 8-lane MIPI/DSI panel
  • google/parrot: Fix keyboard interrupts, DSDT
  • google/veyron: Work around RAM code strapping error
  • lenovo/t400: Rewrite dock from t60
  • intel/d510mo: enable ACPI resume from S3
  • intel/d945gclf: Fix resume from S3 suspend
  • lenovo/t400: Implement hybrid graphic in romstage
  • Enable libgfxinit on lenovo/t420 & x230, kontron/ktqm77, google/slippy
  • lenovo/x60,t60: Move EC CMOS parameters in checksummed space
  • mc_tcu3: Do not abort initialization of PTN3460 when HW-ID is missing
  • mc_tcu3: Swap LVDS even and odd lanes for a certain hardware
  • purism/librem13: Enable support for M.2 NVMe & Fix M.2 issues

Payloads (53 commits)

  • Update FILO, SeaBIOS, & iPXE versions
  • Many libpayload fixes and updates

Toolchain (19 commits)

  • Update GCC, Binutils, GMP, MPFR, GDB, IASL and LLVM

Utilities: (145 commits)

  • abuild: Build saved config files and print failed builds at the end
  • autoport: Create superiotool logs and fix romstage generator
  • board-status: Update bucketize script and add README file
  • cbfstool: Add cbfs-compression-tool and enable adding precompressed files
  • cbmem: Add custom aligned memcpy() implementation
  • ectool: Fix timeout on sending EC command and support OpenBSD
  • ifdtool: Fix ICH Gbe unlock
  • intelmetool: Add support for Wildcat Point LP, fix segfault on edge cases
  • inteltool: Add support for CH6-10, ICH10, Wildcat Point-LP and fix ICH SPIBAR
  • sconfig: Add a new SPI device type
  • superiotool: Add new chips – IT8783E/F, W83627DHG, W83627EHG, F71808A

Changes in chips

Added 1 processor & northbridge:

  • amd/pi/00670F00

Added 1 soc:

  • lowrisc/lowrisc

Removed 1 northbridge:

  • intel/e7501

Added 2 sios:

  • fintek/f71808a
  • ite/it8783ef

Mainboard changes

Added 52 mainboards and variants:

  • AMD Gardenia – AMD Stoney Ridge
  • Asus F2A85_M_PRO – AMD Family 15h Trinity
  • Asus P5GC_MX – Intel Socket LGA775
  • Gigabyte GA_945GCM_S2L & GA_945GCM_S2C variant – Intel Socket LGA775
  • Google Auron variants: Yuna, Gandof, Lulu – Intel Broadwell
  • Google Beltino variants: McCloud, Monroe, Tricky, Zako – Intel Haswell
  • Google Eve – Intel Kabylake
  • Google Fizz – Intel Kabylake
  • Google Gru variants: Bob, Scarlet – RockChip RK3399
  • Google Oak variants: Hana, Rowan – MediaTek MT8173
  • Google Poppy & Soraka variant – Intel Kabylake
  • Google Rambi variants: Banjo, Candy, Clapper, Glimmer, Gnawty, Heli, Kip, Orco, Quawks, Squawks, Sumo, Swanky, & Winky – Intel Baytrail
  • Google Reef variants: Sand, Snappy, Nasher – Intel Apollolake
  • Google Slippy variants: Leon, Wolf – Intel Haswell
  • Intel KBLRVP3 & KBLRVP7 – Intel Kabylake
  • Intel LEAFHILL – Intel Apollolake
  • Intel MINNOW3 – Intel Apollolake
  • Lenovo L520: Intel Sandybridge
  • Lenovo S230U: Intel Ivybridge
  • Lenovo X1 Carbon GEN1 – Intel Sandybridge
  • lowRISC NEXYS4DDR – RiscV
  • MSI MS7721 – AMD Bulldozer
  • PC Engines APU2 – AMD Jaguar
  • RODA RV11 & RW11 variant – Intel Ivybridge
  • Sapphire Pure Platinum H61 – Intel Socket LGA1155
  • Siemens MC_APL1 – Intel Apollolake

Removed 10 mainboard variants:

  • Google Auron (Still available as a base-board for variants)
  • Google Veyron Chromeboxes: Brain, Danger, Emile, Romy
  • Google Veyron Test Projects: Gus, Nicky, Pinky, Shark, Thea


Added 2 new utilities:

  • blobtool
  • me_cleaner


Updated 5 submodules

  • 3rdparty/blobs (10 commits)
  • 3rdparty/arm-trusted-firmware (172 commits)
  • 3rdparty/vboot (158 commits)
  • 3rdparty/chromeec/ (810 commits)
  • util/nvidia/cbootimage (2 commits)

Tested boards

The following boards were tested recently:

  • emulation qemu-q35            4.6-1
  • asus kgpe-d16                         4.6-1
  • asus kfsn4-dre                        4.6-1
  • asus p5gc-mx                          4.6-1
  • lenovo x60                               4.5-1681 / 4.6-7
  • lenovo x230                             4.5-1674 / 4.6-27
  • asrock e350m1                        4.5-1662 / 4.6-7
  • lenovo t420                              4.5-1640
  • lenovo x200                             4.5-1598 / 4.6-33
  • sapphire pureplatinumh61  4.5-1575
  • gigabyte ga-945gcm-s2l         4.5-1568
  • lenovo t400                              4.5-1564
  • lenovo t60                                4.5-1559
  • gigabyte m57sli                      4.5-1526
  • purism librem13                    4.5-1503
  • gigabyte ga-g41m-es2l           4.5-1444
  • google slippy                           4.5-1441
  • intel d510mo                           4.5-1341

coreboot statistics from e74f5eaa43 to db508565d2

  • Total Commits: 1708
  • Average Commits per day: 8.75
  • Total authors: 121
  • New authors: 34
  • Total Reviewers: 72
  • Total Submitters: 19
  • Total lines added: 177576
  • Total lines removed: – 107460
  • Total difference: 70116

Code removal after the 4.6 release

The only platform currently scheduled for removal is the bifferos/bifferboard & soc/rdc/r8610. This platform is one of two that still uses romcc to compile romstage and doesn’t have cache-as-ram in romstage – the others were all removed long ago. Additionally, it seems to be impossible to buy, so as far as it can be determined, no testing has been done recently.

Code removal after the 4.7 release

One of the things that the coreboot project has struggled with is how to maintain the older platforms while still moving the rest of the platforms forward. Currently there are numerous platforms in the codebase which have not been well maintained.

Starting with the 4.7 release in October, the coreboot leadership is going to set standards that platforms are expected to meet to remain in the active codebase. These will generally be announced 3 – 6 months in advance to give time to get changes in. The expectation is not necessarily even that all work to meet the goal will be completed, but it is expected that a reasonable effort has started to meet the goal at the time of the release. Regardless of the work that’s been done, platforms which have not met the goal by the following release will be removed.

The next expectation that will need to be met for all platforms is cbmem in romstage. This currently affects numerous platforms, including most, if not all of AMD’s platforms. Work to update many of these platforms has started, but there are others that have not made any progress towards this goal. A list of the platforms that are affected by this will be sent to the mailing list shortly.

Code removal after the 4.8 release

To further clean things up, starting with the 4.8 release, any platform that does not have a successful boot logged in the board_status repo in the previous year (that is, within the previous two releases) will be removed from the maintained coreboot codebase. Chips that do not have any associated boards will also be removed. These platforms will be announced before the release so that there is time for people to test if desired.

This is not meant to be a high bar, but as a measure to clean up the codebase and eliminate boards and chips that are actually no longer being used. The cleanup will happen just after the release, so the removed platforms will still be available in the release branch if desired. If there is still interest, developers can bring back old chips and boards by porting them to the new tree (and bringing them to current standards).

This gives everyone until April 2018 to get any boards that they care about tested before the first removal.

All the code removal information will also be sent to the mailing list along with additional details.

Results of the coreboot “Mailing List vs Forum” poll

A little while back, there were a few requests to switch from the mailing list format to a web-based forum for our official communication channel.  The coreboot leadership wanted to see what the actual preferences of the coreboot community was, so I posted a poll.  The poll was publicized in IRC and on the mailing list itself, so should have been communicated to the people who would be most directly affected by any change.

Poll results

Here are the overall results from all responses:

Hate Mailing List:1, Prefer Forum: 6, Don't care: 2, Prefer Mailing list: 21, Hate Forum: 26

We had a total of 60 valid responses, and I think the overall results pretty clearly indicate that the coreboot project should NOT move away from the mailing list.

One suggestion was to split the communication into the mailing list for Developers, and a forum for non-developers. To see what the various groups thought, I made a few more charts:

Developer preferences:

Prefer Forum: 1, Prefer Mailing list: 16, Hate Forum: 15, Other: 3
Developer Responses

So not unexpectedly, the coreboot developers even more overwhelmingly prefer the mailing list to the general results

Non-developer preferences:

Hate Mailing list: 1, Prefer Forum: 5, Don't care: 2, Prefer Mailing list: 5, Hate Forum: 11, Other: 1
Non-developer Responses

So even within the non-developer group, there was a definite preference for the mailing list format.

Finally, I broke the Non-developer group down into the group that said they were coreboot users, as opposed to those that mainly read the mailing list.

coreboot users (non-developers):


Hate Mailing list: 1, Prefer Forum: 4, Prefer Mailing list: 4, Hate Forum: 5
coreboot Users (Non-Developers)

That group had the highest percentage of people who preferred the forum, but it was still well under 40%.


We also asked people what we should do to improve the mailing list.  Here’s a summary of the suggestions:

  • Show people how to set up their (or a different) email client to make reading the mailing list easier.
  • Have people be more polite.
  • Add a FAQ showing previously asked question and answers.
  • A netiquette should be established like on the Linux kernel mailing list.
  • Several suggestions to improve the coreboot mailing list archive at
    • Fix the archive so that long threads aren’t spread into different sections by months.
    • Add a search function to the archive
    • Create monthly archives that can be downloaded (This exists.)
    • Update from Pipermail to a more modern archiver like Hyperkitty –

Since it doesn’t look like we’re going to switch to a forum, I’m not going to list the suggestions that people had for that.


Over the upcoming weeks, we’ll look at our options, and discuss our options and plans in the bi-weekly coreboot community meetings.


My coreboot mug filled with Lefthand Milk stout Nitro.

coreboot is joining the Software Freedom Conservancy

The coreboot project applied to join the Software Freedom Conservancy and has been approved for membership by their board.  There is still some work to be done in hammering out the governance details, but we hope to have everything completed by April.

Joining the SFC as coreboot’s fiscal sponsor will allow us to go forward with fundraising, and that all donations to the coreboot project from the United States will be tax-deductible to the extent permitted by law.  Up to this point, coreboot hasn’t had any official way to accept donations or payments.  This has meant that the project was mainly supported financially by members of the coreboot leadership, which has put some limitations on what we were able to do.

Another of the things that joining the SFC means is that we will be formalizing and fully documenting the coreboot leadership structure.  This is one of the Conservancy’s requirements, and something that they will help the project with.

The Conservancy offers a number of other services to its members. We encourage everyone to take a look at the SFC, and to consider joining as individual supporters.

Announcing coreboot 4.5

We are happy to announce the release of coreboot 4.5

The 4.5 release covers commit 80a3df260767 to commit 0bc12abc2b26.

This release is the first since the project switched from doing quarterly releases to doing biannual releases.  The next release will be in April of 2017.

Since the last release in April, the coreboot project has had 1889 commits by 119 authors.

The release tarballs and gpg signatures are available in the usual place at

There is a 4.5 tag in the git repository, and a branch will be created as needed.

Areas with significant updates:

  • Toolchain (29 commits)
    • Updated mpfr version from 3.1.3 to 3.1.4
    • Updated gcc version from 5.2.0 to 5.3.0
    • Updated binutils version from 2.25 to 2.26.1 & Fix aarch64 build problem
    • Updated gdb version from 7.9.1 to 7.11
    • Updated iasl version from 20160318 to 20160831
    • Updated python version from 3.4.3 to 3.5.1
    • Updated expat version from 2.1.0 to 2.1.1
    • Updated llvm / clang version from 3.7.1 to 3.8.0
    • Updated make version from 4.1 to 4.2.1
  • Build system (32 commits)
    • Updates for cbfstool / fmap changes
    • Order per-region files to optimize placement success
    • Add support for the ADA language and toolchain.
  • Utilities (103 commits)
    • Lint – Update, add tools  to find non-ascii & unprintable chars and to verify a single newline at the end of files
    • cbfstool – Update for Linux payloads, Honor FSP modules addresses, fix elf parsing
    • Sconfig – Add 10 bit addressing mode for i2c devices, add generic device type, support strings, pass in devicetree filename
  • General code cleanup (197 commits)
    • Cleaning up code formatting and whitespace
    • Fix spelling & capitalization
    • Removing commented out code
    • Transition away from device_t
  • TPM (55 commits)
    • Add support for Trusted Platform Module 2.0
    • SPI & refactored I2C TPM driver
  • Drivers (54 commits)
    • Add ACPI support in several drivers
    • coreboot_tables –  Extend serial port description
    • Elog – refactor, add debug info
    • I2C – add generic driver,
    • SPI – Add new chip support, major refactoring, don’t assume SPI flash boot device
  • Lib (33 commits)
    • Add real-time-clock functions
    • Add RW boot device construct
    • reg_script updates: add to bootblock, add xor support, add display support
    • Timestamp fixes & updates
  • Vendorcode
    • AMD (14 commits) – Cleanup, add libagesa.a builds, remove unused code.
    • Google (22 commits) – VBoot2 updates and cleanup
    • Intel (86 commits) – Add Intel FSP 2.0, update Broadwell DE support
  • Payloads (37 commits)
    • Subpayload support got extend and is enabled by default.
    • nvramcui: refactor, update build
    • SeaBIOS: Update stable version to 1.9.3, add bootorder file
    • iPXE: Update stable version to the last commit of July 2016
    • Fix broken linux boot sequence

Mainboard changes

Added 13 mainboards, plus a few mainboard variants not included here:

  • ADI RCC-DFF networking board (adi/rcc-dff) – intel/rangeley SoC
  • AMD Evaluation Board DB-FT3B-LC (amd/db-ft3b-lc) – amd/00730F01 (Family 16h Models 30h-3Fh (Mullins)) CPU
  • AMD f2950 / TONK 1201/2 Board (amd/f2950) – amd/geode_lx CPU
  • Apple iMAC 5.2 (apple/imac52) – intel/i945 CPU
  • Unibap Development Kit ODE E21XX – amd/00730F01 (Family 16h Models 30h-3Fh (Mullins)) CPU
  • elmex/pcm205400 – amd/Family_14 CPU
  • elmex/pcm205401 – amd/Family_14 CPU
  • Lenovo N21 chromebook (google/enguarde) – intel/baytrail SoC
  • google/gale – Qualcomm IPQ40XX SoC
  • AOpen Chromebox (google/ninja) – intel/baytrail SoC
  • google/reef – intel/apollolake SoC
  • Acer Chromebox CXI2 (google/rikku) – intel/Broadwell SoC
  • google/rotor – marvell/MVMAP2315 SoC

Removed 5 mainboards:

These were all development boards not available to the public.

  • google/bolt – intel/haswell – removed in commit 139314b
  • google/rush – nvidia/tegra132 – removed in commit e67cd9e
  • google/rush_ryu – nvidia/tegra132 – removed in commit 0c63415
  • google/slippy – intel/haswell – removed in commit bc24b85
  • intel/amenia – intel/apollolake – removed in commit c2586db

Existing boards with significant updates

  • asus/kgpe-d16 – amd/socket_G34 – Add TPM support, enable secondary serial port
  • emulation/spike-riscv: RISC-V -clean up, use generic bootblock,  look for CBFS in RAM, reimplement SBI
  • google/gru – rockchip/RK3399 SoC (76 commits) – Board bringup
  • google/oak – mediatek/mt8173 SoC- Add Elm variant, update memory, configure display, initialize touchscreen gpio
  • intel/galilleo- intel/quark SoC (14 commits) – Board bringup, add galileo gen1 support, switch to FSP2.0
  • intel/minnowmax – intel/fsp_baytrail SoC – Enable all PCIe ports, Program GPIO for power LED
  • lenovo/x60 – intel/socket_mPGA478 – init GPIOs before dock check, add hda verb table
  • siemens/mc_bdx1 – intel/fsp_broadwell_de SoC – Add external RTC, Set up MAC addresses, Update IRQs
  • siemens/mc_tcu3 – intel/fsp_baytrail SoC – cleanup & LCD panel updates

Changes in chips

Moved 3 northbridge/southbridge pairs to soc:

  • dmp/vortex86ex
  • intel/sch
  • rdc/r8610

Added 2 socs:

  • marvell/mvmap2315 (12 commits)
  • qualcomm/ipq40xx (22 commits)

Removed 1 soc:

  • nvidia/tegra132 – removed in commit 9ba0699

Added 2 sios:

  • nuvoton/nct6776
  • nuvoton/nct6791d

Existing chip areas with many changes

  • ARM (34 commits)
    • Add armv7-r configuration
    • rockchip/rk3399 (73 commits) – Bringup, memory updates
  • RISC-V (40 commits)
    • Improve and refactor trap handling
  • X86 (225 commits)
    • ACPI (40 commits) Add support for writing various entries and descriptor types, Add common definitions, Use ‘GOOG’ id for coreboot table
    • amd/mct_ddr3 northbridge: Support non-ECC DIMMs, Update SMBIOS, various fixes
    • arch/x86: many postcar stage updates, add common ACPI definitions, Support “weak” BIST and timestamp save routines
    • intel/apollolake SoC (211 commits) – Chip bringup, Update bootblock
    • intel/common: ACPI updates, Add smihandler, LPSS I2C driver, and  IGD OpRegion support
    • intel/fsp_broadwell_de: IRQ fixes, SPI message fixes, Add DMAR table to ACPI
    • intel/gm45 northbridge: Fix text mode init, enable vesa framebuffer, use VGA if connected
    • intel/i945 northbridge: add native VGA init, Update divisor calculations
    • intel/quark SoC (62 commits) – Chip bringup, add Fsp2.0 support, updates for serial console
    • intel/skylake CPU (61 commits) – Finished Skylake bringup, start updating for Kabylake FSP
    • intel/x4x northbridge (13 commits) – Memory & Graphics updates


Updated 4 submodules

  • 3rdparty/blobs (6 commits)
  • 3rdparty/arm-trusted-firmware (425 commits)
  • 3rdparty/vboot (61 commits)
  • 3rdparty/chromeec/ (676 commits)

Tested boards

The following boards were tested for this release:

  • asrock/e350m1              4.4-1890
  • asus/kfsn4-dre               4.4-1698 / 4.5-17
  • asus/kgpe-d16                4.4-1802 / 4.5-17
  • emulation/qemu-q35   4.4-1698 / 4.5-8
  • gigabyte/ga-b75m-d3v 4.4-1757
  • google/peppy                 4.4-1882
  • lenovo/g505s                 4.4-1739
  • lenovo/x201                   4.4-1886
  • lenovo/x220                   4.4-1746 / 4.5-17

coreboot statistics

Total Commits: 1889
Average Commits per day: 10.92
Total authors: 119
New authors: 47
Total Reviewers: 67
Total Submitters: 19
Total lines added: 164950
Total lines removed: -182737
Total difference: -17787

Announcing coreboot 4.4

We are happy to announce the release of coreboot 4.4.  This is our fourth quarterly release.  Since the last release, we’ve had 850 commits by 90 authors adding 59000 lines to the codebase.

The release tarballs are available at
There is a 4.4 tag and branch in the git repository.

Log of commit 3141eac900 to commit 588ccaa9a7

Major areas that received significant changes in for this release:

  • Build system (30 commits) – Add postcar stage, ‘timeless’ builds, extend site-local, test toolchain by version string, update dependencies, catch ACPI errors, l add additional macros.
  • Toolchain updates (40+ patches) – Update IASL to v20160318 , LLVM to v3.7.1, add GNU make, add nds32le GCC compiler
  • Lint tools (30 patches) – Update existing lint utilities, add lint tests for executable bit, make sure site-local isn’t committed, add test to break all lint tests.
  • Payloads (60 commits) – Fixes for libpayload, coreinfo and nvramcui, add new payloads, see below.
  • Maintainers file – (8 patches) – continue adding maintainers for various areas.
  • Documentation for adding Intel FSP-based platforms (20 commits)


Added 9 mainboards

  • asus/kcma-d8
  • emulation/qemu-power8
  • google/auron_paine
  • google/gru
  • intel/amenia
  • intel/apollolake_rvp
  • intel/camelbackmountain_fsp
  • intel/galileo
  • lenovo/t420

Existing boards with significant updates

  • asus/kgpe-d16
  • google/oak
  • google/chell
  • intel/kunimitsu

Changes in chips

Added 1 new architecture

  • power8

Added 1 processor

  • qemu-power8

Added 5 socs

  • intel/apollolake
  • intel/fsp_broadwell_de
  • intel/quark
  • marvell/armada38x
  • rockchip/rk3399

Existing chip areas with many changes

  • cpuamd/mct_ddr3
  • drivers/intel/fsp2_0
  • northbridge/intel/sandybridge/raminit
  • soc/intel/apollolake
  • soc/intel/fsp_baytrail
  • soc/intel/skylake
  • soc/mediatek/mt8173

Added 1 new vendorcode directory

  • siemens


Added 1 submodule

  • chromeec

Updated 3 submodules

  • 3rdparty/arm-trusted-firmware (329 commits)
  • 3rdparty/vboot (28 commits)
  • util/nvidia/cbootimage (13 commits)


Added 4 payloads

  • depthcharge: For ChromeOS verified boot
  • iPXE: For network booting
  • Memtest86+: Updated with fixes for correctly testing coreboot with payloads
  • U-Boot (Experimental): Alternate payload for booting an OS

Added 6 utilities

  • archive – Concatenates files into a single blob with an indexed header
  • chromeos – Download and extract blobs from a ChromeOS image
  • futility – vboot Firmware utility
  • intelmetool – Shows information about the Intel ME on a platform.
  • marvell/doimage_mv – No usage notes
  • post – Simple utility to test post cards

coreboot statistics

  • Total Commits:    850
  • Total authors:        90
  • New authors:         28
  • Total Reviewers:   40
  • Total Submitters:  17
  • Total lines added:       74054
  • Total lines removed: -15056
  • Total difference:          58998

coreboot changelog March 2 – March 15

This changelog covers 187 commits in the two week period between March 2, 2016 and March 15, 2016. (c77e0419 – 80547369)

Once again this time, we had many changes in the payloads area. We added a memtest86+ git repository, and set it up as a secondary payload within the coreboot build process. SeaBIOS updated the stable version from 1.9.0 to 1.9.1 and has a new option to build from any specified commit instead of just master or stable branches. Google’s depthcharge payload was added for ChromeOS builds, and the coreinfo payload started getting some updates – removing obsolete pieces, fixing the makefile, and correcting issues with cbfs.

The MediaTek MT8173 ARM based SOC and the Google OAK board using it received a significant number of patches, adding trusted firmware support, and initialization routines for memory, USB, audio, TPM, GPIOs, I2c and RTC.

Several other groups of patches were to perform cleanup for various chipsets. One series unified and fixed up the UDELAY settings, many of which were incorrectly specifying TSC delays which weren’t supported by those platforms. Other sets removed code #includes of C files, merged the MRC cache implementations into a single common version, and combined Sandybridge & Ivybridge LVDS implementations. The FSP version of Intel’s Bay Trail was updated to mirror the non-FSP implementation, enabling LPE and LPSS in ACPI mode. The plan with Bay Trail is to make the two versions as similar as possible, then work to combine the directories and use common code for both.

Intel has started adding support for their Xeon D (Broadwell DE) processor. So far only the vendorcode has been merged.  The coreboot code is another 4700 lines of chipset code and 800 lines of mainboard code, so that’s taking some time to get reviewed.

The patches bringing up the Quark and Apollo Lake Intel chips continued, with Quark getting minor updates and Apollo Lake continuing to add core functionality like memory init and the various calls into the FSP.

Additional work was done on Skylake as well, updating the FSP parameter table, adding a Voltage Regulator mailbox command, and adding clock gating for the 8254 timer.

Utilities only got a few changes this time. The cbmem utility got a fix a regression and correctly scale the timestamp values and an option to change the SPI ROM chip sizes was added to ifdtool. Cbfstool got a couple of fixes as well, making sure the structure sizes are the same whether compiled for 32-bit or 64 bit platforms, and zeroing out unused Linux parameters.

AMD’s native memory initialization got some more cleanup and several fixes, restoring DQS delay values on a failed loop, and making sure that both read and write training pass before proceeding to the next training phase instead of continuing when either one passed.

SMBIOS changes included a patch to add SMBIOS type 17 (Memory) fields to the Sandy Bridge / Ivy Bridge platforms, and another patch to fix the length calculated for those fields for every platform. A third patch added the names of several different DIMM vendors.

The X86 bootblock renamed several symbols for clarification, removed some unused code, and marked the reset vector as executable so it would show up in objdump.

We had a slew of patches from new authors merged in the past two weeks. Welcome to all new authors and thank you to everyone.

Antonello Dettori had 3 patches merged, allowing SeaBIOS to be build from any revision, and cleaning up early serial on the roda rk9 and amd thatcher platforms.
Bayi Cheng wrote a patch adding NOR flash DMA read routines for the Mediatek MT8173.
Georg Wicherski updated and added Google’s auron paine board.
Huki Huang modified the ChromeOS wifi regulatory domain to use the region key from VPD.
Jan Tatje updated the Intel Firmware Descriptor tool (iftdool) to allow the SPI rom sizes to be updated.
Jitao Shi added the parade ps8640 MIPI-to-eDP video format converter driver.
Jonathan Neuschäfer had an astounding 7 patches merged in his first couple of weeks submitting to coreboot. He fixed a syntax error in buildgcc, and updating several areas in coreinfo.
Jun Gao did I2C work on Mediatek MT8173 and on Google’s Oak board,
Lance Zhao had a pair of patches for Intel’s Apollo Lake reference board, setting up the devicetree, and adding memory training configuration.
Medha Garima added runtime SD card detection to Intel’s Kunimitsu board.
Milton Chiang had a patch updating the infracfg register map for the Mediatek MT8173.
Peter Kao wrote a pair of patches adding DRAM initialization to the Mediatek MT8173 and Google’s Oak board.
PH Hsu set up 4GB mode on Mediatek MT8173 and Google’s Oak board.

coreboot statistics

- Total commits: 187
- Total authors: 44
- New authors: 13
- Total lines added: 15724
- Total lines removed: -1750
- Total difference: 13974

Added 1 mainboards: google/auron_paine
Added 1 new driver: parade/ps864C

=== Top Authors - Number of commits ===
Martin Roth                  27 (14.439%)
Stefan Reinauer              24 (12.834%)
Andrey Petrov                18 (9.626%)
Aaron Durbin                 15 (8.021%)
Yidi Lin                      8 (4.278%)
Timothy Pearson               8 (4.278%)
Jonathan Neuschäfer           7 (3.743%)
Patrick Rudolph               7 (3.743%)
Leroy P Leahy                 6 (3.209%)
Alexander Couzens             5 (2.674%)
Duncan Laurie                 5 (2.674%)
Total Authors: 44

=== Top Authors - Lines added ===
Peter Kao                  3750 (23.849%)
Andrey Petrov              2536 (16.128%)
York Yang                  2509 (15.956%)
Georg Wicherski            2214 (14.080%)
Alexandru Gagniuc           409 (2.601%)
Ben Gardner                 406 (2.582%)
Leroy P Leahy               384 (2.442%)
Daisuke Nojiri              373 (2.372%)
Bayi Cheng                  314 (1.997%)
Martin Roth                 256 (1.628%)

=== Top Authors - Lines removed ===
Alexander Couzens           309 (17.657%)
Leroy P Leahy               255 (14.571%)
Stefan Reinauer             207 (11.829%)
Aaron Durbin                162 (9.257%)
Jonathan Neuschäfer         156 (8.914%)
Timothy Pearson             127 (7.257%)
Julius Werner                93 (5.314%)
Zheng Bao                    87 (4.971%)
Martin Roth                  66 (3.771%)
Andrey Petrov                58 (3.314%)

=== Top Reviewers - Number of patches reviewed ===
Martin Roth                  82 (43.850%)
Stefan Reinauer              62 (33.155%)
Paul Menzel                  45 (24.064%)
Aaron Durbin                 28 (14.973%)
Andrey Petrov                13 (6.952%)
Patrick Georgi               12 (6.417%)
Furquan Shaikh                6 (3.209%)
Timothy Pearson               4 (2.139%)
Ronald G. Minnich             4 (2.139%)
Alexander Couzens             4 (2.139%)
Total Reviewers: 22

=== Submitters - Number of patches submitted ===
Martin Roth                  85 (45.455%)
Patrick Georgi               47 (25.134%)
Aaron Durbin                 24 (12.834%)
Stefan Reinauer              20 (10.695%)
Vladimir Serbinenko           4 (2.139%)
Werner Zeh                    2 (1.070%)
Timothy Pearson               2 (1.070%)
Zheng Bao                     1 (0.535%)
Leroy P Leahy                 1 (0.535%)
Ronald G. Minnich             1 (0.535%)
Total Submitters: 10