Announcing coreboot 4.5

We are happy to announce the release of coreboot 4.5

The 4.5 release covers commit 80a3df260767 to commit 0bc12abc2b26.

This release is the first since the project switched from doing quarterly releases to doing biannual releases.  The next release will be in April of 2017.

Since the last release in April, the coreboot project has had 1889 commits by 119 authors.

The release tarballs and gpg signatures are available in the usual place at https://www.coreboot.org/downloads

There is a 4.5 tag in the git repository, and a branch will be created as needed.

Areas with significant updates:

  • Toolchain (29 commits)
    • Updated mpfr version from 3.1.3 to 3.1.4
    • Updated gcc version from 5.2.0 to 5.3.0
    • Updated binutils version from 2.25 to 2.26.1 & Fix aarch64 build problem
    • Updated gdb version from 7.9.1 to 7.11
    • Updated iasl version from 20160318 to 20160831
    • Updated python version from 3.4.3 to 3.5.1
    • Updated expat version from 2.1.0 to 2.1.1
    • Updated llvm / clang version from 3.7.1 to 3.8.0
    • Updated make version from 4.1 to 4.2.1
  • Build system (32 commits)
    • Updates for cbfstool / fmap changes
    • Order per-region files to optimize placement success
    • Add support for the ADA language and toolchain.
  • Utilities (103 commits)
    • Lint – Update checkpatch.pl, add tools  to find non-ascii & unprintable chars and to verify a single newline at the end of files
    • cbfstool – Update for Linux payloads, Honor FSP modules addresses, fix elf parsing
    • Sconfig – Add 10 bit addressing mode for i2c devices, add generic device type, support strings, pass in devicetree filename
  • General code cleanup (197 commits)
    • Cleaning up code formatting and whitespace
    • Fix spelling & capitalization
    • Removing commented out code
    • Transition away from device_t
  • TPM (55 commits)
    • Add support for Trusted Platform Module 2.0
    • SPI & refactored I2C TPM driver
  • Drivers (54 commits)
    • Add ACPI support in several drivers
    • coreboot_tables –  Extend serial port description
    • Elog – refactor, add debug info
    • I2C – add generic driver,
    • SPI – Add new chip support, major refactoring, don’t assume SPI flash boot device
  • Lib (33 commits)
    • Add real-time-clock functions
    • Add RW boot device construct
    • reg_script updates: add to bootblock, add xor support, add display support
    • Timestamp fixes & updates
  • Vendorcode
    • AMD (14 commits) – Cleanup, add libagesa.a builds, remove unused code.
    • Google (22 commits) – VBoot2 updates and cleanup
    • Intel (86 commits) – Add Intel FSP 2.0, update Broadwell DE support
  • Payloads (37 commits)
    • Subpayload support got extend and is enabled by default.
    • nvramcui: refactor, update build
    • SeaBIOS: Update stable version to 1.9.3, add bootorder file
    • iPXE: Update stable version to the last commit of July 2016
    • Fix broken linux boot sequence

Mainboard changes

Added 13 mainboards, plus a few mainboard variants not included here:

  • ADI RCC-DFF networking board (adi/rcc-dff) – intel/rangeley SoC
  • AMD Evaluation Board DB-FT3B-LC (amd/db-ft3b-lc) – amd/00730F01 (Family 16h Models 30h-3Fh (Mullins)) CPU
  • AMD f2950 / TONK 1201/2 Board (amd/f2950) – amd/geode_lx CPU
  • Apple iMAC 5.2 (apple/imac52) – intel/i945 CPU
  • Unibap Development Kit ODE E21XX – amd/00730F01 (Family 16h Models 30h-3Fh (Mullins)) CPU
  • elmex/pcm205400 – amd/Family_14 CPU
  • elmex/pcm205401 – amd/Family_14 CPU
  • Lenovo N21 chromebook (google/enguarde) – intel/baytrail SoC
  • google/gale – Qualcomm IPQ40XX SoC
  • AOpen Chromebox (google/ninja) – intel/baytrail SoC
  • google/reef – intel/apollolake SoC
  • Acer Chromebox CXI2 (google/rikku) – intel/Broadwell SoC
  • google/rotor – marvell/MVMAP2315 SoC

Removed 5 mainboards:

These were all development boards not available to the public.

  • google/bolt – intel/haswell – removed in commit 139314b
  • google/rush – nvidia/tegra132 – removed in commit e67cd9e
  • google/rush_ryu – nvidia/tegra132 – removed in commit 0c63415
  • google/slippy – intel/haswell – removed in commit bc24b85
  • intel/amenia – intel/apollolake – removed in commit c2586db

Existing boards with significant updates

  • asus/kgpe-d16 – amd/socket_G34 – Add TPM support, enable secondary serial port
  • emulation/spike-riscv: RISC-V -clean up, use generic bootblock,  look for CBFS in RAM, reimplement SBI
  • google/gru – rockchip/RK3399 SoC (76 commits) – Board bringup
  • google/oak – mediatek/mt8173 SoC- Add Elm variant, update memory, configure display, initialize touchscreen gpio
  • intel/galilleo- intel/quark SoC (14 commits) – Board bringup, add galileo gen1 support, switch to FSP2.0
  • intel/minnowmax – intel/fsp_baytrail SoC – Enable all PCIe ports, Program GPIO for power LED
  • lenovo/x60 – intel/socket_mPGA478 – init GPIOs before dock check, add hda verb table
  • siemens/mc_bdx1 – intel/fsp_broadwell_de SoC – Add external RTC, Set up MAC addresses, Update IRQs
  • siemens/mc_tcu3 – intel/fsp_baytrail SoC – cleanup & LCD panel updates

Changes in chips

Moved 3 northbridge/southbridge pairs to soc:

  • dmp/vortex86ex
  • intel/sch
  • rdc/r8610

Added 2 socs:

  • marvell/mvmap2315 (12 commits)
  • qualcomm/ipq40xx (22 commits)

Removed 1 soc:

  • nvidia/tegra132 – removed in commit 9ba0699

Added 2 sios:

  • nuvoton/nct6776
  • nuvoton/nct6791d

Existing chip areas with many changes

  • ARM (34 commits)
    • Add armv7-r configuration
    • rockchip/rk3399 (73 commits) – Bringup, memory updates
  • RISC-V (40 commits)
    • Improve and refactor trap handling
  • X86 (225 commits)
    • ACPI (40 commits) Add support for writing various entries and descriptor types, Add common definitions, Use ‘GOOG’ id for coreboot table
    • amd/mct_ddr3 northbridge: Support non-ECC DIMMs, Update SMBIOS, various fixes
    • arch/x86: many postcar stage updates, add common ACPI definitions, Support “weak” BIST and timestamp save routines
    • intel/apollolake SoC (211 commits) – Chip bringup, Update bootblock
    • intel/common: ACPI updates, Add smihandler, LPSS I2C driver, and  IGD OpRegion support
    • intel/fsp_broadwell_de: IRQ fixes, SPI message fixes, Add DMAR table to ACPI
    • intel/gm45 northbridge: Fix text mode init, enable vesa framebuffer, use VGA if connected
    • intel/i945 northbridge: add native VGA init, Update divisor calculations
    • intel/quark SoC (62 commits) – Chip bringup, add Fsp2.0 support, updates for serial console
    • intel/skylake CPU (61 commits) – Finished Skylake bringup, start updating for Kabylake FSP
    • intel/x4x northbridge (13 commits) – Memory & Graphics updates

Submodules

Updated 4 submodules

  • 3rdparty/blobs (6 commits)
  • 3rdparty/arm-trusted-firmware (425 commits)
  • 3rdparty/vboot (61 commits)
  • 3rdparty/chromeec/ (676 commits)

Tested boards

The following boards were tested for this release:

  • asrock/e350m1              4.4-1890
  • asus/kfsn4-dre               4.4-1698 / 4.5-17
  • asus/kgpe-d16                4.4-1802 / 4.5-17
  • emulation/qemu-q35   4.4-1698 / 4.5-8
  • gigabyte/ga-b75m-d3v 4.4-1757
  • google/peppy                 4.4-1882
  • lenovo/g505s                 4.4-1739
  • lenovo/x201                   4.4-1886
  • lenovo/x220                   4.4-1746 / 4.5-17

coreboot statistics

Total Commits: 1889
Average Commits per day: 10.92
Total authors: 119
New authors: 47
Total Reviewers: 67
Total Submitters: 19
Total lines added: 164950
Total lines removed: -182737
Total difference: -17787

[GSoC] Multiple status registers, block protection and OTP support, wrap-up (1/2)

Hello! 🙂

GSoC 2016 coding period has come to an end and mentor’s evaluating students this week. It has been an enriching 13 weeks of reading datasheets, designing structures, coding, learning and hanging out over IRC! 😛 I’d like to take this opportunity to present my work and details on how to use it. 🙂

Firstly, to offer context to the work, here is a list of public mails and blog posts. These should give an idea as to how the discussions and work evolved. A lot of the discussions have happened over IRC, but #flashrom does not keep any logs.

The patch sets that I sent to the mailing list can be found at –

  1. Multiple status register and access protection infrastructure
  2. OTP/Security registers infrastructure
  3. Dummy chips

You can also find these over at flashrom’s patchwork. The mailing list is where the review happens (although a better alternative, IMHO, is Gerrit which coreboot uses). The patches aren’t currently merged and are under review. In any case, you are most welcome to join review (which will likely be very helpful for me). 🙂 If you’d like to look at something more on the bleeding edge, then I invite you to my GitHub.

Now, moving on how to use the work. The most exhaustive documentation on how to use it is the code itself :P, but in the following list I attempt to list scenarios –

  • For SPI chips that have multiple status registers, flashrom’s verbose output will print the status register bits and there values. Most bits are named, i.e., the datasheet refers to the bit by an abbreviation, for instance, WEL for Write Enable Latch, WIP for Work In Progress, BP for Block Protect, LB for Lock Bit and so on. The verbose output will print these names, both in abbreviated and long forms, for most chips (and these abbreviations tend to be generic across many manufacturers). However, the process for adding new chips that leverage this, and adding new bits, is a fairly easy task (I would invite you to have a look at the code 😉 for more details). The verbose output also prints the write protection mode for status register(s) in effect (software protected, hardware protected, power cycle lock down and so on).
  • In case you want to disable or enable (a particular type) write protection for status register, you can use the --wp-disable or --wp-enable[=MODE] respectively (where MODE is either of software, hardware, power cycle or permanent – you are encouraged to have a look at the man page 🙂 for more details)
  • In case you want to protect a particular range of an SPI chip from writes or erases, you will need to alter the BP, TB or SEC bits. Currently, there is a CLI that will enable you to accomplish all that. 😛 First, you’ll want to look at the list of ranges your SPI chip supports – run flashrom with --wp-list. Take note of the start address and the length of the memory range you want to protect. Then again run flashrom with --wp-set-range start=0xfff000,len=4 (0xfff000 and 4 are for representational purpose only). By now the memory range is protected, but you can additionally enable status register write protection by following what the foregoing point described.
  • For SPI chips that support OTP, you can read, write and erase OTP regions (of course for supported chips :P). For OTP operations, you have at your disposal --print-otp-status, --read-otp [,reg=], --write-otp file=[,reg=], --erase-otp [reg=] and --lock-otp [reg=]. You can read the OTP memory to a file, or you can write to the OTP region from a file, very much like reading and writing from/to SPI chip. For more details, I would again like to point you to the man page. 🙂

Since this is a work-in-progress, the CLI may change (and is very likely). Currently around 10% of SPI chips use this new infrastructure. Models of a few manufacturers (and especially exotic ones like Atmel) are yet to be fully incorporated. You are most welcome to add support for new chips or update the existing ones to support new infrastructure. 🙂

I would like to sincerely thank my mentors Stefan and David for their support and help. I am indebted to them for this opportunity and I hope that we continue to share this relationship in the future while I continue to explore and contribute to flashrom. It has been a pleasure getting to know each of them. I’d also like to thank Urja for pitching in from time to time 🙂 It was fun hanging out over IRC and helping folks asking questions there. And I am looking forward to it for years to come. 😛

In the next and final part of this post, I will highlight how we intend to improve upon this work in the future, where it will be headed and what more we have in store, so please stay tuned. 😉 Phew, this was a long one, and rightly so as it attempts to summarise a great deal of experiences. If you have any feedback, questions or comments on the blogs or code, please feel to ping me on #flashrom where I am known as hatim. You can also email me at hatim@hatimak.me.

Thanks, and looking forward to hearing from you. 🙂 See you in the next and final part.

[GSoC] Better RISC-V support, wrap-up

In less than an hour, Google Summer of Code 2016 will be over (at least for us students). In this blog post, I will describe how you can use coreboot on RISC-V.

You can find the complete list of commits that I made during GSoC with this gerrit query.

The details

Compiling spike, the RISC-V instruction-set-level simulator

Spike, also known as riscv-isa-sim, is the reference implementation of RISC-V, and the only RISC-V platform that is currently known to work with coreboot (QEMU is nominally also supported, but the corresponding coreboot code has not been updated in a while).

First, you need to build and install libfesvr:

Then, you can compile and install spike:

  • Clone the spike git repository.
  • Apply the patch in this pull request to make console output possible.
  • Open riscv/processor.cc in a text editor and find processor_t::get_csr. Add a line that reads case CSR_MTIME: return 0;.
  • run ./configure --prefix="$HOME" --with-fesvr="$HOME" && make && make install

Compiling coreboot for RISC-V

  • Clone the coreboot git repository, if you haven’t already
  • Apply Iru Cai’s patch that updates the toolchain to GCC 6.1. You will currently have to fix a merge conflict when you apply this patch, but it’s an easy one.
  • Run make crossgcc-riscv
  • Run make menuconfig to configure coreboot. Select Emulation and SPIKE usb riscv in the Mainboard menu.
  • Run make
  • Run util/riscvtools/make-spike-elf.sh build/coreboot.rom build/coreboot.elf
  • Start coreboot by running spike build/coreboot.elf. You should see a few pages of output, ending in Payload not loaded.

Compiling and running Linux

  • Clone the riscv-linux git repository and check out the priv-1.9 branch
  • Apply this patch that allows linux to be started in machine-mode.
  • Download a copy linux 4.6.x from kernel.org, and unpack it. I’ll assume version 4.6.2 is used.
  • cd into linux-4.6.2/arch and symlink the arch/riscv directory from riscv-linux
  • Back in linux-4.6.2, run make O=build ARCH=riscv defconfig; cd into the newly created build directory.
  • Run make ARCH=riscv menuconfig. In the “General Setup” menu of the linux menuconfig, enter path/to/coreboot/util/crossgcc/xgcc/bin/riscv64-elf- as the cross-compiler tool prefix.
  • Run make ARCH=riscv vmlinux to compile linux.
  • Open vmlinux in a hex editor, such as hexer. Change the 8-byte number at 0x18 to 00 00 00 90 00 00 00 00; Add 00 00 00 90 00 00 00 00 to the numbers at 0x58 and 0x90, to load linux at physical addresses within RAM. It’s unfortunate that I have to recommend this step, but I did not come up with a better fix yet.

Next, you need to add vmlinux to coreboot:

  • Return to the coreboot directory.
  • Apply the remaining coreboot patches that are tagged riscv.
  • In the Payload menu, select An ELF executable payload. Instead of payload.elf, select the vmlinux file.
  • Run make and util/riscvtools/make-spike-elf.sh build/coreboot.rom build/coreboot.elf again.
  • Run spike build/coreboot.elf. You should now see a Linux boot, at least partially.

Future work

Even though my GSoC is over, coreboot’s support for RISC-V can still be improved, and I intend to fix at least some of the following things:

  • As you can see above, running coreboot and linux on RISC-V currently isn’t straight-forward, but involves a few manual steps.
  • There are other RISC-V platforms that I’d like to see coreboot on, such as lowRISC.
  • Linux does not completely boot, i.e. into userspace. There are still some bugs to be ironed out.
  • Automatic testing could be used to detect regressions.
  • I only tested coreboot on RISC-V with Linux; support for other operating systems or payloads is welcome.

Acknowledgements

I’d like to thank Ron Minnich and Furquan Shaikh for being good mentors, and everyone in the coreboot community for being helpful and friendly.

[GSOC] Panic Room, Recap

Hello everyone, in the following post I’m going to recap all that I’ve managed to accomplish during the GSoC of this year.

As a disclaimer: I plan to maintain these patches until they are fit to be mainlined or rejected altogether in case of design flaws.

libpayload: replace cbfs_media api with region_device api

This patchset should be complete, I tested it quite thoroughly by using the API to update the bayou payload (separate patch). I'm still waiting on a review on this one so I suspect there will be some cause for nitpicks.
bayou: Adapt to the coreboot-v4 era

Changed the design of the payload to make it integrate better with the current infrastructure of coreboot. The majority of the changes have been documented in the appropriate wiki entry. The patchset is complete and working.
console/serialice: Add SerialICE

The patchset was started and the initial work was done by Patrick Rudolph.
I picked it up from there, fixed the problems that it had and tried to get it in shape. It currently works as expected, waiting on more review/feedback.
serialice: update QEMU to version 2.5
serialice: adapt serialice to work with QEMU stable-2.5

In its current state this patchset produces a working build, all the functionality seems to be intact and SerialICE produces the same output as with the old implementation. There could be some unforeseen problems with the changes in the QEMU infrastructure and it could use a cleanup.
[WIP] src: replace device_t type with pnp/pci_defn_t

This is one of the latest commits that I've worked on, it's still a work in progress but I plan to remove all the the improper uses of device_t and replace it with the appropriate type. It's probably gonna take a while and I suspect the patch is going to be massive. If anyone has any suggestion on how to handle this transition feel free to tell me.
tint: Fix tint and add Kconfig option

The payload works as intended. Only nit is that maintaining a separate patch to apply to the tint code is tricky/messy.
lib/selfboot: Replace rdev_mmap_full()

The code worked, even though it's been a while since I rebased the change to check for conflicts. Should be an easy fix anyway.
payloads: add support lz4 compression

selfboot: add sequential lz4 payload decompression

The functionality works as expected.
coreinfo: Add support to read timestamps

cbmem: share additional time stamps IDs

Code works as intended, the only thing missing are the commas that should split the timestamps in groups of 3 digits. I couldn't port that part since it relied on a recursive function that no longer worked.
elfwriter: Fix multi-phdrs ELFs parsing

cbfstool: Require "-m ARCH" to extract payloads and stages

cbfstool: Extract payload in ELF

One of the oldest patchset that I wrote, took a while to get it right but it seems to be working wonderfully.
region: Add writeat and eraseat support

Below are a bunch of minor patches that I’ve written to fix the bugs that I’ve encountered while working on the patches above or browsing the source tree:

i945.h: fix #include path

emulation/qemu-i440fx: add cmos.default file

nvramcui: refactor code

pc80/mc146818rtc.h: Replace leftover macro token

lenovo/x60: add GPIOs initialisation before dock check

serialice: update lint filters

payloads: add Kconfig option for bayou

libpayload: split "Drivers" config section in Kconfig

bayou: delete pbuilder utility

filo: Specify libpayload path

cbfstool: Allow to easily build the individual tools

If you have any question regarding these patches you can find me on IRC (avengerf12).

I wanna conclude this post by expressing my gratitude towards the coreboot’s GSoC admins and mentors for the wonderful opportunity that they have given me and to the coreboot community for all the help and suggestions.

Sincerely,

Antonello

[GSoC] Better RISC-V Support, week #10

This past week, I worked on the virtual memory initialization code of coreboot on RISC-V. The first part of this was to update encoding.h a file that defines constants such as bit masks which are necessary for interacting with RISC-V’s Control and Status Registers. As a result, I also had to change a few files that relied on outdated constants. Then I wrote some code to walk the page table structures, and fixed one or two bugs in the page table setup code. Unfortunately my patches aren’t as finished as I would like them to be.

When I tested my changes with a Linux payload (which I had to edit the ELF headers of, because Linux uses virtual addresses, while cbfstool and the SELF loader use physical addresses), I stumbled upon another strange error: I get a store access fault in the instruction of the trap handler that saves the first register, even if I initialize the stack pointer to a value that’s within the RAM. When the trap handler runs again to handle this store access fault, it runs without any problems. This fault is especially confusing, because machine mode should always be able to access RAM through its physical addresses.

What’s next?

During the next week, I’ll be traveling and won’t be able to work on coreboot. When I return, I will rework my patches so they can be merged, and hopefully understand the aforementioned access fault problem. Properly set-up page tables should bring me a step closer to running Linux on coreboot/RISC-V (without bbl in the middle).

If time permits, I will start porting coreboot to the Nexys 4 DDR devboard.

[GSOC] Panic Room, week #7

What have you procrastinated on this past week?

As usual, I’m glad you asked.

During the past week I worked every day(/night) on the porting of the region_device API (commit) as I probably mentioned last week. The port is now complete and it should be bug-free (?).
It’s been tested pretty thoroughly since I immediately used it to adapt Bayou from the old LAR/coreboot-v3 paradigm to the new CBFS/coreboot-v4 one.
A bunch of bugs cropped up with the new API during the transition (debugging the API wasn’t fun at all) but they have been solved and unless for some corner-cases that I missed it should just work.

The second part of the week, as you might have guessed read, has been devoted to fixing Bayou (commit). This has been quite fun, almost everything was broken or relied on some old function that has since been dropped from libpayload.
It now works quite well and supports all of the original features.
The only problem now are with the other payloads since they aren’t all able to exit cleanly and give back control to bayou (i.e. coreinfo reboots before returning, tint halts, etc).
If you want to know more details take a look at the commit message.

Apart from this two items I wrote a couple of patches concerned with libpayload and a patch that adds support for sequential lz4 decompression during the boot process (Thank you, Julius Werner, for pointing that out).
I also just finished updating the wiki entry for Bayou, so if someone wants to test it out… 🙂

What’s next?

With less than a month left of my GSOC time I plan to dedicate solely to maintain the patches that I currently have and work on the coreboot/serialice integration (so as to finally do something pertinent to the original proposal).

Have a nice weekend!

 

P.S.

I had to drop the idea of working on the FILO (flashupdate) project since it relies on a series of patches that have not been finished yet (libflashrom). It will be a project for another time perhaps.

P.S.S.

I think I lost count of a few weeks here and there…

[GSoC] Better RISC-V support, week #6/7/8/9

Since I haven’t posted an update of my coreboot-on-RISC-V work in a while, this will be a slightly longer post.

Week 6

In week 6, I started documenting how to build and boot coreboot on RISC-V, in the coreboot wiki.
It is now a bit outdated, because we’re moving away from using bbl to boot Linux.

Week 7

I wrote some patches: I removed code that used the old Host-Target Interface (HTIF), because it’s deprecated. I submitted an improved version of my workaround for the bug that causes Spike to only execute 5000 instructions in some cases. I informed the coreboot resource management subsystem about the position of the RAM in physical address space, so that the program loader wouldn’t refuse to load segments into RAM. I submitted two patches to fix compiler errors with the new toolchain.

Meanwhile, there were some good news in the RISC-V world:

Week 8

I submitted a few more patches and started to explore the Nexys4 board. The precompiled bitstream and kernel from the lowRISC version 0.3 tutorial worked without any problems, and after a few days and some help from the lowRISC mailing list, I was able to recompile the lowRISC bitstream.

This week

I discussed the choice of boot medium with the lowRISC developers, and they agreed that a memory-mapped flash would be useful. Once it is implemented, I
can start porting coreboot to lowRISC on the Nexys 4 DDR board. Luckily the Nexys4 already has large enough flash to use for this purpose.

My mentors and I agreed that the switch from machine mode to supervisor mode should be left completely to the payload.

What’s next?

I will continue to work on running coreboot on the Spike emulator. Currently I’m facing the following problems and tasks:

  • Linux, when compiled to an ELF file (vmlinux) specifies that it wants to be loaded at the physical address 0x0 and at the virtual address 0xffffffff80000000. Since coreboot’s ELF loading code only looks at the physical address, it refuses to load Linux, since RAM starts at 0x80000000 on RISC-V.
  • Low level platform information (most importantly the memory layout) is passed to the firmware (coreboot in this case) as a configuration string, which is dynamically generated by the emulator, in the case of Spike. I still need to implemented a parser for this format, so coreboot can know how much memory is available.
  • The RISC-V Privileged Architecture Specification 1.9 specifies that there shall be a page at the top of the virtual address space where the operating system can call a few functions exposed by the firmware (this is the Supervisor Binary Interface).

[GSOC] Panic Room, week #4/5/6

What have you been up to these past few weeks?

My facetious alter ego, I must admit I sinned, I strayed oh so much from my original timeline. (Quite obvious if you read the previous posts)

Since my last post I mainly kept focusing on the region_device API, I attempted to go through with my week #3 plan to continue the phasing out of rdev_mmap_full() from the selfload code (described in previous post).

I think I overestimated what I could accomplish regarding that project, I tried to modify the current lzma API used inside to coreboot to make it possible to easily load each chunk of data from memory/chip and decompress it gradually.
Theoretically it shouldn’t be too difficult, in practice the decompression code is particularly nasty and it seems it is a customised version of the LZMA SDK code.
I, not so quickly, realised that I didn’t have the time to delve into that, so I momentarily dropped the idea. (It could be a nice project to do after the GSOC ends.)

I also spent a chunk of my time in porting the time stamps reading functionality from the cbmem utility into the coreinfo payload (commit).
It is now possible to read how much time the coreboot boot sequence takes without having a working OS environment.
I needed to measure if there had been any boot time improvements after the rdev_mmap_full commit. (Still haven’t got around to doing that though…)

What are you working on now then?

I’m currently working on porting the region_device API from coreboot to libpayload, meanwhile replacing all the functionality that was provided by its predecessor: cbfs_media.

Today I finished (in before my code has to be reworked completely ) replacing the old api inside libpayload and started converting the only payload that used cbfs_media: depthcharge, the payload used to boot ChromeOS.
Hopefully it will be a painless process.

What’s next?

So, after I finish these current patch (possibly for the weekend), I need to re-focus my attention on my actual timeline.
I plan to test the current FILO master branch to check for possible problems and show-stoppers before an eventual new release in the (near?) future.
It would be quite helpful in that the current stable is not stable at all, it doesn’t even compile and neither does the master tag (unless you apply this patch which is still pending approval).
It would also be the first release that includes the new flashupdate command and would allow for some interesting things to be done (i.e. path to the recovery from a bad coreboot flash/configuration).

Furthermore I would like to get the SerialICE firmware-side code to be merged into the main coreboot codebase (commit), so I plan to work out the current problems with the time that I still have at my disposal. (Uh, sounds a bit cliche’ by now)

See you next week time! (Just to be on the safe side 🙂 )

[GSoC] Better RISC-V support, week #4/5

Week 4

In week 4, I tracked down why coreboot halted after about one line of output. It turned out to be a spike bug, that I wrote up in this bug report, and affect any program that doesn’t have a tohost symbol. As a workaround, I extended my script that turns coreboot.rom into a ELF to also include this symbol.

After some more patches I could run coreboot in spike and get the familiar “Payload not loaded” line.

Week 5

I was now clearly moving towards being able to run linux on spike/coreboot. But there was a problem: The RISC-V linux port requires a working implementation of the Supervisor Binary Interface (SBI), which is a collection of functions that the supervisor (i.e. the linux kernel) can call in the system firmware.

Coreboot has an implementation of the SBI, but it’s probably outdated by now. To get an up-to-date SBI implementation, I decided to use bbl as a payload. When I built bbl with coreboot’s RISC-V toolchain, I noticed that it depends on a libc being installed in two ways:

  • The autoconf-generated configure script checks that the C compiler can compile and link a program, which only succeeds if it finds a linker script (riscv.ld) and a crt0.o in the right place.
  • bbl relies on the libc headers to declare some common functions and types (it doesn’t use any of the implementations in the libc, though).

The coreboot toolchain script doesn’t, however, install a libc, because coreboot doesn’t need one.

I tweaked the bbl source code until it didn’t need the libc headers, changed the implementation of mcall_console_putchar to use my 8250 UART, got the payload section of bbl (where linux is stored before it’s loaded) out of the way of the CBFS by moving it to 0x81000000 (bbl/bbl.lds is the relevant file for this change), and could finally observe Linux booting in spike, on top of coreboot and bbl. It stops with a kernel panic, though, because it doesn’t have a root filesystem.

Plans for this week

This week I will document my work on the Spike wiki page in the coreboot wiki, so others can run coreboot on spike, too.

[GSoC] Multiple status registers, block protection and OTP support, week #3 and #4

The most important accomplishment during these weeks was developing a generic algorithm which would generate the block protect range table for a given flash chip. This algorithm can be applied to a majority of chips.

The previous solution that I had developed was to have range tables stored in a struct and a pointer to it would be in struct flashchips for chips that share the range definition. This array of struct range would be indexed by block protect (BP) bitfield, so essesntially we could get the protected range for a chip given the bitfield in O(1) time. While it looked neat, it was only marginally an improvement over existing solution in ChromiumOS.

I really wanted to try to have a more elegant and robust solution. So after getting back some feedback from my mentor David, I decided to investigated further. I started with around 80 datasheets from AMIC, Eon, GigaDevice, Macronix, Winbond and others with objective to find whether a generic pattern could be observed such that given a chip and its properties can we compute its BP ranges. After a few attempts, I settled on a model that fits all GigaDevice and Winbond chips, and to some AMIC and Eon chips, which together account for around 50% of the chips I investigated. Having the layout of the status register as a member of struct flashchip came in very handy. For the algorithm itself and its demo, please have a look at this mail in the discussion thread on the mailing list. Once this was in place, I went through another iteration to allow the code to automatically handle presence (or absence) of SEC/TB/CMP bits.

One could wonder that since this model generates range tables automatically for only about half of the chips, what about the remaining ones? As I like to put it slightly dramatically, the “grand” design is very flexible. The struct wp has function pointers that can be assigned chip specific functions, but if they are unassigned then the code falls back to using the generic functions. Quite a few chips that are not included in the 50% collection above, have ranges that can be computed with slight modification after the generic pattern has been applied, allowing maximum re-use of code. This idea is also part of the mail and demo linked above.

The investigation and subsequent pattern deduction took a fair amount of effort. Although I was very happy with the results, nonetheless they were at a slight tangent to what I had planned. The last week had not been as productive as I would have it. So as it stands, I am slightly amiss from the pre-midterm timeline I had proposed. However, I have taken corrective measures, and will ensure that post-midterm timeline is not affected.

Currently I am finalising the OTP support model. The functionality for reading/writing multiple status registers and block protection are in place. I am also simultaneously adding support for new infrastructure to existing chips. Later this week I will work on CLI to expose this functionality and wire up existing flashrom code to make use of the new infrastructure. Following that, I will be testing the new infrastructure on a few GigaDevice chips that I have. I have also ordered some chips from a few other manufacturers so hopefully they should arrive in time by then.

Thanks for your time. In case you have any feedback, I’d love to hear. See you later!