User:GNUtoo: Difference between revisions

From coreboot
Jump to navigation Jump to search
 
(245 intermediate revisions by the same user not shown)
Line 1: Line 1:
* I did the port to the M4A785T-M
== Wiki contributions ==
* I've an x60
My contributions to this wiki are available under the following licenses:
* I've an alix.1C
* [https://creativecommons.org/licenses/by-sa/3.0/legalcode CC-BY-SA 3.0]
* [https://creativecommons.org/licenses/by-sa/4.0/legalcode CC-BY-SA 4.0] or later
* [https://www.gnu.org/licenses/fdl.txt GFDL 1.3] or later


== scripts to help getting rid of the vbios of the x60 ==
== Code contributions ==
=== Script 1: generate the io access for the coreboot driver ===
In the [https://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=Documentation/gerrit_guidelines.md;h=1833b0a8f0dc89001547c73457d113a4a56fbd31;hb=refs/heads/master#l31 gerrit guidelines] there the follwing line: "Don't modify other people's patches without their consent."
* follow "Case study: new laptop (not complete, sorry)" in https://docs.google.com/document/d/1g8FMob25VZYxbWri2iFB8YiSL8gwF9vKJH3HGxr0xQU/edit?pli=1
* pacman -S plan9port
* cp /opt/plan9/bin/ssam ./
* replace the following line in ./ssam:
#!/usr/local/plan9/bin/rc
by the following line:
#!/opt/plan9/bin/rc
* create the ssamfix file with:
  ,s/\[ *[0-9]+\..[0-9]+\]//g
  ,s/^ *//g
y/^[RWU]/s/^/M /g
  ,s/\nU/ ;;;UDELAY/g
  ,|uniq -c
  ,s/^ *//g
  ,s/(^[0-9]+) ([MRW])/\2 \1/g
  ,s/"/\\"/g
  ,s/^M ([0-9]+) *(\[.*)/{M, \1, "\2"},/g
  ,s/^M ([0-9]+) *(.*)/{M, \1, "\2"},/g
  ,s/:  */:/g
  ,s/...UDELAY *([0-9]+)/\1/g
  ,s/^([RW]) ([0-9]+) (.*):0x([0-9a-f]+)(.*)/{\1, \2, "", \3, 0x\4, \5},/g
* run the following commands:
. /etc/profile.d/plan9.sh
cat dmesg| ./ssam  -f ssamfix > foo.c


=== Script2: compare the io access that were too fast ===
I consent to the modification of my patches by anybody. I work on specific things because no one wants to do what I want to do. Else I'd be happy if someone else did the work, so I could pick the next task in my huge TODO list.
* Replace {V,0,}, with {V,7,}, in src/mainboard/vendor/device/i915io.c
* cat /dev/ttyUSB0 > accesses.txt
* Use that script against accesses.txt to find the guilty accesses:
#!/usr/bin/env python2
import sys,re
 
def main(args):
try:
f = open(args[1],'ro')
except:
print args[0], " <file>"
for line in f:
if re.match("0x[0-9]*: Got .*, expect .*",line):
line = line.replace('\r\n','').replace(", expect ",':').replace(": Got ",':')
split = line.split(':')
#print split
if split[1] != split[2]:
print line
if __name__ == '__main__':
main(sys.argv)


== How to get semantic IOs ==
Interests:
In i915tool:
* 100% Free computers(Laptops, Desktops, Home Servers, routers).
* import your IOs in prettyregs.c
* Security
* compile prettyregs.c
** Secure boot trough GRUB with full disk encryption (no /boot in clear)
* run prettyregs
** Protect against DMA and other attacks that have access to the x86 cpu's RAM.
* Making it possible for end user to be able to use coreboot/libreboot:
** Making it easy or scalable to install coreboot/libreboot.
** Making it usable.
* Making less risky to reflash, permitting users without an external programmer to easily reflash, and developers to develop anywhere without a huge setup consisting of another computer and the coreboot computer beeing worked on. I'm also interested in getting the cbmem logs written to flash to make debugging easier when no other computer is available(for instance while the developer is traveling to a conference).


== How to get rid of the vbios of the x60 [New Version] ==
== Howtos ==
Apply the coreboot patches, or re-do them for your mainboard
* [[/make boot software writable for recent Intel computers]]
Then configure coreboot with:
* [[/External GPU init without running the option rom]]
[*] Output verbose x86emu debug messages
 
[ ]   Trace JMP/RETF
= X60/I945 native GPU init History =
[ ]   Trace all opcodes
The Lenovo X60 GPU init has been merged a long time ago.
  [ ]  Log Plug&Play accesses
Since then it has been rewriten/improved a lot by other people (See git log for more details).
[ ]  Log Disk I/O
Thanks to all that work it's now a proper driver.
  [ ]  Log PMM
 
[ ]  Debug VESA BIOS Extensions
So I've moved the X60 GPU init information in [[/X60_GPU_init|a subpage]]
[ ]  Redirect INT10 output to console
 
[ ]  Log intXX calls
= Personal oppinions =
[ ]  Log special memory accesses
* [[/Microcode]]
[ ]  Log all memory accesses
* [[/Yabel]]
[*]  Log IO accesses
 
Build and flash coreboot.
= For coreboot developers =
Then go into i915tool(the official one, not the one in coreboot repository) and apply some patches for the x60 or redo them for your mainboard.
This section is mainly usefull for finding informations for:
  $ cd i915tool/x60
* Asking me to test some code (that's why I listed all my hardware).
use picocom -b 115200 /dev/ttyUSB0 or stty to set the bauds of the Serial port.
* Find my work in progress code.
Then get logs:
* Find legacy code.
  $ cat /dev/ttyUSB0 | tee coreboot.log
* Find what I'm interested in working on:
Then remove the binary symbols, dos2unix will help identifying where they are:
** If you want to work on the same thing than me, you could contact me if you want so:
$ dos2unix coreboot.log
*** I could help if I have time.
dos2unix: Binary symbol found at line 136332
*** I could test if I have time.
dos2unix: Skipping binary file coreboot.log
*** I may have some pointers.
Then do:
* HOWTO that documents how to do a native VGA init for the Lenovo x60:
$ dos2unix coreboot.log
** It probably applies to the Lenovo t60 that have an Intel GPU, with no or very minor modifications.
Then remove the lines before and after the log, the log looks like that:
 
[0047229e]c000:51cb outl(0x80001014, 0x0cf8)
== My hardware ==
[0047325f]c000:51d4 inw(0x0cfc) = 0x50a1
=== Mainboard/Devices running coreboot ===
{| class="wikitable" border="1"
! Device/Mainboard
! Serial/output
! flash recovery mecanism
! What I worked on
|-
| Asrock E350M1
|
* cbmem -c
* Serial
| rowspan="3" |
* External programmer
* Swapping the flash chip
|
|-
| Asus F2A85-M PRO
|
* cbmem -c
| rowspan="2" |
* I've been the main porter.
* Usability improvements
|-
| Asus M4A785T-M
|
* cbmem -c
* Serial
|-
| Lenovo X60
| rowspan="4" |
* cbmem -c
* Serial on the dock
* spkmodem
* USB debug
| rowspan="5" |
* External programmer with pomona clip
| rowspan="2" |
* Native GPU init
* Usability improvements.
|-
| Lenovo X60T
|-
| Lenovo T60
|
* Usability improvements.
|-
| Lenovo T400
|
|-
| Lenovo X200
|
* cbmem -c
|
|-
| PC Engines Alix 1.C
|
* Serial
|
* Hot swap with the LPC dongle|
* Usability improvements.
|-
|}
 
=== Mainboard/Devices not running coreboot (yet?) ===
If you need to have some tests done on the default boot firwmare, you should ask me as it is fast to do if I've the laptop nearby.
 
{| class="wikitable" border="1"
! Device/Mainboard
! Reason
|-
| Lenovo Thinkpad X200T
| I need to find a way to be able to easily, robustly, and safely reflash it:
* If a SOIC8 SPI chips is soldered instead of the WSON8 one, the solder past must not affect the stability of the SOIC8 clip. That is probably the most adapted way for me.
* Wires aren't ideal if they break easily.
* Internal flashing can't be trusted for freedom/privacy/security: The hardware probably permits boot firmwares to  very easily mess up with the flash content while it's being read or written: The hardware can probably be programmed to emmit SMM interrupts when the flash chip is accessed, and once in SMM, modify the data. This is the case on i945 thinkpads, however I didn't check the X200T datasheet yet, hence the "probably".
|-
|}
 
=== Debugging tools ===
* External programmers :
** Arduino duemillanove (serprog based)
** Arduino uno (serprog based)
** openmoko debug board (FTDI based)
** bug20 (linux_spi)
* A pomona clip
* a null-modem serial cable and 2 USB<->Serial adapters
* [[EHCI Gadget Debug|USB debug]] compatible devices:
** a bug20 (omap3530)
** a GTA04 A3 (DM370)
 
== My TODO list ==
See also TODO of the respectives machines on their dedicated wiki page.
* Merge or abandon my old patches.
* I945, GM45, GS45 thinkpads: Have all hardware features working (feature parity with the default boot firmware):
** IRDA
** TPM
** Testing: write tests for
*** suspend/resume
*** power consumption
*** heat
* GM45: Merge ich9gen functionality in ifdtool or ifdfake
* GM45: Investigate internal flashing (Look if BIOS->Modded BIOS->Coreboot works and understand why)
* I945: SeaBIOS: allow booting on SD cards.
* Port a logging mecanism from chromebooks to all devices in order to be able to retrive the log of the failed boot at the next reboot.
* Document flash protections and vboot.
* Verify if all the microcodes were moved away from coreboot git.
* (Alix 1.C: port the VSA to fasm)
* (GDB improvements: allow gdb earlier than ramstage)
* I945: Write a freedom/privacy/security review
* GM45: Write a freedom/privacy/security review
* More recent Intel with me_cleaner: Write a freedom/privacy/security review
 
= Work in progress documentation =
* [[/Blobs-rewrite]]
* [[/Golden Finger Connector]]
* [[/Hardware Comparison]]
* [[/APU1 reflashing]]

Latest revision as of 12:40, 10 May 2018

Wiki contributions

My contributions to this wiki are available under the following licenses:

Code contributions

In the gerrit guidelines there the follwing line: "Don't modify other people's patches without their consent."

I consent to the modification of my patches by anybody. I work on specific things because no one wants to do what I want to do. Else I'd be happy if someone else did the work, so I could pick the next task in my huge TODO list.

Interests:

  • 100% Free computers(Laptops, Desktops, Home Servers, routers).
  • Security
    • Secure boot trough GRUB with full disk encryption (no /boot in clear)
    • Protect against DMA and other attacks that have access to the x86 cpu's RAM.
  • Making it possible for end user to be able to use coreboot/libreboot:
    • Making it easy or scalable to install coreboot/libreboot.
    • Making it usable.
  • Making less risky to reflash, permitting users without an external programmer to easily reflash, and developers to develop anywhere without a huge setup consisting of another computer and the coreboot computer beeing worked on. I'm also interested in getting the cbmem logs written to flash to make debugging easier when no other computer is available(for instance while the developer is traveling to a conference).

Howtos

X60/I945 native GPU init History

The Lenovo X60 GPU init has been merged a long time ago. Since then it has been rewriten/improved a lot by other people (See git log for more details). Thanks to all that work it's now a proper driver.

So I've moved the X60 GPU init information in a subpage

Personal oppinions

For coreboot developers

This section is mainly usefull for finding informations for:

  • Asking me to test some code (that's why I listed all my hardware).
  • Find my work in progress code.
  • Find legacy code.
  • Find what I'm interested in working on:
    • If you want to work on the same thing than me, you could contact me if you want so:
      • I could help if I have time.
      • I could test if I have time.
      • I may have some pointers.
  • HOWTO that documents how to do a native VGA init for the Lenovo x60:
    • It probably applies to the Lenovo t60 that have an Intel GPU, with no or very minor modifications.

My hardware

Mainboard/Devices running coreboot

Device/Mainboard Serial/output flash recovery mecanism What I worked on
Asrock E350M1
  • cbmem -c
  • Serial
  • External programmer
  • Swapping the flash chip
Asus F2A85-M PRO
  • cbmem -c
  • I've been the main porter.
  • Usability improvements
Asus M4A785T-M
  • cbmem -c
  • Serial
Lenovo X60
  • cbmem -c
  • Serial on the dock
  • spkmodem
  • USB debug
  • External programmer with pomona clip
  • Native GPU init
  • Usability improvements.
Lenovo X60T
Lenovo T60
  • Usability improvements.
Lenovo T400
Lenovo X200
  • cbmem -c
PC Engines Alix 1.C
  • Serial
  • Hot swap with the LPC dongle|
  • Usability improvements.

Mainboard/Devices not running coreboot (yet?)

If you need to have some tests done on the default boot firwmare, you should ask me as it is fast to do if I've the laptop nearby.

Device/Mainboard Reason
Lenovo Thinkpad X200T I need to find a way to be able to easily, robustly, and safely reflash it:
  • If a SOIC8 SPI chips is soldered instead of the WSON8 one, the solder past must not affect the stability of the SOIC8 clip. That is probably the most adapted way for me.
  • Wires aren't ideal if they break easily.
  • Internal flashing can't be trusted for freedom/privacy/security: The hardware probably permits boot firmwares to very easily mess up with the flash content while it's being read or written: The hardware can probably be programmed to emmit SMM interrupts when the flash chip is accessed, and once in SMM, modify the data. This is the case on i945 thinkpads, however I didn't check the X200T datasheet yet, hence the "probably".

Debugging tools

  • External programmers :
    • Arduino duemillanove (serprog based)
    • Arduino uno (serprog based)
    • openmoko debug board (FTDI based)
    • bug20 (linux_spi)
  • A pomona clip
  • a null-modem serial cable and 2 USB<->Serial adapters
  • USB debug compatible devices:
    • a bug20 (omap3530)
    • a GTA04 A3 (DM370)

My TODO list

See also TODO of the respectives machines on their dedicated wiki page.

  • Merge or abandon my old patches.
  • I945, GM45, GS45 thinkpads: Have all hardware features working (feature parity with the default boot firmware):
    • IRDA
    • TPM
    • Testing: write tests for
      • suspend/resume
      • power consumption
      • heat
  • GM45: Merge ich9gen functionality in ifdtool or ifdfake
  • GM45: Investigate internal flashing (Look if BIOS->Modded BIOS->Coreboot works and understand why)
  • I945: SeaBIOS: allow booting on SD cards.
  • Port a logging mecanism from chromebooks to all devices in order to be able to retrive the log of the failed boot at the next reboot.
  • Document flash protections and vboot.
  • Verify if all the microcodes were moved away from coreboot git.
  • (Alix 1.C: port the VSA to fasm)
  • (GDB improvements: allow gdb earlier than ramstage)
  • I945: Write a freedom/privacy/security review
  • GM45: Write a freedom/privacy/security review
  • More recent Intel with me_cleaner: Write a freedom/privacy/security review

Work in progress documentation