User:GNUtoo: Difference between revisions
(→Mainboard/Devices running coreboot: Fixed it with an APU1) |
|||
| Line 29: | Line 29: | ||
* reflash the modified content | * reflash the modified content | ||
=== AMD/ATI/Nvidia GPU with SeaBIOS without running the option rom === | === AMD/ATI/Nvidia GPU with SeaBIOS without running the option rom === | ||
* [[/External GPU init without running the option rom]] | |||
= X60/I945 native GPU init History = | = X60/I945 native GPU init History = | ||
Revision as of 12:35, 10 May 2018
Wiki contributions
My contributions to this wiki are available under the following licenses:
- CC-BY-SA 3.0
- CC-BY-SA 4.0 or later
- GFDL 1.3 or later
Code contributions
In the gerrit guidelines there the follwing line: "Don't modify other people's patches without their consent."
I consent to the modification of my patches by anybody. I work on specific things because no one wants to do what I want to do. Else I'd be happy if someone else did the work, so I could pick the next task in my huge TODO list.
Interests:
- 100% Free computers(Laptops, Desktops, Home Servers, routers).
- Security
- Secure boot trough GRUB with full disk encryption (no /boot in clear)
- Protect against DMA and other attacks that have access to the x86 cpu's RAM.
- Making it possible for end user to be able to use coreboot/libreboot:
- Making it easy or scalable to install coreboot/libreboot.
- Making it usable.
- Making less risky to reflash, permitting users without an external programmer to easily reflash, and developers to develop anywhere without a huge setup consisting of another computer and the coreboot computer beeing worked on. I'm also interested in getting the cbmem logs written to flash to make debugging easier when no other computer is available(for instance while the developer is traveling to a conference).
Howtos
make recent intel BIOS flash writable and/or extract its pieces
Coreboot has an uttility in util/ifdtool for that.
- power off the laptop totally (remove the power, the battery etc...)
- connect an external programmer to the BIOS flash chip.
- dump the chip content with flashrom and that external programmer.
- run ifdtool on the extracted chip content
- reflash the modified content
AMD/ATI/Nvidia GPU with SeaBIOS without running the option rom
X60/I945 native GPU init History
The Lenovo X60 GPU init has been merged a long time ago. Since then it has been rewriten/improved a lot by other people (See git log for more details). Thanks to all that work it's now a proper driver.
So I've moved the X60 GPU init information in a subpage
Personal oppinions
Microcode
- The CPU microcodes are under a non-free license that is incompatible with coreboot's license.
- They are now moved away in a separate repository.
Some people say that the microcode is the equivalent of having a more recent CPU, as a justification for using it.
However since Intel microcodes are encrypted and signed, so we cannot know what they really do.
- People usually trust what the CPU vendor say about it, such as that it fixes some bugs(erratas for such bugs are published), but we don't know much more.
- Speculating about what they really do or cannot do won't help much since we usually cannot verify that information.
My goal is to have a 100% free computer, and also to spread that code, so that other people can have a 100% free computer too. According to the FSF, and the FSF criteria for differentiating software from hardware, that microcode is software. So since they consider it as non-free, a coreboot image containing that microcode would not be considered free by the FSF.
On my Lenovo x60, the microcode was easy to remove, and it worked fine, beside printing a scary kernel message pointing to an Intel errata.
What the errata says is that, when resuming from suspend to ram, the temperatures reading will not be updated, and the temperature overheat will not be reported. The hardware issues you may encounter will depend on your specific CPU. Not the CPU model, but instead the date at which it was manufactured. (To know if you are affected, under GNU/Linux, you can run the "dmesg" command and look for "coretemp: Errata AE18 not fixed, update BIOS or microcode of the CPU!" in its output. If you found it, you are affected)
Removing the microcode make it possible to have the gluglug (now minifree) Lenovo Thinkpad X60 ceritified "Respects your freedom" By the FSF.
So instead of debating trough huge flames about the fact that we should use, or not use the microcode, it was more effective to remove it and get the laptop certified.
The benefit of that is the publicity around the fact that this laptop can be made to run 100% free software. This makes users aware of it and willing to switch to it.
Yabel
Yabel can be used for tracing what the GPU does, but it cannot really prevent a proprietary VGA option rom from doing nasty tricks:
The GPUs in the Lenovo x60 and t60 have a bar that gives access to the whole memory:
Region 1: I/O ports at 50a0 [size=8]
I was told that many other GPU also have that issue.
The way to fix that is to get rid of the proprietary VGA option rom. On some boards it's possible and coreboot has a replacement for it. On some other boards, the kernel can initialize the GPU with or without tricks.
For coreboot developers
This section is mainly usefull for finding informations for:
- Asking me to test some code (that's why I listed all my hardware).
- Find my work in progress code.
- Find legacy code.
- Find what I'm interested in working on:
- If you want to work on the same thing than me, you could contact me if you want so:
- I could help if I have time.
- I could test if I have time.
- I may have some pointers.
- If you want to work on the same thing than me, you could contact me if you want so:
- HOWTO that documents how to do a native VGA init for the Lenovo x60:
- It probably applies to the Lenovo t60 that have an Intel GPU, with no or very minor modifications.
My hardware
Mainboard/Devices running coreboot
| Device/Mainboard | Serial/output | flash recovery mecanism | What I worked on |
|---|---|---|---|
| Asrock E350M1 |
|
|
|
| Asus F2A85-M PRO |
|
| |
| Asus M4A785T-M |
| ||
| Lenovo X60 |
|
|
|
| Lenovo X60T | |||
| Lenovo T60 |
| ||
| Lenovo T400 | |||
| Lenovo X200 |
|
||
| PC Engines Alix 1.C |
|
|
Mainboard/Devices not running coreboot (yet?)
If you need to have some tests done on the default boot firwmare, you should ask me as it is fast to do if I've the laptop nearby.
| Device/Mainboard | Reason |
|---|---|
| Lenovo Thinkpad X200T | I need to find a way to be able to easily, robustly, and safely reflash it:
|
Debugging tools
- External programmers :
- Arduino duemillanove (serprog based)
- Arduino uno (serprog based)
- openmoko debug board (FTDI based)
- bug20 (linux_spi)
- A pomona clip
- a null-modem serial cable and 2 USB<->Serial adapters
- USB debug compatible devices:
- a bug20 (omap3530)
- a GTA04 A3 (DM370)
My TODO list
See also TODO of the respectives machines on their dedicated wiki page.
- Merge or abandon my old patches.
- I945, GM45, GS45 thinkpads: Have all hardware features working (feature parity with the default boot firmware):
- IRDA
- TPM
- Testing: write tests for
- suspend/resume
- power consumption
- heat
- GM45: Merge ich9gen functionality in ifdtool or ifdfake
- GM45: Investigate internal flashing (Look if BIOS->Modded BIOS->Coreboot works and understand why)
- I945: SeaBIOS: allow booting on SD cards.
- Port a logging mecanism from chromebooks to all devices in order to be able to retrive the log of the failed boot at the next reboot.
- Document flash protections and vboot.
- Verify if all the microcodes were moved away from coreboot git.
- (Alix 1.C: port the VSA to fasm)
- (GDB improvements: allow gdb earlier than ramstage)
- I945: Write a freedom/privacy/security review
- GM45: Write a freedom/privacy/security review
- More recent Intel with me_cleaner: Write a freedom/privacy/security review