From 28ad9509267df4a482d11931abaa18da2aa8183b Mon Sep 17 00:00:00 2001 From: Iru Cai Date: Tue, 13 Jun 2017 21:44:04 +0800 Subject: coreboot talk at BLUG --- coreboot-blug.tex | 648 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 648 insertions(+) create mode 100644 coreboot-blug.tex diff --git a/coreboot-blug.tex b/coreboot-blug.tex new file mode 100644 index 0000000..353f418 --- /dev/null +++ b/coreboot-blug.tex @@ -0,0 +1,648 @@ +% This work is licensed under the Creative Commons Attribution 4.0 +% International License. To view a copy of this license, visit +% http://creativecommons.org/licenses/by/4.0/ or send a letter to +% Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. + +\documentclass{beamer} +\usetheme{Madrid} +\usepackage{hyperref} +\usepackage{verbatim} + +\title{coreboot - the free firmware} +\author[vimacs]{vimacs \texttt{}} +\institute[BLUG]{Beijing GNU/Linux User Group} +\date{June 13th, 2017} +\begin{document} + +\begin{frame} +\titlepage +\end{frame} + +\begin{frame}{License} + This work is licensed under the Creative Commons Attribution 4.0 + International License. To view a copy of this license, visit + \url{http://creativecommons.org/licenses/by/4.0/}. +\end{frame} + +\begin{frame}{Index} +\tableofcontents[part=1] +\end{frame} + +\part{1} + +\section{What is coreboot?} + +\frame{\tableofcontents[currentsection]} + +\begin{frame}[fragile]{What is coreboot?} + coreboot is an extended firmware platform that delivers a lightning + fast and secure boot experience on modern computers and embedded + systems. As an Open Source project it provides auditability and + maximum control over technology. + + \emph{The word 'coreboot' should always be written in lowercase, + even at the start of a sentence. } +\end{frame} + +\subsection{History} + +\begin{frame}{History: from LinuxBIOS to coreboot} + coreboot has a very long history, stretching back more than 15 years + to when it was known as LinuxBIOS. While the project has gone + through lots of changes over the years, many of the earliest + developers still contribute today. +\end{frame} + +\begin{frame}{LinuxBIOS v1: 1999-2000} + The coreboot project originally started as LinuxBIOS in 1999 at Los + Alamos National Labs (LANL) by Ron Minnich. Ron needed to boot a + cluster made up of many x86 mainboards without the hassles that are + part of the PC BIOS. The goal was to do minimal hardware + initilization in order to boot Linux as fast as possible. Linux + already had the drivers and support to initialize the majority of + devices. Ron and a number of other key contributors from LANL, Linux + NetworkX, and other open source firmware projects successfully + booted Linux from flash. From there they were able to discover other + nodes in the cluster, load a full kernel and user space, and start + the clustering software. +\end{frame} + +\begin{frame}{LinuxBIOS v2: 2000-2005} + After the initial success of v1, the design was expanded to support + more CPU architectures (x86, Alpha, PPC) and to support developers + with increasingly diverse needs. + + One of the design goal is to have little assembly as possible. + \begin{itemize} + \item standard C cannot be used because C compiler requires memory + for stack + \item the new DDR memory controllers required significantly more + configuration and a lot more ASM + \item solution: ROMCC by Eric Biederman + \end{itemize} + + LinuxBIOS device tree was introduced. + + Many target systems had flash that were too small to hold both the + hardware initialization code and the Linux kernel. Payloads were + created. + \begin{itemize} + \item modified etherboot for clusters + \item FILO for disk-based boot + \end{itemize} +\end{frame} + +\begin{frame}{LinuxBIOS v2+: 2005-2008} + Cache as RAM was introduced in 2005. + + Stefan Reinauer formed a company named coresystems GmbH to support + LinuxBIOS. Stefan was one of the primary developers and co-leaders + of LinuxBIOS with Ron Minnich. His significant contributions + included the first AMD64 port, the original ACPI implementation, the + original SMM implementation, the flashrom utility, and the FILO + payload development and maintainer. + + In 2005, FSF started the Free BIOS campaign to support LinuxBIOS + development. Ward Vandewege of FSF ported LinuxBIOS to the FSF + servers and other mainboards. +\end{frame} + +\begin{frame}{LinuxBIOS v3: 2006-2008} + By 2006, LinuxBIOS had already supported hundreds of + mainboards. With so many boards, there were problems with porting + additional silicon and systems. + + \begin{itemize} + \item Developers fixed and clarified many driver and bus support + issues in the device tree. + \item Kconfig + \item firmware image archive called LAR (LinuxBIOS Archiver), which + led to the more refined and flexible concept of CBFS + \end{itemize} + + It wasn't the main development branch; it was essentially an R\&D + branch, where the best ideas were backported to v2. +\end{frame} + +\begin{frame}{2008: LinuxBIOS renamed coreboot} + \url{https://www.coreboot.org/pipermail/coreboot/2008-January/029135.html} + \begin{itemize} + \item LinuxBIOS = (core boot code) + (Linux kernel) + \item Linux was no longer booted directly from flash + \end{itemize} +\end{frame} + +\begin{frame}{coreboot v4} + \begin{itemize} + \item In early 2010, coreboot moved from SVN to Git + \item during the transition, the community took the opportunity to + recognize the advancements of the past 10 years and updated to + version 4.0. + \item contributions from AMD: AMD Generic Encapsulated Software + Architecture (AGESA) + \item Google Chromebook + \item Intel FSP + \item libreboot for ThinkPad T60 + \item + \href{https://www.coreboot.org/pipermail/coreboot/2015-July/080120.html}{coreboot + v4.1} + \end{itemize} +\end{frame} + +\begin{frame}{About libreboot} + Some firmware components are non-free: + \begin{itemize} + \item Intel ME firmware/AMD PSP + \item Intel FSP/closed source AGESA + \item Option ROMs (including VGA BIOS) + \item CPU microcode + \item EC firmware + \end{itemize} + + Libreboot is a coreboot distribution that removes proprietary + components, including Intel ME, FSP, VGA BIOS, etc. On some laptops, + the EC firmware is also free(Chromium EC in Chromebooks). +\end{frame} + +\subsection{Why use coreboot} +\begin{frame}[fragile]{Why use coreboot} + + You can see the advantages of coreboot at: + \url{https://www.coreboot.org/users.html} + + \begin{itemize} + \item coreboot is free software (see + \href{https://www.fsf.org/campaigns/priority-projects/priority-projects/highpriorityprojects#Coreboot}{FSF + Free BIOS Campaign}) + \item fast boot times + \item it's flexible + \end{itemize} +\end{frame} + +\begin{frame}{Fun stuff on BIOS} + \begin{itemize} + \item \url{https://www.coreboot.org/Fun_Stuff} + \end{itemize} +\end{frame} + +\section{How coreboot works} + +\frame{\tableofcontents[currentsection]} + +\begin{frame}{How coreboot works} +%On Intel x86 architecture, the first instruction is at 0xFFFFFFF0. +%src/cpu/x86/16bit/reset16.inc +%_start16bit(entry16.inc): enter protected mode +%__protected_start(entry32.inc) + %src/arch/x86/bootblock_romcc.S + + We'll take lenovo/x230 as example to see how a machine boots with + coreboot. + + We can build coreboot with ``\texttt{make V=1 > build.log}`` to see which + files are used to build coreboot for this mainboard. +\end{frame} + +\begin{frame}{coreboot stages} + The coreboot firmware runs in several stages. + \begin{itemize} + \item bootblock: the earliest code that the CPU runs + \item romstage: before main memory is ready, only the code in the + flash can be run, and no other memory can be used + \item ramstage: after main memory can be used, the ramstage code is + uncompressed in memory, and do the remaining initialization + \item payload: OS or OS loader + \end{itemize} +\end{frame} + +\begin{frame}{bootblock} + When the machine starts, PC poionts at reset vector (f000:fff0), the + CPU runs the bootblock code. + + The bootblock code is in src/arch/x86/bootblock\_romcc.S, which + includes: + \begin{itemize} + \item src/cpu/x86/16bit/reset16.inc: the code at reset vector + \item src/cpu/x86/16bit/entry16.inc: the 16-bit code that sets CPU to protected mode + \item src/cpu/x86/32bit/entry32.inc: sets segment registers + \item generated/bootblock.inc: generated from src/arch/x86/bootblock\_simple.c with ROMCC + \end{itemize} + + bootblock\_simple.c then runs romstage. +\end{frame} + +\begin{frame}{romstage} + romstage starts at src/arch/x86/assembly\_entry.S, which includes: + \begin{itemize} + \item src/cpu/x86/32bit/entry32.inc: loads GDT and sets segment registers + \item generated/assembly.inc: generated from + src/cpu/intel/model\_206ax/cache\_as\_ram.inc, which sets up CAR + and runs the init code in romstage by calling ramstage\_main(), + then runs ramstage by calling romstage\_after\_car() which calls + run\_ramstage(). + \end{itemize} + + ramstage\_main() is in src/cpu/intel/car/romstage.c, it calls + mainboard\_romstage\_entry() in + src/northbridge/intel/sandybridge/romstage.c, which does the DRAM + initialization. +\end{frame} + +\begin{frame}{ramstage} + ramstage starts at src/arch/x86/c\_start.S, it calls the ``main`` + function in src/lib/hardwaremain.c. + + There are 12 boot states defined in source code. Functions for each + state are run in ramstage. At last payload is loaded and run. +\end{frame} + +\begin{frame}{Payloads} + There are many coreboot payloads: + \begin{itemize} + \item SeaBIOS: a PC BIOS implementation + \item GRUB2 + \item Linux kernel + \item Tianocore: a UEFI implementation by Intel + \item depthcharge: a bootloader written by Google for Chromebooks + \item u-boot + \end{itemize} + + Some useful tools can also be payloads: + \begin{itemize} + \item nvramcui: a tool to edit CMOS + \item coreinfo: system information + \item memtest86+ + \end{itemize} +\end{frame} + +\begin{frame}[fragile]{Supported OSes} + coreboot supports many operating systems: + \begin{itemize} + \item Linux: boots via GRUB2,SeaBIOS, or using Linux kernel as + payload + \item OpenBSD: boots via SeaBIOS with VGA option ROM. Now it + supports UEFI and don't need VGA BIOS, so it now supports + libreboot. See + \href{https://lists.nongnu.org/archive/html/libreboot/2016-04/msg00010.html}{libreboot + mailing list}. + \item Windows: boots via SeaBIOS and Tianocore + \end{itemize} +\end{frame} + +\section{Building and using coreboot} + +\frame{\tableofcontents[currentsection]} + +\subsection{Building} + +\begin{frame}[fragile]{Building coreboot and run on QEMU} + + \url{https://www.coreboot.org/Lesson1} is a good place to start. + + \begin{block}{Build a cross toolchain for building coreboot} + make crossgcc or \verb|make crossgcc-| + \end{block} + + \begin{block}{Generate a configuration} + make nconfig + \end{block} + + At last do a ``make`` to build it, the built firmware is at + build/coreboot.rom. + + \begin{block}{Run coreboot on QEMU} + qemu-system-i386 -bios build/coreboot.rom + \end{block} +\end{frame} + +\subsection{Flashing} +\begin{frame}{Hardware flashing} + To use coreboot on real machines, we need to know how to flash + externally with a hardware flash programmer. + \begin{itemize} + \item Most of the mainboards can only be flashed externally with + factory firmware running. + \item We need to flash externally to unbrick a machine. + \end{itemize} + + We need a programmer and a connector to connect the flash. +\end{frame} + +\begin{frame}{Tools to flash a chip} + A lot of mainboards use SPI NOR flash, most of them are in SOIC-8 + package. + + To program SPI NOR flash, we can use one of the following tools: + \begin{itemize} + \item Using Linux SPI: Raspberry Pi, Beaglebone + \item Micro controllers: Arduino, Bus Pirate, STM32 + \item Programmers: ch341a, dediprog + \end{itemize} + + To connect with SOIC-8 or SOIC-16 flash chips, we can use a clip. +\end{frame} + +\begin{frame}[fragile]{Flash with flashrom} + We can use flashrom to flash the chips. + + \begin{block}{command line} + \verb|flashrom -p [-r ] [-w ]| + \end{block} + + \begin{block}{For Linux SPI} + \verb|flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=1024| + \end{block} + + \begin{block}{For ch341a} + \verb|flashrom -p ch341a_spi| + \end{block} + +\end{frame} + +\begin{frame}[fragile]{Internal flashing with flashrom} + Many boards can be flashed internally with coreboot flashed. + + \begin{block}{internal flashing} + \verb|flashrom -p internal:laptop=force_I_want_a_brick| + \end{block} + + We can also use a layout file to flash part of the ROM. + \begin{block}{flashing with layout} +\begin{verbatim} +flashrom -p --layout layout.txt \ + --image bios -w +\end{verbatim} + \end{block} +\end{frame} + +\section{Utilities and Debugging} + +\frame{\tableofcontents[currentsection]} + +\begin{frame}{Utilities and Debugging} + To work with coreboot, we have many tools to use: + \begin{itemize} + \item nvramtool: dump CMOS contents, display and modify CMOS settings + \item cbmem: display coreboot table and logs + \item ectool: read and write EC memory, sometimes useful + \item autoport: generate the code for a board you want to port, + usually needs further changes + \end{itemize} + + To debug coreboot, we can read the cbmem console in a working + system. We can also use a EHCI debug dongle. + \begin{itemize} + \item Net20DC is an expensive device, and its company is bankrupt. + \item We can use a development board with OTG port, e.g. BeagleBone, + Cubieboard + \end{itemize} + + For systems with serial output, we can also do the debugging with + it. +\end{frame} + +\section{Join the community} + +\frame{\tableofcontents[currentsection]} + +\begin{frame}{The coreboot community} + You can visit ``Community and infrastructure`` section of + \url{https://www.coreboot.org/developers.html} to get an overview of + coreboot community. + + Some advice: + \begin{itemize} + \item Learn to use mailing list and IRC. + \item \href{http://catb.org/~esr/faqs/smart-questions.html}{Ask + Questions The Smart Way} + \end{itemize} +\end{frame} + +\begin{frame}{Community resources} + \begin{itemize} + \item Homepage: \url{https://www.coreboot.org} + \item Mailing list: coreboot@coreboot.org + \item IRC: \#coreboot at irc.freenode.net + \item Mattermost (bridged to IRC): \url{https://chat.coreboot.org} + \item twitter: @coreboot\_org + \end{itemize} +\end{frame} + +\begin{frame}{Reporting bugs and Writing documents} + \begin{itemize} + \item To join the community, learn to use mailing list and IRC. + \item There's a bug tracking system: \url{http://ticket.coreboot.org/} + \item We can apply for a wiki account and write coreboot wiki. + \end{itemize} +\end{frame} + +\begin{frame}[fragile]{I want to write some code} + Gerrit code review is the project management system for coreboot. + + To push code to gerrit, you can manually set up the scripts, or just + run \verb|make gitconfig|. + + Using gerrit is easy: + \begin{itemize} + \item To push code: \verb|git push origin HEAD:refs/for/master| + \item We can add a topic: \verb|HEAD:refs/for/master%topic=some_topic| + \item To push a draft: \verb|HEAD:refs/drafts/master| + \end{itemize} + + I recommend working in a new git branch instead of master. +\end{frame} + +\begin{frame}{Google Summer of Code} + + coreboot has been a GSoC mentoring organization for many years. We + can read the project reports at \url{https://blogs.coreboot.org}. + + \begin{itemize} + \item GSoC 2016 projects: + \begin{itemize} + \item better RISC-V support + \item serialICE + \item flashrom + \end{itemize} + + \item GSoC 2015 projects: + \begin{itemize} + \item H8S Embedded Controller + \item coreboot for AArch64 QEMU + \item end user flash tool + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame}{The status of coreboot} + + The current development of coreboot focuses on: + \begin{itemize} + \item improvement on old platforms + \item utilities and payloads + \item Google Chromebooks and related chips + \item new architectures: RISC-V, POWER8, etc. + \end{itemize} + +\end{frame} + +\section{How to port coreboot} + +\frame{\tableofcontents[currentsection]} + +\begin{frame}{Chips on a mainboard} + coreboot needs to initialize these chips. + + \begin{itemize} + \item CPU + \item northbridge: RAM init and graphics init + \item southbridge: PCI, USB, SATA, LPC, GPIO + \item \href{https://en.wikipedia.org/wiki/Super_I/O}{super I/O} + \item \href{https://www.coreboot.org/Embedded_controller}{embedded controller} + \end{itemize} +\end{frame} + +\begin{frame}[fragile]{Code for a mainboard} + You can see what is needed for a mainboard in the directory for this + mainboard. + + \begin{itemize} + \item Kconfig: specifies what chips and drivers are used + \item romstage.c: romstage code, including early southbridge init + and reading DRAM SPD data + \item devicetree.cb, mainboard.c: mainboard specific data + \item gpio.c: GPIO config + \item acpi/, dsdt.asl, acpi\_tables.c, smihandler.c: ACPI and SMM + code, some of the code is EC related + \item cmos.layout, cmos.default + \end{itemize} +\end{frame} + +\begin{frame}{Using autoport} + autoport is a tool to generate coreboot code for Sandy/Ivy Bridge + boards. + + It uses inteltool to read the northbridge and southbridge registers. + + Manual fixes (see util/autoport/readme.md): + \begin{itemize} + \item where to read SPD data + \item what is the EHCI debug port + \item flash chip size + \item EC and super I/O support! + \end{itemize} +\end{frame} + +\subsection{Example} + +\begin{frame}{Example} + I made coreboot boot on HP Elitebook 2760p + (\url{https://review.coreboot.org/c/18241/}) half a year ago. + \begin{itemize} + \item The flash chip is \textbf{socketed}, and is very easy to swap! + \item Sandy Bridge platform, so use autoport + \end{itemize} + + First, we need to make it boot, but not so easy: + \begin{itemize} + \item It needs two blobs, otherwise the EC will not function! + \item see util/kbc1126/README.md + \end{itemize} +\end{frame} + +\begin{frame}{Fixes (keyboard)} + After adding the blobs, the laptop boots! + + Keyboard doesn't work. + \begin{itemize} + \item KBC not initialized + \item It uses SMSC KBC1126 which provides EC, super I/O, and KBC + \item I found an SMSC KBC1122 datasheet + \item Also I found src/superio/smsc/kbc1100/, so the keyboard works + finally + \end{itemize} + + How to use existing drivers: + \begin{itemize} + \item Add it to Kconfig + \item Check other boards that use this driver and learn from it + \end{itemize} +\end{frame} + +\begin{frame}{Fixes (fan control)} + The laptop fan always runs on full speed, that's because EC is not + initialized properly. + + Reverse engineering it! + \begin{itemize} + \item Use UEFITool to extract the UEFI driver + \item Check UEFI specification and related documents (e.g. EFI CPU + I/O Protocol Specification) to identify the UEFI protocols + \end{itemize} +\end{frame} + +\begin{frame}{A lot of things to be done...} + \begin{itemize} + \item ACPI support + \item GRUB payload doesn't work + \item ... + \end{itemize} +\end{frame} + +\section{References} +\begin{frame}{References} + \begin{itemize} + \item coreboot history: Embedded Firmware Solutions, by Jiming Sun, + Vincent Zimmer, Marc Jones, and Stefan Reinauer + \item libreboot: \url{https://libreboot.org/faq/} + \end{itemize} +\end{frame} + +\begin{comment} +\part{2} +\section{[OT] Choosing hardware friendly to free software} +\begin{frame}{Hardware choosing(Machines)} + \begin{block}{Laptops} + \begin{itemize} + \item laptops with libreboot supported, e.g. Lenovo X200 + \item Intel platforms up to Ivy Bridge supports coreboot without + FSP, and there's no boot guard. + \end{itemize} + \end{block} + + \begin{block}{Development boards} + \begin{itemize} + \item Raspberry Pi is very popular, but it's not so open. + \item Allwinner is not so friendly to free software community, but + Allwinner chips has good community support. + \item Beaglebone Black seems popular in coreboot and libreboot + community. + \end{itemize} + \end{block} +\end{frame} + +\begin{frame}{Hardware choosing(wifi cards and GPU)} + \begin{block}{wifi cards} + \begin{itemize} + \item Atheros 802.11n chips have free driver and do not need + proprietary firmware. + \item AR9382 is very cheap (down to 20 CNY on taobao), with + excellent dual-band 300M performance. + \item Broadcom sucks, so is Realtek. + \item Chips from Intel,TI,etc. need proprietary firmware. + \end{itemize} + \end{block} + + \begin{block}{GPUs} + Many GPUs needs proprietary firmware blobs. There are some GPUs + that Linux-libre can use: + \begin{itemize} + \item Intel Graphics before Skylake + \item NVIDIA chips up to Kepler with nouveau driver + \item embedded GPUs: freedreno, etnaviv, etc. + \end{itemize} + \end{block} +\end{frame} +\end{comment} + +\end{document} -- cgit v1.2.3