LibrePlanet: Conference/2013/Program/Coreboot Install Party

From LibrePlanet
Jump to: navigation, search
(Handling Freedom Issues in Coreboot)
(Insert your name and computer(s) below: bricks are in vogue?)
 
(24 intermediate revisions by 7 users not shown)
Line 11: Line 11:
 
There is a partial list of supported computers [https://www.coreboot.org/Supported_Motherboards here]
 
There is a partial list of supported computers [https://www.coreboot.org/Supported_Motherboards here]
 
The full list can be obtained by looking at the [http://review.coreboot.org/gitweb?p=coreboot.git;a=tree;f=src/mainboard;h=0695530af59d22c4933669ac88068ae37a356b1f;hb=HEAD source code].
 
The full list can be obtained by looking at the [http://review.coreboot.org/gitweb?p=coreboot.git;a=tree;f=src/mainboard;h=0695530af59d22c4933669ac88068ae37a356b1f;hb=HEAD source code].
 +
=== VGA Option rom replacements ===
 +
* Denis is working on replacing the non-free VGA option rom for the i915 card, in order to have graphics in grub(else the screen is initialized only by the linux-libre kernel), that is necessary to give a good user experience and still remain 100% free software.
 +
* he's not sure to have the time to replace other option rom(such as the ATI one in certain T60), so having a laptop with an intel graphics card could be required.
 
=== Insert your name and computer(s) below ===
 
=== Insert your name and computer(s) below ===
 +
The reservation is not mandatory but it could help us prepare better.
 
* Example-person: Lenovo X60
 
* Example-person: Lenovo X60
 +
* [[User:Jself|Jason Self]]: Lenovo X60s
 +
* [[User:Johns|John Sullivan]]: Lenovo X60
 +
* [[User:GChriss|George Chriss]]: Lenovo X201i (phcoder's [http://review.coreboot.org/#/c/2663/ port, I-want-a-brick risk acknowledged])
 +
:[[User:GChriss|"]]: Gigabyte GA-MA785GMT-UD2H + Phenom II X4.  [http://www.coreboot.org/pipermail/coreboot/2013-March/075176.html Patch help] needed; this is a LibrePlanet live video streaming box
  
 
== Organization (for people installing coreboot on the users computers) ==
 
== Organization (for people installing coreboot on the users computers) ==
Line 18: Line 26:
 
* Denis 'GNUtoo' Carikli
 
* Denis 'GNUtoo' Carikli
 
** Coreboot contributor(he did the port on the Asus M4A785T-M mainboard).
 
** Coreboot contributor(he did the port on the Asus M4A785T-M mainboard).
 +
** Knows how to operate the parabola and trisquel GNU/Linux distributions(for instance how to change the grub settings for coreboot).
 
* Ward Vandewege
 
* Ward Vandewege
 
** CTO of the Free Software Foundation
 
** CTO of the Free Software Foundation
** Did some coreboot work in the past and handled coreboot computers(desktops,servers) at the FSF
+
** Coreboot contributor (did port for Alix 2c3 and Supermicro H8DMR-fam10)
  
 
=== Flashing ===
 
=== Flashing ===
Line 26: Line 35:
 
* The flashing procedure is [https://www.coreboot.org/Lenovo_x60x here] and must be followed carefully by people who understand it. else the laptop will have to be disassembled and reflashed with the recovery method.
 
* The flashing procedure is [https://www.coreboot.org/Lenovo_x60x here] and must be followed carefully by people who understand it. else the laptop will have to be disassembled and reflashed with the recovery method.
 
* Since there is only two people installing coreboot for now, A special image that contains everything on an USB key will have to be prepared to make the installation faster.
 
* Since there is only two people installing coreboot for now, A special image that contains everything on an USB key will have to be prepared to make the installation faster.
 +
==== X201 ====
 +
* Warn the user about the disassembly and the fact that it could fail:
 +
<phcoder> GNUtoo-m4a785t-m: It should be compatible with x201i but right now I tested only on one single laptop and it may be that it won't work even on another laptop of the same line if I got some timing algorithms wrong.
 +
=> what to do if it fails?
 +
* We will need to flash it trough an external programmer
 +
* The flash chip is divided between the ME and the BIOS:
 +
<phcoder> First 5M is ME firmware, last 3M is BIOS/coreboot
 +
* To find exactly where it's divided run that command(the example below is on another laptop):
 +
[root@N71Jq ~]# flashrom -r bios.bin -pinternal:laptop=force_I_want_a_brick
 +
flashrom v0.9.6.1-r1564 on Linux 3.8.2-1-LIBRE (x86_64)
 +
flashrom is free software, get the source code at http://www.flashrom.org
 +
 +
Calibrating delay loop... OK.
 +
========================================================================
 +
WARNING! You may be running flashrom on an unsupported laptop. We could
 +
not detect this for sure because your vendor has not setup the SMBIOS
 +
tables correctly. You can enforce execution by adding
 +
'-p internal:laptop=this_is_not_a_laptop' to the command line, but
 +
please read the following warning if you are not sure.
 +
 +
Laptops, notebooks and netbooks are difficult to support and we
 +
recommend to use the vendor flashing utility. The embedded controller
 +
(EC) in these machines often interacts badly with flashing.
 +
See http://www.flashrom.org/Laptops for details.
 +
 +
If flash is shared with the EC, erase is guaranteed to brick your laptop
 +
and write may brick your laptop.
 +
Read and probe may irritate your EC and cause fan failure, backlight
 +
failure and sudden poweroff.
 +
You have been warned.
 +
========================================================================
 +
Proceeding anyway because user forced us to.
 +
Found chipset "Intel HM55".
 +
This chipset is marked as untested. If you are using an up-to-date version
 +
of flashrom *and* were (not) able to successfully update your firmware with it,
 +
then please email a report to flashrom@flashrom.org including a verbose (-V) log.
 +
Thank you!
 +
Enabling flash write... FREG0: WARNING: Flash Descriptor region (0x00000000-0x00000fff) is read-only.
 +
FREG2: WARNING: Management Engine region (0x00003000-0x001fffff) is locked.
 +
Please send a verbose log to flashrom@flashrom.org if this board is not listed on
 +
http://flashrom.org/Supported_hardware#Supported_mainboards yet.
 +
Writes have been disabled. You can enforce write support with the
 +
ich_spi_force programmer option, but it will most likely harm your hardware!
 +
If you force flashrom you will get no support if something breaks.
 +
OK.
 +
Found SST flash chip "SST25VF032B" (4096 kB, SPI) at physical address 0xffc00000.
 +
Reading flash... Transaction error!
 +
Read operation failed!
 +
FAILED.
 +
it will print the ME regions:
 +
FREG2: WARNING: Management Engine region (0x00003000-0x001fffff) is locked.
 +
it will also print the chip:
 +
Found SST flash chip "SST25VF032B" (4096 kB, SPI) at physical address 0xffc00000.
 +
=> verify if its voltage match with the programmer voltage...
 +
* Then man flashrom says:
 +
        -l, --layout <file>
 +
              Read ROM layout from <file>.
 +
 +
              flashrom  supports  ROM  layouts. This allows you to flash certain parts of the flash chip only. A ROM layout file contains multiple lines with the following
 +
              syntax:
 +
 +
                startaddr:endaddr imagename
 +
 +
              startaddr and endaddr are hexadecimal addresses within the ROM file and do not refer to any physical address. Please note that using a 0x  prefix  for  those
 +
              hexadecimal  numbers  is  not necessary, but you can't specify decimal/octal numbers.  imagename is an arbitrary name for the region/image from  startaddr to
 +
              endaddr (both addresses included).
 +
 +
              Example:
 +
 +
                00000000:00008fff gfxrom
 +
                00009000:0003ffff normal
 +
                00040000:0007ffff fallback
 +
 +
              If you only want to update the image named normal in a ROM based on the layout above, run
 +
 +
                flashrom -p prog --layout rom.layout --image normal -w some.rom
 +
 +
              To update only the images named normal and fallback, run:
 +
 +
                flashrom -p prog -l rom.layout -i normal -i fallback -w some.rom
 +
 +
              Overlapping sections are not supported.
  
 
==== Other computers(Desktops for instance) ====
 
==== Other computers(Desktops for instance) ====
Line 51: Line 142:
 
We will support the following flash chips technologies.
 
We will support the following flash chips technologies.
 
Protocol:
 
Protocol:
* SPI(Denis has the hardware to recover from it)
+
* SPI (Denis has the hardware to recover from it)
 
Format:
 
Format:
* DIP8(Denis has the hardware to recover from it)
+
* DIP8 (Denis has the hardware to recover from it)
* SOO8/SOIC-8(Denis has the hardware to recover from it)
+
* SOO8/SOIC-8 (Denis has the hardware to recover from it)
* Maybe Ward has something to recover from PLCC32 ?
+
* PLCC32 (Ward/FSF have tools to recover)
  
 
See [http://www.flashrom.org/Technology Here] for more details on what it means.
 
See [http://www.flashrom.org/Technology Here] for more details on what it means.
  
 
== Handling Freedom Issues in Coreboot ==
 
== Handling Freedom Issues in Coreboot ==
* Not all devices are equals in freedom
+
* Not all devices are equals in freedom => we can only install to devices that don't require non-free parts.
 
* The CPU microcode is said to be used to disable faulty CPU parts...Denis never had to use it(maybe because he was lucky and had the right CPU).
 
* The CPU microcode is said to be used to disable faulty CPU parts...Denis never had to use it(maybe because he was lucky and had the right CPU).
* The X60/T60 are pretty good and can be operated without the non-free VGA option rom, however it has the following drawbacks:
+
* The X60/T60 are pretty good and can be operated without the non-free VGA option rom(which we won't install at libreplanet), however it has the following drawbacks:
** The screen is black until the kernel inits the graphic card alone. In my parabola setup it's about 7 seconds which is too long.
+
** No more screen dimming in GNU/Linux....that must be investigated.
 +
** The screen is black until the kernel inits the graphic card alone. That is really problematic because it could make the user panic: In my parabola setup it's about 7 seconds which is really long. The user is assumed to have serial only during the coreboot installation.
 
*** we can put a beep in grub that inform the users that grub is beeing run,and load the default entry immediately, Denis tested it on the x60. That will require every user to modify his grub settings and to have a serial console just in case something goes wrong.
 
*** we can put a beep in grub that inform the users that grub is beeing run,and load the default entry immediately, Denis tested it on the x60. That will require every user to modify his grub settings and to have a serial console just in case something goes wrong.
 
**** The installers will have to setup grub before installing coreboot and be sure that the serial console work in grub...
 
**** The installers will have to setup grub before installing coreboot and be sure that the serial console work in grub...
Line 69: Line 161:
 
*** we can try to make [https://code.google.com/p/i915tool/ i915tool] work before the install party.
 
*** we can try to make [https://code.google.com/p/i915tool/ i915tool] work before the install party.
 
*** we could use or develop something like kexecboot. Note that it has to use linux-libre and be 100% free software.
 
*** we could use or develop something like kexecboot. Note that it has to use linux-libre and be 100% free software.
** No more screen dimming in GNU/Linux....that must be investigated.
+
 
 +
{{featured resource|month=February|year=2013}}

Latest revision as of 17:41, 19 March 2013

What is it about?

There will be a coreboot Install party at LibrePlanet 2013, Coreboot is a free software BIOS replacement.

Why is it important?

  • BIOSes are usually non-free(there are very few exceptions).
  • BIOS are still running after the operating system is booted, learn about System_Management_Mode
  • Nowadays a lot of BIOSes contains rootkits(also known as anti-theft features) like Computrace

Reservation (for people wanting coreboot to be installed on their computer)

Since we replace the BIOS, we need to be prepaired to recover if something goes wrong...In order to be well prepaired we need to know how many people will want coreboot, and on which computers.

There is a partial list of supported computers here The full list can be obtained by looking at the source code.

VGA Option rom replacements

  • Denis is working on replacing the non-free VGA option rom for the i915 card, in order to have graphics in grub(else the screen is initialized only by the linux-libre kernel), that is necessary to give a good user experience and still remain 100% free software.
  • he's not sure to have the time to replace other option rom(such as the ATI one in certain T60), so having a laptop with an intel graphics card could be required.

Insert your name and computer(s) below

The reservation is not mandatory but it could help us prepare better.

": Gigabyte GA-MA785GMT-UD2H + Phenom II X4.  Patch help needed; this is a LibrePlanet live video streaming box

Organization (for people installing coreboot on the users computers)

People involved in the installation

  • Denis 'GNUtoo' Carikli
    • Coreboot contributor(he did the port on the Asus M4A785T-M mainboard).
    • Knows how to operate the parabola and trisquel GNU/Linux distributions(for instance how to change the grub settings for coreboot).
  • Ward Vandewege
    • CTO of the Free Software Foundation
    • Coreboot contributor (did port for Alix 2c3 and Supermicro H8DMR-fam10)

Flashing

X60/T60

  • The flashing procedure is here and must be followed carefully by people who understand it. else the laptop will have to be disassembled and reflashed with the recovery method.
  • Since there is only two people installing coreboot for now, A special image that contains everything on an USB key will have to be prepared to make the installation faster.

X201

  • Warn the user about the disassembly and the fact that it could fail:
<phcoder> GNUtoo-m4a785t-m: It should be compatible with x201i but right now I tested only on one single laptop and it may be that it won't work even on another laptop of the same line if I got some timing algorithms wrong.

=> what to do if it fails?

  • We will need to flash it trough an external programmer
  • The flash chip is divided between the ME and the BIOS:
<phcoder> First 5M is ME firmware, last 3M is BIOS/coreboot
  • To find exactly where it's divided run that command(the example below is on another laptop):
[root@N71Jq ~]# flashrom -r bios.bin -pinternal:laptop=force_I_want_a_brick
flashrom v0.9.6.1-r1564 on Linux 3.8.2-1-LIBRE (x86_64)
flashrom is free software, get the source code at http://www.flashrom.org

Calibrating delay loop... OK.
========================================================================
WARNING! You may be running flashrom on an unsupported laptop. We could
not detect this for sure because your vendor has not setup the SMBIOS
tables correctly. You can enforce execution by adding
'-p internal:laptop=this_is_not_a_laptop' to the command line, but
please read the following warning if you are not sure.

Laptops, notebooks and netbooks are difficult to support and we
recommend to use the vendor flashing utility. The embedded controller
(EC) in these machines often interacts badly with flashing.
See http://www.flashrom.org/Laptops for details.

If flash is shared with the EC, erase is guaranteed to brick your laptop
and write may brick your laptop.
Read and probe may irritate your EC and cause fan failure, backlight
failure and sudden poweroff.
You have been warned.
========================================================================
Proceeding anyway because user forced us to.
Found chipset "Intel HM55". 
This chipset is marked as untested. If you are using an up-to-date version
of flashrom *and* were (not) able to successfully update your firmware with it,
then please email a report to flashrom@flashrom.org including a verbose (-V) log.
Thank you!
Enabling flash write... FREG0: WARNING: Flash Descriptor region (0x00000000-0x00000fff) is read-only.
FREG2: WARNING: Management Engine region (0x00003000-0x001fffff) is locked.
Please send a verbose log to flashrom@flashrom.org if this board is not listed on
http://flashrom.org/Supported_hardware#Supported_mainboards yet.
Writes have been disabled. You can enforce write support with the
ich_spi_force programmer option, but it will most likely harm your hardware!
If you force flashrom you will get no support if something breaks.
OK.
Found SST flash chip "SST25VF032B" (4096 kB, SPI) at physical address 0xffc00000.
Reading flash... Transaction error!
Read operation failed!
FAILED.

it will print the ME regions:

FREG2: WARNING: Management Engine region (0x00003000-0x001fffff) is locked.

it will also print the chip:

Found SST flash chip "SST25VF032B" (4096 kB, SPI) at physical address 0xffc00000.

=> verify if its voltage match with the programmer voltage...

  • Then man flashrom says:
       -l, --layout <file>
              Read ROM layout from <file>.

              flashrom  supports  ROM  layouts. This allows you to flash certain parts of the flash chip only. A ROM layout file contains multiple lines with the following
              syntax:

                startaddr:endaddr imagename

              startaddr and endaddr are hexadecimal addresses within the ROM file and do not refer to any physical address. Please note that using a 0x  prefix  for  those
              hexadecimal  numbers  is  not necessary, but you can't specify decimal/octal numbers.  imagename is an arbitrary name for the region/image from  startaddr to
              endaddr (both addresses included).

              Example:

                00000000:00008fff gfxrom
                00009000:0003ffff normal
                00040000:0007ffff fallback

              If you only want to update the image named normal in a ROM based on the layout above, run

                flashrom -p prog --layout rom.layout --image normal -w some.rom

              To update only the images named normal and fallback, run:

                flashrom -p prog -l rom.layout -i normal -i fallback -w some.rom

              Overlapping sections are not supported.

Other computers(Desktops for instance)

Usually it's easy if the mainboard is supported by flashrom.

Diagnostics(to avoid recovery)

X60/T60

  • Denis has an ultrabase or something like that with a serial port for his x60.
  • We need an ultrabase or something like that for the T60.
  • Denis has a NULL modem cable and some USB to serial adapters.

Recovery(if something goes wrong)

X60/T60

The recovery method requires:

  • to disassemble the laptop
    • Require screwdrivers(which ones? refer to the manual linked on the coreboot page)
  • another computer with flashrom
  • a programmer (Denis has some and will bring his openmoko debug board)
  • a pomona clip(Denis has one and will bring it)
  • some way to connect the pomona clip to the programmer(problematic, Denis has a fragile connection in form of IDE cable connector)

Desktops

Recovering from a bad flash on a desktop is usually much more easier than on a laptop but it depends on the mainboard.

Flash chips

We will support the following flash chips technologies. Protocol:

  • SPI (Denis has the hardware to recover from it)

Format:

  • DIP8 (Denis has the hardware to recover from it)
  • SOO8/SOIC-8 (Denis has the hardware to recover from it)
  • PLCC32 (Ward/FSF have tools to recover)

See Here for more details on what it means.

Handling Freedom Issues in Coreboot

  • Not all devices are equals in freedom => we can only install to devices that don't require non-free parts.
  • The CPU microcode is said to be used to disable faulty CPU parts...Denis never had to use it(maybe because he was lucky and had the right CPU).
  • The X60/T60 are pretty good and can be operated without the non-free VGA option rom(which we won't install at libreplanet), however it has the following drawbacks:
    • No more screen dimming in GNU/Linux....that must be investigated.
    • The screen is black until the kernel inits the graphic card alone. That is really problematic because it could make the user panic: In my parabola setup it's about 7 seconds which is really long. The user is assumed to have serial only during the coreboot installation.
      • we can put a beep in grub that inform the users that grub is beeing run,and load the default entry immediately, Denis tested it on the x60. That will require every user to modify his grub settings and to have a serial console just in case something goes wrong.
        • The installers will have to setup grub before installing coreboot and be sure that the serial console work in grub...
        • The installers may have to modify the initramfs configuration to add the i915 driver inside in order to load it as soon as possible.
      • we can try to make i915tool work before the install party.
      • we could use or develop something like kexecboot. Note that it has to use linux-libre and be 100% free software.

This page was a featured resource in February 2013.