Huge Thanks to Martin Roth, finally we got a permission from AMD to merge the new microcode patches - and Martin has just merged them ! ;-) So the things became slightly easier and luckily now you could disregard some microcode-related parts of my last message. And we need to walk the same path for the AtomBIOS ROMs - should be successful there as well, although perhaps would take another year or so :P
Best regards, Mike Banon On Mon, May 20, 2019 at 6:43 PM Mike Banon <[email protected]> wrote: > > > there is no way for me to compare AMD patches directly since it appears AMD > > doesn't publish them > > There is a way: a bit later I will privately share a small list of AMD > boards that are still getting the UEFI updates (to help you to obtain > these microcodes by yourself), and will also share a small C program > that converts a hexadecimal arrays provided by my patches (could be > copy-pasted) back to a binary. After you'll successfully get both of > these, you could SHA256 compare them between each other by yourself - > to see that they are indeed 1:1 matching. > > > I'm willing to accept the patches if they are harvested, reviewed and then > > signed by the coreboot project > > Both the new AMD microcodes and AtomBIOS binaries haven't been > released officially yet and waiting for the official release by AMD to > get them merged to coreboot master. They can't be merged until the > official release. Currently we are in the talks with AMD, but these > matters are advancing slowly - so the people who don't want to wait > and need them now, could be using them locally and unofficially. Some > of these patches are almost 1 year old already, I guess this is enough > time for the concerned people from a coreboot community to quickly > look through theses patches to at least see that there is nothing > harmful. Also you could see that I'm a coreboot community member for > > 3 years and of course not going to ruin my hard earned reputation by > intentionally submitting something harmful :P So, if you trust - you > can use these patches, but if don't trust - can wait, perhaps a lot... > And I don't think any extra signature is necessary, also because these > tiny scripts which are downloading/extracting the patches - also check > their SHA256. > > > I don't know when or if they will be merged > > We don't know too, Chris, it all depends on AMD... > > > I don't know which patches are considered necessary and which are listed > > because they are nice to have. > > Perhaps all of these patches could be considered as optional, since > the people somehow built and used coreboot on their G505S before these > patches even existed. However, you told that you are going to use a > QubesOS which relies on good function of low level virtualization, > that means a new AMD microcode is required for you - otherwise you'll > run into the freezing problems. > > Looking through a list of patches at our DangerousPrototypes "Lenovo > G505S hacking" page: > > 1) AMD microcode updates - required for you, could get by yourself to check > > 2) Discrete GPU support - optional, and you can verify these 10+67+20 > = 97 lines of source code by yourself > > 3) AMD GPU AtomBIOS blobs - perhaps the AtomBIOS blob for integrated > GPU is required for you - because it seems you don't want to run G505S > in a headless mode - but you could easily get it by yourself ; also > could for a discrete GPU, however it is significantly more difficult > and time consuming > > 4) tint build system - optional, however it adds the important > checksum verification for a tint archive that is downloaded from FSF > server. Sorry that I forgot to write a readme at DP wiki for this one, > still it is available at my tint patch commit message. And "tint" is a > small opensource tetris game that will be available at your SeaBIOS > boot menu, to have a lot of fun and maybe to show off to your friends > what your new awesome BIOS can do ;-) > > 5) Unofficial SeaBIOS patches - optional because it seems you are not > going to have more than 10 menu entries, however your mind could > change if you'd also become interested at these floppy-based operating > systems. Mostly for fun (e.g. MichalOS has a cool built-in piano), but > some of their features could be useful to your for the real purposes: > e.g. as soon as the KolibriOS networking driver will be completed for > the network controller of our G505S, it will be possible to access the > Internet and chat with your friends using IRCC. And it seems that all > these listed floppy-based OS, with the exception of a plop bootloader > floppy, are 100% open source which already gives some trust to them > > 6) Sample G505S .config - optional, since you could configure by > yourself, but of course this config is 100% open source and you could > look through it to verify that there are no harmful options enabled, > and I'm using such a config by myself without any problems. > > Best regards, > Mike Banon > > > On Mon, May 20, 2019 at 4:32 AM Chris Laprise <[email protected]> wrote: > > > > On 5/16/19 2:35 PM, Mike Banon wrote: > > > Hi Chris, if you'd like to verify the microcodes inside my AMD ucode > > > patch: convert the hexadecimal arrays at their .c files back to > > > binary, extract the microcodes from proprietary UEFI updates for those > > > few AMD boards that are still getting them ( or get them already > > > extracted by platomav from platomav's CPUMicrocodes repository - > > > https://github.com/platomav/CPUMicrocodes ), and compare. They will > > > match 1:1. And if you have any questions about any other parts of my > > > patches, I'll try my best to address them. > > > > Thanks. I'm a neophyte when it comes to firmware, and I'm just now > > inferring that there is no way for me to compare AMD patches directly > > since it appears AMD doesn't publish them. > > > > I'm willing to accept the patches if they are harvested, reviewed and > > then signed by the coreboot project. But I don't know when or if they > > will be merged and available this way in the upcoming 4.10 release. > > > > I also don't know which patches are considered necessary and which are > > listed because they are nice to have. > > > > For reference, I intend to run Qubes OS, so I don't need discrete > > graphics, but it appears I'll need AtomBIOS. Will AtomBIOS be merged > > with the upcoming 4.10 release? I can't tell. Going down the list, > > "tint" is indicated but there is no What or Why or a link, and I can't > > turn up any background info by searching. OTOH, it looks like I can skip > > the SeaBIOS patch. > > > > -- > > > > Chris Laprise, [email protected] > > https://github.com/tasket > > https://twitter.com/ttaskett > > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
