[coreboot] Re: To modify MCTRL.SPDDIS of Intel Denvertion in coreboot

2019-01-14 Thread Lance Zhao 
set PcdSmbusSpdWriteDisable to disable?

On Mon, Jan 14, 2019 at 8:28 PM Hilbert Tu(杜睿哲_Pegatron) <
hilbert...@pegatroncorp.com> wrote:

> Hi,
>
> Is there anyone can tell me how to change MCTRL.SPDDIS in Coreboot?
>
>
>
> The Intel Denverton blocks write permission to address A0~AE due to
> security concern of DIMM SPD, but this also restricts the write access to
> generic EEPROM access in our platform. So I need to modify the SPDDIS bit
> to bypass the protection. But I don’t know how to do that in Coreboot.
> Please help and thanks in advance.
>
>
>
> -Hilbert
> This e-mail and its attachment may contain information that is
> confidential or privileged, and are solely for the use of the individual to
> whom this e-mail is addressed. If you are not the intended recipient or
> have received it accidentally, please immediately notify the sender by
> reply e-mail and destroy all copies of this email and its attachment.
> Please be advised that any unauthorized use, disclosure, distribution or
> copying of this email or its attachment is strictly prohibited.
> 本電子郵件及其附件可能含有機密或依法受特殊管制之資訊,僅供本電子郵件之受文者使用。台端如非本電子郵件之受文者或誤收本電子郵件,請立即回覆郵件通知寄件人,並銷毀本電子郵件之所有複本及附件。任何未經授權而使用、揭露、散佈或複製本電子郵件或其附件之行為,皆嚴格禁止。
>
> ___
> coreboot mailing list -- coreboot@coreboot.org
> To unsubscribe send an email to coreboot-le...@coreboot.org
>
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] To modify MCTRL.SPDDIS of Intel Denvertion in coreboot

2019-01-14 Thread 杜睿哲_Pegatron 
Hi,
Is there anyone can tell me how to change MCTRL.SPDDIS in Coreboot?

The Intel Denverton blocks write permission to address A0~AE due to security 
concern of DIMM SPD, but this also restricts the write access to generic EEPROM 
access in our platform. So I need to modify the SPDDIS bit to bypass the 
protection. But I don’t know how to do that in Coreboot. Please help and thanks 
in advance.

-Hilbert
This e-mail and its attachment may contain information that is confidential or 
privileged, and are solely for the use of the individual to whom this e-mail is 
addressed. If you are not the intended recipient or have received it 
accidentally, please immediately notify the sender by reply e-mail and destroy 
all copies of this email and its attachment. Please be advised that any 
unauthorized use, disclosure, distribution or copying of this email or its 
attachment is strictly prohibited.
本電子郵件及其附件可能含有機密或依法受特殊管制之資訊,僅供本電子郵件之受文者使用。台端如非本電子郵件之受文者或誤收本電子郵件,請立即回覆郵件通知寄件人,並銷毀本電子郵件之所有複本及附件。任何未經授權而使用、揭露、散佈或複製本電子郵件或其附件之行為,皆嚴格禁止。
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Configuration for Thinkpad T530

2019-01-14 Thread Nico Huber 
On 14.01.19 23:30, Ivan Ivanov wrote:
> tldr :P ...just kidding friend ;) here are some replies
> 
>> 3.19 [*] Add gigabit ethernet firmware
>> # If I read correctly I need that for internet connection and this 
>> bianry has just some configuration in it and no excecutable?
> That means your Ethernet controller needs a closed source proprietary
> firmware in order to function.

Like any other modern ethernet controller it runs proprietary firmware.
But in this case, what you would add here is indeed just a tiny con-
figuration binary, no code. The firmware is embedded somewhere in the
chipset.

Also worth to mention, you don't have to add this file or any related
file (ME, IFD) into coreboot. This option is only for people that want
to put everything into a single file to flash at once. You can instead
just write coreboot only, to the respective BIOS region in flash. And
leave everything else intact.

>> So this should be not a privacy concerning thing?

Not in this particular case, no.

> Being a closed source this firmware may contain the backdoors or help
> the backdoor-like functionality of intel me. So yes, this is a privacy
> concerning thing.

Well, don't use modern controllers (ethernet, USB, etc.) if you don't
want proprietary firmware in them. But that's far from the original
question...

Nico
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Configuration for Thinkpad T530

2019-01-14 Thread Ivan Ivanov 
tldr :P ...just kidding friend ;) here are some replies

> 3.19 [*] Add gigabit ethernet firmware
> # If I read correctly I need that for internet connection and this bianry 
> has just some configuration in it and no excecutable?
That means your Ethernet controller needs a closed source proprietary
firmware in order to function.
> So this should be not a privacy concerning thing?
Being a closed source this firmware may contain the backdoors or help
the backdoor-like functionality of intel me. So yes, this is a privacy
concerning thing.

> 4.2 Display ---> Framebuffer mode (Legacy VGA text mode)
> # I have no idea what to choose here
If you don't know about some setting, just leave it default - usually
the defaults are correct, although may be not the best setting.
Write down the questionable options somewhere, and if there'd be some
problems with your coreboot then you'd know where to dig.
In addition, you might check other people's config at coreboot board
status reports for your motherboard.

> 4.6 (0x) Override PCI Subsystem Vendor ID
> # What?!
> 4.7 (0x) Override PCI Subsystem Device ID
> # And again: What?!

That probably means if those IDs are different at your specific board
you could force them to something different.
But better leave them default if you don't have a better idea for them.

> # I'm not sure if I need a VGA Option ROM. In which cases I need it? What 
> disadvantage do I have if I do not integrate a VGA Option
> ROM? Will I see GRUB when I boot Linux? How could you value that binary in 
> case of privacy and security?

Without a binary option rom you may experience some glitches, some
people can't see GRUB although maybe this info is outdated and such
problems have been fixed at the latest coreboot. So, like with any
other binary blob, you need to check if you could live without it, and
only add if you can't.

> 4.11 [*] Add a Video Bios Table (VBT) binary to CBFS
> # Same questions as for the VGA BIOS image
same answer ;)

> 5.6 (0x0) UART's PCI bus, device, function address
> # What is that? What I have to insert?
if you don't plan to debug your coreboot with UART (and your laptop
probably doesn't have a physical UART) don't need to change anything
there

> 5.9 [*] Support Intel PCI-e WiFi adapters
> # If enabled, will this include a binary in the coreboot image?
no but it will include some workaround for buggy intel wifi
controllers that will increase the size of your coreboot image by a
few KB . if you don't use intel wifi, dont enable it

> 6.2 Trusted Platform Module ---> [*] Deactivate TPM
> # I disabled it because of security/privacy reasons. Any disadvantages 
> when I disable it?
if you don't plan to use TPM functionality (which maybe couldn't be
trusted because it's closed source soft/hardware) then yes disable it

> 7.8 Default console log level (0: EMERG) --->
> # I read that this should decrease boot time. What disadvantages do I 
> have with this setting?

that after your coreboot boots its' log will be mostly empty and you
can't see any useful messages at CBMEM console, e.g. which could have
been useful if you're debugging some functionality or preparing a bug
report

> POST code questions
> # What?

like any other bios, coreboot prints some post codes at various
booting stages, and you could even insert more prints to coreboot
source code if you don't have any other debug methods. E.g. there are
some MiniPCIe adapters like Compal MiniPCIe, which are used to display
0xYZ hexadecimal POST code at double 8-segment screen

Hope that helps :)
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Configuration for Thinkpad T530

2019-01-14 Thread Yannik Catalinac 

Hello,

I'm trying to configure coreboot for a Lenovo Thinkpad T530 and I need help 
because for some parts I didn't find any information on the internet.
The T530 (Machine Type Model: 24297ZG) has the the following specifications:

Intel Core i5-3230M with Intel HD Graphics 4000
NVIDIA NVS 5400M
AUO B156HW01 V.4 FullHD Display
Samsung SSD 840 Pro
16 GB RAM  

I want to use a Docking Station.

In the future I want to upgrade the following:
Intel Core i7-3940XM
more and faster RAM
eGPU

I'm going to install only some Linux distributions (no Windows).
I think I will install OpenSuse which has a modified GRUB2 bootloader, where 
you can choose from which kernel or snapshot you would like to boot (maybe this 
information is important for configuring coreboot).
Inside the Linux distribution, with graphical environment KDE, I would like to 
install some virtual machines with QEMU/kvm and there could be also a Windows 
virtual machine.

I configured everything until now with 'make menuconfig' as listed bellow. 
Could you please give me some advise which settings I should change and why I 
should change them. I also wrote some questions behind a few configuration 
settings (marked with '#') which I don`t understand. I would really 
appreciate your help.

1 General setup
1.1 () Local version string
1.2 (fallback) CBFS prefix to use
1.3 Compiler to use (GCC)
1.4 [ ] Allow building with any toolchain
1.5 [ ] Use ccache to speed up (re)compilation
1.6 [ ] Generate flashmap descriptor parser using flex and bison
1.7 [ ] Generate SCONFIG & BINCFG parser using flex and bison
1.8 [*] Use CMOS for configuration values
1.9 [ ] Load default configuration values into CMOS on each boot
1.10 [*] Compress ramstage with LZMA
1.11 [*] Include the coreboot .config file into the ROM image
1.12 [*] Create a table of timestamps collected during boot
1.13 [ ] Print the timestamp values on the console
1.14 [*] Allow use of binary-only repository
1.15 [ ] Code coverage support
1.16 [ ] Undefined behavior sanitizer support
1.17 [ ] Update existing coreboot.rom image
1.18 [ ] Add a bootsplash image


2 Mainboard
2.1 Mainboard Vendor
2.1.1 Lenovo
2.2 Mainboard model
2.2.1 TinkPad T530
2.3 ROM chip size
2.3.1 12 MB
2.4 (0x10) Size of CBFS filesystem in ROM
2.5 () fmap description file in fmd format


3 Chipset
3.1 -*- Enable VMX for virtualization
3.2 [*] Set lock bit after configuring VMX
3.3 Include CPU microcode in CBFS (Generate from tree)
3.4 () Microcode binary path and filename
3.5 [*] Ignore vendor programmed fuses that limit max. DRAM frequency
3.6 [*] Ignore XMP profile max DIMMs per channel
3.7 Flash locking during chipset lockdown (Don't lock flash sections)
3.8 [*] Lock down chipset in coreboot
3.9 [*] Beep on fatal error
3.10 [*] Flash LEDs on fatal error
3.11 [*] Support bluetooth on wifi cards
3.13 [*] Add Intel descriptor.bin file
3.14 (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin) Path and 
filename of the descriptor.bin file
3.15 [*] Add Intel ME/TXE firmware
3.16 (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin) Path to management 
engine firmware
3.17 [*] Verify the integrity of the supplied ME/TXE firmware
3.18 [*] Strip down the Intel ME/TXE firmware
3.19 [*] Add gigabit ethernet firmware
# If I read correctly I need that for internet connection and this bianry 
has just some configuration in it and no excecutable? So this should be not a 
privacy concerning thing?
3.20 (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin) Path to gigabit 
ethernet firmware
3.21 [*] Add EC firmware
3.22 (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/ec.bin) Path to EC firmware
3.23 [*] Lock ME/TXE section
3.24 Bootblock behaviour (Always load fallback)


4 Devices
4.1 Graphics initialization (Use native graphics init) --->
4.2 Display ---> Framebuffer mode (Legacy VGA text mode)
# I have no idea what to choose here
4.3 [*] Enable PCIe Clock Power Management
# I read it should increase battery runtime
4.4 [*] Enable PCIe ASPM L1 SubState
# I read it should increase battery runtime
4.5 [ ] Early PCI bridge
4.6 (0x) Override PCI Subsystem Vendor ID
# What?!
4.7 (0x) Override PCI Subsystem Device ID
# And again: What?!
4.8 [*] Add a VGA BIOS image
# I'm not sure if I need a VGA Option ROM. In which cases I need it? What 
disadvantage do I have if I do not integrate a VGA Option ROM? Will I see GRUB 
when I boot Linux? How could you value that binary in case of privacy and 
security?
4.9 (pci8086,0106.rom) VGA BIOS path and filename
4.10 (8086,0106) VGA device PCI IDs
4.11 [*] Add a Video Bios Table (VBT) binary to CBFS
# Same questions as for the VGA BIOS image
4.12 (src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt) VBT 
binary path and filename
4.13 [ ] Enable I2C controller emulation in software


5 Generic Drivers
5.1 [ ] AS3722 RTC support
5.2 [ ] Enable protection on MRC settings
5.3 [ ] Disable Fast Read command
5.4 [ ] Serial port on SuperIO
5.5 [ ] Oxford OXPCIe952

[coreboot] How do I install a patch for the w520 to use Displayport/VGA output?

2019-01-14 Thread surfbro 
I've installed Coreboot to a number of my Thinkpad machines, but I have no 
experience installing patches post installation.  I'm trying to get the 
Displayport/VGA output to function on my now corebooted w520.

https://www.coreboot.org/Board:lenovo/w520#VGA_.2F_DisplayPort_output 


The official coreboot guide says there's a patch to install to get these to 
work.

Is it possible to put it in layman's terms so that I can get these working, I 
really really want to use my projector, so this would be so much help! I 
installed coreboot on my w520 myself so if it's similar to that process I 
believe I can get it done.

Thanks Coreboot team.
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Menu time-out missing when GRUB is loaded quickly and `at_keyboard`

2019-01-14 Thread Paul Menzel 

Dear GRUB folks,


When the module `at_keyboard` is directly into the GRUB image 
(`--modules`), and GRUB is loaded really quickly, then the timer, which, 
after counting down to 0 (`GRUB_TIMEOUT`), starts the selected entry, is 
not shown.


I noticed this issue on the ASRock E350M1 with coreboot and a small GRUB 
payload, and a PS/2 keyboard connected. Due to the missing time-out, I 
manually have to confirm the selected entry. By chance, the keyboard 
wasn’t connected setting up the system somewhere else, and that made it 
work as expected. So, it looks like, it’s related to `at_keyboard`, and 
some race, because the bigger default GRUB payload also does not show 
the problem.


Luckily, it’s easily reproducible with GRUB’s standard 
`default_payload.elf` and QEMU.


Please find the instructions below to reproduce the issue.

$ git clone https://review.coreboot.org/coreboot
$ cd coreboot
$ # save attached grub.cfg in the directory
$ util/scripts/config -e PAYLOAD_GRUB2
grep: .config: Datei oder Verzeichnis nicht gefunden
$ util/scripts/config -e GRUB2_INCLUDE_RUNTIME_CONFIG_FILE
$ util/scripts/config -e GRUB2_MASTER
$ util/scripts/config -e CONFIG_COREBOOT_ROMSIZE_KB_2048 # default 
of 512 KB too small for GRUB payload

$ util/scripts/config -e ANY_TOOLCHAIN
$ # or: make crossgcc-i386 CPUS=`nproc`
$ make olddefconfig
$ make -j`nproc`
$ qemu-system-x86_64 --version
 QEMU emulator version 3.1.0 (Debian 1:3.1+dfsg-2+b1)
 Copyright (c) 2003-2018 Fabrice Bellard and the QEMU Project 
developers

$ qemu-system-x86_64 -M pc -bios build/coreboot.rom -serial stdio

*No* time-out is shown. Telling QEMU to emulate a USB keyboard, 
indirectly disabling the PS/2 keyboard, the time-out *is* shown.


$ qemu-system-x86_64 -M pc -bios build/coreboot.rom -serial stdio \
-usb -device usb-kbd

Not including `at_keyboard` directly in GRUB’s “core image”, modules 
loaded automatically, the time-out is also shown.


`set debug=at_keyb` did not show anything interesting.

Can you reproduce that, and see what the problem is?


Kind regards,

Paul


PS: Please find the instructions to build GRUB as a coreboot payload 
done by coreboot’s Kconfig system automatically, and how put it into the 
coreboot filesystem CBFS.


```
$ git clone https://git.savannah.gnu.org/git/grub.git/
$ cd grub
$ git describe --tags --dirty
grub-2.02-238-ga791dc0e3
$ ./autogen.sh
$ ./configure --with-platform=coreboot
$ make default_payload.elf # this includes `at_keyboard`
$ cp default_payload.elf my/coreboot/folder/
$ cd my/coreboot/folder/
$ build/cbfstool build/coreboot.rom print
$ build/cbfstool build/coreboot.rom remove -n fallback/payload
$ build/cbfstool build/coreboot.rom add-payload -f payload.elf -n 
fallback/payload -c lzma

```


Kind regards,

Paul

set timeout=5
menuentry 'Power off machine' {
 halt
}
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org