Re: FreeBSD and Coreboot

[Edward Napierala]

On Tue, 28 May 2019 at 12:17, Eric McCorkle  wrote:

[..]

> > Now that the loader supports a ram disk, we are almost to something
> > useful... but yea, almost and crummy often go hand in hand.
>
> This is looking out ahead of my current roadmap, but if you were to do a
> kernel as the coreboot payload, there'd need to be some kind of trick to
> support ZFS-only systems.
>
> ZFS requires modules, which are typically pre-loaded (and linked) by
> loader (or GRUB).  Coreboot has no disk or filesystem or even device
> access facilities, however.  It's just "pull an image out of flash, do
> the bare essential hardware initialization to get to a C runtime
> environment, then jump into the image".

A ramdisk could help with that - boot with UFS-formatted ramdisk image
as rootfs, have init(8) execute a script that loads zfs.ko and whatever
other kernel module that's neccessary, and reroot into ZFS.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Rodney W. Grimes]

> On 5/28/19 12:46 AM, Warner Losh wrote:
> > 
> > 
> > On Mon, May 27, 2019, 10:44 PM Nathan Whitehorn  > > wrote:
> > 
> > 
> > 
> > On 2019-05-27 19:14, Warner Losh wrote:
> > > On Mon, May 27, 2019, 7:18 PM Nathan Whitehorn
> > mailto:nwhiteh...@freebsd.org>>
> > > wrote:
> > >
> > >>
> > >> On 2019-05-27 15:50, Eric McCorkle wrote:
> > >>> On 5/27/19 5:53 PM, Edward Napierala wrote:
> >  On Mon, 27 May 2019 at 16:14, Eric McCorkle
> > mailto:e...@metricspace.net>>
> > >> wrote:
> >  [..]
> > 
> > > My plan is roughly this:
> > >
> > > * Refurbish the GRUB port, get it working again in QEMU
> > (possibly on
> > >> one
> > > of my machines), also possibly push a patch to GRUB to use the
> > keybufs
> > > mechanism to pass in GELI keys.
> > >
> > > * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
> > >
> > > * Possibly create a coreboot port (uncertain how this would
> > work, since
> > > Coreboot has its own extensive config menu)
> > >
> > > * Hold my breath and test it out on real hardware (I have a
> > Librem 13
> > >> r1
> > > for this purpose)
> > >
> > > * Possibly try getting the FreeBSD kernel to work as a coreboot
> > >> payload.
> >  Out of curiosity - why the kernel and not loader(8)?
> > 
> > >>> If I understand coreboot correctly, loader would have to directly
> > >>> manipulate devices _without a BIOS_.? That is, it would have to
> > have an
> > >>> entire device detection/interface layer, which I don't believe
> > is the
> > >>> case today.
> > >>>
> > >>> At least in the EFI case, loader is talking through the system's EFI
> > >>> implementation, which takes care of all that for you.? BIOS
> > works in a
> > >>> similar way.? My sense is getting loader to the point where it
> > could be
> > >>> a coreboot (without Seabios/GRUB/Tianocore) would be quite an
> > >> undertaking.
> > >> On IBM PowerNV systems, which also don't provide interfaces to a
> > >> second-stage loader, we just abandoned loader(8). It's way too
> > much work.
> > >>
> > > How do you use tunables and loadable modules?
> > >
> > > Warner
> > >
> > 
> > The firmware on PowerNV has a way to write tunables to the device-tree,
> > which we rehydrate into something that looks like it came from loader.
> > 
> > We don't usefully support loadable modules at the moment. The firmware
> > can optionally load exactly one file from the boot filesystem and pass
> > it to the kernel (for Linux, the initrd). There are a couple of ways to
> > imagine exploiting this for kernel modules, but all of them are kind of
> > crummy.
> > 
> > 
> > Now that the loader supports a ram disk, we are almost to something
> > useful... but yea, almost and crummy often go hand in hand.
> 
> This is looking out ahead of my current roadmap, but if you were to do a
> kernel as the coreboot payload, there'd need to be some kind of trick to
> support ZFS-only systems.
> 
> ZFS requires modules, which are typically pre-loaded (and linked) by
> loader (or GRUB).  Coreboot has no disk or filesystem or even device
> access facilities, however.  It's just "pull an image out of flash, do
> the bare essential hardware initialization to get to a C runtime
> environment, then jump into the image".

ZFS does not "require" modules, you can statically compile both
opensolaris and zfs into your kernel.

> 
> One way around it might be to concatenate the modules and a kernel
> together with a kind of mezzanine level that does all the module
> linking, then jumps into the kernel.  I suppose you could also build
> that functionality into the kernel itself, or perhaps even coreboot.

It is called a statically linked kernel, no modules at all.

> I suspect there might be some license issues that kept us from being
> able to build these modules into the kernel in the first place, though,
> and that might affect the choice as well.

I do not know of a license issue for US, linux has one due to
incompatibility of a GPL kernel with a CDDL ZFS module, thankfully
we do not have that issue.


-- 
Rod Grimes rgri...@freebsd.org
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Eric McCorkle]

On 5/28/19 12:46 AM, Warner Losh wrote:
> 
> 
> On Mon, May 27, 2019, 10:44 PM Nathan Whitehorn  > wrote:
> 
> 
> 
> On 2019-05-27 19:14, Warner Losh wrote:
> > On Mon, May 27, 2019, 7:18 PM Nathan Whitehorn
> mailto:nwhiteh...@freebsd.org>>
> > wrote:
> >
> >>
> >> On 2019-05-27 15:50, Eric McCorkle wrote:
> >>> On 5/27/19 5:53 PM, Edward Napierala wrote:
>  On Mon, 27 May 2019 at 16:14, Eric McCorkle
> mailto:e...@metricspace.net>>
> >> wrote:
>  [..]
> 
> > My plan is roughly this:
> >
> > * Refurbish the GRUB port, get it working again in QEMU
> (possibly on
> >> one
> > of my machines), also possibly push a patch to GRUB to use the
> keybufs
> > mechanism to pass in GELI keys.
> >
> > * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
> >
> > * Possibly create a coreboot port (uncertain how this would
> work, since
> > Coreboot has its own extensive config menu)
> >
> > * Hold my breath and test it out on real hardware (I have a
> Librem 13
> >> r1
> > for this purpose)
> >
> > * Possibly try getting the FreeBSD kernel to work as a coreboot
> >> payload.
>  Out of curiosity - why the kernel and not loader(8)?
> 
> >>> If I understand coreboot correctly, loader would have to directly
> >>> manipulate devices _without a BIOS_.  That is, it would have to
> have an
> >>> entire device detection/interface layer, which I don't believe
> is the
> >>> case today.
> >>>
> >>> At least in the EFI case, loader is talking through the system's EFI
> >>> implementation, which takes care of all that for you.  BIOS
> works in a
> >>> similar way.  My sense is getting loader to the point where it
> could be
> >>> a coreboot (without Seabios/GRUB/Tianocore) would be quite an
> >> undertaking.
> >> On IBM PowerNV systems, which also don't provide interfaces to a
> >> second-stage loader, we just abandoned loader(8). It's way too
> much work.
> >>
> > How do you use tunables and loadable modules?
> >
> > Warner
> >
> 
> The firmware on PowerNV has a way to write tunables to the device-tree,
> which we rehydrate into something that looks like it came from loader.
> 
> We don't usefully support loadable modules at the moment. The firmware
> can optionally load exactly one file from the boot filesystem and pass
> it to the kernel (for Linux, the initrd). There are a couple of ways to
> imagine exploiting this for kernel modules, but all of them are kind of
> crummy.
> 
> 
> Now that the loader supports a ram disk, we are almost to something
> useful... but yea, almost and crummy often go hand in hand.

This is looking out ahead of my current roadmap, but if you were to do a
kernel as the coreboot payload, there'd need to be some kind of trick to
support ZFS-only systems.

ZFS requires modules, which are typically pre-loaded (and linked) by
loader (or GRUB).  Coreboot has no disk or filesystem or even device
access facilities, however.  It's just "pull an image out of flash, do
the bare essential hardware initialization to get to a C runtime
environment, then jump into the image".

One way around it might be to concatenate the modules and a kernel
together with a kind of mezzanine level that does all the module
linking, then jumps into the kernel.  I suppose you could also build
that functionality into the kernel itself, or perhaps even coreboot.

I suspect there might be some license issues that kept us from being
able to build these modules into the kernel in the first place, though,
and that might affect the choice as well.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Piotr Kubaj]

I have been running coreboot on many boards with FreeBSD for a few years now.

I've been getting mixed results. E.g. on ASUS F2A85-M there's no fan control in 
coreboot so the OS must do it itself and FreeBSD doesn't support it. After 
running it for some time, my CPU eventually burned...

Thinkpads seem to basically work fine, since ACPI takes care of fans.

ASUS KGPE-D16 are great boards and can run completely blobless, but to run them 
with FreeBSD, I had to upgrade cooling (it overheated). And the only way to 
control fans on those boards with FreeBSD and coreboot is via BMC (there's 
OpenBMC port that runs great). If KGPE-D16 is too expensive, you could get ASUS 
KCMA-D8 which are cheaper and basically a low-end KGPE-D16.

Asrock E350M1 also works pretty well, but it's a really old board with embedded 
CPU from AMD.

There are also (mentioned before) APU from PCEngines, but beware, only APU1 can 
run blobless. APU2 and newer need proprietary AGESA (APU1 runs with open-source 
AGESA) and PSP (ME equivalent).

Finally, FreeBSD runs on Raptor Talos and Blackbird boards. They don't run 
coreboot but OpenPOWER firmware, which is also 100% FOSS. If you can afford 
them, it's the best way to run FOSS firmware.

I run both coreboot boards (with FreeBSD and other systems) and Talos II, so 
feel free to reach to me via email if you have further questions.


signature.asc
Description: PGP signature

Re: FreeBSD and Coreboot

[Warner Losh]

On Mon, May 27, 2019, 10:44 PM Nathan Whitehorn 
wrote:

>
>
> On 2019-05-27 19:14, Warner Losh wrote:
> > On Mon, May 27, 2019, 7:18 PM Nathan Whitehorn 
> > wrote:
> >
> >>
> >> On 2019-05-27 15:50, Eric McCorkle wrote:
> >>> On 5/27/19 5:53 PM, Edward Napierala wrote:
>  On Mon, 27 May 2019 at 16:14, Eric McCorkle 
> >> wrote:
>  [..]
> 
> > My plan is roughly this:
> >
> > * Refurbish the GRUB port, get it working again in QEMU (possibly on
> >> one
> > of my machines), also possibly push a patch to GRUB to use the
> keybufs
> > mechanism to pass in GELI keys.
> >
> > * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
> >
> > * Possibly create a coreboot port (uncertain how this would work,
> since
> > Coreboot has its own extensive config menu)
> >
> > * Hold my breath and test it out on real hardware (I have a Librem 13
> >> r1
> > for this purpose)
> >
> > * Possibly try getting the FreeBSD kernel to work as a coreboot
> >> payload.
>  Out of curiosity - why the kernel and not loader(8)?
> 
> >>> If I understand coreboot correctly, loader would have to directly
> >>> manipulate devices _without a BIOS_.  That is, it would have to have an
> >>> entire device detection/interface layer, which I don't believe is the
> >>> case today.
> >>>
> >>> At least in the EFI case, loader is talking through the system's EFI
> >>> implementation, which takes care of all that for you.  BIOS works in a
> >>> similar way.  My sense is getting loader to the point where it could be
> >>> a coreboot (without Seabios/GRUB/Tianocore) would be quite an
> >> undertaking.
> >> On IBM PowerNV systems, which also don't provide interfaces to a
> >> second-stage loader, we just abandoned loader(8). It's way too much
> work.
> >>
> > How do you use tunables and loadable modules?
> >
> > Warner
> >
>
> The firmware on PowerNV has a way to write tunables to the device-tree,
> which we rehydrate into something that looks like it came from loader.
>
> We don't usefully support loadable modules at the moment. The firmware
> can optionally load exactly one file from the boot filesystem and pass
> it to the kernel (for Linux, the initrd). There are a couple of ways to
> imagine exploiting this for kernel modules, but all of them are kind of
> crummy.
>

Now that the loader supports a ram disk, we are almost to something
useful... but yea, almost and crummy often go hand in hand.

Warner

>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Nathan Whitehorn]

On 2019-05-27 19:14, Warner Losh wrote:
> On Mon, May 27, 2019, 7:18 PM Nathan Whitehorn 
> wrote:
>
>>
>> On 2019-05-27 15:50, Eric McCorkle wrote:
>>> On 5/27/19 5:53 PM, Edward Napierala wrote:
 On Mon, 27 May 2019 at 16:14, Eric McCorkle 
>> wrote:
 [..]

> My plan is roughly this:
>
> * Refurbish the GRUB port, get it working again in QEMU (possibly on
>> one
> of my machines), also possibly push a patch to GRUB to use the keybufs
> mechanism to pass in GELI keys.
>
> * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
>
> * Possibly create a coreboot port (uncertain how this would work, since
> Coreboot has its own extensive config menu)
>
> * Hold my breath and test it out on real hardware (I have a Librem 13
>> r1
> for this purpose)
>
> * Possibly try getting the FreeBSD kernel to work as a coreboot
>> payload.
 Out of curiosity - why the kernel and not loader(8)?

>>> If I understand coreboot correctly, loader would have to directly
>>> manipulate devices _without a BIOS_.  That is, it would have to have an
>>> entire device detection/interface layer, which I don't believe is the
>>> case today.
>>>
>>> At least in the EFI case, loader is talking through the system's EFI
>>> implementation, which takes care of all that for you.  BIOS works in a
>>> similar way.  My sense is getting loader to the point where it could be
>>> a coreboot (without Seabios/GRUB/Tianocore) would be quite an
>> undertaking.
>> On IBM PowerNV systems, which also don't provide interfaces to a
>> second-stage loader, we just abandoned loader(8). It's way too much work.
>>
> How do you use tunables and loadable modules?
>
> Warner
>

The firmware on PowerNV has a way to write tunables to the device-tree,
which we rehydrate into something that looks like it came from loader.

We don't usefully support loadable modules at the moment. The firmware
can optionally load exactly one file from the boot filesystem and pass
it to the kernel (for Linux, the initrd). There are a couple of ways to
imagine exploiting this for kernel modules, but all of them are kind of
crummy.
-Nathan
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Warner Losh]

On Mon, May 27, 2019, 7:18 PM Nathan Whitehorn 
wrote:

>
>
> On 2019-05-27 15:50, Eric McCorkle wrote:
> > On 5/27/19 5:53 PM, Edward Napierala wrote:
> >> On Mon, 27 May 2019 at 16:14, Eric McCorkle 
> wrote:
> >>
> >> [..]
> >>
> >>> My plan is roughly this:
> >>>
> >>> * Refurbish the GRUB port, get it working again in QEMU (possibly on
> one
> >>> of my machines), also possibly push a patch to GRUB to use the keybufs
> >>> mechanism to pass in GELI keys.
> >>>
> >>> * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
> >>>
> >>> * Possibly create a coreboot port (uncertain how this would work, since
> >>> Coreboot has its own extensive config menu)
> >>>
> >>> * Hold my breath and test it out on real hardware (I have a Librem 13
> r1
> >>> for this purpose)
> >>>
> >>> * Possibly try getting the FreeBSD kernel to work as a coreboot
> payload.
> >> Out of curiosity - why the kernel and not loader(8)?
> >>
> > If I understand coreboot correctly, loader would have to directly
> > manipulate devices _without a BIOS_.  That is, it would have to have an
> > entire device detection/interface layer, which I don't believe is the
> > case today.
> >
> > At least in the EFI case, loader is talking through the system's EFI
> > implementation, which takes care of all that for you.  BIOS works in a
> > similar way.  My sense is getting loader to the point where it could be
> > a coreboot (without Seabios/GRUB/Tianocore) would be quite an
> undertaking.
> >
>
> On IBM PowerNV systems, which also don't provide interfaces to a
> second-stage loader, we just abandoned loader(8). It's way too much work.
>

How do you use tunables and loadable modules?

Warner

>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Nathan Whitehorn]

On 2019-05-27 15:50, Eric McCorkle wrote:
> On 5/27/19 5:53 PM, Edward Napierala wrote:
>> On Mon, 27 May 2019 at 16:14, Eric McCorkle  wrote:
>>
>> [..]
>>
>>> My plan is roughly this:
>>>
>>> * Refurbish the GRUB port, get it working again in QEMU (possibly on one
>>> of my machines), also possibly push a patch to GRUB to use the keybufs
>>> mechanism to pass in GELI keys.
>>>
>>> * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
>>>
>>> * Possibly create a coreboot port (uncertain how this would work, since
>>> Coreboot has its own extensive config menu)
>>>
>>> * Hold my breath and test it out on real hardware (I have a Librem 13 r1
>>> for this purpose)
>>>
>>> * Possibly try getting the FreeBSD kernel to work as a coreboot payload.
>> Out of curiosity - why the kernel and not loader(8)?
>>
> If I understand coreboot correctly, loader would have to directly
> manipulate devices _without a BIOS_.  That is, it would have to have an
> entire device detection/interface layer, which I don't believe is the
> case today.
>
> At least in the EFI case, loader is talking through the system's EFI
> implementation, which takes care of all that for you.  BIOS works in a
> similar way.  My sense is getting loader to the point where it could be
> a coreboot (without Seabios/GRUB/Tianocore) would be quite an undertaking.
>

On IBM PowerNV systems, which also don't provide interfaces to a
second-stage loader, we just abandoned loader(8). It's way too much work.
-Nathan



signature.asc
Description: OpenPGP digital signature

Re: FreeBSD and Coreboot

[Eric McCorkle]

On 5/27/19 11:13 AM, Eric McCorkle wrote:

> My plan is roughly this:
> 
> * Refurbish the GRUB port, get it working again in QEMU (possibly on one
> of my machines), also possibly push a patch to GRUB to use the keybufs
> mechanism to pass in GELI keys.

I managed to get the grub2 port compiling against 2.02 (latest release)
in an afternoon's worth of work.  Note: the --force-label flag on
grub-install isn't presently implemented; I'll need to dig deeper into
the code to get that working.

I haven't tried to see if it works yet.  You can follow my work on the
grub2 branch of my freebsd-ports fork:

https://github.com/emc2/freebsd-ports/tree/grub2

Also, I am potentially willing to take over maintenance of the port,
assuming the volume of work isn't too high.



signature.asc
Description: OpenPGP digital signature

Re: FreeBSD and Coreboot

[Eric McCorkle]

On 5/27/19 5:53 PM, Edward Napierala wrote:
> On Mon, 27 May 2019 at 16:14, Eric McCorkle  wrote:
> 
> [..]
> 
>> My plan is roughly this:
>>
>> * Refurbish the GRUB port, get it working again in QEMU (possibly on one
>> of my machines), also possibly push a patch to GRUB to use the keybufs
>> mechanism to pass in GELI keys.
>>
>> * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
>>
>> * Possibly create a coreboot port (uncertain how this would work, since
>> Coreboot has its own extensive config menu)
>>
>> * Hold my breath and test it out on real hardware (I have a Librem 13 r1
>> for this purpose)
>>
>> * Possibly try getting the FreeBSD kernel to work as a coreboot payload.
> 
> Out of curiosity - why the kernel and not loader(8)?
> 

If I understand coreboot correctly, loader would have to directly
manipulate devices _without a BIOS_.  That is, it would have to have an
entire device detection/interface layer, which I don't believe is the
case today.

At least in the EFI case, loader is talking through the system's EFI
implementation, which takes care of all that for you.  BIOS works in a
similar way.  My sense is getting loader to the point where it could be
a coreboot (without Seabios/GRUB/Tianocore) would be quite an undertaking.



signature.asc
Description: OpenPGP digital signature

Re: FreeBSD and Coreboot

[Edward Napierala]

On Mon, 27 May 2019 at 16:14, Eric McCorkle  wrote:

[..]

> My plan is roughly this:
>
> * Refurbish the GRUB port, get it working again in QEMU (possibly on one
> of my machines), also possibly push a patch to GRUB to use the keybufs
> mechanism to pass in GELI keys.
>
> * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
>
> * Possibly create a coreboot port (uncertain how this would work, since
> Coreboot has its own extensive config menu)
>
> * Hold my breath and test it out on real hardware (I have a Librem 13 r1
> for this purpose)
>
> * Possibly try getting the FreeBSD kernel to work as a coreboot payload.

Out of curiosity - why the kernel and not loader(8)?
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Matthias Apitz]

El día Monday, May 27, 2019 a las 11:13:46AM -0400, Eric McCorkle escribió:

> Hello everyone,
> 
> I'm through enough of my job change that I can start working on FreeBSD
> again.  One thing I've had on my list to examine is using FreeBSD with
> coreboot, so I wanted to put out a call for anyone who has done work on
> this, or knows anything about it.

Hello Eric,

I don't know if this is something which has to do with your project.
Since 2015 I use an Acer C720 Chromebook with FreeBSD (CURRENT) this has
AFAIK coreboot with SeaBIOS and works just fine.

Just to let you know.

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: Спаси́бо освободители! Thank you very much, Russian liberators!
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Kurt Jaeger]

Hi!

> * The PC Engines boards evidently use coreboot, and I've heard multiple
> reports of them running FreeBSD systems without a problem.

I have approx. 130 of the PC Engines APUs in varius
versions up until the most recent, running with FreeBSD just fine.

No special setup, just the generic coreboot firmware.
Well, they had some issues with 12.0-REL booting from USB sticks
Booting 11.2 sticks, installing and upgrading works fine.
Did not test more recent firmware.

This worked to reflash the BIOS to their most recent versions:

Source of the BIOS:

https://pcengines.github.io/

I used 

flashrom -w apu4_v4.9.0.5.rom  --programmer internal

to upgrade:

Found Winbond flash chip "W25Q64.V" (8192 kB, SPI) mapped at physical address 
0xff80.

/usr/local/bin/flashrom was installed by package flashrom-1.0_1

-- 
p...@opsec.eu+49 171 3101372One year to go !
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: FreeBSD and Coreboot

[Karl Denninger]

On 5/27/2019 10:13, Eric McCorkle wrote:
> Hello everyone,
>
> I'm through enough of my job change that I can start working on FreeBSD
> again.  One thing I've had on my list to examine is using FreeBSD with
> coreboot, so I wanted to put out a call for anyone who has done work on
> this, or knows anything about it.
>
> Here is what I know:
>
> * Coreboot _can_ boot kernels directly, but this requires two things: 1)
> you must flash your BIOS every time you update a kernel, 2) the kernel
> must be able to work without the usual device initialization that the
> BIOS does.
>
> * Coreboot has two significant payload options beyond a kernel: Seabios
> and GRUB (supposedly Tianocore EFI is an option, but it apparently
> doesn't really work).
>
> * Scrounging the coreboot wiki seems to produce some conflicting
> information.  One page claims that the FreeBSD kernel can boot directly
> as a coreboot payload; another claims GRUB or Seabios to be the only
> options.
>
> * The PC Engines boards evidently use coreboot, and I've heard multiple
> reports of them running FreeBSD systems without a problem.  I don't know
> whether they use GRUB or Seabios.  (Aside: I'm thinking about ordering
> some of these boards for my own use, so I'm generally interested in how
> well they function with FreeBSD)
>
PCEngines machines run just fine with FreeBSD; I use and support a bunch
of them around here for various purposes, mostly as edge firewall and
gateway devices.
-- 
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/


smime.p7s
Description: S/MIME Cryptographic Signature

Re: FreeBSD and Coreboot

[Shawn Webb]

Hey Eric,

My response is inline.

On Mon, May 27, 2019 at 11:13:46AM -0400, Eric McCorkle wrote:
> Hello everyone,
> 
> I'm through enough of my job change that I can start working on FreeBSD
> again.  One thing I've had on my list to examine is using FreeBSD with
> coreboot, so I wanted to put out a call for anyone who has done work on
> this, or knows anything about it.
> 
> Here is what I know:
> 
> * Coreboot _can_ boot kernels directly, but this requires two things: 1)
> you must flash your BIOS every time you update a kernel, 2) the kernel
> must be able to work without the usual device initialization that the
> BIOS does.
> 
> * Coreboot has two significant payload options beyond a kernel: Seabios
> and GRUB (supposedly Tianocore EFI is an option, but it apparently
> doesn't really work).
> 
> * Scrounging the coreboot wiki seems to produce some conflicting
> information.  One page claims that the FreeBSD kernel can boot directly
> as a coreboot payload; another claims GRUB or Seabios to be the only
> options.
> 
> * The PC Engines boards evidently use coreboot, and I've heard multiple
> reports of them running FreeBSD systems without a problem.  I don't know
> whether they use GRUB or Seabios.  (Aside: I'm thinking about ordering
> some of these boards for my own use, so I'm generally interested in how
> well they function with FreeBSD)

I own several PC Engines APU boards. They definitely use Coreboot as
maintained by these peeps: https://twitter.com/3mdeb_com

The Coreboot for the APU boards uses Seabios.

> 
> 
> My plan is roughly this:
> 
> * Refurbish the GRUB port, get it working again in QEMU (possibly on one
> of my machines), also possibly push a patch to GRUB to use the keybufs
> mechanism to pass in GELI keys.
> 
> * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
> 
> * Possibly create a coreboot port (uncertain how this would work, since
> Coreboot has its own extensive config menu)
> 
> * Hold my breath and test it out on real hardware (I have a Librem 13 r1
> for this purpose)
> 
> * Possibly try getting the FreeBSD kernel to work as a coreboot payload.
> 
> 
> Here's what I don't know/what would be useful knowledge for me:
> 
> * Anyone else who's been experimenting/working on coreboot support, and
> what they found
> 
> * Any working examples of using Coreboot with FreeBSD
> 
> * Down the road, anything about adapting the FreeBSD kernel to work with
> a new boot platform (ie. low level details about how to set it up in
> memory on a bare-metal system and start execution)
> 

Reach out to 3mdeb (feel free to CC me, if you'd like). See what
they'd like help with. There's certainly a lot more work that could be
done.

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID:  0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2


signature.asc
Description: PGP signature

FreeBSD and Coreboot

[Eric McCorkle]

Hello everyone,

I'm through enough of my job change that I can start working on FreeBSD
again.  One thing I've had on my list to examine is using FreeBSD with
coreboot, so I wanted to put out a call for anyone who has done work on
this, or knows anything about it.

Here is what I know:

* Coreboot _can_ boot kernels directly, but this requires two things: 1)
you must flash your BIOS every time you update a kernel, 2) the kernel
must be able to work without the usual device initialization that the
BIOS does.

* Coreboot has two significant payload options beyond a kernel: Seabios
and GRUB (supposedly Tianocore EFI is an option, but it apparently
doesn't really work).

* Scrounging the coreboot wiki seems to produce some conflicting
information.  One page claims that the FreeBSD kernel can boot directly
as a coreboot payload; another claims GRUB or Seabios to be the only
options.

* The PC Engines boards evidently use coreboot, and I've heard multiple
reports of them running FreeBSD systems without a problem.  I don't know
whether they use GRUB or Seabios.  (Aside: I'm thinking about ordering
some of these boards for my own use, so I'm generally interested in how
well they function with FreeBSD)


My plan is roughly this:

* Refurbish the GRUB port, get it working again in QEMU (possibly on one
of my machines), also possibly push a patch to GRUB to use the keybufs
mechanism to pass in GELI keys.

* Get coreboot with GRUB/Seabios booting FreeBSD in QEMU

* Possibly create a coreboot port (uncertain how this would work, since
Coreboot has its own extensive config menu)

* Hold my breath and test it out on real hardware (I have a Librem 13 r1
for this purpose)

* Possibly try getting the FreeBSD kernel to work as a coreboot payload.


Here's what I don't know/what would be useful knowledge for me:

* Anyone else who's been experimenting/working on coreboot support, and
what they found

* Any working examples of using Coreboot with FreeBSD

* Down the road, anything about adapting the FreeBSD kernel to work with
a new boot platform (ie. low level details about how to set it up in
memory on a bare-metal system and start execution)



signature.asc
Description: OpenPGP digital signature