[coreboot] Re: Vboot: Phase 3 unsuccessful with RO_SECTION only
Thanks Julius. Yes I was referring to Coreboot versions. I have cited you in the link below so that the Heads community can build upon your feedback. https://github.com/osresearch/heads/pull/709#issuecomment-707101935 Thanks Tim also for your help. Kind regards, Thomas On 10/12/20 9:14 PM, Julius Werner wrote: >> Actually the behaviour you described in the 'third combination' I've been >> able to achieve by having a tiny RO_SECTION and a large RW_A and excluding >> the payload from being written to the RO_SECTION. It just felt a bit like >> cheating but I may invest more time into it to see if its usable. > > Well yeah, you can leave out the payload and that may be the biggest > part for you. But technically you could also leave out romstage and > ramstage in that situation, and the build system currently doesn't yet > offer an option to allow that. > >> Ultimately the goal (at this time) is to have measured boot by expanding >> hashs into PCR's which can be verified by the end user using TOTP. > > Note that measured boot is independent from verified boot. The main > point of verified boot is to allow keeping a part of the flash > writable so it can be updated but is still cryptographically verified. > If you don't care about that, you can just write-protect your whole > flash and only enable CONFIG_TPM_MEASURED_BOOT. (Or, you know, not > write-protect anything, but then both measured and verified boot > become somewhat pointless because your trust anchor is not secure.) > >> Another question if I may, does the behaviour you described apply to 4.12 >> also? I ask as there are a lot of boards that have a vboot-ro.fmd. Would >> these also fail for the reasons you have described or is there better >> support for this in 4.12 opposed to 4.11? > > Are you talking about coreboot versions? Sorry, I don't follow the > tags we cut super closely. The behavior I described has been pretty > much unchanged since 2018, I think (so long before 4.12 or 4.11). > ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: Vboot: Phase 3 unsuccessful with RO_SECTION only
> Actually the behaviour you described in the 'third combination' I've been > able to achieve by having a tiny RO_SECTION and a large RW_A and excluding > the payload from being written to the RO_SECTION. It just felt a bit like > cheating but I may invest more time into it to see if its usable. Well yeah, you can leave out the payload and that may be the biggest part for you. But technically you could also leave out romstage and ramstage in that situation, and the build system currently doesn't yet offer an option to allow that. > Ultimately the goal (at this time) is to have measured boot by expanding > hashs into PCR's which can be verified by the end user using TOTP. Note that measured boot is independent from verified boot. The main point of verified boot is to allow keeping a part of the flash writable so it can be updated but is still cryptographically verified. If you don't care about that, you can just write-protect your whole flash and only enable CONFIG_TPM_MEASURED_BOOT. (Or, you know, not write-protect anything, but then both measured and verified boot become somewhat pointless because your trust anchor is not secure.) > Another question if I may, does the behaviour you described apply to 4.12 > also? I ask as there are a lot of boards that have a vboot-ro.fmd. Would > these also fail for the reasons you have described or is there better support > for this in 4.12 opposed to 4.11? Are you talking about coreboot versions? Sorry, I don't follow the tags we cut super closely. The behavior I described has been pretty much unchanged since 2018, I think (so long before 4.12 or 4.11). ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Tianocore debugging features
I'm trying to get Tianocore to work with my Thinkpad T400, however, the person I am working with, MrChromeBox, needs debugging information. The laptop is limited in ports, and the optimal solution according to them would be to use Coreboots CBMEM console. Neither Myself nor MrChromeBox know how to implement this, and it would be appreciated if someone more knowledgeable could implement this feature to correct whatever the error may be with the device and Tianocore. ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: Asus F2A85-M Pro: Accessing DMA1_RESET_REG in `isa_dma_init()` hangs system
Dear Rudolf, Am 03.10.20 um 20:39 schrieb Rudolf Marek: Dne 03. 10. 20 v 16:16 Paul Menzel napsal(a): I’ll try to figure out, what is wrong with the Super I/O settings in the devicetree. Removing the devicetree Super I/O configuration already gets rid of the hang, but causes other problems. Help is appreciated. Please can you check how the LPC decode registers are setup? The 14.3 device has some registers to setup what is going to be sent to LPC bus. There are bits for fixed legacy regions like COM1 etc, and then there are bigger 3? programmable ranges. Maybe this is in conflict with legacy I/O which causes the hang. I don't know the right file, maybe it is in src/southbridge/amd/agesa/hudson/lpc.c see hudson_lpc_enable_childrens_resources() Maybe booting with debug verbosity would tell. "hudson lpc decode:%s, base=0x%08x, end=0x%08x\n", Thank you very much for your help and suggestions. It’s great to know, that you are still reading messages on the mailing list. It turned out that, that removing `io 0x60 = 0x00` from the devicetree got rid of the hang. device pnp 2e.8 on # WDT1, GPIO0, GPIO1 io 0x30 = 0x00 io 0x60 = 0x00 io 0x61 = 0x00 With the help of Michael, Nico, and Angel in #coreb...@irc.freenode.net, the problem was further debugged, and Nico explained the weird devicetree semantics (effects of enabling a device with `on`) and noticed that `io` was used mostly incorrectly, and that `irq` had to be used. Nico was so kind, creating a patch series fixing these issues [7]. Now, only the PCI issues have to be fixed, so the network card is detected. But, if I should fail to fix it myself, I am going to start a new thread for these. Kind regards, Paul [1]: https://review.coreboot.org/c/coreboot/+/39371/ [2]: https://review.coreboot.org/c/coreboot/+/39377/ [3]: https://review.coreboot.org/cgit/board-status.git/commit/asus/f2a85-m/4.10-942-ga89c82e4021/2019-10-08T12_59_37Z/cbfs.txt?id=a922631d481cec9951be67b2c6c208f74054676f [4]: https://review.coreboot.org/c/coreboot/+/35855 >> [5]: https://review.coreboot.org/c/coreboot/+/35086 [6]: https://review.coreboot.org/plugins/gitiles/coreboot/+/06639f2abf86bd0eef9c7808b7e724450d1408b8/src/mainboard/asus/f2a85-m/devicetree_f2a85-m_pro.cb#60 [7]: https://review.coreboot.org/c/coreboot/+/46021/ "mb/asus/f2a85-m_pro: Enable super-i/o LDNs 0x0f and 0x14" ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] Re: [flashrom] Re: Operating Systems for coreboot/flashrom/etc?
You need to 1) get a .bin file somewhere (BIOS ROM) - either from the owner that has the same laptop, or from your laptop's company. 2) get a test clip like SOIC8 , to attach to a BIOS chip without soldering and flash it пн, 12 окт. 2020 г. в 09:15, Miraz Shuvra : > > Hello sir , > > I need a little bit help > > I accidentally corrupted bios of my laptop during bios update > ...before it blackout... i saw the txt .." searching for bios firmware ... > bios firmware not found " > > I baught a ch341A usb bios programming device ... > I think a .bin file may bring my laptop back to life. > > My laptop ran with ami bios > The bios chip is 25Q80DVS IG 1646 > > Can you pls help me anyway. > > On Wed, Sep 30, 2020, 1:49 AM Clay Daniels wrote: >> >> I am a big FreeBSD fan, and also run NetBSD on an older machine. Haven't >> used much Linux lately but installed Ubuntu to get a lspci for flashrom use. >> Ubuntu is fine, but does not have superiotool available as best I see. >> Looking back to FreeBSD I found superiotool just where I expected, as a port >> to be compiled under sysutils. Works fine, but still never finds my hidden >> bios I will call "SPI1" for lack of a better name. >> >> Anyway, I keep looking for more tools, and have an extra disk drive for >> another OS if anyone has any good suggestions? >> >> Right now I'm in Ubuntu, listening to the coreboot & flashrom freenode IRC >> channels. Quite a lot goes on there if you catch it right. Some real sharp >> guys. >> >> Clay >> ___ >> flashrom mailing list -- flash...@flashrom.org >> To unsubscribe send an email to flashrom-le...@flashrom.org > > ___ > flashrom mailing list -- flash...@flashrom.org > To unsubscribe send an email to flashrom-le...@flashrom.org ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org