parent
8030db9dd1
commit
60c02624a7
|
@ -1,10 +1,13 @@
|
||||||
---
|
---
|
||||||
title: U-Boot payload
|
title: U-Boot payload (x86 and ARM)
|
||||||
x-toc-enable: true
|
x-toc-enable: true
|
||||||
...
|
...
|
||||||
|
|
||||||
|
**NOTE: This documentation refers only to ARM64. For AMD64/i386 (Intel/AMD)
|
||||||
|
U-Boot setups, please read [uboot-x86.md](uboot-x86.md).**
|
||||||
|
|
||||||
Canoeboot has experimental support for using U-Boot as a coreboot
|
Canoeboot has experimental support for using U-Boot as a coreboot
|
||||||
payload.
|
payload since the the project was launched, and on x86 since late 2024.
|
||||||
|
|
||||||
U-Boot integration in Canoeboot is currently at a proof-of-concept
|
U-Boot integration in Canoeboot is currently at a proof-of-concept
|
||||||
stage, with most boards completely untested and most likely not working.
|
stage, with most boards completely untested and most likely not working.
|
||||||
|
@ -16,7 +19,7 @@ to Canoeboot.
|
||||||
Make sure you have the latest `cbmk` from the Git repository,
|
Make sure you have the latest `cbmk` from the Git repository,
|
||||||
and the build dependencies are installed like so, from `cbmk/` as root:
|
and the build dependencies are installed like so, from `cbmk/` as root:
|
||||||
|
|
||||||
./build dependencies debian
|
./mk dependencies debian
|
||||||
|
|
||||||
This installs everything needed for `./build boot roms`, and part of the
|
This installs everything needed for `./build boot roms`, and part of the
|
||||||
build process makes use of coreboot's own cross-compile toolchain.
|
build process makes use of coreboot's own cross-compile toolchain.
|
||||||
|
|
|
@ -0,0 +1,161 @@
|
||||||
|
---
|
||||||
|
title: U-Boot payload (x86 specific)
|
||||||
|
x-toc-enable: true
|
||||||
|
...
|
||||||
|
|
||||||
|
Introduction
|
||||||
|
============
|
||||||
|
|
||||||
|
U-Boot is available as a coreboot payload, in Canoeboot 20241207 and later,
|
||||||
|
on x86 boards; on ARM it has been available since Canoeboot launched.
|
||||||
|
|
||||||
|
Please read <https://www.u-boot.org/>, especially the full U-Boot documentation
|
||||||
|
available there.
|
||||||
|
|
||||||
|
**NOTE: This documentation refers only to x86. For ARM, please refer back to
|
||||||
|
the [main U-Boot page](index.md).**
|
||||||
|
|
||||||
|
More documentation about this will be written at a later date, but just before
|
||||||
|
the Canoeboot 20241207 release in December 2024, U-Boot support was added as
|
||||||
|
a payload on x86 machines, both 32- and 64-bit. This is using the excellent work
|
||||||
|
done by Simon Glass and others, on making U-Boot run as a generic x86 coreboot
|
||||||
|
payload. It has several boot methods but the most interesting (in an x86
|
||||||
|
context) is UEFI. U-Boot provides a very sensible UEFI implementation that can
|
||||||
|
reliably boot many GNU+Linux and BSD systems.
|
||||||
|
|
||||||
|
Availability
|
||||||
|
------------
|
||||||
|
|
||||||
|
Do this in cbmk.git (Canoeboot's build system) to check whether your board has
|
||||||
|
U-Boot enabled:
|
||||||
|
|
||||||
|
git grep payload_uboot_amd64
|
||||||
|
git grep payload_uboot_i386
|
||||||
|
|
||||||
|
In `target.cfg` files for each coreboot board, you will find this option if
|
||||||
|
it's enabled. You also need either `u-boot/i386coreboot`
|
||||||
|
or `u-boot/amd64coreboot` in the `build_depend` variable for a given board, for
|
||||||
|
it to automatically compile at build time.
|
||||||
|
|
||||||
|
Not every board has it yet. U-Boot is still experimental on x86. Canoeboot has
|
||||||
|
made several modifications to the default *bootflow* menu, used for selecting
|
||||||
|
an EFI application at boot (e.g. installed GRUB bootloader for e.g. Debian).
|
||||||
|
For example, upstream didn't implement an auto-boot timeout for the first
|
||||||
|
selected boot item, so this was implemented. Canoeboot also themed it to look
|
||||||
|
more like an official Canoeboot bootloader.
|
||||||
|
|
||||||
|
Here is an example of what it looks like on the boot menu:
|
||||||
|
|
||||||
|
<https://mas.to/@libreleah/113596262378713418>
|
||||||
|
|
||||||
|
Boot GNU Linux or BSD installer (USB)
|
||||||
|
---------------------------
|
||||||
|
|
||||||
|
Just stick your formatted USB stick in. U-Boot should detect it. Sometimes some
|
||||||
|
USB flash drives are broken, because many of them violate specifications and
|
||||||
|
U-Boot doesn't properly hack around that like Linux does (buggy USB mass storage
|
||||||
|
implementation) - also, xhci suppport is still a bit unstable, on machines that
|
||||||
|
don't have EHCI controllers (e.g. Haswell setups and beyond).
|
||||||
|
|
||||||
|
If your USB drive is detected at boot, a menu might appear, showing it and you
|
||||||
|
can select it, sometimes it doesn't and you could instead do in the U-Boot shell:
|
||||||
|
|
||||||
|
bootflow list
|
||||||
|
bootflow select X
|
||||||
|
|
||||||
|
Where `X` is the number of the boot device, as shown by the output of the list
|
||||||
|
command.
|
||||||
|
|
||||||
|
After selecting the device, you can do:
|
||||||
|
|
||||||
|
bootflow boot
|
||||||
|
|
||||||
|
Booting installed system
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
It should just work. If all is well, it'll show the bootflow menu. Simply
|
||||||
|
select your device. If you see error, perhaps try:
|
||||||
|
|
||||||
|
bootefi bootmgr
|
||||||
|
|
||||||
|
Tested operating systems
|
||||||
|
========================
|
||||||
|
|
||||||
|
Linux/BSD
|
||||||
|
---------
|
||||||
|
|
||||||
|
Arch Linux, Debian Linux and OpenBSD have been tested.
|
||||||
|
|
||||||
|
Some GRUB setups that use the *console* output mode end up using the U-Boot
|
||||||
|
console driver, which is buggy in UEFI GRUB, so menus can get quite messed up
|
||||||
|
indeed; text in the wrong place, countdown timers mangled, etc. E.g. the Arch
|
||||||
|
Linux installer is completely broken, but you can hit enter to boot Linux which
|
||||||
|
then uses KMS and the installed system uses it (and you could install another
|
||||||
|
bootloader in the installed system).
|
||||||
|
|
||||||
|
EFI-based GRUB menus like in the Debian installer seemed to work just fine,
|
||||||
|
that is: setups that use the EFI framebuffer instead of a text console.
|
||||||
|
|
||||||
|
Windows
|
||||||
|
-------
|
||||||
|
|
||||||
|
Windows was tested, and doesn't work yet. Simon Glass maintains the x86
|
||||||
|
coreboot payload, and has informed me that he still has some work to do
|
||||||
|
there.
|
||||||
|
|
||||||
|
Obviously using Windows would be extremely unGNU, so we advise against it.
|
||||||
|
|
||||||
|
SecureBoot
|
||||||
|
==========
|
||||||
|
|
||||||
|
Supported by U-Boot, though U-Boot does not currently have a robust way of
|
||||||
|
storing EFI variables, and Canoeboot disables SecureBoot by default. However,
|
||||||
|
you can enable it. Information is available in U-Boot's official documentation.
|
||||||
|
|
||||||
|
If you want real boot security, don't use UEFI. Canoeboot's GRUB payload can
|
||||||
|
be heavily hardened, by following the [GRUB hardening](../gnulinux/grub_hardening.md)
|
||||||
|
guide; this means using the GRUB payload instead of U-Boot.
|
||||||
|
|
||||||
|
UEFI SecureBoot with a Linux UKI could achieve similar results in a security
|
||||||
|
sense to Canoeboot's GRUB hardening setup, though the latter is more flexible,
|
||||||
|
albeit not widely used by the mainstream, but it does work (I use it myself!).
|
||||||
|
|
||||||
|
Bugs
|
||||||
|
====
|
||||||
|
|
||||||
|
Limited testing, at least as of 5 December 2024, but some issues that appeared
|
||||||
|
included:
|
||||||
|
|
||||||
|
* Haswell: USB support very flaky. E.g. some keyboards work, some don't, some
|
||||||
|
USB drives work, some don't.
|
||||||
|
* ThinkPad T480: U-Boot simply boot loops endlessly, but sometimes boots and
|
||||||
|
shows a menu: SATA doesn't work, but NVMe SSDs do, and you can boot just
|
||||||
|
fine, but you might not be able to boot with the bootflow menu;
|
||||||
|
the `bootefi` command can be used.
|
||||||
|
* Certain ivybridge laptops eg. Dell Latitude: EFI framebuffer got completely
|
||||||
|
b0rked.
|
||||||
|
|
||||||
|
The good news is that a few systems were tested that seemed to work well.
|
||||||
|
Haswell machines mostly work OK (with a few bugs), some Kaby Lake machines work
|
||||||
|
but some don't very well; the GM45 machines work well, e.g. a ThinkPad X200 was
|
||||||
|
tested.
|
||||||
|
|
||||||
|
Mitigating instability
|
||||||
|
=======================
|
||||||
|
|
||||||
|
U-Boot is not a primary payload on any board where it's enabled. It's instead
|
||||||
|
chainloaded from SeaBIOS on 64-bit x86, and from GRUB on 32-bit x86. You select
|
||||||
|
it in the SeaBIOS menu (ESC menu), or you can use a ROM image that
|
||||||
|
has `seauboot` in the name, where SeaBIOS auto-boots U-Boot unless interrupted
|
||||||
|
via the ESC prompt.
|
||||||
|
|
||||||
|
So if U-Boot is unstable on your board, you can press ESC in SeaBIOS and boot a
|
||||||
|
device in SeaBIOS, or select the available GRUB payload from SeaBIOS.
|
||||||
|
|
||||||
|
Please do report any failures or successes with your testing, if you want to
|
||||||
|
try out U-Boot.
|
||||||
|
|
||||||
|
**TODO: A lot more documentation and testing notes should be written here over
|
||||||
|
time, and lots more bug fixes are needed for U-Boot to become stable. It is
|
||||||
|
the intention of Canoeboot that U-Boot become the DEFAULT payload on x86
|
||||||
|
in a future release.**
|
Loading…
Reference in New Issue