53 KiB
If you wish to know about coreboot, refer here:
https://doc.coreboot.org/tutorial/part1.html
This and other documents from coreboot shall help you to understand coreboot.
You create a config, for resources/coreboot/BOARDNAME/configs
, by running
the make menuconfig
command in the coreboot build system. You should do
this after running ./download coreboot
in gbmk.
You can simply clone coreboot upstream, add whatever patches you want, and
then you can make your config. It will appear afterwards in a file
named .config
which is your config for inside resources/coreboot/BOARDNAME/
.
You can then use git format-patch -nX
where X
is however many patches you
added to that coreboot tree. You can put them in the patches directory
under resources/coreboot/BOARDNAME
.
The base revision, upon which any custom patches you wrote are applied,
shall be the cbrevision
entry.
REMINDER: Do not enable a payload in coreboot's build system. Set it to none, and enable whatever payload you want in gbmk.
If a payload is not supported in gbmk, patches are very much welcome! It is the policy of nonGeNUine Boot, to only ever use the coreboot build system inside coreboot, but not use any of coreboot's own integration for payloads. It is far more flexible and robust to handle payloads externally, relative to the coreboot build system.
Scripts exist in gbmk
for automating the modification/updating of existing
configs, but not for adding them. Adding them is to be done manually, based on
the above guidance.
ALSO:
If the option exists, for a given board, please configure coreboot to clear all DRAM upon boot. This is for security reasons. An exception is made when such functionality is not available, on the specific board/revision that you're configuring in coreboot.
resources/coreboot/BOARDNAME/patches/*
In cases where cbrevision
is specified, where the given directory
under resources/coreboot/
does in fact define a version of coreboot to
download, you can add custom patches on top of that revision. When you run
the command ./download coreboot
, those patches will be applied chronologically
in alphanumerical order as per patch file names.
The patch files should be named with .patch
file extensions. All other files
will be ignored. By having gbmk
do it this way, you could add a README
file
for instance, and gbmk
will not erroneously try to apply README
as though
it were a patch file. This might be useful if you have a lot of patches, and
you want to provide some explanations about specific files.
resources/git/revisions
This defines git repositories and commit IDs (revisions) to reset to, for various projects used by nonGeNUine Boot. This file is used, for projects that are relatively simple to handle when downloading (coreboot is not defined here).
In the past, nonGeNUine Boot had bespoke logic for each program, to download it.
This was repetitive, so much of the download logic was centralised with the
use of the gitclone
script, which references this file.
resources/grub/background/
Splash screen images applied duing startup when using the GRUB payload.
resources/grub/config/grub.cfg
This is a configuration file. It is used to program GRUB's shell.
This is inserted (as grub.cfg
) into the root of CBFS, in the ROM image. It
contains a lot of logic in it, for booting various system configurations, when
the GRUB payload is in use.
resources/grub/config/grub_memdisk.cfg
This is a configuration file. It is used to program GRUB's shell.
This file is inserted (as grub.cfg
) into the GRUB memdisk, when building
the GRUB payload (for coreboot), using GRUB's grub-mkstandalone
utility. It
simply loads the grub.cfg
file from CBFS (see above).
resources/grub/keymap/
This directory contains keymaps for GRUB. They allow for different keyboard
layouts to be used. The gbmk
build system uses these to produce ROM images
with various keyboard layouts used by default, when the GRUB payload is to be
used.
They are stored here, directly in GRUB's own .gkb
file format, which is a
binary format defining which scancodes correspond to which character input.
This binary format is documented by GRUB; the code for it is easy to
understand. Please read grub-core/commands/keylayouts.c
in the GRUB source
code.
resources/grub/modules.list
This file defines all modules that are to be included in builds of GRUB.
They are standalone builds, created using the grub-mkstandalone
utility.
resources/grub/patches/
This directory contains custom patches for GRUB.
resources/me_cleaner/patches
Patches applied to me_cleaner
when downloading it.
resources/memtest86plus/patches/
Patches applied to Memtest86+ when downloading it. nonGeNUine Boot includes memtest86+ as a secondary payload, loaded from SeaBIOS or GRUB when booted via int10h text mode on x86 hosts.
(using it with corebootfb mode is also possible, if your machine has a viable serial output on it with memtest86+ configured accordingly, and this was done on some older nonGeNUine Boot releases in the past, but current nonGeNUine Boot releases only provide memtest86+ in text mode, for use directly on the machine)
resources/scripts/
These scripts implement the core logic of nonGeNUine Boot's automated build system, to produce coreboot ROM images with payloads.
resources/scripts/build/
This directory contains shell scripts for compiling various binaries from available sources.
resources/scripts/build/boot/
This directory contains shell scripts for compiling ROM images. Many other scripts in gbmk are called by these scripts; for example, GRUB payload scripts.
resources/scripts/build/boot/roms
This script builds coreboot ROM images. It is largely a shim, which calls
the roms_helper
script, which does most of the legwork.
Command: ./build boot roms
Additional parameters can be provided. This lists all boards available:
./build boot roms list
Pass several board names if you wish to build only for specific targets. For example:
./build boot roms x60 x200_8mb
Since November 2022, this script can build images for x86 and ARM targets. The ARM targets are ChromeOS devices (chromebooks and such); nonGeNUine Boot uses the U-Boot payload, rather than Google's depthcharge bootloader. In this setup, U-Boot is running on the bare metal, as enabled by coreboot.
For x86 targets, these scripts build with the GRUB and/or SeaBIOS payloads inserted into the ROM images; secondary payloads like Memtest86+ are also handled and inserted here.
resources/scripts/build/boot/roms_helper
This script builds coreboot ROM images. It is not to be executed directory;
user interaction must be done via the main roms
script.
It heavily makes use of the board.cfg
file, for a given board. This script
will only operate on a single target, from a directory
in resources/coreboot/
.
If grub_scan_disk
is set, it sets that in the grub.cfg
file that is to be
inserted into a ROM image, when payload_grub
is turned on.
It automatically detects if crossgcc
is to be compiled, on a given coreboot
tree (in cases where it has not yet been compiled), and compiles it for a
target based on the arch
entry in board.cfg
.
It creates ROM images with GRUB, SeaBIOS, U-Boot, optionally with Memtest86+ also included, in various separate configurations in many different ROM images for user installation.
The romtype
entry in board.cfg
tells this script what to do with the ROM,
after it has been built. Currently, it operates based on these possible values
for romtype
:
d8d16sas
will cause fake (empty) files namedpci1000,0072.rom
andpci1000,3050.rom
to be inserted in CBFS. This prevents SeaBIOS from loading or executing the option ROM stored on PIKE2008 modules, present on certain configurations with the ASUS KCMA-D8 or KGPE-D16 mainboards. Those option ROMs cause the system to hang, so they should never be executed (this means however that booting GNU+Linux kernels from SAS devices is impossible on those boards, unless a GNU+Linux payload is used; GNU+Linux can use those SAS drives, without relying on the PIKE2008 option ROMs). When SeaBIOS runs, it will default to loading the corresponding option ROM from CBFS, if it exists, for a given PCI device, overriding whatever option ROM is present on the device itself, but if the option ROM is invalid/empty, SeaBIOS will not attempt to load another one, until the empty/invalid one (in CBFS) is deleted.4MiB ICH9 IFD NOR flash
: theich9gen
program will be used to insert an Intel Flash Descriptor and Gigabit Ethernet Non-volatile memory file into the ROM image. This is used on GM45/ICH9M based laptops, such as: ThinkPad X200, T400, T500, W500, X200 Tablet, X200S, T400S, X3018MiB ICH9 IFD NOR flash
: Same as the 4MB one as described above, but for ROM images with 8MB (64Mbit) of boot flash. The one above is for systems with 4MB (32Mbit) of flash.16MiB ICH9 IFD NOR flash
: ditto, but for 16MB (128Mbit) flash. In this and the other two cases as described above, the first 4KB is the Intel Flash Descriptor, the next 8KB is GbE NVM and the rest is BIOS (for the coreboot part). In all cases, the default ME (Intel Management Engine) region is disabled, as is the ME itself, based on bits set to disable it in the Intel Flash Descriptor. The descriptor is used in such a setup, because on all such boards in nonGeNUine Boot, GbE NVM is needed to get gigabit ethernet working correctly; it is the sole reasonich9gen
was written, because it is otherwise possible to boot these machines in a descriptorless setup, where ICH9M behaves similarly to ICH7: all one region of flash, for the boot firmware (coreboot), but it results in a non-functional gigabit enternet device.4MiB ICH9 IFD NOGBE NOR flash
: Intel Flash Descriptor on its own, without ME or GbE NVM. Just IFD and BIOS. This is used on the ThinkPad R500.8MiB ICH9 IFD NOGBE NOR flash
: Same as above, but for 8MB (64Mbit) ROMs16MiB ICH9 IFD NOGBE NOR flash
: Same as above, but for 16MB (128Mbit) ROMsi945 laptop
: in this configuration, the upper 64KB section of the ROM is copied into the 64KB section below that. This results in there being two bootblocks in the ROM, and you can decide which one is used by settingbucts
If no payload is defined in board.cfg
, the roms_helper
script will exit
with error status.
If SeaBIOS is to be used, on libgfxinit
setups, SeaVGABIOS will also be
inserted. This provides a minimal VGA compatibility layer on top of the
coreboot framebuffer, but does not allow for switching the VGA mode. It is
currently most useful for directly executing ISOLINUX/SYSLINUX bootloaders,
and certain OS software (some Windows setups might work, poorly, depending on
the board configuration, but don't hold your breath; it is far from complete).
If SeaBIOS is to be used, in vgarom
setups or normal
setups, SeaVGABIOS
is not inserted and you rely on either coreboot and/or SeaBIOS to execute VGA
option ROMs.
In all cases, this script automatically inserts several SeaBIOS runtime
configurations, such as: etc/ps2-keyboard-spinup
set to 3000 (PS/2 spinup
wait time), etc/pci-optionrom-exec
set to 2 (despite that already being
the default anyway) to enable all option ROMs, unless vgarom
setups are
used, in which case the option is set to 0 (disabled) because coreboot is
then expected to handle option ROMs, and SeaBIOS should not do it.
This script handles U-Boot separately, for ARM-based chromeos devices.
Essentially, the roms_helper
script makes use of each and every part of
gbmk. It is the beating heart of nonGeNUine Boot.
When the ROM is finished compiling, it will appear under a directory in bin/
resources/scripts/build/clean/cbutils
This simply runs make clean
on various utilities from coreboot, which gbmk
makes use of.
Command: ./build clean cbutils
resources/scripts/build/clean/crossgcc
This runs make crossgcc-clean
on all of the coreboot revisions present in
gbmk.
Command: ./build clean crossgcc
resources/scripts/build/clean/flashrom
This runs make clean
in the flashrom/
directory.
Command: ./build clean flashrom
resources/scripts/build/clean/grub
This runs make clean
in the grub/
directory.
It does not delete anything in payload/grub/
.
Command: ./build clean grub
resources/scripts/build/clean/ich9utils
This runs make clean
in the ich9utils/
directory.
Command: ./build clean ich9utils
resources/scripts/build/clean/memtest86plus
This runs make clean
in the memtest86plus/
directory.
Command: ./build clean memtest86plus
resources/scripts/build/clean/payloads
This deletes the payload/
directory.
Command: ./build clean payloads
resources/scripts/build/clean/rom_images
This deletes the bin/
directory, containing compiled coreboot ROM images.
Command: ./build clean rom_images
resources/scripts/build/clean/seabios
This runs make clean
in the seabios/
directory.
Command: ./build clean seabios
resources/scripts/build/clean/u-boot
This runs make distclean
and git clean -fdx
on all of the U-Boot revisions
present in gbmk.
Command: ./build clean u-boot
resources/scripts/build/dependencies/arch
Using pacman
, this installs build dependencies in Arch. It may also work on
similar distros like Manjaro or Artix.
Command: ./build dependencies arch
resources/scripts/build/dependencies/debian
Using apt-get
, this installs build dependencies in Debian. It may work on
other apt-get
distros.
Command: ./build dependencies debian
resources/scripts/build/dependencies/fedora35
Using dnf
, this installs build dependencies in Fedora 35.
Command: ./build dependencies fedora35
resources/scripts/build/dependencies/ubuntu2004
Using apt-get
, this installs build dependencies for Ubuntu 20.04 (for later
versions, you might use the Debian script).
Command: ./build dependencies ubuntu2004
resources/scripts/build/dependencies/void
Using xbps
, this installs build dependencies for Void.
Command: ./build dependencies void
resources/scripts/build/descriptors/ich9m
This runs ich9gen
to generate descriptors for ICH9M platforms. These are
then stored in descriptors/ich9m/
Command: ./build descriptors ich9m
resources/scripts/build/module/cbutils
This compiles various coreboot utilities (such as cbfstool).
Command: ./build module cbutils
resources/scripts/build/module/flashrom
This compiles flashrom.
Command ./build module flashrom
resources/scripts/build/module/grub
This compiles GRUB utilities. It does not build the actual payloads.
Command: ./build module grub
resources/scripts/build/module/ich9utils
This compiles ich9utils
, which includes the ich9gen
utility.
Command: ./build module ich9utils
resources/scripts/build/module/memtest86plus
This compiles Memtest86+.
Command: ./build module memtest86plus
resources/scripts/build/payload/grub
This builds the GRUB payloads.
Command: ./build payload grub
resources/scripts/build/payload/seabios
This builds the SeaBIOS payloads.
Command: ./build payload seabios
resources/scripts/build/payload/u-boot
This builds the U-Boot payloads. Usually a target board and a cross-compiler appropriate for the board must be specified for it to work, because trying to build for all boards of varying architectures using only the host compiler will not work.
Command: CROSS_COMPILE=aarch64-gnu-linux- ./build payload u-boot qemu_arm64_12mb
resources/scripts/build/release/roms
This builds release archives, containing ROM images. You must only run this after you've built all of the ROM images that you wish to release.
Command: ./build release roms
resources/scripts/build/release/src
This builds source archives. You must only run this after compiling crossgcc on all coreboot source trees.
Command: ./build release src
resources/scripts/download/coreboot
This downloads, and patches coreboot, as per board.cfg
files
in resources/coreboot/
.
Command: ./download coreboot
NOTE: This version of the script also performs the full git checkout in each coreboot tree, like so:
git submodule update --init
NOTE: --checkout
is excluded, because such exclusion skips a lot
of blobs during submodule update. This saves work for the project.
resources/scripts/download/flashrom
This downloads and patches flashrom.
Command: ./download flashrom
resources/scripts/download/grub
This downloads and patches GRUB.
Command: ./download grub
resources/scripts/download/memtest86plus
This downloads and patches Memtest86+.
Command: ./download memtest86plus
resources/scripts/download/seabios
This downloads and patches SeaBIOS.
Command: ./download seabios
resources/scripts/download/u-boot
This downloads, and patches U-Boot, as per board.cfg
files
in resources/u-boot/
.
Command: ./download u-boot
resources/scripts/misc/versioncheck
This updates the text file containing version information. It is used by many other build scripts. It also updates the files containing the version date.
You need not run this yourself, directly.
resources/scripts/modify/coreboot/configs
Loads coreboot configs into coreboot trees, and runs make menuconfig
, so
that you can easily modify them in an ncurses interface. Additional parameters
are accepted, for example:
./modify coreboot configs x60 x200_8mb
With no additional parameters given, it simply cycles through all configs
under resources/coreboot/
.
Command: ./modify coreboot configs
resources/scripts/modify/seabios/configs
This lets you modify SeaBIOS configs.
Command: ./modify seabios configs
resources/scripts/modify/u-boot/configs
Loads U-Boot configs into U-Boot trees, and runs make menuconfig
, so
that you can easily modify them in an ncurses interface. Additional parameters
are accepted, for example:
./modify u-boot configs gru_kevin gru_bob
With no additional parameters given, it simply cycles through all configs
under resources/u-boot/
.
Command: ./modify u-boot configs
resources/scripts/update/coreboot/configs
This runs make oldconfig
on coreboot configs under resources/coreboot/
.
It is most useful when updating a coreboot revision, per board.cfg
. It allows
additional parameters, for example:
./update coreboot configs x60 x200_8mb
With no additional parameters given, it simply cycles through all configs
under resources/coreboot/
.
Command: ./update coreboot configs
resources/scripts/update/seabios/configs
This runs make oldconfig
on SeaBIOS configs. It is most useful when updating
the version of SeaBIOS used by gbmk.
Command: ./update seabios configs
resources/scripts/update/u-boot/configs
This runs make oldconfig
on U-Boot configs under resources/u-boot/
.
It is most useful when updating a U-Boot revision, per board.cfg
. It allows
additional parameters, for example:
./update u-boot configs gru_kevin gru_bob
With no additional parameters given, it simply cycles through all configs
under resources/u-boot/
.
However, using make oldconfig
is not optimal for U-Boot, as their Kconfig
dependencies/defaults are not as well specified as coreboot's is. When updating
configs for an upstream board, it's usually better (but not automated) to:
- Turn
gbmk
config into a defconfig in the old version - Compare it with the old version's upstream defconfig
- Apply the difference to the new version's upstream defconfig
- Create an updated config in the new version
Command: ./update u-boot configs
resources/seabios/config/libgfxinit
SeaBIOS configuration file, when libgfxinit
is to be used. It enables
the coreboot linear framebuffer
option in the SeaBIOS make menuconfig
configuration interface.
resources/seabios/config/vgarom
This version is for normal SeaBIOS configurations, where libgfxinit
is not
to be used; coreboot itself handles VGA ROM initialisation.
resources/seabios/config/normal
This version is for normal SeaBIOS configurations, where libgfxinit
is not
to be used; coreboot itself does not handle VGA ROM initialisation, and it
is assumed that SeaBIOS payload will be used in text mode. In this setup,
SeaBIOS executes VGA ROMs.
resources/seabios/patches/
This directory contains patch files, automatically applied to SeaBIOS after downloading it.
update
This can be used to update SeaBIOS, coreboot and U-Boot configs. It calls
scripts in resources/scripts/update/
, for example:
./update coreboot configs
This runs:
./resources/scripts/update/coreboot/configs
Additional parameters can be given, for example:
./update coreboot configs x200_8mb x60
This would run:
./resources/scripts/update/coreboot/configs x200_8mb x60
resources/u-boot/
This directory contains configuration, patches and so on, for each mainboard
that can use U-Boot as a payload in the gbmk
build system. U-Boot doesn't yet
have reliable generic configurations that can work across all coreboot boards
(per-architecture), so these are used to build it per-board.
resources/u-boot/BOARDNAME/
Each BOARDNAME
directory defines configuration for a corresponding mainboard.
It doesn't actually have to be for a board; it can also be used to just define
a U-Boot revision, with patches and so on. To enable use as a payload in ROM
images, this must have the same name as its resources/coreboot/BOARDNAME/
counterpart.
resources/u-boot/BOARDNAME/board.cfg
This file can contain several configuration lines, each being a string, such as:
ubtree="default"
(example entry)ubrevision="4debc57a3da6c3f4d3f89a637e99206f4cea0a96"
(example entry)arch="AArch64"
(example entry)
These are similar in meaning to their coreboot counterparts.
The ubtree
entry is actually a link, where its value is a directory name
under resources/u-boot
. For example, ubtree="default"
would refer to
resources/u-boot/default
and the corresponding U-Boot source tree created
(when running ./download u-boot
, which makes use of board.cfg
) would be
u-boot/default/
. In other words: a board.cfg
file in resources/u-boot/foo
might refer to resources/u-boot/bar
by specifying ubtree="bar"
, and the
created u-boot source tree would be u-boot/bar/
. ALSO:
FUN FACT: such references are infinitely checked until resolved. For
example, foo
can refer to bar
and bar
can refer to baz
but if there is
an infinite loop, this is detected and handled by gbmk
. For example,
if bar
refers to foo
which refers back to bar
, this is not permitted
and will throw an error in gbmk
.
The ubrevision
entry defines which U-Boot revision to use, from the U-Boot
Git repository. At present, gbmk only supports use of the official repository
from the upstream U-Boot project.
The arch
entry specifies which CPU architecture is to be used: currently
recognized entries are x86_32
, x86_64
, ARMv7
and AArch64
. Setting it
to a non-native arch means that necessary crossgcc-arch will be compiled and be
available when building roms, but not necessarily built or discovered when
individual scripts are called manually.
resources/u-boot/BOARDNAME/config/*
Files in this directory are U-Boot configuration files. Configuration file
names can be anything, but for now default
is the only one used.
In gbmk
, a board-specific directory under resources/u-boot/
should never
specify a U-Boot revision. Rather, a directory without U-Boot configs should
be created, specifying a U-Boot revision. For example, the directory
resources/u-boot/default/
specifies a U-Boot revision. In the board-specific
directory, your board.cfg
could then specify ubtree="default"
but without
specifying a U-Boot revision (this is specified by
resources/u-boot/default/board.cfg
).
Normally, the U-Boot build process results in the U-Boot executable and a
device-tree file for the target board, which must further be packaged together
to make things work. When you create a U-Boot configuration, you should enable
CONFIG_REMAKE_ELF
or CONFIG_OF_EMBED
that handles this. The former option
enables creation of a u-boot.elf
that bundles them together after the build,
and the latter option embeds it into the u-boot
executable.
When making a U-Boot configuration, you should also pay special attention to
the CONFIG_SYS_TEXT_BASE
(CONFIG_TEXT_BASE
in later versions), whose defaults
may cause it to overlap coreboot, in which case it won't boot. Normally, the
upstream coreboot build system checks for this when given CONFIG_PAYLOAD_ELF
,
but gbmk
injects the payload itself and doesn't check for this yet.
Another interesting config option is CONFIG_POSITION_INDEPENDENT
for ARM
boards, which has been so far enabled in the ones gbmk
supports, just to be
safe.
U-Boot build system
If you wish to know about U-Boot, refer here:
https://u-boot.readthedocs.io/en/latest/
This and other documents from U-Boot shall help you to understand U-Boot.
You create a config, for resources/u-boot/BOARDNAME/configs
, by finding the
corresponding board name in the upstream U-Boot configs
directory, and
running make BOARDNAME_defconfig
and make menuconfig
commands in the
U-Boot build system. You should do this after running ./download u-boot
in
gbmk
.
You might want to consider basing your config on the upstream coreboot
boards
when possible, but such a board is not available upstream for ARM yet.
You can simply clone U-Boot upstream, add whatever patches you want, and
then you can make your config. It will appear afterwards in a file
named .config
which is your config for inside resources/u-boot/BOARDNAME/
.
You can then use git format-patch -nX
where X
is however many patches you
added to that U-Boot tree. You can put them in the patches directory
under resources/u-boot/BOARDNAME
.
The base revision, upon which any custom patches you wrote are applied,
shall be the ubrevision
entry.
Scripts exist in gbmk
for automating the modification/updating of existing
configs, but not for adding them. Adding them is to be done manually, based on
the above guidance.
resources/u-boot/BOARDNAME/patches/*
In cases where ubrevision
is specified, where the given directory
under resources/u-boot/
does in fact define a version of U-Boot to
download, you can add custom patches on top of that revision. When you run
the command ./download u-boot
, those patches will be applied chronologically
in alphanumerical order as per patch file names.
The patch files should be named with .patch
file extensions. All other files
will be ignored. By having gbmk
do it this way, you could add a README
file
for instance, and gbmk
will not erroneously try to apply README
as though
it were a patch file. This might be useful if you have a lot of patches, and
you want to provide some explanations about specific files.
util/
This directory contains utilities that gbmk
makes use of.
util/nvmutil/
The nvmutil
software allows you to set the MAC address on Intel GbE NVM
files. It also allows you to set random MAC addresses, in addition to
arbitrary ones.
This directory contains the source code for nvmutil
, which you can read
about here:
util/ich9utils/
The ich9utils
utilities handle ICH9M Flash Descriptors, and GbE NVM configs
for Intel Gigabit Ethernet chipsets used on certain laptops of Intel GM45
platform, combined with ICH9M southbridge.
This directory contains the source code for ich9utils
, which you can read
about here:
This source code also pertains to ich9gen
, which is what GM45 laptops in
nonGeNUine Boot use in order to generate a config that excludes Intel ME firmware.
Patches welcome.
If you read this manual from start to finish, you've been assimilated. Welcome to the team!