The Libreboot 20241206 release provided FSP pre-assembled
and inserted into the ROM images; the only file inserted
by vendor.sh was the Intel ME.
Direct distribution of an unmodified FSP image is permitted
by Intel, provided that the license notice is given among
other requirements. Due to how coreboot works, it must split
up the FSP into subcomponents, and adjust certain pointers
within the -M component (for raminit).
Such build-time modifications are perfectly fine in a coreboot
context, where it is expected that you are building from source.
The end result is simply what you use.
In a distribution such as Libreboot, where we provide pre-built
images, this becomes problematic. It's a technicality of the
license, and it seems that Intel themselves probably intended
for Libreboot to use the FSP this way anyway, since it is they
who seem to be the author of SplitFspBin.py, which is the
utility that coreboot uses for splitting up the FSP image.
Due to the technicality of the licensing, the FSP shall now
be scrubbed from releases, and re-inserted.
Coreboot was inserting the -S component with LZ4 compression,
which is bad news for ./mk inject beacuse the act of compression
is currently not reproducible. Therefore, coreboot has been
modified not to compress this section, and the inject command
doesn't compress it either. This means that the S file is using
about 180KB in flash, instead of about 140KB. This is totally OK.
The _fsp targets are retained, but set to release=n, because these
targets *still* don't scrub fsp.bin; if released, they would
include fsp files, so they've been set to release=n. These can
be used on older Libreboot release archives, for compatibility.
The new ROM images released for the affected machines are:
t480_vfsp_16mb
t480s_vfsp_16mb
dell3050micro_vfsp_16mb
Note the use of _vfsp instead of _fsp. These images are released,
unlike _fsp, and they lack fspm/fsps in the image. FSP S/M must
be inserted using ./mk inject.
This has been tested and confirmed to boot just fine.
The 20241206 images will be re-compiled and re-uploaded with this
and other recent changes, to make Libreboot 20241206 rev8.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we encountered 1MB flash so far, but we may encounter other
sizes on other machines when added to libreboot later on
Signed-off-by: Leah Rowe <leah@libreboot.org>
Though not used in coreboot builds, and not injected into the
builds in any way, these files are now created seperately when
handling T480/T480s vendor files:
vendorfiles/t480/tb.bin
vendorfiles/t480s/tb.bin
These are created by extracting Lenovo's ThunderBolt firmware
from update files. The updated firmware fixes a bug; older firmware
enabled debug commands that wrote logs to the TB controller's
own flash IC, and it'd get full up with logs, bricking the controller.
If you've already been screwed by this, you must flash externally,
using a padded firmware from Lenovo's updates.
Lenovo's own updater requires creating a boot CD or booting
Windows. This patch in lbmk auto-downloads just the firmware,
and you can flash it externally.
You could simply do this as a matter of course, when installing
Libreboot. You are recommended to update the Lenovo UEFI/EC firmwares
first, before installing Libreboot; please look at the Libreboot
documentation to know exactly which versions.
Then dump the ThunderBolt firmware first, to be sure, and then you
can flash these files. Flashing these updates will prevent the bug
described here:
https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t480-type-20l5-20l6/20l5/solutions/ht508988
You can download Lenovo's installers for various ThinkPad models
there, including T480s/T480s. It is these downloads that this lbmk
patch uses, to extract those files directly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Libreboot's binary blob reduction policy is crystal clear:
If a blob can be avoided, it must be avoided.
The ThinkPad T480 was using Intel's VGA ROM for graphics
initialisation very briefly, before Mate fixed libgfxinit.
Since libgfxinit is fixed, the Intel VGA ROM is obsolete,
so we should not be handling this at all.
Similarly, the Nvidia ROM handling has been removed, because
Mate is hard-disabling that in the coreboot code anyway, since
the Nvidia dGPU didn't work when tested anyway.
Even if it did, Libreboot's blob policy makes it clear
that Intel graphics with native init from coreboot is to
be the preferred option.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Added t480s delta to deguard, for MFS config.
Updated coreboot/next to latest t480 patch set,
which includes t480s. This porting was done by
Mate Kukri.
also includes experimental t480s support
Also added a data.vbt file (not in the gerrit patch)
for the T480s.
I had to turn on 8254 legacy timer on t480s, otherwise
SeaBIOS would hang. Same issue I saw on OptiPlex 3050 Micro.
Minor issue:
On S3 resume, nvme0n1 for example got renamed to nvme0n2.
This caused a crash if running Linux from the nvme. I confirmed
this via live USB distro. So this port will need some tweaking
before it can be considered stable.
Also uses libgfxinit, which Mate recently fixed. I'm
going to enable libgfxinit on regular T480 next.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This uses the excellent deguard utility, written by
the excellent Mate Kukri.
A few bugs but it mostly works. Documentation to come
shortly, in lbwww.git.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I'm adding ThinkPad T480 support next, which requires
the new revision of deguard. Mate Kukri changed the way
deguard is used, in a rewrite of the project, so lbmk
has to change too.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Copy the downloaded deguard source code into appdir,
and patch it to run as part of lbmk, instead of
standalone. The archived one in src/ is not directly
used; instead, the hotpatched version is used.
This is because the standalone version already has
download logic for the .zip file, but we already
cache that file in cache/ and use that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
replace it with logic that simply uses "." to load
files directly. for this, "vcfg" is added as a variable
in coreboot target.cfg files, referring to a directory
in config/vendor/ containing a file named pkg.cfg, and
this file then contains the same variables as the
erstwhile config/vendor/sources
config/git files are now directories, also containing
pkg.cfg files each with the same variables as before,
such as repository link and commit hash
this change results in a noticeable reduction in code
complexity within the build system.
unified reading of config files: new function setcfg()
added to lib.sh
setcfg checks if a config exists. if a 2nd argument is
passed, it is used as a return value for eval, otherwise
a string calling err is passed. setcfg output is passed
through eval, to set strings based on config; eval must
be used, so that the variables are set within the same
scope, otherwise they'd be set within setcfg which could
lead to some whacky results.
there's still a bit more more to do, but this single change
results in a substantial reduction in code complexity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Command: ./vendor download kcma-d8-rdimm_16mb
Output was:
include/lib.sh: line 115: kcma-d8-rdimm=config/vendor: No such file or directory
That will have to be audited later on, but the recent
more stringent error checking in vendor.sh triggered
this previously untriggered error message. The error
was in fact already occuring before, silently.
Anyway, mitigate by renaming all coreboot targets so
that they do not contain hyphens in the name. This
should avoid triggering errors in that eval command,
on line 115 in lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
broadwell mrc is retained, because it's needed on 820 g2
it's no longer needed on haswell, because nri is stable. nri
is short for "native ram initialisation", and libreboot provides
this for: thinkpad t440p, thinkpad w541, dell optiplex 9020 mt,
and dell optiplex 9020 sff
remove, in line with libreboot's binary blob reduction policy
previous revisions, prior to the recent release, stated that
it would be retained for compatibility, but it's really not
right to retain it, because doing so violates libreboot's policy
the recent release excluded mrc-based rom images for haswell
machines, providing only those rom images that use the libre
raminit, while retaining support for mrc in the build system, so
that users could still run the lbmk inject script on older release
roms that use mrc
again: libreboot's binary blob reduction policy is very clear:
https://libreboot.org/news/policy.html
it is a policy that can be summarised, thus:
if a blob can be avoided, it must be avoided.
therefore, we will avoid the Haswell MRC raminit blob
Signed-off-by: Leah Rowe <leah@libreboot.org>
nitrocaster boards are hard to find nowadays and i'm not
comfortable supporting the knockoff chinese gear; quality
varies greatly, and i can't know how reliable they are.
nitrocaster has been out of business so it's just not
viable to support this mod anymore. in fact, keeping the
eDP-based targets is a liability to libreboot.
regular x220/x230 (non-eDP-modded) are retained. the eDP
modkit from nitrocaster let you use eDP screens instead
of lvds, on thinkpad x220 and x230, letting you use
higher resolution screens.
older lbmk revs can still be used, if you happen to come
across one of these boards. i only recommend using the
official nitrocaster board, if youcan find one unused.
ymmv with the chinese gear. better just use an unmodded
x230 or get a different machine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
broadwell mrc enables both igpu and dgpu to be enabled
at any given time. if the onboard (intel) gpu is set as
primary, the logic to disable it is not executed within
coreboot; instead, the igpu is used for vga decode.
on some t440p/w541 thinkpads, both an intel and nvidia
gpu are present. in this setup, the intel gpu must be
used for vga, and all output, but rendering can be
offloaded to the nvidia gpu (nvidia optimus).
optimus would never work on haswell mrc.bin, because it
always disables the igpu when a dgpu is present, so a hack
exists in coreboot that hides the dgpu from mrc, so that the
igpu remains enabled. broadwell mrc doesn't do this, so the
option to hide PEG devices has been disabled in these
configs.
the broadwell mrc has better peg device handling, and can
support 16gb modules on broadwell hardware; it may well
support these modules on haswell hardware too, though ddr3
sodimms are very hard to find (and expensive). (and currently
untested, with this patch)
Signed-off-by: Leah Rowe <leah@libreboot.org>
broadwell mrc has better peg handling and can support 16gb
modules on broadwell machines - the blob can be used on haswell
machines too, instead of haswell mrc, and it might support 16gb
modules on these machines (not yet tested, but using broadwell
mrc does at least boot as reliably as haswell mrc anyway)
one little quirk with haswell mrc is that it actually handles
vga decode, disabling the igpu entirely, when a dgpu is used.
the broadwell mrc enables both GPUs and does not handle vga
decoding, so we must handle this the usual way; my patch for
this was merged upstream and i'm also adding it to libreboot,
which currently uses an older coreboot revision. this is needed
for dgpu to work. see patch:
0040-nb-haswell-Disable-iGPU-when-dGPU-is-used.patch
broadwell mrc may also make dealing with nvidia optimus setups
more reliable, on laptops that have nvidia GPUs, but this patch
does not add bmrc configs for t440p/w541
NOTE: on t440p/w541 laptops with nvidia graphics, the video output
is wired to intel but rendering can be offloaded to nvidia. in this
setup, we want vga decode to be done on intel, so i've set these
configs to enable CONFIG_ONBOARD_VGA_IS_PRIMARY (set it to y)
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current entry is fine, but it would then not support
other configs of different flash sizes, unless they are
explicitly defined.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Iru Cai's port from Gerrit:
https://review.coreboot.org/c/coreboot/+/39398
Now with the proper MXM structure, which removes the 30 second POST
delay. Tested with i7-2670QM, Quadro 2000M and 32GB RAM.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
on a dgpu setup, igpu was still in use, when tested
by a user. do separate roms that don't enable anything
vga in coreboot, relying instead only on seabios to
execute a vga rom. these roms will only work if you
have a graphics card.
Signed-off-by: Leah Rowe <info@minifree.org>
Specifically the MT versions. The SFF versions will
be added separately, in a later commit.
See: https://review.coreboot.org/c/coreboot/+/55232
This patch has been added, from patchset 31. It still
has some unresolved issues, on that patchset, but
it should boot. See commit message there.
Of note: I've enabled PCI REBAR, though it's unknown
whether it will work (some comments there about it though,
on that gerrit page).
I've also set CBFS size to 8MB, not the full size of
the BIOS region; this is required on the T440p which
uses the same mrc.bin file, to get S3 working.
TSEG stage cache disabled, as on other Haswell boards.
The setup: SeaBIOS-only as first payload, but with GRUB
enabled as secondary payload. The _grubonly setup has
been enabled here. This way, the config will work on
iGPU and dGPU setups without issue.
Signed-off-by: Leah Rowe <info@minifree.org>
with neutered ME, fan control fails. while there are
ways to mitigate it, many users will not, and will
likely see their system overheat, which is very
dangerous.
this bug (failed fan control on neutered ME) only
affects arrandale machines such as lenovo x201.
the newer machines are not affected by this.
other arrandale machines will probably not be added
to libreboot because of this, or they will be subject
to further testing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is of Broadwell platform, one generation above Haswell.
Of note: this uses HP Sure Start. Although the flash is 16MB,
our CBFS section (and IFD configuration) assumes 12MB flash,
so the final 4MB will be left unflashed on installation,
after blanking the private flash. The coreboot documents have
more information about this.
Some minor design changes in lbmk were made, to accomodate
this port:
Support for extracting refcode binaries added (pulled from
Google recovery images). The refcode file is an ELF that
initialises the MRC and the PCH. It is also responsible for
enabling or disabling the Intel GbE device, where Google
does not enable it, but lbmk modifies it per the instructions
on the coreboot documentation, so as to enable Intel GbE.
Google's recovery image stores the refcode as a stage file,
but coreboot changed the format (for CBFS files) after 4.13
so coreboot 4.13's cbfstool is used to extract refcode. This
realisation made me also change the script logic to use a
cbfstool and ifdtool version matching the coreboot tree, for
all parts of lbmk, whereas lbmk previously used only the
default tree for cbfstool/ifdtool, on insertion and deletion
of vendor files - it was 81dc20e744 that broke extraction of
refcode on google's recovery images, where google used an older
version of cbfstool to insert the files in their coreboot ROMs.
A further backported patch has been added, copying coreboot
revision f22f408956 which is a build fix from Nico Huber.
Iru Cai submitted an ACPI bugfix after the revision lbmk
currently uses, for coreboot/default, and this fix is
needed for rebooting to work on Linux 6.1 or higher. This
patch has been backported to lbmk, while it still uses the
same October 2023 revision of coreboot.
Broadwell MRC is inserted at the same offset as Haswell,
so I didn't need to tweak that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the e6400_4mb target has libgfxinit and (if seabios) vgarom
initialisation, but has issues on the nvidia model, even when
using nomodeset. with this target, e6400nvidia_4mb, only
the vgarom initialisation is used, libgfxinit is disabled.
on nvidia models, this one should work a little bit better.
specifically: nouveau crashes on this machine, with libreboot
installed, but you can use nomodeset. however, when libgfxinit
is also enabled, nomodeset no longer works properly.
so this target disables all video initialisation in coreboot.
only seabios will initialise anything video-related, by
executing the vga option rom.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Inside the BIOS update, there's 68SCE and 68SCF variants.
Based on Qubes HCL and browsing linux-hardware.org, these are
Probook 6360b and Elitebook 8460p respectively.
I checked the KBC1126 EC Firmwares within the update file, both
use the exact same firmware images. Following-up will be a very
similar but untested port for 6360b.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
note: me6_update_parser needs to be written, similar
to me7_update_parser, to generate the partition
tables within intel me6 on lenovo bios updates.
the current logic in lbmk goes like this:
mkdir -p vendorfiles/cache/
and save your factory dump as:
vendorfiles/cache/x201_factory.rom
the build system has been modified, in such a way
as to support extracting me.bin (which is the full
one) and then neutering from this.
this is done automatically, if the file is present,
but you must first insert that file there, which means
you'll need a dump of the original boot flash on your
thinkpad x201
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the future, we may start downloading files that aren't
blobs, such as mxm port configs (on mainboards that use
MXM graphics)
this directory will contain all of those files
generally change the language used, across lbmk, to make
use of "vendorfile" instead of "blob"
Signed-off-by: Leah Rowe <leah@libreboot.org>