From e33cba84da44af3ede4823db44b9ce90ee852ebd Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Fri, 13 Oct 2023 00:45:54 +0100 Subject: [PATCH] docs/build: add section: post-compilation it also mentions specific binary blobs such as nvidia vga rom (dell e6400) and cpu microcode. Signed-off-by: Leah Rowe --- site/docs/build/index.md | 114 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/site/docs/build/index.md b/site/docs/build/index.md index 7ee7c8e..5e40f2a 100644 --- a/site/docs/build/index.md +++ b/site/docs/build/index.md @@ -120,6 +120,120 @@ individual parts of the build system manually, if you choose. This may be beneficial when you're making changes, and you wish to test a specific part of lbmk. +Post-compilation steps +====================== + +So you compiled your Libreboot image? Congratulations! + +Before you flash, please make sure that you *dumped* two copies of the original +firmware just in case (verifying the hashes of each dump, to ensure that they +match), using the `-r` option in flashrom. + +There are some additional considerations: + +Regarding binary blobs +---------------------- + +Firstly, you should read the Libreboot *Binary Blob Reduction Policy*: + + +A lot of mainboards in Libreboot will boot entirely with free software, +but there are certain newer mainboards supported in Libreboot +that need binary blobs added to them, mostly for minor initialisation tasks. + +They are *automatically* inserted during the build process, but then deleted +during the *release* process; images built directly from lbmk can be flashed +without further modification, but release images need to have these files +re-inserted (e.g. KBC1126 EC firmware on HP EliteBooks). Please read this page +for context: + + +The scripts under directory `script/update/vendor/` are the ones that do this. +Specifically, `script/update/vendor/download`. The benefit of this is that you +do not need to extract anything from the original vendor image (e.g. Lenovo +UEFI image). + +To know if this was performed on your board, you can read the Freedom Status +page which documents which files are used (if any), on which boards: + + +There are specific files that you must know about, so they will be covered +next: + +### Regarding CPU microcode + +Libreboot release archives provide ROMs with or without CPU microcode updates, +but the newest revisions of lbmk (from `lbmk.git`) *only* build ROM images that +contain microcode updates, by default. Libreboot's build system contains a script +that will generate release archives, and this is used to provide Libreboot +releases; this script is what provides the images with microcode removed, +alongside the default ones generated by lbmk during the build. + +Please read: + + +The linked page has info, and includes instructions about how to manually remove +them, if you wish to do so. Removal of CPU microcode updates (on Intel/AMD +processors) will result in unpredictable security/stability issues, so beware. + +Further context is provided in the Libreboot *Binary Blob Reduction Policy*: + + +We *recommend* that you do not delete these updates, but you have the freedom +to choose. Additionally: we have only tested certain mainboards under this +configuration. To know which ones they are, do this in `lbmk.git`: + + cd config/coreboot/ + git grep microcode_required + +Example entry: + + e6400_4mb/target.cfg:microcode_required="n" + +If it says `="n"`, that means it has been tested. That *does not* mean it will +be stable, it's just that we're reasonably sure it will at least *boot* most +of the time, but you should expect random instability e.g. kernel panics. + +If a given mainboard *excludes* `microcode_required` in `target.cfg`, or if +it says `microcode_required="y"`, then the release ROMs will only contain +microcode updates. Manual removal (as above) is still possible, but it has +not been tested and is not recommended. + +NOTE: ARM-based chromebooks (that Libreboot supports) don't use microcode at +all. This section is only revelant for x86 (Intel/AMD). + +### Regarding Nvidia GPU ROM (Dell Latitude E6400) + +Dell Latitude E6400 comes in two variants: Nvidia graphics, or Intel graphics. +More information is available on the page: + + +The intel graphics model can boot with coreboot's native video initialisation, +which is free software. The *Nvidia* model (comes with Nvidia GPU) requires +proprietary code called a *VGA Option ROM* to initialise the video display in +early boot. + +Libreboot automatically fetches this during the build process, inserting it into +the very same ROM image that can be flashed on either model, but the VGA ROM +will only be *executed* if you actually have the Nvidia ROM. + +ALSO: Libreboot 20230625 did not support Nvidia models at all (only Intel). + +Pre-built ROM images from release archives after 20230625 will *not* contain +this file by default, but it will be present if you compiled directly from lbmk. +To remove it, do this: + + ./cbutils/default/cbfstool libreboot.rom remove -n pci10de,06eb.rom + +The cbfstool binary was compiled when your image (target `e6400_4mb`) was +compiled, which can alter the file system within your coreboot image. + +Obviously, removing this VGA ROM will mean that the ROM image will only work +correctly on Intel GPU variants of E6400, but you probably knew that already! + +(If you're using a release archive instead, you can re-insert the VGA ROM by +following [these instructions](../install/ivy_has_common.md)) + 20230625 build error (release archive) ======================================