lbwww/site/news/libreboot20230319.md

18 KiB

% Libreboot 20230319 released! % Leah Rowe % 19 March 2023

UPDATE: Bugs in this were fixed, and a bugfix release is now available. See: Libreboot 20230413 release announcement of 13 April 2023 - the t440pmrc_12mb and w541mrc_12mb images have been re-added, in the new release.

PLEASE READ THIS BEFORE INSTALLING: Safety issues updating Libreboot on Sandybridge/Ivybridge/Haswell

Introduction

Libreboot provides boot firmware for supported x86/ARM machines, starting a bootloader that then loads your operating system. It replaces proprietary BIOS/UEFI firmware on x86 machines, and provides an improved configuration on ARM-based chromebooks supported (U-Boot bootloader, instead of Google's depthcharge bootloader). On x86 machines, the GRUB and SeaBIOS coreboot payloads are officially supported, provided in varying configurations per machine. It provides an automated build system for the configuration and installation of coreboot ROM images, making coreboot easier to use for non-technical people. You can find the list of supported hardware in the Libreboot documentation.

The last Libreboot release, version 20221214, was released on 14 December in 2022. This new release, Libreboot 20230319, is released today on March 19th, 2023.

This is marked as a testing release. Not all ROM image configurations have been provided pre-compiled; specifically, daisy and veyron chromebook boards are not available pre-compiled, but the other boards are. A few new boards have been added, in addition to several fixes and feature additions.

READ THIS BEFORE FLASHING LIBREBOOT, OR YOU MIGHT BRICK YOUR MACHINE

On newer Intel platforms that require Intel ME and/or MRC firmware, such as ThinkPad X230 or T440p, and/or HP laptops that require KBC1126 EC firmware, the release ROMs of Libreboot are MISSING certain files, that you must insert yourself. FAILURE to adhere to this warning may result in you bricking your machine (rendering it unbootable), if you were to flash the release ROMs without modifying them in any way. For more information, please read:

Insert binary blobs on Sandybridge/Ivybridge/Haswell

This isn't required on all Libreboot-supported boards, but if in doubt, follow these instructions anyway. If you run blobutil on a board that doesn't need blobs, nothing will happen.

Build from source

This release was build-tested on Debian Sid, as of 18 March 2023. Your mileage may vary, with other distros. Refer to Libreboot documentation.

Work done since last release

For more detailed change logs, look at the Git repository. This is a summary of changes.

Brief overview of changes

I've been very busy these last couple months, so there have been less changes in Libreboot lately. I'm expecting to have a lot more time throughout the coming summer, which I plan to make full use of for the next Libreboot release.

The changes can be summarised, thus:

  • LIBRE raminit code now available, on Haswell boards (ThinkPad T440p and ThinkPad W541). This is using patches from Angel Pons (hell on coreboot IRC), that are currently still in review on coreboot master. The old configs that use mrc.bin for raminit are still available aswell, so this release contains ROMs with libre raminit and ROMs with blob raminit. The reasons are explained below.
  • FIXED S3 suspend/resume on Haswell (T440p/W541) - but only on configs that use mrc.bin. The images with libre MRC still have broken S3. S3 suspend/resume is what people refer to as sleep mode and wake from sleep.
  • Force console display mode in GRUB: This corresponds to the setting GRUB_TERMINAL=console that you might find in /etc/default/grub on a Linux machine. In Libreboot, switching VGA/text modes is unsupported, it's stuck in one mode until Linux/BSD Kernel Mode Setting takes over. With this change to GRUB, GRUB's VGA mode switching is disabled. This might make a few Linux distro installer menus work a bit nicer.
  • New ports: Lenovo T530 and W530 thinkpads added.
  • Bump coreboot revision: February 2023 revision for most x86 boards, including Haswell (T440p/W541) when mrc.bin is in use; Haswell (T440p/W541) setups that don't use mrc.bin (and instead use Angel`s libre replacement code), it's currently based on coreboot from mid-2022 because that's what Angel's as yet unmerged patches are based on (relative to coreboot's master branch)
  • Bump GRUB revision: February 2023 revision now, on all boards.
  • Bump SeaBIOS revision: February 2023 revision now, on all boards.
  • grub.cfg: 5 seconds boot delay, instead of 10 seconds.
  • GM45 thinkpads: default to 256MB VRAM instead, which is more stable than the previous setting of 352MB. Many reports from users indicated performance issues when the 352MB config was used.
  • Stricter handling of exit status in lbmk. More errors result in a hard exit than before, preventing the build process from erroneously continuing.
  • Fixed fault checks in the Libreboot build system, when checking which coreboot utilities are needed (e.g. cbfstool, ifdtool)
  • util/nvmutil: Massively re-factored the codebase, making it more efficient and correct.

NOTE: T440p/W541 images with mrc.bin must be compiled from source. They were removed from the release, due to a bug reported in scripts used for preparing them post-build, when users install them. The bug was fixed in a revision after the release. If you still have those ROM images from prior to deletion, and want to use them, you should apply the following patch to your archive of the release, or just use latest lbmk from the Git repository; see:

https://browse.libreboot.org/lbmk.git/commit/?id=da6bf57a3f57f2625a4903cafb5cfd10ea4a1dae

Pre-compiled ROM images will for the t440pmrc_12mb and w541mrc_12mb targets will be available in the next release; the t440p_12mb and w541_12mb images are still available in this release, pre-compiled.

REMARK: libre raminit on Haswell

Upon testing, I've discovered that the libre code has the following problems:

  • I haven't gotten S3 suspend/resume working properly on that yet.
  • Broken USB device detection in GRUB.
  • SeaBIOS still works, for USB devices.

Therefore, the libre MRC setup in this release, for T440p and W541 thinkpads, only provides SeaBIOS payload (booting in text mode, implying use of a bootloader that supports this, and if wanting xorg/wayland, a kernel that does kernel mode setting, which is most BSD/Linux setups these days).

In this release, and in the build system, the following targets are defined:

  • t440p_12mb: libre raminit code used (reverse engineered replacement of mrc.bin)
  • w541_12mb: ditto (libre raminit code)
  • t440pmrc_12mb: blob mrc.bin used for raminit. GRUB and SeaBIOS payloads both supported.
  • w541mrc_12mb: blob mrc.bin used for raminit. GRUB and SeaBIOS payloads both supported.

The libre raminit comes from this patchset:

https://review.coreboot.org/c/coreboot/+/64198/5

The MRC blob (and Angel's replacement code) don't just do raminit, they handle a few other init tasks aswell, including USB host controller.

New boards, x86

  • Lenovo ThinkPad W530
  • Lenovo ThinkPad T530

I bought these machines, which I've not added to the release but plan to add for the next release:

^ I would have put these in today's release, but didn't have time, and wanted to get this release done today.

Removed boards

  • asus p2b_ls/p3b_f - they didn't boot properly in pcbox, and the real hardware is basically useless / impossible to find

lbmk Git changes

The precise list of commits in lbmk.git since the last release, is as follows:

* 07b6bb3d - build/release: handle nvmutil (12 hours ago) <Leah Rowe>
* 653810b8 - fix bug: me not being downloaded on some boards (12 hours ago) <Leah Rowe>
* 2bb63d85 - new board: lenovo/w530 (12 hours ago) <Leah Rowe>
* 896e9065 - new board: lenovo/t530 (13 hours ago) <Leah Rowe>
* cffa5679 - haswell (lenovo t440p/w541): fix S3 suspend/resume (14 hours ago) <Leah Rowe>
* be3d7b7e - haswell: re-add mrc.bin in separate board configs (22 hours ago) <Leah Rowe>
* bdc39ffc - haswell: only use txtmod seabios configuration (25 hours ago) <Leah Rowe>
* df6b9e28 - remove t440p_12mb_cbfs4mb (retain t440_12mb) (25 hours ago) <Leah Rowe>
* 04f1fe17 - remove x220_16mb (x220 with 16MB flash) (29 hours ago) <Leah Rowe>
* 548872ce - haswell boards: use libre mrc.bin replacement (2 days ago) <Leah Rowe>
* a942bd65 - move download/gitmodule script to root directory (2 days ago) <Leah Rowe>
* 59540530 - nuke p2b_ls/p3b_f boards (2 days ago) <Leah Rowe>
* ebd9ec96 - debian/ubuntu dependencies scripts: add gettext (3 days ago) <Leah Rowe>
* f9e20b8a - util/nvmutil: optimise rhex() further (13 days ago) <Leah Rowe>
* f04855c2 - fix flashrom download error (13 days ago) <Leah Rowe>
* e2945f02 - payload/grub: force terminal_output to console (2 weeks ago) <Leah Rowe>
* 909d3b31 - grub.cfg: set default timeout to 5 seconds (2 weeks ago) <Leah Rowe>
* 544737c8 - scripts: build cbutils, not specific utils (2 weeks ago) <Leah Rowe>
* 9398ad08 - also fix data.vbt path for lenovo/w541 (2 weeks ago) <Leah Rowe>
* d2465e82 - Fix CONFIG_INTEL_GMA_VBT_FILE for the t440p_12mb config (2 weeks ago) <Konstantinos Koukopoulos>
* 0e34d199 - update debian dependencies (for sid) (2 weeks ago) <Leah Rowe>
* a5aa5bca - ICH9M: default to 256MB VRAM, not 352MB (2 weeks ago) <Leah Rowe>
* 6421af5d - bump seabios revision (4 weeks ago) <Leah Rowe>
* aba6307d - bump grub revision (4 weeks ago) <Leah Rowe>
* 36982ab5 - fix bad ifdtool patch from earlier commit (4 weeks ago) <Leah Rowe>
* 3857b4b6 - build/dependencies/debian: add python3 dependency (4 weeks ago) <Leah Rowe>
* dac9ea86 - build/boot/roms: fail when build cbutils fails (4 weeks ago) <Leah Rowe>
* 0d0f6cf3 - coreboot: update revision of cbtree "default" (4 weeks ago) <Leah Rowe>
*   dc1fedf9 - Merge branch 'uboot-v2023.01' of alpernebbi/lbmk into master (4 weeks ago) <Leah Rowe>
|\  
| * 7932d5fa - u-boot: Disable environment storage (5 weeks ago) <Alper Nebi Yasak>
| * 8d57468e - u-boot: Update to v2023.01 (5 weeks ago) <Alper Nebi Yasak>
|/  
* 6b4a14ce - util/nvmutil: tidy up variable declarations (7 weeks ago) <Leah Rowe>
* 031a0b55 - util/nvmutil: setWord(): declare variables first (7 weeks ago) <Leah Rowe>
* 257eedca - util/nvmutil: reset errno if any write attempted (7 weeks ago) <Leah Rowe>
* adc76e38 - util/nvmutil: do not write non-changes to disk (7 weeks ago) <Leah Rowe>
* 3e150bf3 - util/nvmutil: cmd_swap(): write sequentually (7 weeks ago) <Leah Rowe>
* 7e3a7355 - util/nvmutil: don't use malloc() (7 weeks ago) <Leah Rowe>
* a924d43b - util/nvmutil: fix clang build errors (7 weeks ago) <Leah Rowe>
* c822033b - util/nvmutil: simplify rhex() (7 weeks ago) <Leah Rowe>
* 0f485245 - util/nvmutil: use gbe[] in word() and setword() (7 weeks ago) <Leah Rowe>
* b1186968 - util/nvmutil: code cleanup (7 weeks ago) <Leah Rowe>
* 7a986497 - util/nvmutil: call pledge() earlier, in main() (7 weeks ago) <Leah Rowe>
* bb6fe263 - util/nvmutil: remove unused #define (7 weeks ago) <Leah Rowe>
* 5a5a8662 - util/nvmutil: optimised disk reads (7 weeks ago) <Leah Rowe>
* 24d56456 - util/nvmutil: optimise cmd_swap() (7 weeks ago) <Leah Rowe>
* ef84329a - util/nvmutil: optimise rhex() for speed (7 weeks ago) <Leah Rowe>
* 88a51531 - util/nvmutil: code cleanup in rhex() (7 weeks ago) <Leah Rowe>
* ac1cab28 - x230edp_12mb: Correct the path to data.vbt (7 weeks ago) <Alexei Sorokin>
* afc80b89 - util/nvmutil: update copyright years (9 weeks ago) <Leah Rowe>
* 8242dca5 - util/nvmutil: limit bytes written per command (9 weeks ago) <Leah Rowe>
* e398331b - util/nvmutil: make writeGbeFile more readable (9 weeks ago) <Leah Rowe>
* 8dea350a - util/nvmutil: only write parts that are modified (9 weeks ago) <Leah Rowe>
* d0fa08d5 - blobs/inject: fix wrong nvmutil path for make (10 weeks ago) <Leah Rowe>
*   e8072934 - Merge branch 'veyron-uboot-dmreset' of alpernebbi/lbmk into master (10 weeks ago) <Leah Rowe>
|\  
| * e11650c3 - u-boot: Enable DM_RESET for veyron boards (3 months ago) <Alper Nebi Yasak>
* |   6b104542 - Merge branch 'peach-uboot-usbehci' of alpernebbi/lbmk into master (10 weeks ago) <Leah Rowe>
|\ \  
| |/  
|/|   
| * 80bf54b2 - u-boot: Enable USB_EHCI_EXYNOS on peach boards (3 months ago) <Alper Nebi Yasak>
|/  
* 7f5dfebf - Do not rely on bashisms and behaviour undefined by the POSIX specification. Part 2 (3 months ago) <Ferass 'Vitali64' EL HAFIDI>
* f7870446 - Do not rely on bashisms and behaviour undefined by the POSIX specification. (3 months ago) <Ferass 'Vitali64' EL HAFIDI>
* d45b2e70 - util/nvmutil: use err() more consistently (3 months ago) <Leah Rowe>
* d726b16f - util/nvmutil: more robust pointer handling (3 months ago) <Leah Rowe>
* 448ee510 - util/nvmutil: optimise cmd_swap() further (3 months ago) <Leah Rowe>
* effcb942 - util/nvmutil: greatly optimise cmd_copy() (3 months ago) <Leah Rowe>
* 6e5828e4 - util/nvmutil: greatly optimise cmd_swap() (3 months ago) <Leah Rowe>
* 7aafc62b - scripts/blobs/inject: fix bad cbfstool build check (3 months ago) <Leah Rowe>
* 6ebd178f - util/nvmutil: simplified error handling in rhex() (3 months ago) <Leah Rowe>
* 04da953c - util/nvmutil: return errno when calling err() (3 months ago) <Leah Rowe>
* 00187811 - util/nvmutil: exit non-zero if close() fails (3 months ago) <Leah Rowe>

Major works planned

In general, you should also check the issue tracker to find other notes. There is always more work to do, to improve Libreboot.

Linux distro in flash

STILL ON TODO SINCE LAST RELEASE.

This is another project that has been on hold for a while. The issue has been that I need a decent userland project. I've looked at many different userlands and since late June in 2022, decided to make my own. I want a BusyBox-like solution, but based on code from OpenBSD, ported to run under Linux with musl libc.

I want this distro to provide a kexec bootloader in flash, similar to Heads, and I also want it to use apk-tools, pointing at Alpine Linux repositories so as to allow any number of packages to be downloaded. It could also provide lots of utils in general, to be a live rescue system of sorts. Linux system in flash, that can bootstrap other systems.

About a week before this release, I actually started on the project for real, after having many false starts. I've forked a project called lobase which already ports OpenBSD's userland utilities to glibc under Linux, and it's as of today about 5 years outdated based on OpenBSD 6.3.

I've ported these utilities directly from OpenBSD 7.2, in my local fork of lobase, superimposing the new code on top of the old and adapting according to musl libc (lobase is full of hacks for glibc that I don't need):

mail, cat, ls, head, rcs, hexdump, whois and time

I've been working on this in a dedicated Alpine Linux virtual machine, currently on release 3.17 of Alpine Linux. Alpine is an ideal test distro for such development, because it already uses musl libc and has libressl available in aports.

I don't have enough to release yet, but when I have a release ready, I will upload it to a Git repository. When the userland port is fully complete, I shall then base off of Alpine Linux abuild+aports build system infrastructure to provide small base images. It will be similar to the Heads project, but built separately and not specifically targeted at Libreboot, but in general to any coreboot setup, on supported hardware. It won't be a general purpose distro, but I would at that point submit my userland port to Alpine, proposing it as a replacement of their busybox package in base.

Unlike Heads, I don't plan yet to make this a direct coreboot payload. Instead, it'll be a standalone image loaded into CBFS, and chainloaded via the GRUB or SeaBIOS payloads, which are both capable of executing ELF binaries from the flash.

Lobase, which my development is forked from, can be found here (archived): https://github.com/Duncaen/lobase

I've been re-using lobase's build system, adapting newer code from OpenBSD. It's a lot of work, but I'm hopeful I can have this ready before the next Libreboot release.

Re-factor and optimize GRUB

STILL ON TODO SINCE LAST RELEASE.

GRUB is full of unused bloat that almost nobody uses, yet is in the current Libreboot builds. It's been on TODO for some time, but work has not yet begun on this project. My efforts are currently focused on the Linux distro.

What I want is a fork of GRUB, optimized to run on bare metal as a coreboot payload, on x86 and ARM platforms.

I have an update since the last release. Paul Menzel of coreboot has made GRUB modules more configurable, making it possible to reduce the size of the payload. His patch is not yet used in Libreboot (not in this release, anyway), but the patch in GRUB is:

commit 6c5ee45548fcb65d7921c9fca5867b256f9a48ad
Author: Paul Menzel <pmenzel@molgen.mpg.de>
Date:   Thu Mar 7 12:16:06 2019 +0100
    Makefile: Allow to set file systems modules for default_payload.elf

I'm going to play around with this when I get the time. Even with this modification, GRUB is still full of code that Libreboot will never use. A GRUB Valhalla Rampage is still in order!