10 KiB
title | x-toc-enable |
---|---|
Build from source | true |
Firstly, you should read the Libreboot Binary Blob Reduction Policy: https://libreboot.org/news/policy.html
A lot of mainboards in Libreboot will boot entirely with free software, but there are certain newer mainboards supported in Libreboot that need binary blobs added to them, mostly for minor initialisation tasks.
They are automatically inserted during the build process, but then deleted during the release process; images built directly from lbmk can be flashed without further modification, but release images need to have these files re-inserted (e.g. KBC1126 EC firmware on HP EliteBooks). Please read this page for context: https://libreboot.org/docs/install/ivy_has_common.html
The scripts under directory script/update/vendor/
are the ones that do this.
Specifically, script/update/vendor/download
. The benefit of this is that you
do not need to extract anything from the original vendor image (e.g. Lenovo
UEFI image).
To know if this was performed on your board, you can read the Freedom Status page which documents which files are used (if any), on which boards: https://libreboot.org/freedom-status.html
There are specific files that you must know about, so they will be covered next:
Regarding CPU microcode
Libreboot release archives provide ROMs with or without CPU microcode updates,
but the newest revisions of lbmk (from lbmk.git
) only build ROM images that
contain microcode updates, by default. Libreboot's build system contains a script
that will generate release archives, and this is used to provide Libreboot
releases; this script is what provides the images with microcode removed,
alongside the default ones generated by lbmk during the build.
Please read: https://libreboot.org/freedom-status.html#cpu-microcode
The linked page has info, and includes instructions about how to manually remove them, if you wish to do so. Removal of CPU microcode updates (on Intel/AMD processors) will result in unpredictable security/stability issues, so beware.
Further context is provided in the Libreboot Binary Blob Reduction Policy: https://libreboot.org/news/policy.html
We recommend that you do not delete these updates, but you have the freedom
to choose. Additionally: we have only tested certain mainboards under this
configuration. To know which ones they are, do this in lbmk.git
:
cd config/coreboot/
git grep microcode_required
Example entry:
e6400_4mb/target.cfg:microcode_required="n"
If it says ="n"
, that means it has been tested. That does not mean it will
be stable, it's just that we're reasonably sure it will at least boot most
of the time, but you should expect random instability e.g. kernel panics.
If a given mainboard excludes microcode_required
in target.cfg
, or if
it says microcode_required="y"
, then the release ROMs will only contain
microcode updates. Manual removal (as above) is still possible, but it has
not been tested and is not recommended.
NOTE: ARM-based chromebooks (that Libreboot supports) don't use microcode at all. This section is only revelant for x86 (Intel/AMD).
Regarding Nvidia GPU ROM (Dell Latitude E6400)
Dell Latitude E6400 comes in two variants: Nvidia graphics, or Intel graphics. More information is available on the page: https://libreboot.org/docs/hardware/e6400.html
The intel graphics model can boot with coreboot's native video initialisation, which is free software. The Nvidia model (comes with Nvidia GPU) requires proprietary code called a VGA Option ROM to initialise the video display in early boot.
Libreboot automatically fetches this during the build process, inserting it into the very same ROM image that can be flashed on either model, but the VGA ROM will only be executed if you actually have the Nvidia GPU on your board.
ALSO: Libreboot 20230625 did not support Nvidia models at all (only Intel).
Pre-built ROM images from release archives after 20230625 will not contain this file by default, but it will be present if you compiled directly from lbmk. To remove it, do this:
./cbutils/default/cbfstool libreboot.rom remove -n pci10de,06eb.rom
The cbfstool binary was compiled when your image (target e6400_4mb
) was
compiled, which can alter the file system within your coreboot image.
Obviously, removing this VGA ROM will mean that the ROM image will only work correctly on Intel GPU variants of E6400, but you probably knew that already!
(If you're using a release archive instead, you can re-insert the VGA ROM by following these instructions)
20230625 build error (release archive)
When building ROM images from the release archives, the following error is observed in some cases, depending on distro:
In file included from src/lib/version.c:4:
build/build.h:10:32: error: 'libreboot' undeclared here (not in a function)
10 | #define COREBOOT_MAJOR_VERSION libreboot-20230625
| ^~~~~~~~~
src/lib/version.c:35:46: note: in expansion of macro 'COREBOOT_MAJOR_VERSION'
35 | const unsigned int coreboot_major_revision = COREBOOT_MAJOR_VERSION;
| ^~~~~~~~~~~~~~~~~~~~~~
This happened when a user tried to build for ThinkPad W541 on an Arch Linux system. The fix is available here:
https://browse.libreboot.org/lbmk.git/patch/?id=f34e07ae27e3e6e8508cdebcbd09fdf73fca302d
Apply this patch to your local release archive, and it should fix the issue.