lbwww/site/docs/build/index.md

10 KiB

title x-toc-enable
Build from source true

Firstly, you should read the Libreboot Binary Blob Reduction Policy: https://libreboot.org/news/policy.html

A lot of mainboards in Libreboot will boot entirely with free software, but there are certain newer mainboards supported in Libreboot that need binary blobs added to them, mostly for minor initialisation tasks.

They are automatically inserted during the build process, but then deleted during the release process; images built directly from lbmk can be flashed without further modification, but release images need to have these files re-inserted (e.g. KBC1126 EC firmware on HP EliteBooks). Please read this page for context: https://libreboot.org/docs/install/ivy_has_common.html

The scripts under directory script/update/vendor/ are the ones that do this. Specifically, script/update/vendor/download. The benefit of this is that you do not need to extract anything from the original vendor image (e.g. Lenovo UEFI image).

To know if this was performed on your board, you can read the Freedom Status page which documents which files are used (if any), on which boards: https://libreboot.org/freedom-status.html

There are specific files that you must know about, so they will be covered next:

Regarding CPU microcode

Libreboot release archives provide ROMs with or without CPU microcode updates, but the newest revisions of lbmk (from lbmk.git) only build ROM images that contain microcode updates, by default. Libreboot's build system contains a script that will generate release archives, and this is used to provide Libreboot releases; this script is what provides the images with microcode removed, alongside the default ones generated by lbmk during the build.

Please read: https://libreboot.org/freedom-status.html#cpu-microcode

The linked page has info, and includes instructions about how to manually remove them, if you wish to do so. Removal of CPU microcode updates (on Intel/AMD processors) will result in unpredictable security/stability issues, so beware.

Further context is provided in the Libreboot Binary Blob Reduction Policy: https://libreboot.org/news/policy.html

We recommend that you do not delete these updates, but you have the freedom to choose. Additionally: we have only tested certain mainboards under this configuration. To know which ones they are, do this in lbmk.git:

cd config/coreboot/
git grep microcode_required

Example entry:

e6400_4mb/target.cfg:microcode_required="n"

If it says ="n", that means it has been tested. That does not mean it will be stable, it's just that we're reasonably sure it will at least boot most of the time, but you should expect random instability e.g. kernel panics.

If a given mainboard excludes microcode_required in target.cfg, or if it says microcode_required="y", then the release ROMs will only contain microcode updates. Manual removal (as above) is still possible, but it has not been tested and is not recommended.

NOTE: ARM-based chromebooks (that Libreboot supports) don't use microcode at all. This section is only revelant for x86 (Intel/AMD).

Regarding Nvidia GPU ROM (Dell Latitude E6400)

Dell Latitude E6400 comes in two variants: Nvidia graphics, or Intel graphics. More information is available on the page: https://libreboot.org/docs/hardware/e6400.html

The intel graphics model can boot with coreboot's native video initialisation, which is free software. The Nvidia model (comes with Nvidia GPU) requires proprietary code called a VGA Option ROM to initialise the video display in early boot.

Libreboot automatically fetches this during the build process, inserting it into the very same ROM image that can be flashed on either model, but the VGA ROM will only be executed if you actually have the Nvidia GPU on your board.

ALSO: Libreboot 20230625 did not support Nvidia models at all (only Intel).

Pre-built ROM images from release archives after 20230625 will not contain this file by default, but it will be present if you compiled directly from lbmk. To remove it, do this:

./cbutils/default/cbfstool libreboot.rom remove -n pci10de,06eb.rom

The cbfstool binary was compiled when your image (target e6400_4mb) was compiled, which can alter the file system within your coreboot image.

Obviously, removing this VGA ROM will mean that the ROM image will only work correctly on Intel GPU variants of E6400, but you probably knew that already!

(If you're using a release archive instead, you can re-insert the VGA ROM by following these instructions)

20230625 build error (release archive)

When building ROM images from the release archives, the following error is observed in some cases, depending on distro:

In file included from src/lib/version.c:4:
build/build.h:10:32: error: 'libreboot' undeclared here (not in a function)
   10 | #define COREBOOT_MAJOR_VERSION libreboot-20230625
      |                                ^~~~~~~~~
src/lib/version.c:35:46: note: in expansion of macro 'COREBOOT_MAJOR_VERSION'
   35 | const unsigned int coreboot_major_revision = COREBOOT_MAJOR_VERSION;
      |                                              ^~~~~~~~~~~~~~~~~~~~~~

This happened when a user tried to build for ThinkPad W541 on an Arch Linux system. The fix is available here:

https://browse.libreboot.org/lbmk.git/patch/?id=f34e07ae27e3e6e8508cdebcbd09fdf73fca302d

Apply this patch to your local release archive, and it should fix the issue.