Workshop 2.3
Let's run the bootloader/OS
Content
- coreboot loader
- Payload types
- Libpayload
- Native Graphics Init
- Hands-on: LinuxBoot
- Hands-on: SeaBIOS with secondary payload
- Hands-on: TianoCore
Payload types
- Static ELF binaries
- Flat binaries
- bzImage
- uImage (FIT)
- libpayload based
Static ELF binaries
- Converted to Simple ELF (SELF) by cbfstool
- Fixed position in physical address space
- Not relocatable
- SELF segments can be compressed
- Possible payloads:
- SeaBIOS
- GRUB
- Tianocore
- depthcharge
- memtest86+
Flat binaries
- Simple entry point
- No conversion
- Supported payloads:
- uboot
bzImage
- x86 only
- Is already compressed
- Requires trampoline code
- Follows Linux aarch64 calling conventions
- Has a special loader
- vmlinux, vmlinuz, Image isn't supported
bzImage
- Graphics init in coreboot is optional
- Graphics init in kernel is done late
- No BIOS or EFI services
- Flash as size limitation
- Kernel update requires flashing a new firmware
but ...
uImage (FIT)
- ARM64 only
- Multiple sections (kernel, initrd, devicetree, config, ...)
- Has optional compression
- Includes a DTB
- Follows Linux aarch64 calling conventions
- Has a special loader
libpayload
- Bare metal library used by some payloads
- Custom USB driver
- Custom PS/2 driver
- Simple framebuffer driver
- Understands CBFS/CBMEM/CBTABLES ...
- Provides basic libc functions
- ASM stub, payload can be written in pure C
libpayload
-
Don't expect anything
- No FPU initialized
- No SSE enabled
- Single threaded
- No interrupts
- Has to deal with hardware bugs
- No filesystem drivers
- on x86 32-bit protected mode only
- Single threaded
- No ACPI support
- Simple powermangement in the works
- No filesystem driver
but ...
libpayload
- depthcharge
- nvramcui
- tint
- coreinfo
Payloads that use libpayload
Native graphics init
Native graphics init
- 64 KiB VGA Option ROM BLOB
- 16-bit x86 instructions
- No signature
- Optional YABEL emulator in coreboot
- not redistributable
Situation in comercial BIOS:
Situation in comercial EFI:
- GOP driver BLOB
- Signed code
- Can't be run in coreboot
- not redistributable
Community efforts in coreboot:
- Reverse engineered graphics init using YABEL
- Only for integrated LVDS panels
- Only for some panels ...
Native graphics init
- Written in ADA SPARK
- Supports all platforms starting from gm45
- Supports all connector types
Replaced by libgfxinit on x86:
- Requires coreboot support in the payload or OS
- No resolution switching at runtime
- Can be skipped if payload does graphics init
- SeaBIOS using VGA Option ROM
- TianoCore using GOP driver
- Linux using KMS and VBT
In general:
coreboot framebuffer info
- Provides a framebuffer base address and metadata
- Only readable by payloads that know about coreboot
- No support in Microsoft/Apple
- Payloads that support reading the framebuffer info:
- Libpayload
- GRUB
- SeaBIOS
- TianoCore
- GNU/Linux
#define LB_TAG_FRAMEBUFFER 0x0012
struct lb_framebuffer {
uint32_t tag;
uint32_t size;
uint64_t physical_address;
uint32_t x_resolution;
uint32_t y_resolution;
uint32_t bytes_per_line;
uint8_t bits_per_pixel;
uint8_t red_mask_pos;
uint8_t red_mask_size;
uint8_t green_mask_pos;
uint8_t green_mask_size;
uint8_t blue_mask_pos;
uint8_t blue_mask_size;
uint8_t reserved_mask_pos;
uint8_t reserved_mask_size;
};
LinuxBoot
LinuxBoot
- Requires go compiler
- Compiles the kernel and u-root
facts
LinuxBoot
- Well tested drivers for anything
- Graphics
- USB
- Input device
- Block devices
- SCSI devices
- Network
- EC/SuperIO
- Support for (almost) all filesystems
- Easy to write application programms
- You don't need firmware engineers
- Don't have to deal with hardware errata
- Multithreaded
- Power managment
- Memory management
- ...
pro
con
- Requires external toolchain (non x86)
- No EFI boot support (yet)
- Big payload size
- Bigger attack surfaces
Hands-on: Build LinuxBoot
SeaBIOS
- x86 only
- CSM for TianoCore
- Supports secondary payloads
- coreinfo
- tint
- nvramcui
- memtest86
- Build using coreboot toolchain
facts
- payloads stored in CBFS
- loaded by a payload
secondary payloads:
SeaBios
- CSM for TianoCore
- Build using coreboot toolchain
- TPM support
- PS/2 driver
- Provides all common 16bit BIOS services
- SeaVGABios for "Native graphics Init"
pro
- Only text menu
- Runs unsigned Option ROMs
- BIOS services are 16bit real mode
- No Secure Boot
- Runs unsigned code from MBRs
- No mouse support
con
SeaVGABios
- 16bit VGA Option ROM
- Provides VBE 2.0 interface
- Advertises coreboot's framebuffer info
facts
SeaVGABios
- Code doesn't interact with hardware
- Legacy application do work with coreboot's graphics init
pro
con
- No mode switching
- No legacy VGA modes
- RGB8 pallette only
Hands-on: Build SeaBIOS with secondary payloads
Hands-on: Build SeaBIOS with secondary payloads
Hands-on: Build SeaBIOS with secondary payloads
Hands-on: Build SeaBIOS with secondary payloads
Note: memtest86 is VGA text mode only
Hands-on: Build SeaBIOS with secondary payloads
enable CMOS support for nvramcui
- Run coreinfo from SeaBIOS
- Run nvramtool from SeaBIOS in "high-resolution" framebuffer
- Run memtest86+ from SeaBIOS in text mode
Task:
Hands-on: Build SeaBIOS with secondary payloads
TianoCore
- Intel Open Source UEFI reference implementation
- integrated into x86 coreboot build system
- Only graphical menu
- SeaBIOS as CSM
- Build using an external toolchain
- Includes CorebootPkg
- No Secure Boot support yet for coreboot
- No persistent NVRAM support for coreboot
Hands-on: Build Tianocore in QEMU
Hands-on: Build Tianocore in QEMU
Select Tianocore as payload and select "debug build":
Hands-on: Build Tianocore in QEMU
Select "high-resolution" frambuffer in Devices > Display :
Hands-on: Build Tianocore in QEMU
Remove the file:
$ rm payloads/external/tianocore/patches/05_CorebootPayloadPkg_noserial.patch
Build coreboot.rom
Run it in qemu:
$ make
$ qemu-system-x64_86 -m 2048 -M q35 -bios build/coreboot.rom
FB Workshop 2.3: Payloads
By 9elements Agency GmbH
