.png){kind=small}
Intro
Our mission @3mdeb is to develop secure and maintainable firmware and applications helping our clients reach their goals. During everyday work sometimes we struggle with frustrating problems that shouldn’t occur in the first place. When we finally deal with the issues, the first thing we want to do is to share the good news with the related communities. This is our main motivation behind our hard work - to share the knowledge by taking part in the open source community and help developers and enthusiasts with samples of codes. The positive feedback from the users is the priceless reward that drives us to spread the habit of contributing to open source projects. This post will start the series of 3mdeb contribution summary posts that will be released at the end of each quarter. Let’s dive into the world of open code!
2020’Q1 - the king of coreboot?
In the first 3 months of 2020, we contributed 7130 lines of code (except the
patches that have not been merged yet) getting in total over 16k
SLOC in 34 unique
projects so far.
Let’s introduce the new changes:
-
coreboot is an extended firmware framework that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology.
This project is the unquestioned number one in this overview. To sum up, the most significant changes are unification of the AMD coreboot code and support for 6 new mainboards (Libretrend Librebox and Protectli Vault FW2B, FW4B, FW6A, FW6B and FW6C).
Full list of 2020’Q1 patches:
Author Category Patch URL Michał Żygowski pcengines/apu1 Add SMBIOS type 16 and 17 entries link Michał Żygowski pcengines/apu1 Add possibility to redirect output to COM2 link Michał Żygowski pcengines/apu2 Add SMBIOS type 16 and 17 entries link Piotr Kleinschmidt pcengines/apu2 Use AGESA 1.0.0.4 with adjusted AGESA header link Michał Żygowski pcengines/apu2 Add GNB IOAPIC to MP Table link Michał Żygowski pcengines/apu2 Add reset logic for PCIe slots link Michał Żygowski pcengines/apu2 Enable PCIe power management features link Michał Żygowski pcengines/apu2 Do not pass enabled PCIe ClockPM to AGESA link Michał Żygowski pcengines/apu2 Revert “add reset logic for PCIe slots” link Michał Żygowski pcengines/* Remove non-existing NCT5104d LDN 0xe link Piotr Kleinschmidt pcengines/* Enable SuperIO LDN 0xf for GPIO soft reset link Piotr Kleinschmidt pcengines/* Enable simple IO-based GPIO control link Michał Żygowski amd/common/acpi Move thermal zone to common location link Michał Żygowski amd/agesa Improve HTC threshold handling link Michał Żygowski amd/agesa Add BeforeInitLate hooks link Michał Żygowski amd/pi Enable ACS and AER for PCIe ports link Michał Żygowski amd/pi Initialize GNB IOAPIC link Michał Żygowski amd/pi Unhardcode IOAPIC2 address link Michał Żygowski amd/pi Refactor IVRS generation link Michał Żygowski amd/pi Add lost options link Piotr Kleinschmidt amd/{agesa,pi} Change default SATA mode to AHCI link Michał Żygowski amd/{agesa,pi} Include thermal zone link Michał Żygowski amd/{agesa,pi} Use ACPIMMIO common block wherever possible link Michał Żygowski amdblocks/acpimmio Add missing MMIO functions link Michał Żygowski mb/* Use ACPIMMIO common block wherever possible link Michał Żygowski acpi Correct the processor devices scope link Michał Żygowski x86/acpi Add definitions for IVHD type 11h link Michał Żygowski drivers/pc80/tpm Change the _HID and_CID for TPM2 device link Michał Żygowski maintainers Add 3mdeb as Protectli mainboards maintainers link Michał Żygowski protectli/vault Add FW2B and FW4B Braswell based boards support link Michał Żygowski protectli/vault_kbl Add FW6 support link Michał Żygowski libretrend/lt1000 Add Libretrend LT1000 mainboard link Michał Żygowski superio/nuvoton Add chip config option to reset GPIOs link Piotr Kleinschmidt superio/nuvoton Add virtual LDN for simple GPIO IO control link Piotr Kleinschmidt superio/nuvoton Add soft reset GPIO functionality link Michał Żygowski intel/bd82x6x Configure CLKRUN_EN according to SKU link Michał Żygowski intel/braswell Generate microcode binaries from tree link Michał Żygowski intel/braswell Include smbios.h for Type9 Entries link
-
TrenchBoot is a framework that allows individuals and projects to build security engines to perform launch integrity actions for their systems. The framework builds upon Boot Integrity Technologies (BITs) that establish one or more Roots of Trust (RoT) from which a degree of confidence that integrity actions were not subverted.
Full list of 2020’Q1 patches:
Author Category Patch URL Krystian Hebel Build Move bootloader data out of measured block link Krystian Hebel Build Use more hidden symbols to fix 32bit boot link Michał Żygowski Security Add sha256 link Michał Żygowski README Add basic readme with Travis build status link Krystian Hebel Main Move PCR extension logic to a separate function link
-
The ACPI Component Architecture (ACPICA) project provides an open-source operating system-independent implementation of the Advanced Configuration and Power Interface specification (ACPI)
Full list of 2020’Q1 patches:
Author Patch URL Michał Żygowski Implement IVRS IVHD type 11h parsing link
-
This layer enables hypervisor, virtualization tool stack, and cloud support.
Full list of 2020’Q1 patches:
Author Category Patch URL Piotr Król dev86 update SRC_URI and associated checksums link
In the near future
We are not going to rest on our laurels. There are still plenty merge and pull requests that are in the review state or marked as work in progress.
In the TrenchBoot/landing-zone project, 3mdeb’s Firmware Team is working on Multiboot2 and new kernel info structure. If you are interested in this project, check out posts describing our work on Open Source DRTM - Project basics and Landing Zone validation.
coreboot community is active as always and 3mdeb’s team send support patches for Dell OptiPlex 9010 SFF, SMSC SCH5545, intel/bd82x6x missing power button events, SeaBIOS fix and intruder detection system (patch1, patch2, patch3)! Below you can find a little demonstration what it is all about:
What 3mdeb engineers do in free time during isolation? @_miczyg_ having fun playing with coreboot on #Dell PCs at home. You certainly do not want to open this case, intruder!
— 3mdeb (@3mdeb_com) April 6, 2020
Intrusion detection event log incoming.#coreboot #firmware #security https://t.co/omfUHDUnwo
Last but not least news
Do you want to read more about our contribution? Feeling that you are missing information about open projects that we are developing and maintaining? Finally, we can announce that all open source related activities and achievements are available to visit at newly created subdomain opensource.3mdeb.com.
Feel free to comment on which projects missing out there and we will surely look into the details of pointed technologies. Also, if you have any questions regarding the basics of the contribution process or simply want to send your first patches to the world of the open source IT but you lack the courage to do so, we will be glad to help you out.
Summary
Do you still hesitate to be a part of the open source community? By contribution you not only share valuable code but also improve your software through review of experienced community members. Take part in the act of learning and teaching by explaining how you do things in the example project and build a reputation around people who are interested in similar things. Do not wait and join the open source family!
If you think we can help in improving the security of your firmware or you
looking for someone who can boost your product by leveraging advanced features
of a used hardware platform, feel free to
book a call with us or
drop us email to contact<at>3mdeb<dot>com. If you are interested in similar
content feel free to sign up for our newsletter
