3mdeb contribution 2020'Q1 - coreboot ports all over the place.

Intro

Our mission @3mdeb is to develop secure and maintainable firmware and applications helping our clients reach their goals. During everyday work sometimes we struggle with frustrating problems that shouldn’t occur in the first place. When we finally deal with the issues, the first thing we want to do is to share the good news with the related communities. This is our main motivation behind our hard work - to share the knowledge by taking part in the open source community and help developers and enthusiasts with samples of codes. The positive feedback from the users is the priceless reward that drives us to spread the habit of contributing to open source projects. This post will start the series of 3mdeb contribution summary posts that will be released at the end of each quarter. Let’s dive into the world of open code!

2020’Q1 - the king of coreboot?

In the first 3 months of 2020, we contributed 7130 lines of code (except the patches that have not been merged yet) getting in total over 16k SLOC in 34 unique projects so far.

Let’s introduce the new changes:

coreboot logo

  1. coreboot

    coreboot is an extended firmware framework that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology.

    This project is the unquestioned number one in this overview. To sum up, the most significant changes are unification of the AMD coreboot code and support for 6 new mainboards (Libretrend Librebox and Protectli Vault FW2B, FW4B, FW6A, FW6B and FW6C).

    Full list of 2020’Q1 patches:

    Author Category Patch URL
    Michał Żygowski pcengines/apu1 Add SMBIOS type 16 and 17 entries link
    Michał Żygowski pcengines/apu1 Add possibility to redirect output to COM2 link
    Michał Żygowski pcengines/apu2 Add SMBIOS type 16 and 17 entries link
    Piotr Kleinschmidt pcengines/apu2 Use AGESA 1.0.0.4 with adjusted AGESA header link
    Michał Żygowski pcengines/apu2 Add GNB IOAPIC to MP Table link
    Michał Żygowski pcengines/apu2 Add reset logic for PCIe slots link
    Michał Żygowski pcengines/apu2 Enable PCIe power management features link
    Michał Żygowski pcengines/apu2 Do not pass enabled PCIe ClockPM to AGESA link
    Michał Żygowski pcengines/apu2 Revert “add reset logic for PCIe slots” link
    Michał Żygowski pcengines/* Remove non-existing NCT5104d LDN 0xe link
    Piotr Kleinschmidt pcengines/* Enable SuperIO LDN 0xf for GPIO soft reset link
    Piotr Kleinschmidt pcengines/* Enable simple IO-based GPIO control link
    Michał Żygowski amd/common/acpi Move thermal zone to common location link
    Michał Żygowski amd/agesa Improve HTC threshold handling link
    Michał Żygowski amd/agesa Add BeforeInitLate hooks link
    Michał Żygowski amd/pi Enable ACS and AER for PCIe ports link
    Michał Żygowski amd/pi Initialize GNB IOAPIC link
    Michał Żygowski amd/pi Unhardcode IOAPIC2 address link
    Michał Żygowski amd/pi Refactor IVRS generation link
    Michał Żygowski amd/pi Add lost options link
    Piotr Kleinschmidt amd/{agesa,pi} Change default SATA mode to AHCI link
    Michał Żygowski amd/{agesa,pi} Include thermal zone link
    Michał Żygowski amd/{agesa,pi} Use ACPIMMIO common block wherever possible link
    Michał Żygowski amdblocks/acpimmio Add missing MMIO functions link
    Michał Żygowski mb/* Use ACPIMMIO common block wherever possible link
    Michał Żygowski acpi Correct the processor devices scope link
    Michał Żygowski x86/acpi Add definitions for IVHD type 11h link
    Michał Żygowski drivers/pc80/tpm Change the _HID and _CID for TPM2 device link
    Michał Żygowski maintainers Add 3mdeb as Protectli mainboards maintainers link
    Michał Żygowski protectli/vault Add FW2B and FW4B Braswell based boards support link
    Michał Żygowski protectli/vault_kbl Add FW6 support link
    Michał Żygowski libretrend/lt1000 Add Libretrend LT1000 mainboard link
    Michał Żygowski superio/nuvoton Add chip config option to reset GPIOs link
    Piotr Kleinschmidt superio/nuvoton Add virtual LDN for simple GPIO IO control link
    Piotr Kleinschmidt superio/nuvoton Add soft reset GPIO functionality link
    Michał Żygowski intel/bd82x6x Configure CLKRUN_EN according to SKU link
    Michał Żygowski intel/braswell Generate microcode binaries from tree link
    Michał Żygowski intel/braswell Include smbios.h for Type9 Entries link

    TrenchBoot logo

  2. TrenchBoot/landing-zone

    TrenchBoot is a framework that allows individuals and projects to build security engines to perform launch integrity actions for their systems. The framework builds upon Boot Integrity Technologies (BITs) that establish one or more Roots of Trust (RoT) from which a degree of confidence that integrity actions were not subverted.

    Full list of 2020’Q1 patches:

    Author Category Patch URL
    Krystian Hebel Build Move bootloader data out of measured block link
    Krystian Hebel Build Use more hidden symbols to fix 32bit boot link
    Michał Żygowski Security Add sha256 link
    Michał Żygowski README Add basic readme with Travis build status link
    Krystian Hebel Main Move PCR extension logic to a separate function link

    ACPICA logo

  3. acpica

    The ACPI Component Architecture (ACPICA) project provides an open-source operating system-independent implementation of the Advanced Configuration and Power Interface specification (ACPI)

    Full list of 2020’Q1 patches:

    Author Patch URL
    Michał Żygowski Implement IVRS IVHD type 11h parsing link

    Yocto Project Logo

  4. meta-virtualization

    This layer enables hypervisor, virtualization tool stack, and cloud support.

    Full list of 2020’Q1 patches:

    Author Category Patch URL
    Piotr Król dev86 update SRC_URI and associated checksums link

In the near future

We are not going to rest on our laurels. There are still plenty merge and pull requests that are in the review state or marked as work in progress.

In the TrenchBoot/landing-zone project, 3mdeb’s Firmware Team is working on Multiboot2 and new kernel info structure. If you are interested in this project, check out posts describing our work on Open Source DRTM - Project basics and Landing Zone validation.

coreboot community is active as always and 3mdeb’s team send support patches for Dell OptiPlex 9010 SFF, SMSC SCH5545, intel/bd82x6x missing power button events, SeaBIOS fix and intruder detection system (patch1, patch2, patch3)! Below you can find a little demonstration what it is all about:

Last but not least news

Do you want to read more about our contribution? Feeling that you are missing information about open projects that we are developing and maintaining? Finally, we can announce that all open source related activities and achievements are available to visit at newly created subdomain opensource.3mdeb.com.

Feel free to comment on which projects missing out there and we will surely look into the details of pointed technologies. Also, if you have any questions regarding the basics of the contribution process or simply want to send your first patches to the world of the open source IT but you lack the courage to do so, we will be glad to help you out.

Summary

Do you still hesitate to be a part of the open source community? By contribution you not only share valuable code but also improve your software through review of experienced community members. Take part in the act of learning and teaching by explaining how you do things in the example project and build a reputation around people who are interested in similar things. Do not wait and join the open source family!

If you think we can help in improving the security of your firmware or you looking for someone who can boost your product by leveraging advanced features of a used hardware platform, feel free to book a call with us or drop us email to contact<at>3mdeb<dot>com. If you are interested in similar content feel free to sign up to our newsletter


Artur Raglis
Web Development Team Leader and former Test Automation TL. More and more enthusiastic about open source family. Thrilled to learn the latest trends in the world of backend solutions. Loves the good Sci-Fi literature and automation of the boring stuff.