.png){kind=small}
The open-source community is delighted about the latest coreboot release, version 4.20. It’s a great time as we see this open-source firmware framework continue development and improvement, particularly from the perspective of our dedicated contributors and Dasharo customers and supporters. Here’s what you need to know about the changes in this release.
Our Valued Contributors
Firstly, we’d like to acknowledge the hard work of our contributors, who continuously strive to enhance the coreboot project:
They’ve made significant contributions to various aspects of this project. Their input ranges from fine-tuning and debugging existing features to implementing new ones and revamping core aspects of the firmware. We express our gratitude for their efforts.
Significant Updates and Features
While there’s a myriad of changes in the coreboot 4.20 release, you can find details in release notes, a few stand out due to their potential value for the community.
3mdeb has actively contributed to this release as part of Dasharo Support Package product and Dasharo Community Support sponsored through Dasharo newsletter subscription and merchandise, as seen in the number of commits, mainly through our work in:
- Mainboard and SoC Support: We added and improved support for Protectli mainboards based on Intel Elkhart Lake, Alder Lake SoCs. Added support to dump GPIOs on Jasper Lake SoC.
- Documentation: coreboot’s documentation was updated, particularly in the Dasharo description and Trusted Platform Module (TPM) options.
- TPM Security: New log formats compliant with the 2.0 and 1.2 specs and Kconfig-configurable PCR usage.
- VT-d: The VT-d subsystem now has a new DMA protection API, which we integrated into Alder Lake’s functionality.
- EDK2 Payload: Users can now clone the edk2-platforms repository.
- Bug Fixes: Multiple fixes in different areas, such as Intel Elkhart Lake’s GPIO and Makefiles.
- Power9: We refactored the code to enhance readability and maintainability.
- Additional features: A speaker beep function and updated USB port macros.
Contribution details
- Kacper Stojek (3)
- Karol Zmysłowski (1)
- Krystian Hebel (1)
- Michał Kopeć (1)
- Michał Żygowski (19)
- mb/protectli/vault_cml: Add Comet Lake 6 port board support
- intelblocks/vtd: Add VT-d block with DMA protection API
- intelblocks/cse: Add functions to check and change PTT state
- mb/protectli/vault_cml: Disable PTT and SPI TPM
- payloads/external/edk2: Add option to clone edk2-platforms repo
- soc/intel/elkhartlake/romstage/fsp_params.c: separate debug params
- soc/intel/alderlake/hsphy.c: Handle case with DMA protection
- pc80/i8254: Add speaker beep function
- mb/msi/ms7d25: Update USB port macros
- Makefile.inc: fix multiple jobs build issue
- soc/intel/alderlake: Hook up P2SB PCI ops
- soc/intel/alderlake: Hook the VT-d DMA protection option
- soc/intel/elkhartlake/gpio.c: Fix GPD reset map
- soc/intel/alderlake/iomap: Fix the PCR BAR size on ADL-S
- soc/intel/elkhartlake: Define DIMM_SPD_SIZE in SoC Kconfig
- soc/intel/common/block/graphics: Hook up all ADL-S IGD PCI IDs
- soc/intel/alderlake/{chipset.cb,chipset_pch_s.cb}: Set P2SB as hidden
- Update vboot submodule to upstream main
- soc/intel/elkhartlake: Increase BSP stack size by 1 KiB to 193 KiB
- soc/intel/alderlake: Select SOC_INTEL_COMMON_BLOCK_VTD
- Sergii Dmytruk (5)
- security/tpm: add TPM log format as per 2.0 spec
- security/tpm: add TPM log format as per 1.2 spec
- Documentation/measured_boot.md: document new TPM options
- Documentation/measured_boot.md: fix SRTM/DRTM explanations
- security/tpm: make usage of PCRs configurable via Kconfig
- src/cpu/power9: move part of scom.h to scom.c
Summary
Maximize your hardware’s capabilities and secure your firmware with 3mdeb’s expert services. Our team is dedicated to enhancing your product’s performance and safeguarding it from security vulnerabilities. By opting for our services, you unlock myriad benefits that your hardware holds. Whether it’s about firmware optimization or security, we’ve got you covered. Don’t let your hardware limit your potential; instead, let’s work together to push the boundaries of what’s possible. Ready to take the leap? Reach out to us for a consultation and stay informed by subscribing to our newsletter. Let’s revolutionize your firmware security and performance together. Choose Dasharo, choose 3mdeb. Take the first step today!
