MSI PRO B850-P coreboot port: fTPM, fast boot, and cross-OS validation

Introduction

This blog post continues the MSI PRO B850-P coreboot porting series. In Part 1 we brought up the bootblock and romstage and mapped all USB, SATA, and PCIe ports. In Part 2 we added the USB and PCIe devicetree descriptors and integrated Phoenix openSIL as a submodule. In Part 3 we ported the MPIO, SMU, NBIO, FCH, and RcMgr IP blocks, bringing the platform to the verge of booting Linux. In Part 4 we added ~1000 lines of missing USB initialization code, ported the CCX IP block, and integrated automated test infrastructure. In Part 5 we completed GFX initialization in openSIL, added full Promontory21 chipset support, enabled AMD P-state CPPC, and improved ACPI tables - bringing Linux to a fully graphical boot, albeit still requiring nomodeset as a temporary workaround for an amdgpu kernel driver hard fault.

This post covers the next phase: fixing the amdgpu hard fault so that nomodeset is no longer needed, integrating AMD firmware TPM (fTPM) support with ROM Armor 3 flash protection, improving the Promontory21 configuration to match the vendor BIOS, adding EZ Debug LED support, enabling fast boot through AMD memory context save/restore, and completing the cross-OS boot and bug-fix campaign that confirms Linux and Windows 11 are fully operational.

The relevant coreboot changes are tracked in pull request 928 on the Dasharo coreboot downstream repository. The openSIL Promontory21 fixes are in the 3mdeb/openSIL repository. Several of the AMD fTPM driver commits were cherry-picked from upstream coreboot Gerrit and are not described individually here; this post focuses on the Dasharo-specific integration work.

The milestones covered in this post are:

Task 8. Validation & stabilization:

  • Milestone a. Cross-OS boot & bug-fix campaign

    Run exhaustive Linux, Windows and hypervisor test suites; fix remaining firmware defects and submit test reports.

Executive summary

This post covers the sixth phase of the MSI PRO B850-P coreboot port:

  1. GFX fix - ACPI VFCT published by AMD GOP driver: The amdgpu kernel driver hard fault was fixed by letting the AMD GOP driver publish the ACPI VFCT table with the in-RAM VBIOS copy. nomodeset is no longer required.

  2. AMD fTPM with ROM Armor 3: Integrated AMD PSP firmware TPM support backported from upstream coreboot, with fixes to cooperate with ROM Armor 3 SMM flash protection. The platform now provides TPM 2.0 through the PSP without a discrete TPM chip.

  3. Promontory21 improvements: Fixed PCIe target speed configuration for all ports, corrected secondary PT21 GPIO MMIO base address, added GPIO driver support in coreboot, and updated board configuration to match the vendor BIOS.

  4. EZ Debug LEDs: Added GPIO API to the NCT6687D Super I/O driver and wired the DRAM/CPU/VGA/BOOT LEDs to indicate firmware initialization progress.

  5. Power button SMI: Enabled power button press handling in pre-OS environment for clean system shutdown.

  6. SMBIOS memory information: Added openSIL APOB-based SMBIOS type 17 memory device entry generation, enabling correct DIMM information reporting.

  7. iPXE with Realtek UNDI: Included the Realtek UNDI EFI driver in the firmware image to enable network boot via the on-board RTL8126 controller.

  8. Fast boot via APOB memory context restore: Disabled APOB hashing to allow the PSP to accept saved memory training data on warm boots, reducing PSP initialization time by nearly 20 seconds.

  9. CPU _LPI structures: Added ACPI Low Power Idle object generation for Phoenix AM5 CPUs, required for correct Windows power management.

  10. ROM3 caching, EDK2 stable-202602, SBOMs, thermal zone, HDA verbs, and other minor fixes.

  11. Cross-OS boot campaign complete (Task 8 Milestone a): Linux boots with full amdgpu acceleration; Windows 11 installs and runs without Device Manager errors.

  12. Validation started: First release candidate tagged, automated test suite running.

GFX fix: AMD GOP driver publishes ACPI VFCT

The most visible improvement in this phase is the resolution of the amdgpu kernel driver hard fault that forced nomodeset since Part 5. The root cause was that the AMD GOP driver was not publishing the ACPI VFCT (Video BIOS Firmware Table) with an updated VBIOS copy from RAM. The ACPI VFCT is AMD-specific table thus it is not standardized by ACPI specification. There is no public specification for the table, nor how it is supposed to be created. Its format can be found in the Linux kernel sources for amdgpu driver, for example.

The VFCT table is how the UEFI firmware communicates a copy of the video BIOS to the operating system. The amdgpu driver reads the VFCT at boot to obtain VBIOS data for initializing the GPU from scratch under the OS. On the MSI PRO B850-P, the VBIOS image in SPI flash is generic. After the VBIOS is copied to RAM, executed and graphics initialized, its content may change according to the detected hardware and configured display settings. AMD GOP driver copies the modified VBIOS into the VFCT table, so that OS may use VBIOS functions to initialize graphics properly.

The fix is in device/pci_rom.c: coreboot now skips generating its own VFCT entry for the AMD iGPU when the EDK2 AMD GOP driver is enabled (CONFIG_AMD_PLATFORM_GOP). Instead, the GOP driver itself publishes the VFCT with the updated in-RAM VBIOS content. This avoids a conflict where coreboot was generating a stale VFCT pointing at the cbmem-based VBIOS while the GOP driver had already a different copy of the VBIOS in RAM allocated by the EDK2 UEFI Payload.

Linux now boots with a fully accelerated amdgpu driver. The nomodeset workaround is no longer required.

AMD fTPM support with ROM Armor 3

A significant portion of the work in this phase was integrating AMD firmware TPM (fTPM) support into the MSI PRO B850-P firmware. The fTPM is a TPM 2.0 implementation that runs inside the AMD PSP (Platform Security Processor), emulating a CRB (Command Response Buffer) TPM interface over MMIO. This eliminates the need for a discrete TPM chip while providing full TPM 2.0 functionality for features like Microsoft Windows installation, BitLocker, measured boot, and platform attestation.

The upstream fTPM driver stack was cherry-picked into the Dasharo branch as backports. The focus of the work specific to the MSI PRO B850-P was integrating these drivers with the ROM Armor 3 feature and adapting them to the Phoenix platform.

ROM Armor 3: SMM-gated flash protection

ROM Armor 3 is AMD’s SMM flash protection mechanism. When enabled, all writes to the SPI flash must be authorized through the PSP, and only SMM code can submit those authorization requests. This prevents unauthorized flash writes from ring-0 code and is an important layer of firmware security.

The challenge is that the AMD fTPM also needs to write to SPI flash - for example, to store TPM state in a dedicated flash region. These two subsystems must cooperate: when a flash write is needed and ROM Armor 3 is active, PSP will update the flash regions by itself. However, if ROM Armor 3 is runtime disabled by setup option, the write request comes from the PSP via SMI and the SMM code must write the requested data to the relevant flash region. The fTPM and ROM Armor 3 SMM handlers must not conflict, so it was necessary to put a check on the state of ROM Armor 3 (SMM BWP) variable and decide whether to enable PSP SMIs or not.

fwupd HSI

From a security standpoint, the combination of fTPM and ROM Armor 3 gives the MSI PRO B850-P a meaningful firmware security posture: TPM-backed measurements from romstage onward, and flash write protection that requires PSP authorization for any modification. The fwupd security report below confirms the platform’s security feature status:

1
sudo fwupdtool security

fwupd HSI

Why only HSI1?

The platform currently reaches HSI1 level. And, if not due to the update of fwupd adding Platform Secure Boot check, it would reach HSI2, like for Gigabyte with older fwupd version.

Platform Secure Boot

Platform Secure Boot (PSB) is a Static Root of Trust of AMD processors rooted in PSP, which enforces verification of the early boot firmware by PSP. It has a side-effect of binding a CPU to a given key, or mainboard firmwares which use the given key. In short, it takes away the possibility of reusing the CPUs across mainboards, even for testing purposes on your own devices. This security feature was very disliked. The article even describes the surprise of the author that the CPU suddenly stopped working after it was plugged into one vendor board, then to another. It clearly shows how advertisement of critical security features and its impact is not communicated properly.

On the other hand, vendors may have their own implementations of Root Of Trust, which does not rely on AMD Platform Secure Boot. Those implementations might even be better than PSB in certain aspects. Yet, it won’t count in HSI level…

In this article it is shown how vendors approach to enabling PSB. Some are reluctant to enable it, some consider it optional.

However, the worst part is that the security of PSB is centralized around AMD issuing keys/certificates signed by AMD root key, so that PSP can properly authorize the BIOS signing key for PSB. This is explained in the following article. This kind of enforced trust is not what 3mdeb would like to do in Dasharo. We value transparency and ownership. Until PSB becomes a user-controllable feature with key revocation, reownership, or multiple key hierarchy, like Intel Boot Guard offers, we will not pursue enabling PSB to take away the freedom from our end users. We also value implementations like Caliptra and OpenTitan.

Where the secure and trustworthy transfer of ownership is part of the design, not an afterthought or promotional value-preserving of the ecosystem. Tooling for performing those operations is open and auditable. The same perspective is closely related to the Right to Repair mission and vision, which 3mdeb and the Dasharo Team believe in and are aligned with. So, despite the fact that we disagree with the way HSI is framing it, we disagree, inform the community, and commit.

We are looking forward to partnering with organizations and all ecosystem entities towards changing that reality. Designs that promote centralization of power are bad for security, and we will support distributed systems and cryptographically proven ownership transfers.

RAM encryption

Encrypted RAM cannot be enabled, unfortunately. Due to AMD policy, memory encryption is not “supported” on non-PRO Ryzen processors. However, this is going to change soon, according to reports, but only for Ryzen 9000, which is not Phoenix unfortunately.

The community feedback probably means complaints of the many users who suddenly lost a security feature on their processors by a mere software/firmware change, while the capability in the processor is still there. It is difficult to find proper words for such moves. And again, we are locked out of a high HSI score.

We have committed a change in the APCB (AGESA PSP Configuration Block) that enables TSME (Transparent Total Memory Encryption) feature, with the hope that one day, the RAM encryption will be back.

Suspend to idle

Suspend-to-idle - not yet supported. It would require a significant amount of work in ACPI. Also, it would require a deep understanding of the board design itself. Without schematics, it is very difficult to figure out which GPIOs control the power and reset of the devices, which is required for modern standby.

But on the other hand, let’s turn the situation around a bit. While suspend to RAM in itself could be a security vulnerability (buggy vendor implementations of resume in UEFI firmware happened a lot of times in the past), so having a check for it is desirable; is suspend to idle even a security feature? Let’s think about how suspend to idle works.

  • The silicon IP firmware may gate power and clock from certain IP block that are idling to save power.
  • OS may opportunistically gate power and clock from peripheral devices, such as PCI Express endpoints using the ACPI the firmware exposes. It requires a GPIO to control the power applied to the device and its reset signal. Also, to gate the clock of the PCI Express port, support from the silicon is also required. If the device is idling, the OS may turn the device off using the instructions encoded in ACPI to put the device in the D3 cold state.
  • Once all possible devices and IP blocks in the system have their power and clocks gated, the CPU enters modern standby state indicated by a low level on the SLP_S0 pad of the CPU. Modern standby also has its substates depending on how deep the power savings are.

Alright, everything seems to be all about power savings. So why suspend-to-idle, a.k.a. modern standby, is considered a security feature and is required by HSI3? I decided to open a discussion on fwupd with the hope of getting more insight.

SPI replay protection

As we explained in the release post for Gigabyte MZ33-AR1:

SPI replay protection is not supported because the flash chip used in the design does not support it. If the flash chip supported RPMC, coreboot could enable RPMC via PSP; the support for it is in upstream. Replacing a chip with a more secure part would be the solution.

Call to vendors: Choose your HBOMs carefully, as it may impact the security of your system. Having an SPI flash chip with RPMC would slightly increase the cost of a single board, but the security gain from it should be higher.

Pre-boot DMA Protection

Pre-boot DMA protection is not yet supported by coreboot, openSIL, and EDK2 stack. We wish to implement it in the future, as it just takes configuring the IOMMU in coreboot, openSIL and EDK2. Here is a Dasharo issue for tracking the implementation progress.

Runtime checks

  1. CET OS support

    This one is tricky because its results are not consistent. If fwupd is invoked with sudo, the check fails. But without sudo, it can pass. I have created an issue for inconsistent results of this check. Apparently, to check the CET support in OS, the test runs a binary and it returns the 0/1 result. On Gigabyte MZ33-AR1, the test did not fail if run without sudo, but on MSI PRO B850-P it fails without sudo. Given that the test does not seem reliable, we are reluctant to trust its result.

  2. Encrypted swap

    This failure seems to be a false positive because the Ubuntu installation, on which the fwupd security was run, did not have any swap partitions. So it seems that the lack of swap partitions results in the test failure. Meaning : the non-existent swap is not encrypted and gives a false sense of insecurity.

HSI summary

In the light of above analysis and arguments, the HSI does not seem to give an objective view on system’s security. While some checks are desirable and justified, some are not related to security, or give a subjective view on the system’s insecurity.

A low HSI level does not necessarily mean that the system’s security is low. It just says that some features that apply well for their system, did not pass on your system. Some of these checks are also not giving accurate results. It is hard to trust such metrics.

Promontory21 configuration updates and GPIO support

Part 5 introduced the Promontory21 IP block from scratch. This phase brings several correctness fixes and configuration improvements based on comparison with the vendor BIOS behavior.

Promontory fixes in openSIL

The openSIL submodule was bumped (commit vc/amd/opensil/phoenix_poc/opensil: Bump for Promontory fixes) to pull in three bug fixes in the PROM21 subsystem:

  1. PCIe target speed applied to all ports (Prom21.c): A hardcoded 0 was passed as the port number when configuring the target PCIe link speed, so only port 0 was being configured regardless of the loop iteration. The fix passes the actual PortNum loop variable, ensuring all ports receive the correct speed setting.

  2. Secondary PT21 GPIO MMIO base address (Prom21Init.c): The secondary Promontory21 chip’s GPIO MMIO base address (0xFEC50000) was being written to array index [0], overwriting the primary chip’s entry. The fix corrects the index to [1].

  3. Debug output hygiene (Prom21PreInit.c, Prom21Gpio.c): Format specifiers corrected from %x to 0x%x and from %d to %u, and a missing variadic argument was added to trace macros to avoid undefined behavior.

Promontory21 GPIO driver in coreboot

Commit drivers/amd/promontory21: Add support for Promontory GPIO adds a Promontory21 GPIO driver to src/drivers/amd/promontory21/. The GPIO pins on the Promontory21 chip are exposed through a dedicated MMIO interface. The driver provides an API to configure individual GPIO pins as inputs or outputs and to read/drive their values.

Commit vc/amd/opensil/phoenix_poc/prom21: Set the GPIO table from chip wires the GPIO table from the coreboot chip config struct into the openSIL PROM21 parameter block (prom21 opensil wrapper), so that board-specific GPIO pin assignments defined in devicetree.cb are passed to openSIL initialization.

Configuration matching the vendor BIOS

Commits mainboard/msi/ms7e56/devicetree.cb: Update PROM21 config and mb/msi/ms7e56/devicetree.cb: Enable PROM21 DSP ports 4-8 update the MSI PRO B850-P devicetree to match the Promontory configuration observed in the vendor BIOS. This includes correcting PCIe port parameters and enabling Promontory DSP ports 4-8, which provide the additional USB 3.x and SATA connectivity on the rear panel.

The board’s ACPI namespace for the Promontory21 was also cleaned up: commit mb/msi/ms7e56/acpi/mainboard.asl: Remove buggy and incorrect ACPI removes incorrect and buggy ACPI code in mainboard.asl that was causing resource conflicts.

EZ Debug LED support

MSI boards include four LEDs on the board labeled DRAM, CPU, VGA, and BOOT (collectively called EZ Debug LEDs). These LEDs indicate which initialization phase the firmware is currently in, providing a visual diagnostic when the system fails to POST. Each LED corresponds to a stage: DRAM lights up during memory initialization, CPU during CPU init, VGA during graphics init, and BOOT when control is about to be handed to the bootloader.

The LEDs are driven by one CPU GPIO pin and three GPIO pins on the Nuvoton NCT6687D Super I/O chip. Commit superio/nuvoton/nct6687d: Add API to drive GPIOs adds a GPIO API to the superio/nuvoton/nct6687d/ driver, allowing individual GPIO pins to be configured and driven.

Commit mb/msi/ms7e56: Drive DRAM EZ Debug led wires the DRAM EZ Debug LED to the memory initialization path - the LED turns on at the start of DRAM init automatically via board circuitry, and turns off when memory training completes successfully. Commit mb/msi/ms7e56: Update SIO config and enable EZ Debug LED updates the SIO configuration to reflect the GPIO pin assignments for all four LEDs and enables the full EZ Debug LED subsystem.

Power button SMI

Commit soc/amd/{turin_poc,phoenix}: Enable power button SMI enables the power button SMI for both Phoenix and Turin platforms. Before this change, pressing the power button while the system was in the pre-OS firmware environment (e.g., during POST or in the UEFI setup menu) had no effect - the system would not respond.

With power button SMI enabled, the firmware registers an SMI handler that catches the power button release event and performs a clean system shutdown. This matches the expected behavior on production systems.

SMBIOS memory information from openSIL

The SMBIOS (System Management BIOS) type 17 (Memory Device) table entries describe the physical memory installed in the system to the operating system. On platforms using openSIL for memory initialization, the memory information (DIMM size, type, speed, channel mapping) is available through openSIL output data structures after memory training.

Commit vc/amd/opensil/phoenix_poc: Add code to populate SMBIOS memory info adds code to the Phoenix openSIL wrapper in coreboot to extract memory information from the openSIL APOB (AGESA PSP Output Block) and populate the SMBIOS memory data structures. Commit mainboard/msi/ms7e56: Add support for SMBIOS memory info with openSIL wires this into the MSI PRO B850-P mainboard code, enabling the board to generate accurate SMBIOS type 17 entries based on the openSIL-provided memory training results.

Operating systems and tools like dmidecode can now correctly report the installed DDR5 DIMMs, their speed, and channel placement.

iPXE network boot with Realtek UNDI driver

Commit configs/config.msi_ms7e56: Add Realtek LAN UNDI driver adds the Realtek UNDI (Universal Network Driver Interface) EFI driver to the MSI PRO B850-P firmware image configuration. This enables network boot via iPXE using the board’s on-board Realtek RTL8126 controller.

iPXE does not have native support for the RTL8126 chip, and the MSI PRO B850-P does not have an Option ROM programmed in the NIC’s flash. Therefore, the only way to enable network boot is to include the Realtek UNDI EFI driver directly in the firmware image. The driver is loaded by the UEFI payload and registered with the UEFI network stack, making the Ethernet interface available for iPXE boot.

This is particularly useful for automated test infrastructure, where PXE boot is a common mechanism for deploying OS images to test systems.

Fast boot: disabling APOB hashing

Commit soc/amd/phoenix/Kconfig: Use APOB hashing with FSP disables APOB hashing for the Phoenix platform (when not using FSP). The APOB (AGESA PSP Output Block) is a data structure that the PSP populates with information about memory training results, hardware configuration, and other platform state. On subsequent boots, coreboot can pass the saved APOB back to the PSP to skip full memory retraining - a feature called memory context save/restore.

However, the memory context restore was not working because the PSP was rejecting the saved APOB, probably due to the hash presence in APOB region. The APOB region in SPI flash gets modified when the BIOS writes updated memory training data, which invalidates any hash that was computed over the entire region at build time.

Disabling APOB hashing removes the validation that was blocking context restore. With this change, the PSP accepts the saved APOB on warm boots and skips the full DDR5 memory training sequence. The result is a nearly 20-second reduction in the time spent in PSP initialization on subsequent boots, making the platform feel dramatically more responsive.

The cbmem timestamp log comparison below illustrates the time spent in PSP (1.5 seconds):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
   0:1st timestamp                                     1,591,210 (0)
  11:start of bootblock                                1,591,485 (274)
  12:end of bootblock                                  1,597,676 (6,191)
  13:starting to load romstage                         1,597,678 (1)
  17:starting LZ4 decompress (ignore for x86)          1,615,101 (17,422)
  18:finished LZ4 decompress (ignore for x86)          1,615,167 (66)
  14:finished loading romstage                         1,615,171 (4)
   1:start of romstage                                 1,615,175 (3)
   4:end of romstage                                   1,615,371 (195)
   8:starting to load ramstage                         1,615,372 (0)
  15:starting LZMA decompress (ignore for x86)         1,648,969 (33,596)
  16:finished LZMA decompress (ignore for x86)         1,692,942 (43,973)
   9:finished loading ramstage                         1,696,309 (3,367)
  10:start of ramstage                                 1,696,486 (176)
  30:early chipset initialization                      1,696,519 (32)
 112:started reading uCode                             1,697,340 (821)
 113:finished reading uCode                            1,697,959 (619)
  31:device enumeration                                3,818,437 (2,120,477)
  40:device configuration                              3,823,078 (4,641)
  50:device enable                                     3,829,901 (6,823)
  60:device initialization                             3,830,700 (798)
  70:device setup done                                 4,171,731 (341,030)
 920:starting APOB read                                4,171,733 (2)
 923:finished APOB                                     4,193,898 (22,165)
  75:cbmem post                                        4,195,538 (1,639)
  80:write tables                                      4,195,546 (7)
  85:finalize chips                                    4,214,493 (18,947)
  90:starting to load payload                          4,215,096 (602)
  15:starting LZMA decompress (ignore for x86)         4,353,525 (138,429)
  16:finished LZMA decompress (ignore for x86)         4,485,449 (131,923)
  99:selfboot jump                                     4,488,926 (3,477)

Total Time: 2,897,700

The rest of the firmware also has the following boot time:

1
2
3
4
sudo systemd-analyze
Startup finished in 11.554s (firmware) + 3.273s (loader) +
  2.843s (kernel) + 3.189s (initrd) + 21.354s (userspace) = 42.215s
graphical.target reached after 19.609s in userspace.

With fast boot option enabled in the firmware, it is even faster (boot time reduced nearly by half):

1
2
3
4
sudo systemd-analyze
Startup finished in 6.092s (firmware) + 4.628s (loader) +
  2.827s (kernel) + 3.168s (initrd) + 20.028s (userspace) = 36.745s
graphical.target reached after 20.028s in userspace.

For comparison, the vendor BIOS v2.A92 has the following boot time:

1
2
3
4
sudo systemd-analyze
Startup finished in 14.138s (firmware) + 2.695s (loader) +
   1.830s (kernel) + 3.317s (initrd) + 19.691s (userspace) = 41.672s
graphical.target reached after 19.691s in userspace.

This feature also required reducing the APOB region size in flash (commit soc/amd/phoenix,mainboard/msi/ms7e56: Reduce APOB size) to match the actual APOB data size for the Phoenix desktop platform, recovering flash space that was previously over-allocated.

Other changes and fixes

CPU C-state and _LPI support

Commit soc/amd/{phoenix,turin_poc}: Separate the C-state control from CPU control separates the CPU C-state control from the CPU control block in ACPI I/O space on Phoenix and Turin PoC. Previously both were mapped to the same I/O region, which could cause conflicts when the OS tried to access them independently.

Commit amdblocks/acpi,soc/amd/phoenix: Add support for generating CPU _LPI adds ACPI _LPI (Low Power Idle) structure generation for Phoenix AM5. Windows 10/11 requires _LPI objects for each CPU core to enable modern standby and CPU idle state management. Without these structures, Windows reports errors about missing CPU power management features and can become unresponsive after the system idles for a period of time. The _LPI objects describe the power states available to each CPU core, allowing Windows to use the platform’s full C-state hierarchy correctly.

ROM3 caching for faster boot

Commit soc/amd/common/block: Cache ROM3 (backported from upstream CB:86620) adds ROM3 region caching to the memory controller configuration. The ROM3 region in the SPI flash address space contains flash regions above legacy 16MB. By enabling caching for this region, flash reads during early boot execute at cache speed rather than SPI bus speed, noticeably reducing the time spent loading firmware components.

HDA verb table update

Commit mainboard/msi/ms7e56/hda_verb.c: Uncomment ALC897 coefficient verbs uncomments the ALC897 coefficient verbs in the MSI PRO B850-P HDA verb table. These additional initialization verbs configure the Realtek ALC897 audio codec for the specific impedance and routing requirements of the MSI PRO B850-P’s audio jacks. They were previously commented out as a conservative default; enabling them corrects the audio output levels and ensures headphone jack detection works correctly. The coefficients were dumped via Linux using the following guide and compared against vendor BIOS.

CPU temperature sensor in ACPI

Commit soc/amd/phoenix/acpi/soc.asl: Add Thermal Zone for CPU temperature adds a Thermal Zone to the Phoenix SoC ACPI code that exposes the CPU temperature via the ACPI thermal interface. Operating systems and system monitoring tools can read the CPU temperature through the standard ACPI _TMP method, enabling thermal management policies and user-space temperature monitoring. It is especially needed for testing the CPU temperature under Windows.

EDK2 payload updated to stable-202602

Commit configs/config.msi_ms7e56: Update config updates the EDK2 UEFI payload base to the stable-202602 release. This brings in upstream EDK2 stability fixes and aligns the payload version with the rest of the Dasharo release infrastructure. Also a major benefit from bringing a newer EDK2 base is the integration of UEFI Capsule Updates V2 also funded by NLnet Foundation.

SBOM generation enabled

Commit configs/config.msi_ms7e56: Update video blobs paths and enable SBOM enables SBOM (Software Bill of Materials) generation for the MSI PRO B850-P firmware build. The SBOM documents all software components included in the firmware image, their versions, and licenses - a requirement for supply chain transparency and security auditing. The SBOM produced by the coreboot build is in uSWID format and we publish the human readable SBOM JSON files along with released binaries. However, there are still some improvements needed to describe additional components, like the VBIOS, GOP driver and the LAN driver used by EDK2 UEFI Payload.

eSPI initialization timing fix

Commits soc/amd/phoenix/early_fch.c: Move eSPI init a bit further and soc/amd/common/block/lpc/lpc.c: Fix programming eSPI decoding fix the eSPI bus initialization sequence on Phoenix. The eSPI initialization is moved slightly later in the early FCH init sequence, and the eSPI decode register programming is corrected to properly apply the decode configuration. These fixes resolve intermittent issues with eSPI and Super I/O device initialization during early boot after adding the ROM3 caching. The speed up probably caused the eSPI initialization to happen too quickly and the eSPI registers were not being programmed for some reason. Moving the code a bit further helped to resolve the problem.

MRC cache size fix

Commit mainboard/msi/ms7e56/Kconfig: Fix MRC cache size fixes the MRC (Memory Reference Code) cache size in the MSI PRO B850-P Kconfig. The previously configured size was larger than necessary for the actual APOB data, wasting flash space and making the boot time longer when saving the APOB. This is aligned with the APOB size reduction in commit soc/amd/phoenix,mainboard/msi/ms7e56: Reduce APOB size.

Linux and Windows 11 fully operational

With all the above changes in place, the MSI PRO B850-P running Dasharo firmware based on coreboot reaches a major milestone: both Linux and Windows 11 boot and operate without issues.

Linux

Linux now boots with the amdgpu kernel driver fully active - the nomodeset workaround is no longer required. The iGPU is fully initialized and display output works through the native kernel driver. USB, SATA, Ethernet, audio, and all other peripherals function correctly. The AMD P-state CPU frequency scaling driver operates as expected.

Windows 11

Windows 11 can be installed on the MSI PRO B850-P without any workarounds. After installation, the Device Manager reports no errors or unknown devices. All platform devices are correctly enumerated and their drivers load successfully.

Windows Device Manager

The key enabler for flawless Windows operation was the ACPI _LPI support added in this phase. Without _LPI structures, Windows reported errors about missing CPU power management features and could become unresponsive after idling. With the complete CPU low power state description in place, Windows power management operates correctly.

Bugfix summary

All the above presented fixes and results prove that the following milestone has been fulfilled:

Task 8. Validation & stabilization:

  • Milestone a. Cross-OS boot & bug-fix campaign - 100% complete

Validation process and upstreaming roadmap

Task 8 Milestone c: Automated test results

We have tagged the first release candidate of the MSI PRO B850-P Dasharo firmware and started the validation process using our automated test suites. The test infrastructure was integrated in Part 4 of this series; the automated runs are now executing against the release candidate firmware.

The initial results can be found here:

There are still lots of failures, mainly due to unpolished test environment and configuration. The configuration inherited from MSI platforms with Intel processors enable additional test results that are not eligible on AMD paltforms, e.g. Intel Management Engine tests, etc. The configuration will be fixed before the release comes out and all possible failures retested for test environment instability, which could also potentially cause some false negatives.

The above results fulfill the requirements of the following milestone:

Task 8. Validation & stabilization:

  • Milestone c. Test results for MSI PRO B850-P

    Provide test results from automated testing of MSI PRO B850-P platform.

Task 9: Upstreaming

With the platform stable and both major OSes operational, we will start the upstreaming process for both the coreboot and openSIL changes as part of:

Task 9. Upstreaming:

  • Milestone a. Initial patch series to coreboot Gerrit

    Submit SoC changes and mainboard port; pass CI.

  • Milestone b. OpenSIL contribution

    Submit Phoenix-specific changes back to AMD’s OpenSIL, track acceptance, and update documentation links.

This involves preparing the Phoenix AM5 SoC code and the MSI PRO B850-P mainboard port for submission to the coreboot upstream repository, and submitting the Phoenix-specific openSIL changes back to AMD’s openSIL project.

Summary

We have completed the following milestones

Task 8. Validation & stabilization:

  • Milestone a. Cross-OS boot & bug-fix campaign - 100% complete
  • Milestone c. Test results for MSI PRO B850-P

We are approaching the release the Dasharo firmware compatible with MSI PRO B850-P.

Boot Security Mastery Conference

If topics like secure boot chains, roots of trust, and owner-controlled firmware resonate with you, join us at the Boot Security Mastery Conference.

A five-day event on September 21-25, 2026 in Gdańsk, Poland, combining three days of hands-on training with two days of technical talks, research presentations, and community networking focused on the full boot chain across x86, ARM, POWER, and RISC-V.

For OEMs & ODMs

If you are an OEM or ODM and see the value in AMD openSIL support for your products, our team can help make it a reality. Reach out to us via our contact form or email us at contact<at>3mdeb<dot>com to start the conversation.

Unlock the full potential of your hardware and secure your firmware with the experts at 3mdeb! If you’re looking to boost your product’s performance and protect it from potential security threats, our team is here to help. Schedule a call with us or drop us an email at contact<at>3mdeb<dot>com to start unlocking the hidden benefits of your hardware. And if you want to stay up-to-date on all things firmware security and optimization, be sure to sign up for our newsletter:

Huge kudos to the NLnet Foundation for sponsoring the project.

NLnet


Michał Żygowski
Firmware Engineer with networking background. Feels comfortable with low-level development using C/C++ and assembly. Interested in advanced hardware features, security and coreboot. Core developer of coreboot. Maintainer of Braswell SoC, PC Engines, Protectli and Libretrend platforms.