From owner-freebsd-hackers@freebsd.org Mon May 27 15:18:58 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A09C5159FC5F for ; Mon, 27 May 2019 15:18:58 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-vs1-xe42.google.com (mail-vs1-xe42.google.com [IPv6:2607:f8b0:4864:20::e42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 12A507129A for ; Mon, 27 May 2019 15:18:58 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-vs1-xe42.google.com with SMTP id q64so10773511vsd.1 for ; Mon, 27 May 2019 08:18:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=vKK7tgehwjOFBLNF6c1a2oDiro+bV+eGUcpTyZwq+Fo=; b=R1ZREN6hmNhXc1/xZ7QeBAIdQcXN8PJkDzfcQ6+i0C5hdbPaYSRXjC74aRQzi46tao O293P13DnmcPhLeXuLyYMI0jBUhz8kNN58T7cHkCPZVegGpkllxYLMO3BFtcG919NY1+ YoixhZUn8HCnTHYKAme6Gz+symmNnTCoI2eyplPM4lfE1TOkAzkeHBARueNCfUP/KzRA L+wmqH2TO4RyFS6HAnYdMDiDGKeP82Xi4tKs/PCQmNF0jSeBdIa/2aTqkFJTu6r7Ly8I /DuqxyaWtGU/k7fXkkoHoiqy7QFlSBdk2BrxRNDC8/N8uXDVNl4KE3ufhFuS/yuZJKXF UJMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=vKK7tgehwjOFBLNF6c1a2oDiro+bV+eGUcpTyZwq+Fo=; b=JXx6PSKJIG/cG+VozHXqlCTXw5Bb9oFrfKRaesOe1rlgXNC/KOnyddJo646SAfBKAM rSsvwlp+mAYbzVaV3ZnDQrGvTzUzvJoCvjxy+C76Uksnnl8bH8ZE/mQRvHAdYD2gDGno Ktt06BGo9UkjvZ3W2qnncrGgOd2Ns2ypTNHTa7Oyt1eP0EilaMBu+RlvQzShjWsRJjQm gpNZqCLMoC6AsuY8E1ngue6c+JDjyG0q080B51fu2ruqeToJIxjAe/WbJvmOQ6GJ/G1P x4O/SW8n35R02A6qTpVzVgiEVghQ/BJaIIVI2PilfYZG4+/N81a1vMO0eq/sI6gcKg2a agkQ== X-Gm-Message-State: APjAAAVzHAQ+hI6m11F31iV0y5QAO3VTkWHVPzG1P2T9Nbm8KDOK9FNc OWDYoqCL00sJjGvZWLaNs/yr8FMfrPg= X-Google-Smtp-Source: APXvYqww/cdCpJHZoYqrsviq/z1CpsXYLdR6qLFQQI4pwqTfnc1uh/OgtUPMVXiiEiCvD30ioPHrvA== X-Received: by 2002:a67:db88:: with SMTP id f8mr35791378vsk.14.1558970337256; Mon, 27 May 2019 08:18:57 -0700 (PDT) Received: from mutt-hbsd ([151.196.118.239]) by smtp.gmail.com with ESMTPSA id n23sm9775238vsj.27.2019.05.27.08.18.56 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Mon, 27 May 2019 08:18:56 -0700 (PDT) Date: Mon, 27 May 2019 11:18:55 -0400 From: Shawn Webb To: Eric McCorkle Cc: FreeBSD Current , "freebsd-hackers@freebsd.org" Subject: Re: FreeBSD and Coreboot Message-ID: <20190527151855.iqbkedo7r6n5hgab@mutt-hbsd> References: <4a6b0f1e-64ec-6b83-b43b-f9791ec8428f@metricspace.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jo3orqfnivhqnbvw" Content-Disposition: inline In-Reply-To: <4a6b0f1e-64ec-6b83-b43b-f9791ec8428f@metricspace.net> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD HARDENEDBSD-13-CURRENT amd64 X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA User-Agent: NeoMutt/20180716 X-Rspamd-Queue-Id: 12A507129A X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.990,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 May 2019 15:18:58 -0000 --jo3orqfnivhqnbvw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey Eric, My response is inline. On Mon, May 27, 2019 at 11:13:46AM -0400, Eric McCorkle wrote: > Hello everyone, >=20 > I'm through enough of my job change that I can start working on FreeBSD > again. One thing I've had on my list to examine is using FreeBSD with > coreboot, so I wanted to put out a call for anyone who has done work on > this, or knows anything about it. >=20 > Here is what I know: >=20 > * Coreboot _can_ boot kernels directly, but this requires two things: 1) > you must flash your BIOS every time you update a kernel, 2) the kernel > must be able to work without the usual device initialization that the > BIOS does. >=20 > * Coreboot has two significant payload options beyond a kernel: Seabios > and GRUB (supposedly Tianocore EFI is an option, but it apparently > doesn't really work). >=20 > * Scrounging the coreboot wiki seems to produce some conflicting > information. One page claims that the FreeBSD kernel can boot directly > as a coreboot payload; another claims GRUB or Seabios to be the only > options. >=20 > * The PC Engines boards evidently use coreboot, and I've heard multiple > reports of them running FreeBSD systems without a problem. I don't know > whether they use GRUB or Seabios. (Aside: I'm thinking about ordering > some of these boards for my own use, so I'm generally interested in how > well they function with FreeBSD) I own several PC Engines APU boards. They definitely use Coreboot as maintained by these peeps: https://twitter.com/3mdeb_com The Coreboot for the APU boards uses Seabios. >=20 >=20 > My plan is roughly this: >=20 > * Refurbish the GRUB port, get it working again in QEMU (possibly on one > of my machines), also possibly push a patch to GRUB to use the keybufs > mechanism to pass in GELI keys. >=20 > * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU >=20 > * Possibly create a coreboot port (uncertain how this would work, since > Coreboot has its own extensive config menu) >=20 > * Hold my breath and test it out on real hardware (I have a Librem 13 r1 > for this purpose) >=20 > * Possibly try getting the FreeBSD kernel to work as a coreboot payload. >=20 >=20 > Here's what I don't know/what would be useful knowledge for me: >=20 > * Anyone else who's been experimenting/working on coreboot support, and > what they found >=20 > * Any working examples of using Coreboot with FreeBSD >=20 > * Down the road, anything about adapting the FreeBSD kernel to work with > a new boot platform (ie. low level details about how to set it up in > memory on a bare-metal system and start execution) >=20 Reach out to 3mdeb (feel free to CC me, if you'd like). See what they'd like help with. There's certainly a lot more work that could be done. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 --jo3orqfnivhqnbvw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAlzr/9oACgkQ/y5nonf4 4fpd6A/+Lwya5qx8dlQbXbI+4qqcT44EzRPe9llW0kmJIaktgi5cJoQcUHBpmdOQ 5ToHGHBQavTnhlj3DueIFfxiV2jru45VDPJMWcf3TYGrmair/E43a85pN2gAoCRy hjH+8QVTi6NdSu6hynXCkMwBioJb/21X8NwtYuHtdZ3KD64L7P6+k9V5BvO5ZKWS 4HrCAtep26Bi+JBfvG3v5VDFHokxmhB1VvxbH0+6EIpwOtOu13GLOPAW+sxINuHY xJZEuMVY8x9aFjAjVcFVGXMuauGW5IJ0EdDtciCTIVumksWuwYExAARMe1YgdQC/ NIMVO6hFplYFS6798pqCHx9bkeVsHoJquMAF51LKTEN+K7YgKV9OdyAc2fy4XIrz UxctKrA0ggE4wgHUtqaS+oTRqRtrZJ3XfPSyyzat7DOB6ymICnb0CQSuK0MQAY/m imA6oUHZL9OMSnNtVuB/+/u3FSEbDAPt1hfSmVRJc4H3NLS9Asfcur2nhGl38hIt dCaNlTXt3kt9kMJaD0RAbL7dpvSUY5XtuWEKyVmsvnt4LZ/9UXapHG/xYyH2b8uI GPjz+uKxQvs03N22k9H69j2o3YMOCe5f0NNc+tuoaWUmg2HmW/Vapg+q/RSHcHTe VrzlGVWNdYpTedxvewcv9dVGGOmaXl/Tr7ap07MrD5FuLy4nghM= =UF4R -----END PGP SIGNATURE----- --jo3orqfnivhqnbvw--