PC Engines apu coreboot Open Source Firmware v4.11.0.6
PC Engines apu coreboot Open Source Firmware v4.11.0.6
Key changes
Mainline:
- Rebased with official coreboot repository commit d6f7ec5.
- Updated sortbootorder to v4.6.18 bringing the PCI Express power management features runtime option. For details refer to sortbootorder documentation. When PCI Express power management features features are enabled, the network controllers (NICs and WIFi cards) may have reduced performance at the cost of reduced power consumption. By default this option will be disabled to not impact the network performance.
- Reverted changes to ACPI CPU definitions causing BSD systems to not probe CPU frequency driver. The ACPI compliance of current BSD systems is not up to date, the situation should improve when the distribution will start to use FreeBSD 12.x, which works well with most recent rules of defining processors in ACPI.
- Reverted changes with PCIe reset logic causing mPCIe2 slot connected modules to not appear in OS. The change did more harm than good. We are working to improve the PCIe modules detection in firmware, which is dependent on the AGESA.
- Added IOMMU IVRS generation expanded with IVHD type 11h for newer Xen. This change should allow newer Xen images to utilize more IOMMU features.
- Fixed memtest hang on apu1.
- Fixed TPM2 detection on FreeBSD 12.1. Since FreeBSD 12.1 the TPM2 support is available along with FreeBSD ports offering TPM2 tools. We will provide documentation how to install and utilize those tools on FreeBSD systems soon.
- Fixed a problem where SD 3.0 mode could not be disabled.
coreboot community
Patches merged by community:
- drivers/pc80/tpm/tis.c: change the _HID and _CID for TPM2 device
- arch/x86/acpi: add definitions for IVHD type 11h
- nb/amd/pi/00730F01/northbridge.c: refactor IVRS generation
- Revert “mb/pcengines/apu2: add reset logic for PCIe slots”
Total:
- 308 lines added,
- 245 lines removed,
in official coreboot repository.
Other news
3mdeb is co-developing TrenchBoot project and is
responsible for developing AMD part of Dynamic Root of Trust for Measurement
(DRTM). The DRTM requires a special security instruction available on the AMD
GX-412TC SoC called SKINIT. The effort is founded by NLNet Foundation
under the name:
Open Source DRTM implementation with TrenchBoot for AMD processors project.
The project aims to provide easy access to the tools and software that can
provably verify the security of the system. An important part of the reliable
and trustworthy Next Generation Internet (NGI).
To read more, please visit our blog describing the details and progress of our work which is based on the flagship PC Engines apu2 model:
If you are interested in the project follow us on our blog and Twitter, or contact us directly over email.
Statistics
The chart shows the total files changed from release tag against the rebase point of given release specified in CHANGELOG (CHANGELOG.md and gitlab-ci.yml excluded from statistics). Check the statistics with:
git diff --stat d6f7ec5 ':(exclude).gitlab-ci.yml' ':(exclude)CHANGELOG.md'
93 files changed, 3279 insertions(+), 379 deletions(-)
The chart represents the total line added and deleted on the PC Engines coreboot fork against the rebase point for a given release. Check the statistics with:
git diff --stat d6f7ec5 ':(exclude).gitlab-ci.yml' ':(exclude)CHANGELOG.md'
93 files changed, 3279 insertions(+), 379 deletions(-)
Two files have not been included in the diff as mentioned above since they are not a part of coreboot tree.
The number of changes significantly increased, because we had to revert many changes locally on our fork repository.
Testing
-
PC Engines hardware configuration matrix - hardware configurations available for testing in 3mdeb laboratory.
-
PC Engines release validation results - please note there are separate sheets for each board-release.
- Mainline:
- PASSED: 437 (+4)
- FAILED: 14 (-8)
- PASSED [%]: 96.90 (+1.73%)
No particular changes in tests in this release. Regression didn’t detect new bugs. Improvement in results is mainly a result of the correction of SD3.0 option in sortbootorder and verification of IOMMU option before tests, that could be affected by it.
Binaries
Mainline
See how to verify the signatures on asciinema
What we planned
-
Improve the support of TPM2 in coreboot and SeaBIOS. Currently there is only the TCPA (TPM1.2) log support in coreboot. Additionally SeaBIOS overwrites existing entries in TPM2 log area.
cbmemutility also lacks support for displaying TPM2 log area.WORK IN PROGRESS
-
Reorganize runtime configuration by making it persistent across updates and accessible from user space. Also prepare a tool for offline binary modification.
VERIFICATION
-
Vital Product Data (VPD) support. User will have possibility to store and change VPD configuration in Read-Write section of SPI flash. Moreover, default VPD keys and values will be stored in Read-Only region to protect data against corruption. Also, sortbootorder runtime configuration will be stored in VPD Read-Write section, so access to it will be possible in OS via dedicated util.
VERIFICATION
Coming soon
Feature and improvements on the roadmap:
- Improve the support of TPM2 in coreboot and SeaBIOS. Currently there is only
the TCPA (TPM1.2) log support in coreboot. Additionally SeaBIOS overwrites
existing entries in TPM2 log area.
cbmemutility also lacks support for displaying TPM2 log area. - Reorganize runtime configuration by making it persistent across updates and accessible from user space. Also prepare a tool for offline binary modification.
- Vital Product Data (VPD) support. User will have possibility to store and change VPD configuration in Read-Write section of SPI flash. Moreover, default VPD keys and values will be stored in Read-Only region to protect data against corruption. Also, sortbootorder runtime configuration will be stored in VPD Read-Write section, so access to it will be possible in OS via dedicated util.