How to coreboot

Prerequisites

Any Linux OS should work but starting with an Ubuntu 16.04/18.04 should be fine.

Install missing dependencies

sudo apt-get install -y bison build-essential curl flex git gnat-5 libncurses5-dev m4 zlib1g-dev libgmp-dev libcrypto-dev u-boot-tools golang

Required Tools

Linux Kernel Drivers

coreboot already integrates really well with the Linux Kernel. There are option for VPD/LOG and coreboot table.

You can activate them by menuconfig (Firmware Drivers -> Google Firmware Drivers):

coreboot

coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology.

For more coreboot related information, please visit the coreboot documentation.

Build an image

Setup the coreboot toolchain

CPUS=8 make crossgcc

Clean previous artifacts

make clean

make distclean

Copy existing config

cp rotundu-release-8M.defconfig .config

Generate full .config or configure custom options

make menuconfig

Compile coreboot

make

The final image can be found for flashing a device under build/coreboot.rom .

VBoot

Google's verified boot technology offers failure safety, update functionality and secure/trusted boot features under coreboot.

Development keys

These keys are automatically generated by coreboot if vboot is enabled via kconfig.

Production keys

The vboot tools can be found under 3rdparty/vboot. Switch to the directory.

Compile the vboot tools

make

Install the vboot tools

DESTDIR=/usr sudo make install

Switch back to the coreboot root directory.

Generate production keys if they not exist

3rdparty/vboot/scripts/keygeneration/create_new_keys.sh --4k --4k-root --output keys

Sign the final image regardless if DEV or RELEASE build

Fist of all build the coreboot image. The build version "1" is incrementally increased and should unique for firmware builds in order to be protected against rollback attacks.

3rdparty/vboot/scripts/image_signing/sign_firmware.sh build/coreboot.rom keys/ coreboot-rotundu-release-v1.signed.rom 1

Updates

Updates can simply applied by using the coreboot flashrom tool and applying this patch.

Update FW partition A

flashrom --fmap -i RW_SECTION_A -w coreboot.rom

Update FW partition B

flashrom --fmap -i RW_SECTION_B -w coreboot.rom

VPD

For coreboot firmware boot options are implemented through VPD. Now if we want to write some boot options from the OS in order to describe the boot setup. VPD does not support error correction or checksums! For more documentation about VPD, refer to their official guide.

Add RO VPD entries to file

vpd -f build/coreboot.rom -i RO_VPD -O -s "foo"='blah'

Set RW options inside the OS

Inside the running OS the RW VPD values can be easily written:

vpd -i "RW_VPD" -O -s "foo"='blah'

OpenCellular | Open-Source Rural Access | Tower to the People | Democratizing Access

Provide feedback

Saved searches

Use saved searches to filter your results more quickly