DOCSLIB.ORG

The Bumpy Road to Open PC Firmware

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Bumpy Road to Open PC Firmware The bumpy road to open PC firmware Stefan Tauner [email protected] Linuxwochen Wien 2016 2016-04-30 Who am I? • Education: “Technische Informatik” @ TU Wien • Profession: researcher and lecturer @ Technikum Wien • (flashrom’s) Google Summer of Code... I Student 2011, 2013, 2014 I Mentor 2015, 2016 • flashrom’s main upstream developer since 2011 Agenda Introduction — PC Architecture coreboot Motivation Stages Payloads Problems Development flashrom PC Architecture in the 1980ies PC Architecture coreboot Motivation Stages Payloads Problems Development flashrom 1/21 PC Architecture 35 years later PC Architecture coreboot Motivation Stages Payloads Problems Development flashrom 2/21 coreboot coreboot is a free and open source firmware. Charactersistics PC Architecture coreboot • GPLv2 license (essentially) Motivation Stages • Fast (boots in a few hundred ms) Payloads Problems • Over 2 M lines of code (Linux: ca. 20 M) Development flashrom • Supports major OSes (more or less well) • Architectures: x86 (32=64 bit), ARM (v7, v8), MIPS, POWER8, RISC-V • Only initializes the very essentials, then runs a payload • Powers almost all of Google’s Chromebooks 3/21 Motivation • Historically: PC Architecture coreboot Motivation Stages Payloads Problems Development flashrom 4/21 Motivation • Today: PC Architecture coreboot Motivation Stages Payloads Problems Development flashrom 5/21 Stages A coreboot system passes through several stages at startup: PC Architecture 1. initialize infrastructure to run C code coreboot Motivation Stages Payloads 2. configure many peripherals; initialize RAM Problems Development flashrom 3. prepare loading third party software 4. run boot loader, standalone application or OS 6/21 (partially written in ASM, everything else is C) 1. Hardware gets ready (voltage regulators, oscillators etc.) 2. First few instructions are fetched from flash 3. CPU runs them in “real mode” (compatible with Intel 8086 from 1979!) PC Architecture coreboot 4. We want to run C and address ≥ 1 MB memory . Motivation I Switch to 32 bit “protected mode” Stages Payloads I But what about memory? Two possibilities: Problems I Use CPU registers only (romcc for most of bootblock) Development I Use L1 data cache as RAM (CAR) flashrom 7/21 • Set up inter-CPU busses (HT/QPI; may require reset) • Configure SMBus and retrieve SPD data • Initialize RAM • Enable LPC and configure Super I/O if need be • Configure GPIOs (of the SB) • Enable debug console (USB HECI or UART in SIO) PC Architecture coreboot Motivation Stages Payloads Problems Development flashrom 8/21 • Configure SMBus and retrieve SPD data • Initialize RAM • Enable LPC and configure Super I/O if need be • Configure GPIOs (of the SB) • Enable debug console (USB HECI or UART in SIO) • Set up inter-CPU busses (HT/QPI; may require reset) PC Architecture coreboot Motivation Stages Payloads Problems Development flashrom 8/21 • Initialize RAM • Enable LPC and configure Super I/O if need be • Configure GPIOs (of the SB) • Enable debug console (USB HECI or UART in SIO) • Set up inter-CPU busses (HT/QPI; may require reset) PC Architecture coreboot • Configure SMBus and retrieve SPD data Motivation Stages Payloads Problems Development flashrom 8/21 • Enable LPC and configure Super I/O if need be • Configure GPIOs (of the SB) • Enable debug console (USB HECI or UART in SIO) • Set up inter-CPU busses (HT/QPI; may require reset) PC Architecture coreboot • Configure SMBus and retrieve SPD data Motivation Stages • Initialize RAM Payloads Problems Development flashrom 8/21 • Initialize other CPUs PC Architecture • Train PCIE links coreboot Motivation • Allocate PCI resources (BARs) Stages Payloads • Set up data structures for OSes, e.g.: Problems Development I Memory map (e820) flashrom I PCI interrupt routing (PIR) table I ACPI tables (not only for power management!) I MPtable (possibly replaced by parts of ACPI) • Hand over control to payload 9/21 Payloads coreboot can run . • SeaBIOS (provides legacy BIOS interfaces) • Bootloaders requiring no BIOS services (GRUB2) PC Architecture • “Low-level” bootloaders (U-Boot, Depthcharge, FILO) coreboot Motivation • The Linux kernel directly Stages Payloads • The open part of UEFI (Tiano Core) Problems Development • iPXE/gPXE/Etherboot flashrom • Any bare-metal ELF application (e.g., memtest86+) libpayload is a library to be used by payloads • libc subset (e.g., malloc, printf) • (n)curses implementation • Hardware drivers (e.g., PC speaker, VGA, USB) 10/21 Problems • Secure Manufacturer Sales Hardware I Intel Management Engine (ME) I Intel Boot Guard (signed bootblock) I AMD Platform Security Processor (PSP; based on ARM TrustZone) PC Architecture I Future: authenticated SPI communication (Replay coreboot Motivation Protected Monotonic Counter (RPMC)) Stages Payloads Problems • Intellectual Property Software Security Development aka. blobs instead of open designs and APIs flashrom I ME Firmware I Memory Reference Code (MRC) I VGA BIOS (graphics initialization) I Ethernet, WLAN, EC etc. firmware I Microcode (CPU “patches”) • Pride Politics and $$$ I “LinuxBIOS” refined not least because of the name I Intel r UEFI / NIH syndrom 11/21 Development • “How can I install coreboot to test if it works on my hardware?” — “No.” PC Architecture • “Is my board supported although it is not listed nor its coreboot Motivation components?” — “Only if you port it yourself!” Stages Payloads Problems • “How long would it take?” — “A few months . if you Development are an experienced firmware engineer with good flashrom reverse engineering skills.” • If components are supported it is less bleak! • However, every board is different. • autoport can help a lot (with Intel boards). 12/21 Building and Configuration PC Architecture • Build tools based on KConfig (cf. Linux kernel) coreboot Motivation Stages • Clean compiler needed (xgcc built automatically) Payloads Problems • Firmware image partitioned by CBFS (not a real FS) Development • Runtime config via files in CBFS and data in CMOS flashrom • Demo? 13/21 Debugging PC Architecture • I/O Port 80 diagnostics coreboot Motivation • Serial output Stages Payloads Problems • USB (EHCI) debug (e.g., using Beagle Bone Black) Development • Speaker bitbanging flashrom • UDP via NE2000-compatible NIC 14/21 flashrom flashrom is a free and open source NOR flash tool. Charactersistics • GPLv2 license (essentially) • About 50 k lines of code PC Architecture • Supports all major and many minor OSes: coreboot Motivation I Android* Stages I DOS Payloads Problems I Dragonfly-/Open-/Net-/FreeBSD Development I GNU/kFreebsd flashrom I GNU/Linux I Haiku* (BeOS clone) I GNU Hurd* I OSX I OmniOS (Solaris) I Windows* • Architectures: Alpha, HPPA, m68k, x86 (32=64 bit), ARM (v7, v8), MIPS (all variants), POWER (32=64 bit), S390x, SH4, SPARC8/9 15/21 But what does it do!? • It detects/reads/erases/writes . I over 480 flash chips I on over 500 tested mainboards I as well as about 100 other internal and external PC Architecture programmers coreboot Motivation • Can update “BIOS” from within the running OS(!) Stages Payloads • Allows for recovery of bad BIOS or router upgrades Problems Development • Main purpose initially: install coreboot flashrom As long as it is NOR flash flashrom can talk to it . Protocol Main Lifetime Eff. Pins Phys. Pins Parallel ca. since 2002 32 32 LPC/FWH ca. 1998 – 2008 ca. 16 32 SPI ca. since 2006 ≥ 8 8 or 16 16/21 Flash Chip Packages Flash Chip Packages / Where is the flash? On the other side . of course! RaspberryPi as Programmer with Pomona Clip Further Resources Websites I coreboot: https://coreboot.org I flashrom: https://flashrom.org I SerialICE: https://www.serialice.com I SeaBIOS: http://www.seabios.org Videos @Google 2008 coreboot (aka LinuxBIOS) https://www.youtube.com/watch?v=X72LgcMpM9k FOSDEM’11 x86 system boot and initialization https://www.youtube.com/watch?v=xc08SN6Dhz4 25c3 Beyond The Final Frontier https://www.youtube.com/watch?v=e3mkOW3mTRU 26C3 Adding support for a system near you https://www.youtube.com/watch?v=IKBtQYNrsBU FOSDEM’12 The last frontier: Laptops https://www.youtube.com/watch?v=pJkmZgq7WWs 30c3 Hardening hardware and choosing a #goodBIOS https://www.youtube.com/watch?v=2VvR-vsdMlQ FOSDEM’16 Libreboot https://fosdem.org/2016/schedule/event/libreboot References I Lennart Benschop. Coreboot Columns. URL: http://lennartb.home.xs4all.nl/coreboot/ coreboot.html. I Xiaoyu Ruan. Platform Embedded Security Technology Revealed. URL: http://www.apress.com/9781430265719. I Vincent Zimmer, Jiming Sun, Marc Jones, and Stefan Reinauer. Embedded Firmware Solutions: Development Best Practices for the Internet of Things. URL: http://www.apress.com/9781484200711..
Load more

Recommended publications
  • Multiprocessor Initialization of INTEL SOC in Coreboot
    Multiprocessor Initialization OF INTEL SOC in Coreboot Pratik Prajapati ([email protected]) Subrata Banik ([email protected]) 1 Agenda • Intel Multiple Processor (MP) Initialization • Coreboot + Intel FSP Boot Flow • Problem with existing model • Solution space • Design • Future Scope 2 Intel Multiple Processor (MP) Initialization • The IA-32 architecture (beginning with the P6 family processors) defines a multiple-processor (MP) initialization protocol called the Multiprocessor Specification Version 1.4. • The MP initialization protocol has the following important features: • It supports controlled booting of multiple processors without requiring dedicated system hardware. • It allows hardware to initiate the booting of a system without the need for a dedicated signal or a predefined boot processor. • It allows all IA-32 processors to be booted in the same manner, including those supporting Intel Hyper-Threading Technology. • The MP initialization protocol also applies to MP systems using Intel 64 processors. • Entire CPU multiprocessor initialization can be divided into two parts – BSP (Boot Strap Processor) Initialization – AP (Application Processor) Initialization Reference: Intel SDM Multiple Processor Init - section 8.4 3 Coreboot + Intel FSP (Firmware support package) Boot Flow Coreboot/BIOS FSP * Coreboot uses its own temp ram init code. 4 Problem Statement with existing model • Background: Coreboot is capable enough to handle multiprocessor initialization on IA platforms. So ideally, CPU features programming can be part of Coreboot MP Init sequence. • But, there might be some cases where certain feature programming can't be done with current flow of MP init sequence. Because, Intel FSP-S has to program certain registers to meet silicon init flow due to SAI (Security Attributes of Initiator) and has to lock other registers before exiting silicon init API.
    [Show full text]
  • ARM-USB-TINY User's Manual
    ARM-USB-TINY-H, ARM-USB-TINY OLIMEX OPENOCD ARM JTAG DEBUGGERS USER’S MANUAL Document revision G, October 2020 All boards produced by Olimex LTD are ROHS compliant OLIMEX© 2020 ARM-USB-TINY user's manual DISCLAIMER © 2020 Olimex Ltd. Olimex®, logo and combinations thereof, are registered trademarks of Olimex Ltd. Other product names may be trademarks of others and the rights belong to their respective owners. The information in this document is provided in connection with Olimex products. No license, express or implied or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Olimex products. The hardware designs of the devices, subjects of this manual, are proprietary. The design files would not be distributed nor shared with the end customer. The products described in this manual are intended to work with open source software software. It is possible that the pictures in this manual differ from the latest revision of the board. The product described in this document is subject to continuous development and improvements. All particulars of the product and its use contained in this document are given by OLIMEX in good faith. However all warranties implied or expressed including but not limited to implied warranties of merchantability or fitness for purpose are excluded. This document is intended only to assist the reader in the use of the product. OLIMEX Ltd. shall not be liable for any loss or damage arising from the use of any information in this document or any error or omission in such information or any incorrect use of the product.
    [Show full text]
  • UEFI PXE and Ipxe Alternative Approaches to PXE Booting
    Installing ESXi Using PXE n gPXELINUX is a hybrid configuration that includes both PXELINUX and gPXE and supports booting from a Web server. gPXELINUX is part of the SYSLINUX package. If you use gPXELINUX to boot the ESXi installer, only the gpxelinux.0 binary file, mboot.c32, and the configuration file are transferred via TFTP. The remaining files are transferred via HTTP. HTTP is typically faster and more reliable than TFTP, especially for transferring large amounts of data on a heavily loaded network. NOTE VMware currently builds the mboot.c32 plugin to work with SYSLINUX version 3.86 and tests PXE booting only with that version. Other versions are likely to be incompatible. This is not a statement of limited support. For support of third-party agents that you use to set up your PXE booting infrastructure, contact the vendor. UEFI PXE and iPXE Most UEFI firmware natively includes PXE support that allows booting from a TFTP server. The firmware can directly load the ESXi boot loader for UEFI systems, mboot.efi. Additional software such as PXELINUX is not required. iPXE can also be useful for UEFI systems that do not include PXE in firmware and for older UEFI systems with bugs in their PXE support. For such cases you can try installing iPXE on a USB flash drive and booting from there. NOTE Apple Macintosh products do not include PXE boot support. They include support for network booting via an Apple-specific protocol instead. Alternative Approaches to PXE Booting Alternative approaches to PXE booting different software on different hosts are also possible, for example: n Configuring the DHCP server to provide different initial boot loader filenames to different hosts depending on MAC address or other criteria.
    [Show full text]
  • Coreboot - the Free firmware
    coreboot - the free firmware Linux Club of Peking University April 9th, 2016 . Linux Club of Peking University coreboot - the free firmware April 9th, 2016 1 / 30 1 History 2 Why use coreboot 3 How coreboot works 4 Building and using coreboot 5 Flashing 6 Utilities and Debugging 7 Contribute to coreboot 8 Proprietary Components 9 References . Linux Club of Peking University coreboot - the free firmware April 9th, 2016 2 / 30 History: from LinuxBIOS to coreboot coreboot has a very long history, stretching back more than 15 years to when it was known as LinuxBIOS. While the project has gone through lots of changes over the years, many of the earliest developers still contribute today. Linux Club of Peking University coreboot - the free firmware April 9th, 2016 3 / 30 LinuxBIOS v1: 1999-2000 The coreboot project originally started as LinuxBIOS in 1999 at Los Alamos National Labs (LANL) by Ron Minnich. Ron needed to boot a cluster made up of many x86 mainboards without the hassles that are part of the PC BIOS. The goal was to do minimal hardware initilization in order to boot Linux as fast as possible. Linux already had the drivers and support to initialize the majority of devices. Ron and a number of other key contributors from LANL, Linux NetworkX, and other open source firmware projects successfully booted Linux from flash. From there they were able to discover other nodes in the cluster, load a full kernel and user space, and start the clustering software. Linux Club of Peking University coreboot - the free firmware April 9th, 2016 4 / 30 LinuxBIOS v2: 2000-2005 After the initial success of v1, the design was expanded to support more CPU architectures (x86, Alpha, PPC) and to support developers with increasingly diverse needs.
    [Show full text]
  • Project Report - Adding PXE Boot Into Palacios
    Project Report - Adding PXE Boot into Palacios Chen Jin Bharath Pattabiraman Patrick Foley EECS Department EECS Department EECS Department Northwestern University Northwestern University Northwestern University chen.jin@eecs. bharath@u. patrickfoley2011@u. northwestern.edu northwestern.edu northwestern.edu ABSTRACT PXE is a standard for booting an OS from the network. Most machines BIOSes support it. But, the BIOS used by Palacios guests did not. In our project, we tried various ways in which PXE network boot capability could be added to Palacios. We used a PXE-capable Etherboot ROM image from ROM-o-matic.net that has support for our emulated network card. We then used this small ISO image to build the guest and let it serve as a replacement PXE-boot ROM for the emulated network card. With passthrough I/O, the requests are handed over directly to the host, which are then sent to the DHCP and Boot servers to initiate the network boot process. The PXE capability will of vital importance in diskless nodes where the node is completely dependent on Figure 1: PXE system configuration the network for booting. 1. INTRODUCTION using PXE protocol and then boots the guest. PXE (Preboot eXecution Environment) allows us to boot Kitten/Palacios (and a test guest) remotely from a network server. Booting Palacios/Kitten over a network server is 2. SYSTEM already possible. In this research effort we have enabled So, as shown in Figure 1, in order to use PXE we need to Palacios to remote boot a guest OS using PXE. setup a PXE-server which can allow client systems to: PXE is defined on a foundation of Internet protocols, namely • TCP/IP, DHCP, and TFTP.
    [Show full text]
  • Coreboot - the Free Firmware
    coreboot - the free firmware vimacs <https://vimacs.lcpu.club> Linux Club of Peking University May 19th, 2018 . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 1 / 77 License This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. You can find the source code of this presentation at: https://git.wehack.space/coreboot-talk/ . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 2 / 77 Index 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 3 / 77 Index 6 Porting coreboot with autoport ASRock B75 Pro3-M Sandy/Ivy Bridge HP Elitebooks Dell Latitude E6230 7 References . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 4 / 77 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 5 / 77 What is coreboot? coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology. The word ’coreboot’ should always be written in lowercase, even at the start of a sentence. vimacs (LCPU) coreboot - the free firmware May 19th, 2018 6 / 77 History: from LinuxBIOS to coreboot coreboot has a very long history, stretching back more than 18 years to when it was known as LinuxBIOS.
    [Show full text]
  • NANO BIOS PROGRAMMER NANO USB Programmer Specific
    Table of Contents Specific .................................................................................................................................................................................................... 1 Layout ....................................................................................................................................................................................................... 2 Software .................................................................................................................................................................................................. 3 How to use ............................................................................................................................................................................................ 5 Caution ..................................................................................................................................................................................................... 9 Appendix A ......................................................................................................................................................................................... 10 Appendix B ......................................................................................................................................................................................... 11 Contact .................................................................................................................................................................................................
    [Show full text]
  • Quadcore with Coreboot / Libreboot on the T500 (Hopefully the T400 As Well)
    QuadCore with Coreboot / Libreboot on the T500 (hopefully the T400 as well) (Translator’s note: Unfortunately, I couldn’t get pdflatex to compile with images, so here’s the link, I’ll put lines in at least so that you can see where each image goes) I tested the quadcore-mod from here first on a T500 mainboard, but back then, the BIOS did me a great disservice, see here and read the paragraph “Why this can’t be done for the T500 and W500” at the end of the first post. Meanwhile, we got Libreboot for the T500, which is basically Coreboot without BLOBs, i.e. CPU microcode. The code differs from coreboot in certain other aspects, however I don’t know exactly. With the ROMs offered for the T500, Quads don’t work either. Finally, I got to actually using a Pandaboard to debug Libreboot’s boot process with a Quad-core installed. The boot process hangs when the third CPU is to be initialized. Looking at the code, I found out that the kconfig data is built to the original specs. In the case of the T500 (which takes the data from the folder for the T400), the maximum count for the CPU is set to two. I changed the count to 4, generated the ROM again, flashed it –> You got quadcore. Because the current Libreboot version doesn’t support screens larger than 1280x800 with the T500, I had to extract the original VGA-BIOS for the Intel graphics from the original Lenovo BIOS and integrate it instead of the “native VGA init” into the ROM.
    [Show full text]
  • Vmware Esxi Installation and Setup
    VMware ESXi Installation and Setup 02 APR 2020 Modified on 11 AUG 2020 VMware vSphere 7.0 VMware ESXi 7.0 VMware ESXi Installation and Setup You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com © Copyright 2018-2020 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 2 Contents 1 About VMware ESXi Installation and Setup 5 Updated Information 6 2 Introduction to vSphere Installation and Setup 7 3 Overview of the vSphere Installation and Setup Process 8 4 About ESXi Evaluation and Licensed Modes 11 5 Installing and Setting Up ESXi 12 ESXi Requirements 12 ESXi Hardware Requirements 12 Supported Remote Management Server Models and Firmware Versions 15 Recommendations for Enhanced ESXi Performance 15 Incoming and Outgoing Firewall Ports for ESXi Hosts 17 Required Free Space for System Logging 19 VMware Host Client System Requirements 20 ESXi Passwords and Account Lockout 20 Preparing for Installing ESXi 22 Download the ESXi Installer 22 Options for Installing ESXi 23 Media Options for Booting the ESXi Installer 24 Using Remote Management Applications 35 Customizing Installations with vSphere ESXi Image Builder 35 Required Information for ESXi Installation 74 Installing ESXi 75 Installing ESXi Interactively 75 Installing or Upgrading Hosts by Using a Script 79 PXE Booting the ESXi Installer 95 Installing ESXi Using vSphere Auto Deploy 102 Troubleshooting vSphere Auto Deploy 191 Setting Up ESXi 198 ESXi Autoconfiguration 198 About the Direct Console ESXi Interface 198 Enable ESXi Shell and SSH Access with the Direct Console User Interface 202 Managing ESXi Remotely 203 Set the Password for the Administrator Account 203 VMware, Inc.
    [Show full text]
  • How to Create a Trust Anchor with Coreboot
    How to create a trust anchor with coreboot. Trusted Computing vs Authenticated Code Modules Philipp Deppenwiese About myself Member of a hackerspace in germany. 10 years of experience in it-security. Did a lot work on trusted computing and system security at my last job at Rohde and Schwarz Cybersecurity. I am a Gentoo user. Now I am a web developer and system administrator. Basics Important acronyms TPM - Trusted Platform Module TCB - Trusted Computing Base PCR - Platform Conguration Register ACM - Authenticated Code Modules PKI - Public Key Infrastructure TEE - Trusted Execution Environment TPM Trusted Platform Modules are smartcards with extra feature set. Version 1.2 and 2.0 are out. www.trustedcomputinggroup.org does the specication and compliance. The authorization is done via ownership model. User can own the TPM. A TPM is always passive and not active ! TPM 1.2 Created for Digital Rights Management but never used for it. Huge portests in the internet done by the FSF. TCG stepped back and modied the specication in order to provide an ownership model, DAA and revokable Endorsement Key in order to stop identication and provide full control. Algorithm sizes are limited RSA-2048 and SHA-1. There is one open source software stack. TPM 1.2 TPM 2.0 Mainly build for Microsoft! Compliance testsuite and everything else was designed for Windows usage only. Specication was removed shortly after it appeared. You can't nd it on the internet. Supports modern cryptographic algorithms. TPM 2.0 Two software stacks. IBM and Intel. TPM architecture/hierachy got much more complex. Protected against bus attacks by having DH key exchange to establish a secure connection.
    [Show full text]
  • Coreboot on RISCV Ron Minnich, Google Thanks to Stefan Reinauer, Duncan Laurie, Patrick Georgi,
    coreboot on RISCV Ron Minnich, Google Thanks to Stefan Reinauer, Duncan Laurie, Patrick Georgi, ... Overview ● What firmware is ● What coreboot is ● Why we want it on RISCV ● History of the port ● Structure of the port ● Status ● Lessons learned Firmware, 1974-present, always-on ● Bottom half of the operating system ● Provided an abstract interface (Basic Input Output System, or Platform-independent code, BIOS) to top half loaded from (e.g.) floppy, ● Supported DOS, CP/M, etc. tape, etc. ● Sucked Platform code, on EEPROM ○ Slow or similar ○ No easy bugfix path ○ Not SMP capable Firmware, 1990-2005, “Fire and Forget” ● Just set up bootloader and get out of the way ● Set all the stuff kernels can’t do Linux ○ Magic configuration, etc. ○ Even now, Linux can not do most of what this code does Platform code, get DRAM going, set naughty bits, load ● LinuxBIOS is one example kernel, please go away ● 2000: boot complex server node to Linux in 3 seconds ● 2015: EFI can do the same in 300 seconds Firmware, 2005-present, “The Empire Strikes Back” ● Kernel is Ring 0 ● Hypervisor is Ring -1 ● Firmware is Ring -2 ● Firmware gets hardware going Platform-independent code ● But never goes away ● Sucks Platform code, on EEPROM ○ Slow or similar ○ No easy bugfix path ○ Not SMP capable on x86 ● This model is even being pushed for ARM V8 ○ :-( Why don’t we (ok, I) like persistent firmware? ● It’s just another attack vector ○ Indistinguishable from persistent embedded threat ○ Is the code an exploit or … ○ Not necessary in an open source world ○ Main function
    [Show full text]
  • Reduce Firmware Booting Time in Multi-Threaded Environment
    Open Source Firmware Development Reduce Firmware Booting Time Using Multi- Threaded Environment White Paper Revision 001 January 2019 Document Number: 338658-001 You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at Intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Intel does not assume any liability for lost or stolen data or systems or any damages resulting from such losses. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.
    [Show full text]