DOCSLIB.ORG

The Role of Open Source Firmware in RISC-V

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Role of Open Source Firmware in RISC-V The Role of Open Source Firmware in RISC-V Atish Patra <[email protected]> Alistair Francis <[email protected]> Anup Patel <[email protected]> OSFC – 3rd of September 2019 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 Outline •Introduction to RISC-V •Industry standard Open source bootloaders •Current RISC-V boot flow •OpenSBI Project •Upstream Status •Future work •Demo © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 2 Acknowledgements •U-Boot – Lukas Auler – Bin Meng – Anup Patel •Coreboot – Ron Minnich – Patrick Rudolph – Shawn Chang •EDK2 – Abner Chang • And others © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 3 What is RISC-V? •Pronounced as risk-five •An open RISC Instruction Set Architecture (ISA) •The base ISA is incredibly small – The ISA can be extended • Integer (I) and Embedded (E) are part of the base ISA • Multiply/Divide (M), Atomic (A), Single Floating Point (F), Double Floating Point (D), Quad Floating Point (Q) and Compressed Instructions (C) are frozen already • Virtualisation (H), Vector (V), Bit Manipulation (B) are examples of draft extensions • The General Extension (G) is shorthand for M, A, F and D – Aimed at everything from small embedded systems to high end HPC •Multiple CPU implementations already available •SiFive, BOOM, Rocket64, Andes, QEMU, etc •Currently heavily backed by SiFive, Microsemi, NVIDIA, Western Digital and others © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 4 Why RISC-V? •An open source ISA allows anyone to use and modify the ISA without any licensing cost – This is different to commercial companies which ship black boxes with strict NDAs •Customization for specific applications •Security audits to verify security in critical applications •Lower cost users (such as small companies or hobbyists) to use the ISA •Community driven development approach allows input from anybody – The RISC-V foundation still decides on the final specifications © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 5 Industry standard boot loaders • Runs from DDR Proprietary • Typically open-source • DDR initialization • Filesystem support Open • Loads RUNTIME and • Network booting Source BOOTLOADER • Boot configuration • Examples: • Examples: • BIOS/UEFI • U-Boot Loads • U-Boot SPL • GRUB • Coreboot ROM stage • LinuxBoot Jumps ROM LOADER RUNTIME BOOTLOADER OS • Runs from On-Chip • Runs from On-Chip SRAM or ROM DDR • Uses On-Chip SRAM • SOC security setup • SOC power-up and • Runtime services as-per clock setup specifications • Examples: • ATF • BIOS/UEFI © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 6 RISC-V Upstream Boot Flow Follows commonly used multiple boot stages model Proprietary Open Loads Source RISC-V Jumps specific ZSBL FSBL OpenSBI U-Boot Linux (M-mode) (M-mode) (M-mode) (S-mode) (S-mode) (ROM) (LOADER) (RUNTIME) (BOOTLOADER) (OS) • Follows a standard boot flow • Uses U-Boot as the last stage boot loader • U-Boot binary as the payload to OpenSBI • FSBL is SiFive specific and will be replaced by Coreboot/U-Boot SPL • OpenSBI is a RISC-V specific runtime service provider © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 7 What is SBI ? •SBI is the RISC-V Supervisor Binary Interface – System call style calling convention between Supervisor (S-mode OS) and Supervisor Execution Environment (SEE) •SEE can be: App1 App2 – A M-mode RUNTIME firmware for OS/Hypervisor running in HS-mode ABI ABI – A HS-mode Hypervisor for Guest OS running in VS-mode OS (S-Mode) SBI •SBI calls help: SEE (M-Mode) – Reduce duplicate platform code across OSes (Linux, FreeBSD, etc) – Provide common drivers for an OS which can be shared by multiple platforms – Provide an interface for direct access to hardware resources (M-mode only resources) •Specifications being drafted by the Unix Platform Specification Working group – Maintain and evolve the SBI specifications – Currently, SBI v0.1 in-use and SBI v0.2 in draft stage © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 8 What is OpenSBI ? •OpenSBI is an open-source implementation of the RISC-V Supervisor Binary Interface (SBI) specifications – Licensed under the terms of the BSD-2 clause license – Helps to avoid SBI implementation fragmentation – Maintained by the community •Aimed at providing RUNTIME services in M-mode – Typically used in boot stage following ROM/LOADER •Provides support for reference platforms – Generic simple drivers included for M-mode to operate ▪ PLIC, CLINT, UART 8250 – Other platforms can reuse the common code and add needed drivers © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 9 Key Features •Layered structure to accommodate various use cases – Generic SBI library with platform abstraction • Typically used with external firmware and bootloader OpenSBI Layers – EDK2 (UEFI implementation), Secure boot working group – Platform specific library Platform Specific Reference Firmware • Similar to core library but including platform specific drivers – Platform specific reference firmware Platform Specific • Three different types of RUNTIME firmware Library •Wide range of hardware features supported SBI Library – RV32 and RV64 – Misaligned load/store handling – Missing CSR emulation – Protects firmware using PMP support © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 10 Reference Firmwares •OpenSBI provides several types of reference firmware, all platform-specific – FW_PAYLOAD • Firmware with the next booting stage as a payload • Default firmware being used in Linux capable RISC-V hardware – FW_JUMP • Firmware with static jump address to the next booting stage • Default method for QEMU – FW_DYNAMIC • Firmware with dynamic information on the next booting stage • U-Boot SPL is using FW_DYNAMIC •SOC Vendors may choose: – Use one of OpenSBI reference firmwares as their M-mode RUNTIME firmware – Build M-mode RUNTIME firmware from scratch with OpenSBI as library – Extend existing M-mode firmwares (U-Boot_M_mode/EDK2) with OpenSBI as library © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 11 Platform support •SiFive HiFive Unleashed •Andes AE350 •Ariane FPGA SOC •Kendryte K210 •QEMU virt machines (32-bit/64-bit) © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 12 Upstream status Rapid progress: traditional full boot support expected by year end •OpenSBI •Grub – Actively developed and maintained – RISC-V support available upstream – Version 0.4 released •Linux Kernel – Default in Buildroot, Yocto/OpenEmbedded and – Upstream kernel boots in QEMU the QEMU “BIOS” – 5.3 kernel works with OpenSBI+U-Boot – Fedora/Debian provides images available with OpenSBI binary on HiFive Unleashed •U-Boot – U-Boot-2019.07 release has HiFive Unleashed S-mode support with SMP – Boot via network supported – MMC boot support coming in 2019.10 – EFI support for RISC-V available © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 13 Planned boot flow using U-Boot SPL •OpenSBI firmware with dynamic information about the next booting stage •Coreboot support available on both hardware & QEMU •U-Boot SPL Only available for QEMU for now •HiFive Unleashed U-Boot SPL support not available yet Proprietary Open Loads Source RISC-V Passed via ‘a2’ register Jumps specific ZSBL U-Boot SPL struct OpenSBI U-Boot Linux (M-mode) Coreboot fw_dynamic_info (M-mode) (S-mode) (S-mode) (ROM) (M-mode) (RUNTIME) (BOOTLOADER) (OS) © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 14 Planned boot flow using EDK2 •Work in progress •Open Source EDK2 (UEFI implementation) OpenSBI integration – HPE leading this effort – Available in EDK2 mailing list for U540 on Xilinx VC707 FPGA – OpenSBI built with EDK2 build environment •OpenSBI used as library in Pre-EFI Initialization (PEI) Phase •Driver eXecution Environment (DXE) Phase in S-mode will use OpenSBI function wrappers to make ecalls (Not done yet) © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 15 Future boot support Toward a stable and easy to use boot ecosystem •EFI stub support in Linux kernel for full UEFI support – Enterprise class boot environment •U-Boot SPL support for hardware •Booting from SDCARD in coreboot possible ? •EDK2 project upstreaming •LinuxBoot ? •Other bootloaders ? © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 16 Ongoing work Toward a stable and easy to use boot ecosystem •SBI specifications – SBI v0.2 specification – Power management extension in SBI •OpenSBI – SBI v0.2 support – Sequential cpu boot via CPU hotplug – Support other M-mode boot loader such as Coreboot/U-Boot SPL – Hypervisor support – More platforms support • Need hardware ! © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 17 OSTree •OSTree can be thought of as git for operating system updates •It is used to mange Linux system operating system updates •Unlike git OSTree “checks out” files using hardlinks, so the rootFS is immutable to prevent corruption •OSTree started with Gnome Continuous (high performance continuous delivery/testing system for GNOME) •OSTree is used in meta-updater (an OE layer) and Fedora SilverBlue •Flatpak uses libostree © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 18 Demo 1: U-Boot TFTP boot and OSTree © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 19 Demo 2: U-Boot MMC boot and OSTree © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 20 Thank you!! •Q&A ? © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 21 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8/30/19 Constraints on using OpenSBI Library •Same GCC target options (i.e. -march, -mabi, and -mcmodel) need to be used for the external firmware and OpenSBI sources •External firmware must create per-HART non-overlapping: 1.
Load more

Recommended publications
  • Multiprocessor Initialization of INTEL SOC in Coreboot
    Multiprocessor Initialization OF INTEL SOC in Coreboot Pratik Prajapati ([email protected]) Subrata Banik ([email protected]) 1 Agenda • Intel Multiple Processor (MP) Initialization • Coreboot + Intel FSP Boot Flow • Problem with existing model • Solution space • Design • Future Scope 2 Intel Multiple Processor (MP) Initialization • The IA-32 architecture (beginning with the P6 family processors) defines a multiple-processor (MP) initialization protocol called the Multiprocessor Specification Version 1.4. • The MP initialization protocol has the following important features: • It supports controlled booting of multiple processors without requiring dedicated system hardware. • It allows hardware to initiate the booting of a system without the need for a dedicated signal or a predefined boot processor. • It allows all IA-32 processors to be booted in the same manner, including those supporting Intel Hyper-Threading Technology. • The MP initialization protocol also applies to MP systems using Intel 64 processors. • Entire CPU multiprocessor initialization can be divided into two parts – BSP (Boot Strap Processor) Initialization – AP (Application Processor) Initialization Reference: Intel SDM Multiple Processor Init - section 8.4 3 Coreboot + Intel FSP (Firmware support package) Boot Flow Coreboot/BIOS FSP * Coreboot uses its own temp ram init code. 4 Problem Statement with existing model • Background: Coreboot is capable enough to handle multiprocessor initialization on IA platforms. So ideally, CPU features programming can be part of Coreboot MP Init sequence. • But, there might be some cases where certain feature programming can't be done with current flow of MP init sequence. Because, Intel FSP-S has to program certain registers to meet silicon init flow due to SAI (Security Attributes of Initiator) and has to lock other registers before exiting silicon init API.
    [Show full text]
  • Coreboot - the Free Firmware
    coreboot - the free firmware vimacs <https://vimacs.lcpu.club> Linux Club of Peking University May 19th, 2018 . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 1 / 77 License This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. You can find the source code of this presentation at: https://git.wehack.space/coreboot-talk/ . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 2 / 77 Index 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 3 / 77 Index 6 Porting coreboot with autoport ASRock B75 Pro3-M Sandy/Ivy Bridge HP Elitebooks Dell Latitude E6230 7 References . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 4 / 77 1 What is coreboot? History Why use coreboot 2 How coreboot works 3 Building and using coreboot Building Flashing 4 Utilities and Debugging 5 Join the community . vimacs (LCPU) coreboot - the free firmware May 19th, 2018 5 / 77 What is coreboot? coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology. The word ’coreboot’ should always be written in lowercase, even at the start of a sentence. vimacs (LCPU) coreboot - the free firmware May 19th, 2018 6 / 77 History: from LinuxBIOS to coreboot coreboot has a very long history, stretching back more than 18 years to when it was known as LinuxBIOS.
    [Show full text]
  • Quadcore with Coreboot / Libreboot on the T500 (Hopefully the T400 As Well)
    QuadCore with Coreboot / Libreboot on the T500 (hopefully the T400 as well) (Translator’s note: Unfortunately, I couldn’t get pdflatex to compile with images, so here’s the link, I’ll put lines in at least so that you can see where each image goes) I tested the quadcore-mod from here first on a T500 mainboard, but back then, the BIOS did me a great disservice, see here and read the paragraph “Why this can’t be done for the T500 and W500” at the end of the first post. Meanwhile, we got Libreboot for the T500, which is basically Coreboot without BLOBs, i.e. CPU microcode. The code differs from coreboot in certain other aspects, however I don’t know exactly. With the ROMs offered for the T500, Quads don’t work either. Finally, I got to actually using a Pandaboard to debug Libreboot’s boot process with a Quad-core installed. The boot process hangs when the third CPU is to be initialized. Looking at the code, I found out that the kconfig data is built to the original specs. In the case of the T500 (which takes the data from the folder for the T400), the maximum count for the CPU is set to two. I changed the count to 4, generated the ROM again, flashed it –> You got quadcore. Because the current Libreboot version doesn’t support screens larger than 1280x800 with the T500, I had to extract the original VGA-BIOS for the Intel graphics from the original Lenovo BIOS and integrate it instead of the “native VGA init” into the ROM.
    [Show full text]
  • How to Create a Trust Anchor with Coreboot
    How to create a trust anchor with coreboot. Trusted Computing vs Authenticated Code Modules Philipp Deppenwiese About myself Member of a hackerspace in germany. 10 years of experience in it-security. Did a lot work on trusted computing and system security at my last job at Rohde and Schwarz Cybersecurity. I am a Gentoo user. Now I am a web developer and system administrator. Basics Important acronyms TPM - Trusted Platform Module TCB - Trusted Computing Base PCR - Platform Conguration Register ACM - Authenticated Code Modules PKI - Public Key Infrastructure TEE - Trusted Execution Environment TPM Trusted Platform Modules are smartcards with extra feature set. Version 1.2 and 2.0 are out. www.trustedcomputinggroup.org does the specication and compliance. The authorization is done via ownership model. User can own the TPM. A TPM is always passive and not active ! TPM 1.2 Created for Digital Rights Management but never used for it. Huge portests in the internet done by the FSF. TCG stepped back and modied the specication in order to provide an ownership model, DAA and revokable Endorsement Key in order to stop identication and provide full control. Algorithm sizes are limited RSA-2048 and SHA-1. There is one open source software stack. TPM 1.2 TPM 2.0 Mainly build for Microsoft! Compliance testsuite and everything else was designed for Windows usage only. Specication was removed shortly after it appeared. You can't nd it on the internet. Supports modern cryptographic algorithms. TPM 2.0 Two software stacks. IBM and Intel. TPM architecture/hierachy got much more complex. Protected against bus attacks by having DH key exchange to establish a secure connection.
    [Show full text]
  • Coreboot on RISCV Ron Minnich, Google Thanks to Stefan Reinauer, Duncan Laurie, Patrick Georgi,
    coreboot on RISCV Ron Minnich, Google Thanks to Stefan Reinauer, Duncan Laurie, Patrick Georgi, ... Overview ● What firmware is ● What coreboot is ● Why we want it on RISCV ● History of the port ● Structure of the port ● Status ● Lessons learned Firmware, 1974-present, always-on ● Bottom half of the operating system ● Provided an abstract interface (Basic Input Output System, or Platform-independent code, BIOS) to top half loaded from (e.g.) floppy, ● Supported DOS, CP/M, etc. tape, etc. ● Sucked Platform code, on EEPROM ○ Slow or similar ○ No easy bugfix path ○ Not SMP capable Firmware, 1990-2005, “Fire and Forget” ● Just set up bootloader and get out of the way ● Set all the stuff kernels can’t do Linux ○ Magic configuration, etc. ○ Even now, Linux can not do most of what this code does Platform code, get DRAM going, set naughty bits, load ● LinuxBIOS is one example kernel, please go away ● 2000: boot complex server node to Linux in 3 seconds ● 2015: EFI can do the same in 300 seconds Firmware, 2005-present, “The Empire Strikes Back” ● Kernel is Ring 0 ● Hypervisor is Ring -1 ● Firmware is Ring -2 ● Firmware gets hardware going Platform-independent code ● But never goes away ● Sucks Platform code, on EEPROM ○ Slow or similar ○ No easy bugfix path ○ Not SMP capable on x86 ● This model is even being pushed for ARM V8 ○ :-( Why don’t we (ok, I) like persistent firmware? ● It’s just another attack vector ○ Indistinguishable from persistent embedded threat ○ Is the code an exploit or … ○ Not necessary in an open source world ○ Main function
    [Show full text]
  • Reduce Firmware Booting Time in Multi-Threaded Environment
    Open Source Firmware Development Reduce Firmware Booting Time Using Multi- Threaded Environment White Paper Revision 001 January 2019 Document Number: 338658-001 You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at Intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Intel does not assume any liability for lost or stolen data or systems or any damages resulting from such losses. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.
    [Show full text]
  • Libreboot – Free Boot Firmware Libreboot Is a Free Boot Firmware for Use on Computers Certified "Respects Your Freedom"
    LibreBoot – Free Boot Firmware LibreBoot is a free boot firmware for use on computers certified "Respects Your Freedom". Most x86 computers are designed to run Windows and come with a non-free BIOS or UEFI firmware that often includes some Malware. Windows itself is malware, and Windows licences are often stored in the BIOS on OEM PCs. For the sake of our freedom we replace Windows with a free distribution of GNU/Linux such as Trisquel (an Ubuntu derivative). But we also have to replace the non-free software that initializes the Hardware with free software. Most hardware vendors do not document how to install a different BIOS, and make it hard to install a different one. But there is coreboot, a free BIOS that can run on some computers. Coreboot contains binary blobs, but some systems can stable run without any blobs. LibreBoot also contains documentation how to install a released version of the coreboot firmware on supported hardware such as some older Thinkpads, and scripts to build the firmware from source, for all supported models. Because newer systems are unable to boot without those blobs, there is no support for newer x86 based computers. For Intel based hardware one challenge is the Management Engine (ME), which is designed for remote out of band management. The firmware for the ME is proprietary and it is impossible to run a free replacement, because it is signed using a secret key. However it is possible to remove the ME firmware on some systems so that it is possible to use them in freedom.
    [Show full text]
  • Presents : Coreboot for Dummies
    Coreboot for Dummies By Youness Alaoui This adventure has been sponsored by : What are we gonna talk about? •Who am I ? •Getting started with coreboot! •Getting an existing port to build and work •Testing and finishing the Librem 13 v1 port •Starting a new port from scratch •Debug output, how hard can it be? •Summary of doing a port •It's question time! Who am I ? ● Youness Alaoui, a.k.a KaKaRoTo ● aMSN developper ● libnice, Farstream, GStreamer, Meego ● PS3 reverse-engineer ● Freelance consultant ● Most importantly: a coreboot newbie Getting started with coreboot! ● What is coreboot? How does it work ? ● Looking at the entry point… Bad ideas ● The Three Stooges ● Lack of documentation ● Excessive documentation ● Getting started tutorial How to brick a laptop quickly and painlessly! ● Just kidding, it will be painful to the laptop. ● At first glance, most wiki information is about desktop motherboards ● Backup the rom before doing anything else! ● Don’t solder to the motherboard! Dumping the flash on v2 hardware ● Used a Logic Analyzer ● Dump trace data into CSV ● Script to analyze SPI commands and reconstitute the image from reads ● Realize the image is corrupted ● Adjust for <2ns spikes to ignore cross talk ● Give up Dumping the flash on v2 hardware Dumping the flash on v1 hardware ● Don't trust AFULNX, AFUDOS, AFUWIN ● Flashrom to the rescue! ● Laptops and EC ● Use a SOIC clip, instead of a chip socket ● Understanding the Intel Flash Descriptor ● Powering the flash chip and hardware magical nonsense First coreboot build ● The first build tutorial is an excellent start ● Missing microcode ● Missing blobs and descriptors Binary blobs, gotta catch them all! ● How to dump the VGA Bios properly ● Where to get the MRC.bin file ? ● What about the refcode.bin ? ● IFD Descriptor and ME binaries The importance of debugging ● Getting USB debug to work was easy, thank you! ● With no debug output, you can’t properly do a port.
    [Show full text]
  • PC Hardware Contents
    PC Hardware Contents 1 Computer hardware 1 1.1 Von Neumann architecture ...................................... 1 1.2 Sales .................................................. 1 1.3 Different systems ........................................... 2 1.3.1 Personal computer ...................................... 2 1.3.2 Mainframe computer ..................................... 3 1.3.3 Departmental computing ................................... 4 1.3.4 Supercomputer ........................................ 4 1.4 See also ................................................ 4 1.5 References ............................................... 4 1.6 External links ............................................. 4 2 Central processing unit 5 2.1 History ................................................. 5 2.1.1 Transistor and integrated circuit CPUs ............................ 6 2.1.2 Microprocessors ....................................... 7 2.2 Operation ............................................... 8 2.2.1 Fetch ............................................. 8 2.2.2 Decode ............................................ 8 2.2.3 Execute ............................................ 9 2.3 Design and implementation ...................................... 9 2.3.1 Control unit .......................................... 9 2.3.2 Arithmetic logic unit ..................................... 9 2.3.3 Integer range ......................................... 10 2.3.4 Clock rate ........................................... 10 2.3.5 Parallelism .........................................
    [Show full text]
  • Why Coreboot Is Harder Than You Think and Easier Than You Might Think Possible
    Why coreboot is harder than you think and easier than you might think possible Ron Minnich Google Schedule 1000-1100 Coreboot overview 1100-1130 Depth Charge 1130-1200 Coreboot on ARM 1200-1300 Lunch/discussion/questions 1300-1400 Chromebooks and coreboot 1400-?? Your turn: you will build and boot coreboot on QEMU. And, we'll show you how we build/burn chromebooks (ARM and x86) We encourage questions Before we start ... save these commands log in to your laptop cd git clone http://review.coreboot.org/p/coreboot cd git clone git://git.seabios.org/seabios.git seabios Now that you have those commands ● Please run them now so that we are all ready for the tutorial ● Assuming we have a network ... ● And, also, make sure you have qemu, gnubin tools (make, gcc, etc.), ncurses-dev, bison, and flex What coreboot is for ● Coreboot does minimal configuration of a platform so that the resources are discoverable configurable by other software (a.k.a. "payload") ○ payload is a kernel (Linux, Plan 9, ...) or bootloader ● Note that it is assumed that the payload will further configure the hardware ● Coreboot makes the platform configurable ● Coreboot does only as much configuration as it absolutely has to, but no more Motivation for this talk: somebody is wrong on the internet! (http://xkcd. com/386/) ● http://tinyurl.com/cog3d8d ● "I know that the Core Boot project also tries to accomplish this, but their development process is slow and their approach seems to make the boot process more complicated than it needs to be." ● The full note is just full of
    [Show full text]
  • Co-Processor-Based Behavior Monitoring
    Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode Ronny Chevalier, Maugan Villatel, David Plaquin, Guillaume Hiet To cite this version: Ronny Chevalier, Maugan Villatel, David Plaquin, Guillaume Hiet. Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode. ACSAC 2017 - 33rd Annual Computer Security Applications Conference, Dec 2017, Orlando, United States. pp.399-411, 10.1145/3134600.3134622. hal-01634566 HAL Id: hal-01634566 https://hal.inria.fr/hal-01634566 Submitted on 6 Dec 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode Ronny Chevalier Maugan Villatel HP Labs HP Labs [email protected] [email protected] David Plaquin Guillaume Hiet HP Labs CentraleSupélec [email protected] [email protected] ABSTRACT 1 INTRODUCTION Highly privileged software, such as firmware, is an attractive target Computers often relies on low-level software, like the kernel of for attackers. Thus, BIOS vendors use cryptographic signatures to an Operating System (OS) or software embedded in the hardware, ensure firmware integrity at boot time.
    [Show full text]
  • Introduction to Coreboot I What Is Coreboot? I How Can I Try It Out? I How Can I Contribute? What Is Coreboot? Firmware
    Introduction to coreboot I What is coreboot? I How can I try it out? I How can I contribute? What is coreboot? Firmware coreboot is firmware targeting multiple mainboards and processor architectures, including x86. By default, Google’s Chromebooks are running coreboot. You can get coreboot on laptops from System76, Purism, and some refurbished Thinkpads. Payloads coreboot itself only initializes hardware and will need a payload to execute. The default payload of coreboot is SeaBIOS, an open implementation of a legacy BIOS. You can use any ELF binary as a payload, including a Linux kernel or a DOOM port. Stages coreboot consists of multiple stages. 1. Boot Block (CAR / Cache As RAM) 2. Verification (TPM, vboot) 3. ROM stage (memory init, ucode update) 4. RAM stage (PCIe, SMM, ACPI) 5. Payload How can I try it out? Run coreboot in an emulator See the end users docs at https://coreboot.org/users.html. 1. clone the repo: git clone https://review.coreboot.org/coreboot.git && cd coreboot 2. build the toolchain: make toolchain-i386 CPUS=4 && make iasl 3. generate a generic config: make defconfig 4. build it: make -j4 5. run it in QEMU qemu-system-x86_64 -bios build/coreboot.rom -serial stdio Demo Output coreboot-4.9-2-g96374e7978-dirty Mon Mar 18 17:28:15 UTC 2019 bootblock starting... 2 CBFS: 'Master Header Locator' located CBFS at [200:40000) CBFS: Locating 'fallback/romstage' 4 CBFS: Found @ offset 80 size 3c04 6 coreboot-4.9-2-g96374e7978-dirty Mon Mar 18 17:28:15 UTC 2019 romstage starting..
    [Show full text]