diff --git a/.gitignore b/.gitignore index 7454e90..aa3b895 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.html +/site/sitemap.xml /site/news/index* /site/sitemap.md /site/push diff --git a/site/contact.de.md b/site/contact.de.md index e6af723..8262228 100644 --- a/site/contact.de.md +++ b/site/contact.de.md @@ -1,10 +1,10 @@ --- -title: Kontakt +title: Kontakt der Libreboot projekt x-toc-enable: true ... Buy Libreboot pre-installed -========== +-------------------- If you want professional installation, Minifree Ltd sells [Libreboot pre-installed](https://minifree.org/) on select hardware, and it also provides @@ -18,13 +18,13 @@ If you're installing Libreboot yourself, support for that is also available. Contact information (IRC, mailing list etc) is below: User support -============ +------------ IRC oder Reddit werden bevorzugt, sofern Du eine Support Anfrage hast (IRC empfohlen). Für Informationen bzgl. IRC and Reddit siehe unten. Mailing list -============ +------------ Libreboot has this mailing list: @@ -32,7 +32,7 @@ Libreboot has this mailing list: The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Entwicklungs Diskussion -====================== +--------------------- Siehe unter [der Git Seite](git.md) für Informationen wie Du dich an der Entwicklung beteiligen kannst. @@ -40,7 +40,7 @@ Siehe unter Hier finden sich ebenso Anleitungen zum Senden von Patches (via Pull-Requests). IRC Chatraum -============ +------------- IRC ist hauptsächlich der Weg um Kontakt Libreboot Projekt aufzunehmen. `#libreboot` auf Libera IRC. @@ -71,12 +71,11 @@ Website erläutern wie dies funktioniert: Grundsätzlich solltest Du die Dokumentation der von Dir verwendeten IRC Software konsultieren. Soziale Medien -============ +----------------- Libreboot existiert offiziell an vielen Orten. -Mastodon --------- +### Mastodon Gründerin und Haupt-Entwicklerin, Leah Rowe, ist auf Mastodon: @@ -85,8 +84,7 @@ Gründerin und Haupt-Entwicklerin, Leah Rowe, ist auf Mastodon: Leah kann zudem unter dieser eMail kontaktiert werden: [leah@libreboot.org](mailto:leah@libreboot.org) -Reddit ------- +### Reddit Hauptsächlich verwendet als Support Kanal und für Veröffentlichung von Neuigkeiten: diff --git a/site/contact.fr.md b/site/contact.fr.md new file mode 100644 index 0000000..9028d0b --- /dev/null +++ b/site/contact.fr.md @@ -0,0 +1,79 @@ +--- +title: Contact the Libreboot project +x-toc-enable: true +... + +Où acheter du matériel avec Libreboot pré-installé +--------------------------------------------- + +Si vous souhaitez une installation professionnelle, Minifree Ltd vend des ordinateurs avec [Libreboot pré-installé](https://minifree.org/). L'entreprise propose également [un service d'installation de Libreboot](https://minifree.org/product/installation-service/) si vous voulez l'installer sur votre propre machine. + +Leah Rowe, fondateur et principal développeur du projet Libreboot, est également propriétaire de Minifree Ltd. Les ventes contribuent à financer le développement du projet Libreboot. + +Si vous installez Libreboot vous-même, un support est disponible via différents canaux de communication (IRC, mail, etc.) : + + +Suport utilisateur +------------------ + +IRC et Reddit sont recommandés pour demander de l'aide (IRC est à privilégier) : + + +Mail +---- + +Libreboot dispose d'une liste de diffusion : + +L'adresse mail est [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) + +Discussion sur le developpement +------------------------------- + +Pour participer au développement, consultez la pag [GIT](git.md) du projet. Vous y trouverez des instructions détaillées sur l'envoi de patchs via pull request. + +IRC chatroom +------------ + +Le chat IRC est le principal moyen de contact pour le projet Libreboot via `#libreboot` sur Libera IRC. + +Webchat: + + +Libera est un des plus grands réseaux IRC utilisé pour les projets en lien avec le logiciel libre. Vous trouverez plus d'information ici : + +Si vous souhaitez vous connecter via votre client préféré ( comme weechat ou irssi), veuillez utiliser ces informations : + +* Server: `irc.libera.chat` +* Channel: `#libreboot` +* Port (TLS): `6697` +* Port (non-TLS): `6667` + +Nous vous recommandons d'utiliser le port `6697` avec l'encryption TLS activée. + +Il est recommandé d'utiliser SASL pour l'authentification. Ces pages vous indiqueront comment l'utiliser : + +* WeeChat SASL guide: +* Irssi SASL guide: +* HexChat SASL guide: + +De manière générale, reportez-vous à la documentation de votre logiciel IRC. + + +Réseaux sociaux +--------------- + +Libreboot existe officiellement sur différents réseaux sociaux. + +### Mastodon + +Le fondateur et principal developpeur, Leah Rowe, est sur Mastodon: + +* + +Leah peut également être contacté par mail : +[leah@libreboot.org](mailto:leah@libreboot.org) + +### Reddit + +Généralement utilisé pour le support mais aussi pour l'annonces des dernières nouveautés : + diff --git a/site/contact.it.md b/site/contact.it.md index e63e62d..09b84c7 100644 --- a/site/contact.it.md +++ b/site/contact.it.md @@ -4,7 +4,7 @@ x-toc-enable: true ... Buy Libreboot pre-installed -========== +--------------------------- If you want professional installation, Minifree Ltd sells [Libreboot pre-installed](https://minifree.org/) on select hardware, and it also provides @@ -18,14 +18,14 @@ If you're installing Libreboot yourself, support for that is also available. Contact information (IRC, mailing list etc) is below: Supporto utenti -=============== +--------------- IRC o Reddit sono consigliati, sebbene preferiamo che usi il canale IRC per avere o per offrire supporto tecnico. Continua a leggere per avere ulteriori informazioni. Mailing list -============ +------------ Libreboot has this mailing list: @@ -33,7 +33,7 @@ Libreboot has this mailing list: The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Discussione sullo sviluppo -========================== +-------------------------- Per ora dai un occhiata sulla [pagina Git](git.md) per avere maggiori informazioni su come puoi @@ -43,7 +43,7 @@ Su quella stessa pagina puoi trovare informazioni su come inviare correzioni (patches) tramite pull requests. Canale IRC -========== +---------- IRC e' il modo principale per contattare chi collabora con il progetto libreboot. Il canale ufficiale e' `#libreboot` su Libera IRC. @@ -73,26 +73,22 @@ di Libera spiegano come: Comunque dovresti sempre controllare la documentazione del tuo client IRC preferito. Reti sociali online -=================== +------------------- Libreboot esiste ufficialmente in molte piattaforme. -Mastodon --------- +### Mastodon Il fondatore e sviluppatore principale, Leah Rowe, e' su Mastodon: * -Posta elettronica ------------------ +### Posta elettronica Leah puo' essere contattata anche via email a questo indirizzo: [leah@libreboot.org](mailto:leah@libreboot.org) -Reddit ------- +### Reddit Usato principalmente come canale di supporto e per annunciare notizie: - diff --git a/site/contact.md b/site/contact.md index 6b418a9..36e424d 100644 --- a/site/contact.md +++ b/site/contact.md @@ -1,10 +1,10 @@ --- -title: Contact +title: Contact the Libreboot project x-toc-enable: true ... Buy Libreboot pre-installed -========== +-------------------------- If you want professional installation, Minifree Ltd sells [Libreboot pre-installed](https://minifree.org/) on select hardware, and it also provides @@ -18,13 +18,13 @@ If you're installing Libreboot yourself, support for that is also available. Contact information (IRC, mailing list etc) is below: User support -============ +------------- IRC or Reddit are recommended, if you wish to ask for support (IRC recommended). See below for information about IRC and Reddit. Mailing list -============ +------------ Libreboot has this mailing list: @@ -32,7 +32,7 @@ Libreboot has this mailing list: The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Development discussion -====================== +-------------------- See notes on [the Git page](git.md) for information about how to assist with development. @@ -40,7 +40,7 @@ on [the Git page](git.md) for information about how to assist with development. Instructions are also on that page for sending patches (via pull requests). IRC chatroom -============ +------------- IRC is the main way to contact the libreboot project. `#libreboot` on Libera IRC. @@ -71,12 +71,11 @@ website tells you how: In general, you should check the documentation provided by your IRC software. Social media -============ +------------- libreboot exists officially on many places. -Mastodon --------- +### Mastodon The founder and lead developer, Leah Rowe, is on Mastodon: @@ -85,8 +84,7 @@ The founder and lead developer, Leah Rowe, is on Mastodon: Leah can also be contacted by this email address: [leah@libreboot.org](mailto:leah@libreboot.org) -Reddit ------- +### Reddit Mostly used as a support channel, and also for news announcements: diff --git a/site/contact.ru.md b/site/contact.ru.md index 542cc80..ee0d113 100644 --- a/site/contact.ru.md +++ b/site/contact.ru.md @@ -4,7 +4,7 @@ x-toc-enable: true ... Купите Libreboot предустановленным -================================== +---------------------------------- Если вы хотите, чтобы профессионал установил Libreboot для вас, то Minifree Ltd продает [Libreboot предустановленным](https://minifree.org/) на определенном оборудование, и также предоставляет сервис по [установке Libreboot](https://minifree.org/product/installation-service/) на ваши машины. @@ -13,26 +13,26 @@ x-toc-enable: true Если вы самостоятельно устанавливаете Libreboot, вы можете получить поддержку: Поддержка пользователей -======================= +----------------------- IRC и Reddit предпочительнее, если вы хотите попросить помощи (IRC рекомендуется). Информация об IRC и Reddit ниже. Почтовая рассылка -================= +----------------- У Libreboot есть своя почтовая рассылка: Адрес электронной почты: [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Обсуждение разработки -===================== +--------------------- Смотрите [страницу по Git](git.md) для того, чтобы узнать, как помогать с разработкой Libreboot. На этой странице также содержаться инструкции, как отправлять патчи (с помощью pull request). Чат в IRC -========== +--------- IRC - главный метод связи с проектом Libreboot. `#libreboot` на Libera IRC. @@ -59,10 +59,9 @@ Libera - самая большая сеть IRC, используемая для В общем, вы должны проверить документацию вашего клиента для IRC. Социальные сети -=============== +--------------- -Mastodon --------- +### Mastodon Основатель и велущий разработчик, Лия Роу, есть на Mastodon: @@ -71,8 +70,7 @@ Mastodon Связаться с Лией также можно и по этому адресу электронной почты: [leah@libreboot.org](mailto:leah@libreboot.org) -Reddit ------- +### Reddit Чаще всего используется для поддержки пользователей, а также для новостей и анонсов: - \ No newline at end of file + diff --git a/site/contact.tr.md b/site/contact.tr.md new file mode 100644 index 0000000..c891ff1 --- /dev/null +++ b/site/contact.tr.md @@ -0,0 +1,79 @@ +--- +title: Libreboot Projesi ile İletişim +x-toc-enable: true +... + +Libreboot Önyüklenmiş Olarak Satın Alın +-------------------------------------- + +Profesyonel kurulum istiyorsanız, Minifree Ltd seçili donanımlarda [Libreboot önyüklenmiş](https://minifree.org/) cihazlar satmaktadır ve ayrıca makinenizi göndererek Libreboot kurulumu yaptırmak istiyorsanız [Libreboot önyükleme hizmeti](https://minifree.org/product/installation-service/) sunmaktadır. + +Libreboot'un kurucusu ve baş geliştiricisi Leah Rowe aynı zamanda Minifree Ltd'yi de işletmektedir; satışlar Libreboot projesi için finansman sağlamaktadır. + +Libreboot'u kendiniz kuruyorsanız, bunun için de destek mevcuttur. İletişim bilgileri (IRC, e-posta listesi vb.) aşağıdadır: + +Kullanıcı Desteği +---------------- + +Destek istemek istiyorsanız IRC veya Reddit önerilir (IRC önerilir). IRC ve Reddit hakkında bilgi için aşağıya bakın. + +E-posta Listesi +-------------- + +Libreboot'un şu e-posta listesi vardır: + + +E-posta adresi: [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) + +Geliştirme Tartışmaları +---------------------- + +Geliştirmeye nasıl yardımcı olabileceğiniz hakkında bilgi için [Git sayfasındaki](git.md) notlara bakın. + +Yamaları (çekme istekleri aracılığıyla) nasıl göndereceğinize dair talimatlar da o sayfada bulunmaktadır. + +IRC Sohbet Odası +--------------- + +IRC, Libreboot projesiyle iletişim kurmanın ana yoludur. Libera IRC'de `#libreboot` kanalı. + +Web sohbeti: + + +Libera, Özgür Yazılım projeleri için kullanılan en büyük IRC ağlarından biridir. Onlar hakkında daha fazla bilgiyi burada bulabilirsiniz: + +Tercih ettiğiniz istemciyi (weechat veya irssi gibi) kullanarak bağlanmak isterseniz, bağlantı bilgileri şu şekildedir: + +* Sunucu: `irc.libera.chat` +* Kanal: `#libreboot` +* Port (TLS): `6697` +* Port (TLS olmayan): `6667` + +TLS şifrelemesi etkin olarak `6697` portunu kullanmanızı öneririz. + +Kimlik doğrulama için SASL kullanmanız önerilir. Libera web sitesindeki şu sayfalar size nasıl yapılacağını anlatır: + +* WeeChat SASL kılavuzu: +* Irssi SASL kılavuzu: +* HexChat SASL kılavuzu: + +Genel olarak, IRC yazılımınızın sağladığı belgeleri kontrol etmelisiniz. + +Sosyal Medya +----------- + +Libreboot resmi olarak birçok yerde bulunmaktadır. + +### Mastodon + +Kurucu ve baş geliştirici Leah Rowe, Mastodon'da: + +* + +Leah'ya ayrıca şu e-posta adresinden ulaşılabilir: +[leah@libreboot.org](mailto:leah@libreboot.org) + +### Reddit + +Çoğunlukla destek kanalı olarak ve ayrıca haber duyuruları için kullanılır: + \ No newline at end of file diff --git a/site/contact.uk.md b/site/contact.uk.md index 79d8a28..759e6a4 100644 --- a/site/contact.uk.md +++ b/site/contact.uk.md @@ -4,7 +4,7 @@ x-toc-enable: true ... Buy Libreboot pre-installed -========== +--------------------------- If you want professional installation, Minifree Ltd sells [Libreboot pre-installed](https://minifree.org/) on select hardware, and it also provides @@ -18,13 +18,13 @@ If you're installing Libreboot yourself, support for that is also available. Contact information (IRC, mailing list etc) is below: Підтримка користувачів -============ +---------------------- IRC або Reddit рекомендовані, якщо ви бажаєте попросити про допомогу (найкраще IRC). Дивіться інформацію нижче щодо IRC та Reddit. Mailing list -============ +------------ Libreboot has this mailing list: @@ -32,7 +32,7 @@ Libreboot has this mailing list: The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Обговорення розробки -====================== +-------------------- Зараз, подивіться нотатки на [сторінці Git](git.md) для інформації щодо допомоги з розробкою. @@ -40,7 +40,7 @@ The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreb На цій сторінці також знаходяться інструкції по відправці патчів (через pull request'и). Кімната IRC -============ +----------- IRC це головний спосіб зв'язку з проектом Libreboot. `#libreboot` на Libera IRC. @@ -71,12 +71,11 @@ Libera є однією з найбільших мереж IRC, використ Взагалі, вам варто перевірити документацію, яка передбачена вашою програмою IRC. Соціальні мережі -============ +---------------- Libreboot офіційно існує в багатьох місцях. -Mastodon --------------------- +### Mastodon Засновник та головний розробник, Лія Роу, є в Mastodon: @@ -85,8 +84,7 @@ Mastodon Також можливо зв'язатися з Лією за ії електронною адресою: [leah@libreboot.org](mailto:leah@libreboot.org) -Reddit ------- +### Reddit Найбільше використовується як канал підтримки, та також для оголошення новин: diff --git a/site/contrib.md b/site/contrib.md index 6416247..5d38b99 100644 --- a/site/contrib.md +++ b/site/contrib.md @@ -1,5 +1,5 @@ --- -title: Project contributors +title: People who contributed to the Libreboot project x-toc-enable: true ... @@ -10,9 +10,6 @@ If we forgot to mention you here, let us know and we'll add you. (or if you don't want to be mentioned, let us know and we'll remove your entry) -Information about who works on libreboot, and how the project is run, can -be found on this page: [who.md](who.md) - You can know the history of the libreboot project, simply by reading this page. It goes into detail about all of the major contributions to the project, and in general how the project was created (and who helped create it). @@ -40,32 +37,15 @@ works on all aspects of libreboot, such as: that libreboot uses * Providing user support on IRC -Caleb La Grange ---------------- - -**Secondary developer, number two to Leah.** Caleb is a full time libreboot developer -with a narrower focus. Caleb focuses on several areas of development: - -* Build system. Caleb is responsible for improving and fixing the libreboot Make build -system. Specifically: automation, and reproducibility. -* Hardware modification. Caleb has a passion for hardware alteration; soldering, -desoldering, and testing libreboot software on the resulting hardware. -* Board porting. Anything supported in Coreboot can be ported to libreboot, Caleb -will test and port any board he can get his hands on. Additionally, anyone can -contact Caleb to generate libreboot roms for testing on their board. -* Documentation. Caleb actively maintains documentation on the above areas of -interest. Additionally, Caleb is responsible for disassembly guides with his own -pictures and diagrams for several boards. -* User support. Caleb is active on irc and willing to help any user interested in -using libreboot or in need of help. -* Project goals. Caleb collaborates with Leah on determining project goals. -Leah has the final say in every decision. +Check the Git repositories to find my own contributions to the project. There +are a lot, too many to list here, but my work is enabled by the many people +who help me, and those who work on all the upstream projects that I use in +Libreboot. I regularly work with all sorts of people. External projects -================= +----------------- -Coreboot project ----------------- +### Coreboot project Without coreboot, the libreboot project simply would not be possible. @@ -73,28 +53,36 @@ The people and companies that work on coreboot are numerous, and they make the libreboot project what it is. The libreboot project makes heavy use of coreboot, to provide hardware initialization. -GRUB --------- +### GRUB GRUB is the bootloader used by libreboot. It goes without saying that the GRUB developers enable libreboot, through their work. -SeaBIOS -------- +### SeaBIOS The libreboot firmware provides SeaBIOS as a payload option. SeaBIOS provides a legacy x86 BIOS implementation. -U-Boot ------- +### U-Boot Libreboot uses U-Boot as the coreboot payload on supported ARM Chromebooks. -Contributors in alphabetical order -================================== +### Flashprog -Alper Nebi Yasak ----------------- +Libreboot uses Nico Huber's *flashprog* to provide flashing on all boards; +without this code, you would not be able to install Libreboot in freedom, +because other NOR flashing tools are typically proprietary (and not as good). + +Contributors in alphabetical order +------------------------------ + +### Alexei Sorokin + +Sent minor fixes to lbmk; improved sha512sum verification on images, config +improvements e.g. hide MEI device where neutered ME is used. General +improvements and tweaks. + +### Alper Nebi Yasak Contributed the build system integration and documentation for using U-Boot as payload, and initial Libreboot ports of some ARM Chromebooks @@ -103,8 +91,7 @@ based on that. Alper also does upstream development on U-Boot, e.g. continued an almost complete port of the `gru-kevin` board and got it merged upstream. -Alyssa Rosenzweig ------------------ +### Alyssa Rosenzweig Switched the website to use markdown in lieu of handwritten HTML and custom PHP. **Former libreboot project maintainer (sysadmin for libreboot.org).** @@ -117,18 +104,52 @@ now been heavily modified and forked into a formal project, by Leah Rowe: Alyssa's original work on the static site generator that Libreboot used to use; the Libreboot website is now built with Untitled) -Andrew Robbins --------------- +### Andrea Perotti + +Sent several small fixes to Libreboot's dependencies scripts for Debian, Fedora +and Ubuntu distros. + +### Andrew Robbins Worked on large parts of Libreboot's old build system and related documentation. Andrew joined the Libreboot project as a full time developer during June 2017, -until his departure in March 2021. +until his departure in March 2021. Although the work was ultimately scrapped +in 2021, in favour of Libreboot's +current [lbmk design](docs/maintain/), he provided countless hours of work to +the project over the years, helping users on IRC and generally being a very +passionate Libreboot developer. + +Andrew was working on a build system re-write +that ultimately never reached a stable state, and he abandoned the project +after his work was replaced, but the feeling of disgust that he had was not +mutual. I, Leah Rowe, am very grateful to Andrew Robbins for his numerous contributions -over the years. +over the years. Anyone who contributes to Libreboot is a hero. Look at the +old Libreboot repository on [notabug](https://notabug.org/libreboot) to find +his contributions. -Arthur Heymans --------------- +### Angel Pons + +Angel is a coreboot developer. Their contributions are numerous, in that and +many other projects. Countless patches in coreboot from them have enabled +Libreboot to be what it is. + +The most noteworthy work by Angel, that Libreboot imported, is the native +raminit (NRI) for Intel Haswell platform, which Libreboot was able to use +for replacing the Intel MRC. Because of these patches, Libreboot is able to +provide wholly free initialisation on that platform, in the BIOS region of +the flash. For example, the ThinkPad T440p and OptiPlex 9020 ports boot in +such a configuration, since these are Haswell machines. + +Over 2000 commits in coreboot were written by Angel, as of January 2025. They +are one of coreboot's most active developers. + +### Arsen Arsenović + +Added the config for ThinkPad T430 to Libreboot. + +### Arthur Heymans Merged a patch from coreboot into libreboot, enabling C3 and C4 power states to work correctly on GM45 laptops. This was a long-standing issue @@ -141,8 +162,54 @@ project. He still works on coreboot, to this day, and Libreboot greatly benefits from his work. His contributions to the coreboot project, and Libreboot, are invaluable. -Damien Zammit -------------- +### Ben Westover + +Added info about internal flashing for Dell OptiPlex 9020, in the Libreboot +documentation. + +### Caleb La Grange + +Caleb contributed heavily to the Libreboot build system, and even implemented +the first version of +Libreboot's [vendor inject script](docs/install/ivy_has_common.md), back when +it was part of the erstwhile osboot project, which formally merged with +Libreboot in November 2022. + +Before Caleb came along, Libreboot didn't have any sort of structure in its +package management. The current `include/git.sh` script in Libreboot, which +uses a centralised set of configuration files, is ultimately derived from the +work that Caleb did. + +Caleb was the one who figured out how to auto-download and neuter the Intel ME +on ThinkPad T440p, where previous osboot versions had used one that had to be +extracted from a dump of the original firmware; the Heads project also made use +of his work, in their project, to add the ThinkPad T440p, since their build +system focuses a lot on reproducibility so they place an emphasis on auto +downloading such files, to get the same version each time. Caleb's work in +Libreboot was largely inspired by Heads, which did the same thing at that time +on the ThinkPad X230. Libreboot's checksum-based design was also implemented +by him; when inserting vendor files, checksums are verified on images, to +ensure that they match what was built in the original release, for each given +release. + +Caleb worked heavily on the Libreboot documentation, vastly improving much of +the installation instructions, and provided a lot of user support on IRC. + +In general, Caleb heavily audited the entire project. The very nature of its +design, now, is based directly on the work that he did, when looking at the +design of the build system. The various Libreboot build system audits that +started in 2023 were essentially turbo-charged versions of the same work he +was doing. + +Caleb has also been a good friend to me, Leah, and provided a lot of advice +during the osboot merger. I avoided a lot of stupid mistakes because of his +advice. + +### Canberk TURAN + +Added Turkish Q keyboard layout to Libreboot's GRUB payload. + +### Damien Zammit Maintains the Gigabyte GA-G41M-ES2L coreboot port, which is integrated in libreboot. Also works on other hardware for the benefit of the @@ -152,8 +219,11 @@ Damien didn't work directly on Libreboot itself, but he worked heavily with Leah Rowe, integrating patches and new board ports into Libreboot, based on Damien's upstream work on coreboot. -Denis Carikli -------------- +### Daniil Prokofev + +Translated several Libreboot website pages into the Russian language. + +### Denis Carikli Based on the work done by Peter Stuge, Vladimir Serbinenko and others in the coreboot project, got native graphics initialization to work on the @@ -174,8 +244,52 @@ didn't work with ACPI based brightness controls. Others in coreboot later improved it, making ACPI-based backlight controls work properly, based on this earlier work. -Ferass El Hafidi --------- +Very cool guy!!! + +### Eason aka ezntek + +Sent a SOIC8 photo for Raspberry Pi Pico pinout, where previously only SOIC16 +info existed. Also added info about `thinkpad_acpi` Linux kernel module for +ThinkPad T480. + +I (Leah) worked with ezntek on some testing and he discovered several bugs +on the ThinkPad T480, while Mate and I were working on it for Libreboot. + +ezntek wrote this guide: + + +This guide was written based on my and other people's help, on IRC, while we +were in the process of adding the T480 to Libreboot. Several parts of this guide +were in fact used to improve the Libreboot guide, such as the info about how +to update the Lenovo UEFI firmware prior to Libreboot installation, by using +USB boot media instead of needing to boot Windows. + +Eason's guide also made number one on hacker news that day, and as a result, +many more people learned about Libreboot, especially its support for T480, +which helped to spread the news about the work. + +Absolute legend. One of Libreboot's many great champions. + +### E. Blåsten + +Documented several quirks of the MacBook2,1 and ThinkPad X200T, such as +swivel/rotation on X200T, and various alt keys on the MacBook to make it more +usable with Linux, when used on Libreboot. + +Also helped me (Leah) in a very fundamental way, in 2018. The help I got enabled +me to be who I am today. + +### Fedja Beader + +Wrote several guides for Libreboot, including the original version of the +GRUB hardening guide. Wrote the info about the Linux kernel panic/netconsole +on Libreboot's FAQ. + +Also sent some small fixes to Libreboot's GRUB configuration, enabling USB +devices to boot more reliably. Also improved Libreboot's documentation +pertaining to Full Disk Encryption. + +### Ferass El Hafidi Added cstate 3 support on macbook21, enabling higher battery life and cooler CPU temperatures on idle usage. @@ -184,17 +298,44 @@ Also has a series of extensive improvements to the entire Libreboot system; for example, Ferass made the entire build system use POSIX `sh`, removing bashisms that previously plagued it. +Libreboot's original support for cross-compiling AArch64 coreboot was added +by him. He also submitted a few bug fixes to the GRUB configuration used by +Libreboot. + This is IRC nick `f_` on Libreboot IRC. Cool guy! -Jeroen Quint ------------- +### hslick + +Documented Arch Linux ARM installation on ARM64 U-Boot targets. + +### Integral + +Translated the Libreboot home page into Chinese language. + +### Jason Lenz + +Sent instructions for installing Debian Linux on ARM64-based chromebooks +with Libreboot and Alper's U-Boot ARM64 payload. + +### Jeroen Quint Contributed several fixes to the libreboot documentation, relating to installing on Arch-based systems with full disk encryption on libreboot systems. -Joshua Gay ----------- +### John Doe + +This person never gave their name, but they sent two patches: + +``` +* 676eb110c7f Perform the silentoldconfig step of seabios before full make +* acc57bda6df scripts: process git versions when lbmk is a worktree or submodule +``` + +Every contribution is appreciated. Every contributor gets their own entry in +the Libreboot Hall of Fame. + +### Joshua Gay Joshua was in a position during 2014-2016 to help promote Libreboot in the media, in his capacity working for the employer he worked for at the time; @@ -204,14 +345,16 @@ He made sure everyone knew what I was doing, and he taught me a *lot* about licensing; many of Libreboot's practises today are still based on his lessons, such as the pitfalls of GPL compliance and how to really audit everything. -Klemens Nanni -------------- +### Klemens Nanni Made many fixes and improvements to the GRUB configuration used in libreboot, and several tweaks to the build system. -Lisa Marie Maginnis -------------------- +### Linear Cannon + +Added NetBSD support for `dell-flash-unlock`. + +### Lisa Marie Maginnis Lisa was one of Libreboot's early contributors to Libreboot. She personally helped me set up a lot of the early infrastructure, including things like IRC, @@ -225,8 +368,15 @@ in Libreboot, e.g. ASUS Chromebook C201PA - at the time, this was using Google's own Depthcharge payload, which you can find in 2016 Libreboot releases. -Lorenzo Aloe ------------- +### Livio + +Sent a small enhancement for GRUB, allowing the user to turn on or off several +options at boot time, such as graphical options or spkmodem output, so that +these features can be included on every image, and used flexibly. + +Sent some small fixes to the QEMU target, fixing a bug in the SMBIOS info. + +### Lorenzo Aloe Provided hardware testing for the [Dell OptiPlex 9020](docs/install/dell9020.md), also provided testing for proxmox with GPU passthrough on Dell Precision T1650, @@ -236,13 +386,63 @@ that OS is not natively supported. All round good guy, an honest and loyal fan. -Marcus Moeller --------------- +### Luke T. Shumaker + +Sent a patch to Libreboot, fixing vboot on 32-bit (i686) hosts; it previously +only compiled on 64-bit x86 (amd64) machines. + +### Marcus Moeller Made the libreboot logo. -Nicholas Chin -------------- +### Mate Kukri + +Mate Kukri is a *major* contributor to Libreboot, and several of the upstreams +that it uses; he is a coreboot developer, and also contributes heavily to the +GRUB bootloader project. + +Off the top of my head, here are just a few of the contributions that he has +made: + +* Wrote several enhancements for `pico-serprog`, based on the original work + done by [stacksmashing](https://github.com/stacksmashing), who also has + this very interesting [youtube channel](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw); + Riku's work is heavily inspired by Mate's and stacksmashing's work. +* Ported the Dell OptiPlex 9020 SFF and MT, and provided several fixes on it + for the Libreboot project; several fixes that I (Leah) did were also based on + advice that he gave me. +* Wrote the [deguard](docs/install/deguard.md) utility for disabling Intel + Boot Guard on MEv11; this is used for the Dell OptiPlex 3050 Micro + and ThinkPad T480 ports. +* Ported the Dell OptiPlex 3050 Micro and Lenovo ThinkPad T480/T480s to + coreboot, directly providing Leah with advice when integrating these ports + into Libreboot. This work included heavy amounts of reverse engineering + Lenovo's EC firmware. +* Ported the ASUS H610M-K D4 motherboard to coreboot, an Alderlake machine that + Libreboot is interested in, for the release planned by April 2025; this + bullet-point is being written on 5 January 2025 prior to its addition in + Libreboot. +* Wrote the NVMe driver that Libreboot uses in GRUB, based upon work done for + the SeaBIOS project. + +Mate Kukri is a hero to the Libreboot project. Without him, Libreboot would not +be what it is today. + +### Michael Reed + +Wrote Libreboot's original OpenBSD installation guide. + +Also sent fixes to the original static site generator that Alyssa wrote, upon +which the Untitled Static Site Generator was later based. + +### Michał Masłowski + +Sent several fixes to Libreboot's early build system, back in the early days +of the project. Also taught Leah how to use Git, because the very first revisions +were released only as tarballs, without Git history; the first commits in +the old repository were imports of those tarballs. + +### Nicholas Chin [Ported Dell Latitude E6400 to Libreboot](news/e6400.md) and also [Dell Latitude E6430](docs/install/latitude.md) - author of @@ -250,23 +450,52 @@ the `dell-flash-unlock` (formerly `e6400-flash-unlock`) utility, which can unlock the flash on these boards, allowing internal flashing of Libreboot directly from host OS running under the original Dell firmware. -Patrick "P. J." McDermott ---------------------------- +Nicholas has ported many more Dell Latitude laptops to Libreboot, and he works +heavily on the upstream coreboot project. In fact, *every* Dell Latitude +board supported in Libreboot was done by him, at least as of 5 January 2025. + +Nicholas has provided countless hours of user support on the Libreboot IRC +channel and in those of projects which Libreboot uses, and submitted many +fixes to Libreboot, both in terms of code and documentation. + +He has advised me, Leah, on many occasions, teaching me things. Needless to +say, he is one of Libreboot's champions. + +Nicholas also contributes to coreboot heavily, to flashprog, and several +other projects that Libreboot uses. + +### 0xloem + +Added info about LPC flashing on Libreboot's external flashing guide. + +### Patrick "P. J." McDermott Patrick also did a lot of research and wrote the libreboot FAQ section relating to the [Intel Management Engine](../faq.md#intelme), in addition to making several improvements to the build system in libreboot. **Former libreboot project maintainer.** -Paul Kocialkowski ------------------ +### Patrick Rudolph + +Coreboot developer. Also wrote the xHCI GRUB driver, that Libreboot uses; +without it, several ports in Libreboot would not be feasible, unless they +excluded GRUB as a payload, because several newer Intel platforms no longer +have (or configure) EHCI controllers. Upstream GRUB currently has no xHCI +driver, but Patrick sent patches in 2020 that Libreboot later re-based, +on top of GRUB 2.12. + +### Paul Kocialkowski Ported the ARM (Rockchip RK3288 SoC) based *Chromebook* laptops to libreboot. Also one of the main [Replicant](http://www.replicant.us/) developers. -Paul Menzel ------------ +He was also responsible for the original re-write of the Libreboot build +system, upon which Libreboot's effort from 2017-2021 was based; ultimately, +this work never became stable and the work was scrapped in 2021, in favour of +the current Libreboot build system design, named lbmk. + +### Paul Menzel Investigated and fixed a bug in coreboot on the ThinkPad X60/T60 exposed by Linux kernel 3.12 and up, which caused 3D acceleration to stop @@ -279,15 +508,17 @@ Paul worked with Libreboot on this, sending patches to test periodically until the bug was fixed in coreboot, and then helped her integrate the fix in libreboot. -Peter Stuge ------------ +### Peaksol + +Translated several pages, including the SPI flashing guide, into Chinese +language. + +### Peter Stuge Helped write the [FAQ section about DMA](../faq.md#hddssd-firmware), and provided general advice in the early days of the project. Peter was a coreboot developer -in those days, and a major developer in the *libusb* project (which flashrom +in those days, and a major developer in the *libusb* project (which flashprog makes heavy use of). -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) -now, as of 27 January 2024. Peter also wrote the *bucts* utility used to set Backup Control (BUC) Top Swap (TS) bit on i945 laptops such as ThinkPad X60/T60, which is useful for a @@ -300,16 +531,72 @@ bucts before flashing the ROM again, to flash the main bootblock. Libreboot hosts a copy of his work, because his website hosting bucts is no longer responsive. -Riku Viitanen -------------- +### Riku Viitanen Added support for HP Elite 8200 SFF desktop PC to Libreboot. You can read about this in the hardware page: [HP Elite 8200 SFF](docs/install/hp8200sff.md) -Steve Shenton -------------- +Riku also ported the HP Elite 8300 USDT. + +Riku implemented MXM support as an INT15h handler in SeaBIOS, and wrote +some tooling for it, which enables the HP EliteBook 8560w port to work reliably +in Libreboot. + +Riku also added the HP Folio 9470m to Libreboot. + +Riku is also in charge of Libreboot's fork of `pico-serprog`, which is used +to provide serprog firmware on Raspberry Pi Pico devices. These devices can +be used to set up a cheap but reliable NOR flasher, which is now the default +recommended one for flashing Libreboot externally. Riku's fork contains several +enhancements, such as a higher default drive level of 12mA and the ability to +control multiple chip select pins, useful for flashing dual-chip Intel boards. + +Riku has submitted numerous bug fixes to many boards, and generally sent many +improvements for the build system and also the Libreboot documentation. He +also added the HP EliteBook 2560p to Libreboot. + +Riku also contributes to coreboot and flashprog, and several other projects +that Libreboot uses. + +### samuraikid + +Added Portuguese keyboard layout to Libreboot's GRUB payload. + +### semigel + +Added BTRFS subvolume support to Libreboot's GRUB configuration, for auto-booting +various Linux distros. + +### Simon Glass + +Simon Glass is principally responsible for the x86 U-Boot payload that Libreboot +now uses as a coreboot payload. Simon provided Leah with several critical patches +and advised Leah on several aspects of U-Boot's design, that helped a lot +when integrating it. + +Without him, Libreboot would not have a functioning U-Boot implementation on +x86. + +### Snooze Function + +Translated several pages on the Libreboot documentation into the German +language. + +### StackSmashing + +Author of the original [pico-serprog](https://github.com/stacksmashing/pico-serprog) +project, upon which Libreboot's fork (maintained by Riku Viitanen) is based. + +StackSmashing didn't do this specifically for Libreboot, but their work is +outstanding, so their name is honoured here. + +StackSmashing also has a [YouTube channel](https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw) +with a lot of really cool videos on it about all things electronics, and hacking +of electronics. Check it out! + +### Steve Shenton Steve did the early reverse engineering work on the Intel Flash Descriptor used by ICH9M machines such as ThinkPad X200. He created a C struct defining (using @@ -344,23 +631,21 @@ engineered the layout of the Intel GbE NVM (non-volatile memory) region in the boot flash. This region defines configuration options for the onboard Intel GbE NIC, if present. -Based on this, I was able to take Steve's initial proof of concept and write +Based on this, I was able to take Steve's initial proof of concept +and work with him extensively to write the `ich9gen` utility, which generates an Intel Flash Descriptor and GbE NVM -region, from scratch, without an Intel ME region defined. It is this tool, -the `ich9gen` tool, that Libreboot uses to provide ROM images for GM45+ICH9M +region, from scratch, without an Intel ME region defined, +without needing a dump of the original Lenovo BIOS firmware. +Libreboot used to use `ich9gen` to provide ROM images for GM45+ICH9M platforms (such as ThinkPad X200/T400/T500/W500), with a fully functional descriptor and functional Gigabit Ethernet, but *without* needing Intel Management Engine (ME) firmware, thus making those machines *libre* (the ME is fully disabled, when you use a descriptor+gbe image generated by `ich9gen`). +Note that `ich9gen` is now obsolete as the Flash Descriptor and NVM region +are generated pre-assembled, and `nvmutil` is used to change MAC addresses +instead. -With *my* `ich9gen` tool (Steve's tool was called `ich9deblob`), you didn't -need a dump of the original Lenovo BIOS firmware anymore! I could not have -written this tool, without Steve's initial proof of concept. I worked with him, -extensively, for many months. All GM45+ICH9M support (X200, T400, etc) in -Libreboot is made possible because of the work he did, back in 2014. - -Swift Geek ----------- +### Swift Geek Contributed a patch for ich9gen to generate 16MiB descriptors. @@ -377,14 +662,17 @@ lot about hardware. Swift Geek also did some upstream development on GRUB. Swift Geek has provided technical advice on numerous occasions, to Leah Rowe, and helped her to improve her soldering skills in addition to teaching her some repair skills, to the point where she can now repair most faults on -ThinkPad mainboards (while looking at the schematics and boardview). +ThinkPad motherboards (while looking at the schematics and boardview). Swiftgeek left the project in March 2021. I, Leah Rowe, wish him all the best in his endeavours, and I'm very grateful to his numerous contributions over the years. -Timothy Pearson ---------------- +### Timothee Benedet + +Translated several Libreboot website pages into the French language. + +### Timothy Pearson Ported the ASUS KGPE-D16 board to coreboot for the company Raptor Engineering of which Timothy is the CEO. @@ -395,8 +683,7 @@ contact details are on the raptor site. **D16 support was removed on 19 November 2022. You can still use older revisions of Libreboot, and older release versions.** -Vladimir Serbinenko -------------------- +### Vladimir Serbinenko Ported many of the thinkpads supported in libreboot, to coreboot, and made many fixes in coreboot which benefited the libreboot project. @@ -406,3 +693,13 @@ Intel platforms in Libreboot, when flashing it (now rewritten by others in Ada, for libgfxinit in coreboot, but originally it was written in C and included directly in coreboot; libgfxinit is a 3rdparty submodule of coreboot). + +### Vladislav Shapovalov + +Translated several pages of the Libreboot website into Ukranian language. + +------------------------------------------------------------------------------- + +**Did we forget your name?** + +**If so, and you would like to be listed here, please contact the Libreboot project.** diff --git a/site/docs/bsd/index.md b/site/docs/bsd/index.md index fedc9cb..c7ebb53 100644 --- a/site/docs/bsd/index.md +++ b/site/docs/bsd/index.md @@ -1,26 +1,120 @@ --- -title: BSD operating systems +title: Install a BSD operating system on Libreboot x-toc-enable: true ... -Guide last updated on 16 November 2022. +It is assumed here that you are using the *SeaBIOS* payload, *not* the GRUB +payload; the U-Boot payload may also work, but that is not covered here. The +SeaBIOS payload must ideally run in text mode (`txtmode` images from Libreboot +releases). -NOTE: This guide pertains to x86 hosts, and does not cover supported CrOS/ARM -chromebooks. For ARM targets, you should refer to u-boot documentation. +This guide pertains to x86 hosts, and does not cover supported CrOS/ARM +chromebooks. For ARM targets, you should refer to [u-boot +documentation](../uboot/) - and [U-Boot x86](../uboot/uboot-x86.md) is also +available. The U-Boot x86 payload is interesting, because it can in fact boot +OpenBSD via UEFI method (U-Boot provides a lightweight UEFI implementation +independently of, say, EDK2). -libreboot is capable of booting many BSD systems. This section mostly documents -the peculiarities of libreboot as it pertains to BSD; you can otherwise refer to -the official documentation for whatever BSD system you would like to use. +What is BSD? +------------ -Kernel Mode Setting -=================== +In our context, we are referring to those descendents of 4.4BSD-Lite starting +in the early 1990s. On balance, they are about equal to Linux in many ways, +and some would argue that they are *better* (higher code quality). It can be +said that the BSDs are the closest we have to *true* open source Unix systems, +since they ultimately descend from that code lineage. For example, the +FreeBSD project briefly covers its own history in the Hand Book: + + +Chief among them are: + +* [FreeBSD](https://www.freebsd.org/) (HardenedBSD probably also works) +* [NetBSD](https://netbsd.org/) +* [OpenBSD](https://www.openbsd.org/) +* [DragonFlyBSD](https://www.dragonflybsd.org/) (UNTESTED) + +**TODO: DragonFlyBSD is untested, as of January 2025. It ought to be tested.** + +Many other BSD systems exist, that are largely derived from these. + +Why use BSD (instead of Linux)? +------------------------------- + +BSD operating systems are in wide use today, powering much of the world's +most critical infrastructure, and they're quite competent laptop/desktop or +workstation systems. Some of them have unique features that you can't find +anywhere else (e.g. FreeBSD jails, OpenBSD's numerous security enhancements, +NetBSD's rump kernel design and clean code quality). + +BSD systems are superficially similar to Linux systems, but they are very +different under the hood (different kernel designs, different userspace +implementations, and so on). However, almost all of the Linux userspace programs +that you enjoy using are probably available in the various BSD *ports trees*, +or they can be compiled with little to no modification. This is because, despite +the actual differences under the hood, the BSDs and various Linux distros all +adhere to the same basic standards (e.g. Single Unix Specification). + +If you want to enjoy using a high quality operating system, with many unique +features, BSD systems can be quite fun to use, and quite challenging. They tend +to have a much more conservative take on implementations, compared to Linux +distros, instead opting for technical correctness and minimalism; this is a +good thing, because lots of Linux distros these days are extremely bloated. +Using a BSD system feels like Linux did in the year 2005, just with much better +hardware support, and that's a *good thing*; the reason why is that BSD systems +simply have fewer users, and a higher concentration of *technical* users, and +this *shows* when you use it. Linux is *much* more mass market and has to cater +to all sorts of people, and these days Linux distros have to *Just Work*. + +You can look at the documentation of each BSD system and try each one out, to +see which one is right for you. Be warned, BSD systems *are* typically harder +to use than Linux systems. Even the most seasoned Linux user will often have a +hard time with any BSD, if it's their first time using a BSD system. This is +mitigated by excellent documentation, which is one of the things that the BSDs +excel at, but you are expected to *read* the documentation; many Linux distros +try to hold your hand ("it Just Works"), but the BSDs generally don't do that. + +If you're already a power user on Linux, and comfortable with the more hands-on +distros like Arch Linux or Gentoo Linux, you'll have a much easier time +learning a BSD. FreeBSD for example comes completely barebones by default, and +you add packages to it, configuring it to your liking, much like Arch Linux; if +you're wily enough, you might also use the CURRENT tree and install all packages +by building them from *ports* (akin to how Gentoo Linux is used). + +BSD systems also have much more relaxed licensing than Linux systems, by and +large; most of the software in the base system, on any BSD project, will use +a permissive license instead of copyleft. They can be regarded as Free Software, +but it's a very different ideology than, say, GNU. Some might argue that this +is better, because licensing conflicts are common among copyleft licenses, even +among different versions of the GPL. A BSD-style license permits *anyone* to +use the code, *without* requiring modified versions to ship source code, so it +can be said that the BSD license model contains [far fewer +restrictions](https://docs.freebsd.org/en/articles/bsdl-gpl/). One might say +that the BSD systems are *more free* than GNU/Linux systems. + +Basically, your choice to use BSD will likely be based on a combination of +technical and/or ideological preferences. But don't say we didn't warn you. +BSD is hard. On the flip side of that coin, BSD is *easy*, because it forces +you to really learn how your system works; when you become proficient with +BSD, you'll learn everything else much easier, and you may find yourself doing +things more efficiently *in Linux* as well! + +That's enough BSD fanaticism. Please read the following sections, *before* +you embark on your BSD Libreboot journey: + +Common issues with BSD+Libreboot +-------------------------------- + +This page will not tell you how to install BSD systems; that is best left to +the documentation for your BSD system. Instead, these next sections cover only +the idiosyncrasies of Libreboot as they relate to BSD: + +### Kernel Mode Setting Your BSD system *must* support Kernel Mode Setting for your graphics device (most of them do nowadays). The reasons will become apparent, as you read this article. -Boot BSD, using SeaBIOS -======================= +### Boot BSD, using SeaBIOS On x86 platforms, Libreboot provides the choice of GRUB and/or SeaBIOS payload. GRUB can technically boot BSD kernels, but the code is @@ -37,8 +131,18 @@ If you don't plan to set up Xorg/Wayland, then that's all you really need to do. For example, you might want to run a headless server, in which case you probably don't mind running in text mode all the time. -OpenBSD and corebootfb ----------------------- +#### GRUB payload + +GRUB *can* directly boot many BSD systems, but this is ill advisable. You are +advised to use either SeaBIOS, and boot a BIOS-based BSD bootloader, or use +Libreboot's [U-Boot payload](../uboot/) and use it to boot via UEFI; U-Boot's +bootflow menu can achieve this. + +The U-Boot coreboot payload is still experimental, on ARM64 *and* x86/x86\_64, +so you should probably use SeaBIOS for now (on x86). U-Boot is the *only* +coreboot payload for Libreboot on ARM64 motherboards. + +### OpenBSD and corebootfb It's still recommended to use SeaBIOS in text mode, but OpenBSD specifically can work with SeaBIOS booting in a coreboot framebuffer, with SeaVGABIOS. In @@ -46,19 +150,22 @@ Libreboot ROM images, this would be SeaBIOS images with `corebootfb` in the file name. Make sure to select MBR-style partitioning on the installer, and it will -Just Work. +Just Work. **GPT partitioning won't work in OpenBSD, if you use the SeaBIOS +payload, but will work if you boot/install it via UEFI boot method with +Libreboot's [U-Boot UEFI payload](../uboot/uboot-x86.md) instead.** If you're using the GRUB payload but SeaBIOS is available in the boot menu, you can just select SeaBIOS at said menu, and OpenBSD will work fine. -FreeBSD and corebootfb ----------------------- +### FreeBSD and corebootfb Assumed broken, so please ensure that you boot with SeaBIOS payload in text mode (lbmk ROM images with `txtmode` in the file name, not `corebootfb`). -Warnings for X11 users ----------------------- +Please boot in *text mode*. FreeBSD can be configured to use KMS, if you need +Xorg or wayland. + +### Warnings for X11 users One important peculiarity of most libreboot systems is: VGA mode support exists, if booting with corebootfb (coreboot's own framebuffer) and @@ -113,43 +220,7 @@ You should not rely on the above instruction (for FreeBSD), because the exact step might change, and it does not go into full detail either. Refer to the documentation provided by your system, to know how KMS is configured. -ALWAYS READ THE MANUAL ----------------------- - -All of the BSDs have *excellent* documentation; it's one of the defining -characteristics, versus typical Linux distros. - -Aside from this quirk in coreboot, regarding *BIOS* video modes, the BSDs -otherwise work in exactly the same way as you would expect, and you can -follow along to their official documentation without much fuss. - -No specific or detailed guides will be provided here, because SeaBIOS is -fairly self-explanatory; you can otherwise refer to the SeaBIOS -documentation. - -If you're flashing a ROM for a machine where `seabios_withgrub` -and `seabios_grubfirst` ROMs are available, choose `seabios_withgrub`. - -DO NOT USE ROM IMAGES WITH `seabios_grubfirst` IN THE FILE NAME! These were -present in older Libreboot releases, and supported in previous revisions -of the build system, but they did not work for the intended purpose. More -info is written on the [Libreboot installation guide](../install/). ROM -images with `seabios_grubfirst` in the filename will NOT be included in -future Libreboot releases. - -Dubious mention: Tianocore --------------------------- - -Tianocore is extremely bloated, and unauditable, so it is not included -in Libreboot firmware, but it is the reference UEFI implementation by -Intel and contributors. It can boot most BSD systems very well. - -More robust ways to provide UEFI services in Libreboot are to be investigated. -Tianocore integration will not be provided officially, in any current or future -releases of Libreboot. - -Desktop users -------------- +### Desktop users NOTE: This section may not be full accurate; for example, the hardware page about HP Elite 8200 SFF talks about use of graphics cards on both corebootfb @@ -173,3 +244,36 @@ extremely expensive computationally speaking. This is why modern kernels You can learn more about INT10H text/VGA modes here: + +If you use the *U-Boot* payload, INT10H is irrelevant because you will rely on +an EFI framebuffer instead, which U-Boot does provide (piggybacking off of the +coreboot framebuffer where one is available). + +Regardless of whether you have an EFI framebuffer or INT10H VGA interrupts, +the various BSD systems all support KMS so you should be able to use Xorg or +Wayland just fine. + +ALWAYS READ THE MANUAL +---------------------- + +All of the BSDs have *excellent* documentation; it's one of the defining +characteristics, versus typical Linux distros. This is precisely *because* +the BSDs develop everything in-house, so the various components of a BSD +system are much more heavily integrated, and this means that they can provide +much more reliable documentation; reliable from both the user's perspective +and from the perspective of technical correctness. + +Aside from these and other quirks when installing BSD *on Libreboot*, the BSDs +otherwise work in exactly the same way as you would expect, and you can +follow along to their official documentation without much fuss. + +No specific or detailed guides will be provided here, because SeaBIOS is +fairly self-explanatory; you can otherwise refer to the SeaBIOS +documentation. + +DO NOT USE ROM IMAGES WITH `seabios_grubfirst` IN THE FILE NAME! These were +present in older Libreboot releases, and supported in previous revisions +of the build system, but they did not work for the intended purpose. More +info is written on the [Libreboot installation guide](../install/). ROM +images with `seabios_grubfirst` in the filename will NOT be included in +future Libreboot releases. diff --git a/site/docs/bsd/index.md.description b/site/docs/bsd/index.md.description new file mode 100644 index 0000000..5168476 --- /dev/null +++ b/site/docs/bsd/index.md.description @@ -0,0 +1 @@ +Learn how to install OpenBSD, FreeBSD, NetBSD and other BSD operating systems on Libreboot. Libreboot provides free/opensource BIOS/UEFI firmware based on coreboot. diff --git a/site/docs/build/index.md b/site/docs/build/index.md index 06ddc41..f327b83 100644 --- a/site/docs/build/index.md +++ b/site/docs/build/index.md @@ -1,32 +1,39 @@ --- -title: Build from source +title: Compile Libreboot from source x-toc-enable: true ... -WARNING: Flash from bin/, NOT elf/ -================================== - -**WARNING: When you build a ROM image from the Libreboot build system, please -ensure that you flash the appropriate ROM image from `bin/`, NOT `elf/`. -The `elf/` coreboot ROMs do not contain payloads. Libreboot's build system -builds no-payload ROMs under `elf/`, and payloads separately under `elf/`. Then -it copies from `elf/` and inserts payloads from `elf/`, and puts the final ROM -images (containing payloads) in `bin/`. This design is more efficient, and -permits many configurations without needless duplication of work. More info -is available in the [lbmk maintenance manual](../maintain/)** +If you need to build Libreboot from source, this guide is for you. Introduction -============ +------------ -libreboot's build system is named `lbmk`, short for `LibreBoot MaKe`, and this +Libreboot's build system is named `lbmk`, short for `LibreBoot MaKe`, and this document describes how to use it. With this guide, you can know how to compile libreboot from the available source code. The following document describes how `lbmk` works, and how you can make changes to it: [libreboot maintenance manual](../maintain/) +### WARNING: eCryptfs file name limits + +Do not run the build system on a eCryptfs file system, because it has +very short file name limits and Libreboot's build system deals with very +long file names. We commonly get reports from this by Linux Mint users +who encrypt their home directory with eCryptfs; regular LUKS encryption will +do nicely. + +System requirements +------------------- + +You must ensure that you have the correct operating system, CPU, RAM, disk space +and so on. + +System requirements are documented in +the [lbmk maintenance manual](../maintain/#system-requirements). + Multi-threaded builds -===================== +--------------------- Libreboot's build system defaults to a single build thread, but you can change it by doing e.g. @@ -40,42 +47,22 @@ is passed, where THREADS is the number of threads. This is also set when running xz commands for compression, using the `-t` option. Environmental variables -======================= +----------------------- Please read about environmental variables in [the build instructions](../maintain/), before running lbmk. You should set your variables accordingly, though you do not technically need to; some -of them may be useful, e.g. `LBMK_THREADS` (sets the number of build threads). +of them may be useful, e.g. `XBMK_THREADS` (sets the number of build threads). Sources -======= +------- This version, if hosted live on libreboot.org, assumes that you are using the `lbmk` git repository, which you can download using the instructions on [the code review page](../../git.md). -A note about documentation (and this page) ------------------------------------------- - -From Libreboot 20231021 onwards, *all* releases (including 20231021) -have `lbwww.git` (the website) and `lbwww-img.git` (images for the website) -archived in the *src* tar archive for that release; older releases were hit -or miss, from 20210522 to 20230625, as to whether they came with documentation; -releases older than 20210522 generally always came with documentation. Modern -Libreboot documentation is written in Markdown (pandoc variant) - -If you're working with *release* documentation, you don't get the full HTML -files (such as the one you're viewing now, if you're reading *this* page in a -web browser), so either read the Markdown files directly, or compile them to -HTML using the [Untitled Static Site Generator](https://untitled.vimuser.org/) -(which is what the Libreboot project uses to generate HTML from those files). - -NOTE: `av.libreboot.org` is hardcoded as the domain name where images are -pointed to, in `lbwww.git`, so you will need to replace these references in -your local version, unless you're happy to just continue using those. - Git -=== +--- Libreboot's build system uses Git, extensively. You should perform the steps below, *even if you're using a release archive*. @@ -94,39 +81,20 @@ Change the name and email address to whatever you want, when doing this. You may also want to follow more of the steps here: -Python -====== - -You should ensure that the `python` command runs python 3, on your system. -Python2 is unused by lbmk or anything that it pulls down as modules. - -If building on Debian/Ubuntu based systems, you can achieve that via: - - sudo apt install python-is-python3 - -On Fedora, you can use the following - - sudo dnf install python-unversioned-command - -On most modern distros, Python 2 is no longer included and Python 3 will be -the only one available on the `python`. - How to compile Libreboot -======================== +------------------------ Actual development/testing is always done using lbmk directly, and this includes when building from source. Here are some instructions to get you started: -Zero..st, check time/date -------------------------- +### Zero..st, check time/date Make sure date/hwclock report the correct time and date on your system, because parts of the build process download from HTTPS servers and wrong time or date can cause connections to be dropped during negotiation. -First, install build dependencies ---------------------------------- +### First, install build dependencies Libreboot includes a script that automatically installs build dependencies according to the selected linux distro. @@ -143,12 +111,16 @@ or or - ./mk dependencies fedora38 + ./mk dependencies fedora41 or ./mk dependencies arch +NOTE: For versioned files, such as `fedora41`, typically other versions will +be available too, e.g. `fedora38`. Make sure to check `config/dependencies/`, +so that you know whether or not a file is available for your distro. + NOTE: In case of Ubuntu 20.04 LTS or derived distros for that specific release, use the dedicated configuration file: @@ -160,8 +132,59 @@ Technically, any Linux distribution can be used to build libreboot. However, you will have to write your own script for installing build dependencies. -Next, build ROM images ----------------------- +### Debian Trixie/Sid + +Debian Trixie, the testing release as of 3 January 2025, and Debian Sid, +provide `gnat` and `gcc` as you expect, but `gnat` resolves to `gnat-13` and +installs `gcc-13` as a dependency, while `gcc` resolves to `gcc-14` and other +toolchain components correspond to this version. + +The GCC/GNAT versions need to match during build time, so Libreboot's build +system hacks the `PATH` environmental variable, setting up symlinks, matching +GNAT to GCC or GNAT to GCC. When you run `./mk dependencies debian`, you get +GNAT 13 and GCC 14. This seems to make most boards compile; in our testing, the +KGPE-D16 board failed to compile in this configuration. This PATH hack is only +done for compiling the coreboot crossgcc toolchain, and nothing else; after that, +coreboot's toolchain is used. + +GNAT is used by coreboot, because some of the Intel graphics devices are +initialised natively, with code written in Ada spark (called `libgfxinit`). + +When updating from Debian stable to Debian Trixie(testing) or Sid, you should +also check for orphaned packages, using `aptitude search '~o'`. Do this, +removing what was leftover from the old release, and make sure to re-run the +Debian dependencies script, but do it like this: + + ./mk dependencies debian --reinstall + +For better reliability, you should, after running the dependencies script, +remove `gnat` and install `gnat-14` instead, which is available on this day +of 3 December 2025, but currently marked experimental. When you install +GNAT 14, GNAT 13 is removed but `gnat` (in `PATH`) still won't resolve to +anything. Libreboot *still* accomodates this, detecting and matching the GCC +and GNAT versions, which would in this instance match version 14 between them, +so that `gnat` and `gcc` are both in PATH at build time, resolving to v14.x. +When we tested with this configuration, the KGPE-D16 images also compiled. + +NOTE: Ubuntu 24.10 also has the issue described above. Some other distros may +also have it, if they're based on Debian Testing/Sid or Ubuntu 24.10. + +### MIPS cross compiler + +Libreboot has support for the Sony PlayStation (PS1/PSX), based on +the PCSX-Redux Open BIOS. If you're doing a full release build, and/or +specifically building the PSX BIOS, you need a MIPS cross compiler. + +Arch-based systems have a mipsel cross compiler available from AUR, and most +Debian-based systems have a mipsel cross compiler in apt; for these, the normal +dependencies installation command will provide them. We know Void Linux and +Fedora don't have a MIPS compiler, for instance. + +If your distro doesn't have the MIPS compiler available, +the [PlayStation](../install/playstation.md) page provides instructions for +manual installation; please do this in addition to the normal dependencies. + +### Next, build ROM images Libreboot MaKe (lbmk) automatically runs all necessary commands; for example, `./mk -b coreboot` will automatically build the required payloads @@ -180,8 +203,7 @@ or get a list of supported build targets: ./mk -b coreboot list -Or maybe just build payloads? ------------------------------ +### Or maybe just build payloads? If you wish to build payloads, you can also do that. For example: @@ -206,3 +228,24 @@ example want to modify a config, e.g.: Or perhaps add a new board! The maintenance manual will teach you how the Libreboot build system (lbmk) works! + +A note about documentation (and this page) +------------------------------- + +From Libreboot 20231021 onwards, *all* releases (including 20231021) +have `lbwww.git` (the website) and `lbwww-img.git` (images for the website) +archived in the *src* tar archive for that release; older releases were hit +or miss, from 20210522 to 20230625, as to whether they came with documentation; +releases older than 20210522 generally always came with documentation. Modern +Libreboot documentation is written in Markdown (pandoc variant) + +If you're working with *release* documentation, you don't get the full HTML +files (such as the one you're viewing now, if you're reading *this* page in a +web browser), so either read the Markdown files directly, or compile them to +HTML using the [Untitled Static Site Generator](https://untitled.vimuser.org/) +(which is what the Libreboot project uses to generate HTML from those files). + +NOTE: `av.libreboot.org` is hardcoded as the domain name where images are +pointed to, in `lbwww.git`, so you will need to replace these references in +your local version, unless you're happy to just continue using those. + diff --git a/site/docs/build/index.md.description b/site/docs/build/index.md.description new file mode 100644 index 0000000..955efdc --- /dev/null +++ b/site/docs/build/index.md.description @@ -0,0 +1 @@ +Libreboot project documentation. Learn about Libreboot installation, how Libreboot is designed and how you can contribute to the project. diff --git a/site/docs/build/index.uk.md b/site/docs/build/index.uk.md index de7ca0a..d984a0f 100644 --- a/site/docs/build/index.uk.md +++ b/site/docs/build/index.uk.md @@ -3,22 +3,12 @@ title: Побудова з джерельного коду x-toc-enable: true ... -WARNING: Flash from bin/, NOT elf/ -================================== - -TODO: translate this section into ukrainian language - -**WARNING: When you build a ROM image from the Libreboot build system, please -ensure that you flash the appropriate ROM image from `bin/`, NOT `elf/`. -The `elf/` coreboot ROMs do not contain payloads. Libreboot's build system -builds no-payload ROMs under `elf/`, and payloads separately under `elf/`. Then -it copies from `elf/` and inserts payloads from `elf/`, and puts the final ROM -images (containing payloads) in `bin/`. This design is more efficient, and -permits many configurations without needless duplication of work. More info -is available in the [lbmk maintenance manual](../maintain/)** +**TODO: This page needs to be re-translated. Much of the newer sections are +still in English, and there may be some differences aside from translation, +versus the English version.** Introduction -============ +------------ Система побудови libreboot, називається `lbmk`, скорочення від `LibreBoot MaKe`, і цей документ описує те, як використовувати її. З цим керівництвом ви можете узнати те, як побудувати @@ -35,31 +25,25 @@ libreboot з доступного джерельного коду. Наступний документ описує те, як працює `lbmk`, і як ви можете робити зміни до нього: [керівництво обслуговування libreboot](../maintain/) -Release status -============== +### WARNING: eCryptfs file name limits -Information about status will be reported during builds; if a board is -marked as stable, the build proceeds without further input. If the board is -marked anything other, a warning appears asking if you wish to proceed; to -disable these warnings, do this before building (not recommended): +Do not run the build system on a eCryptfs file system, because it has +very short file name limits and Libreboot's build system deals with very +long file names. We commonly get reports from this by Linux Mint users +who encrypt their home directory with eCryptfs; regular LUKS encryption will +do nicely. - export XBMK_STATUS=n +System requirements +------------------- -In Libreboot, we specify: `stable`, `unstable`, `broken` or `untested`. -The "unstable" marking means that the board boots mostly/entirely reliably -annd should be safe to use, but may have a few issues, but nothing which would, -for example, cause safety issues e.g. thermal, data reliability etc. +You must ensure that you have the correct operating system, CPU, RAM, disk space +and so on. -The `broken` setting means that a given board will likely brick if flashed. -The `untested` setting means untested. - -Release status is always set with regards to the current lbmk revision, on -the theory that the current revision is being used to generate a full release. -The setting is decided on a board-by-board basis, taking its various quirks -and idiosynrasies into account. +System requirements are documented in +the [lbmk maintenance manual](../maintain/#system-requirements). Multi-threaded builds -===================== +--------------------- Libreboot's build system defaults to a single build thread, but you can change it by doing e.g. @@ -69,7 +53,7 @@ it by doing e.g. This would make lbmk run on 4 threads. Environmental variables -======================= +----------------------- Please read about environmental variables in [the build instructions](../maintain/), before running lbmk. You should set @@ -77,7 +61,7 @@ your variables accordingly, though you do not technically need to; some of them may be useful, e.g. `XBMK_THREADS` (sets the number of build threads). Environmental variables -======================= +----------------------- Please read about environmental variables in [the build instructions](../maintain/), before running lbmk. You should set @@ -85,7 +69,7 @@ your variables accordingly, though you do not technically need to; some of them may be useful, e.g. `XBMK_THREADS` (sets the number of build threads). Git -=== +--- Система побудови Libreboot використовує Git, обширно. Ви маєте виконати кроки знизу, *навіть, якщо ви використовуєте архів випуску*. @@ -104,21 +88,16 @@ Git Ви також можете захотіти прослідувати більшій кількості етапів тут: -Python -====== +Build +----- -Python2 не використовується lbmk або будь-чим, що завантажується в якості модулів. Ви -маєте переконатись, що команда `python` виконує python 3 на вашій системі. - -Zero..st, check time/date -------------------------- +### Zero..st, check time/date Make sure date/hwclock report the correct time and date on your system, because parts of the build process download from HTTPS servers and wrong time or date can cause connections to be dropped during negotiation. -Побудова з джерельного коду -============================ +### Побудова з джерельного коду Фактична розробка/тестування завжди виконується безпосередньо за допомогою `lbmk`, і це також стосується збирання з джерельного коду. Ось кілька інструкцій, щоб @@ -143,9 +122,59 @@ Check: `config/dependencies/` for list of supported distros. Однак, вам потрібно буде написано свій власний сценарій для встановлення залежностей побудови. -libreboot Make (lbmk) автоматично виконує всі необхідні команди; наприклад, -`./build roms` автоматично виконає `./build grub`, -якщо затребувані утиліти для GRUB не збудовано, для виготовлення корисних навантажень. +### Debian Trixie/Sid + +Debian Trixie, the testing release as of 3 January 2025, and Debian Sid, +provide `gnat` and `gcc` as you expect, but `gnat` resolves to `gnat-13` and +installs `gcc-13` as a dependency, while `gcc` resolves to `gcc-14` and other +toolchain components correspond to this version. + +The GCC/GNAT versions need to match during build time, so Libreboot's build +system hacks the `PATH` environmental variable, setting up symlinks, matching +GNAT to GCC or GNAT to GCC. When you run `./mk dependencies debian`, you get +GNAT 13 and GCC 14. This seems to make most boards compile; in our testing, the +KGPE-D16 board failed to compile in this configuration. This PATH hack is only +done for compiling the coreboot crossgcc toolchain, and nothing else; after that, +coreboot's toolchain is used. + +GNAT is used by coreboot, because some of the Intel graphics devices are +initialised natively, with code written in Ada spark (called `libgfxinit`). + +When updating from Debian stable to Debian Trixie(testing) or Sid, you should +also check for orphaned packages, using `aptitude search '~o'`. Do this, +removing what was leftover from the old release, and make sure to re-run the +Debian dependencies script, but do it like this: + + ./mk dependencies debian --reinstall + +For better reliability, you should, after running the dependencies script, +remove `gnat` and install `gnat-14` instead, which is available on this day +of 3 December 2025, but currently marked experimental. When you install +GNAT 14, GNAT 13 is removed but `gnat` (in `PATH`) still won't resolve to +anything. Libreboot *still* accomodates this, detecting and matching the GCC +and GNAT versions, which would in this instance match version 14 between them, +so that `gnat` and `gcc` are both in PATH at build time, resolving to v14.x. +When we tested with this configuration, the KGPE-D16 images also compiled. + +NOTE: Ubuntu 24.10 also has the issue described above. Some other distros may +also have it, if they're based on Debian Testing/Sid or Ubuntu 24.10. + +### MIPS cross compiler + +Libreboot has support for the Sony PlayStation (PS1/PSX), based on +the PCSX-Redux Open BIOS. If you're doing a full release build, and/or +specifically building the PSX BIOS, you need a MIPS cross compiler. + +Arch-based systems have a mipsel cross compiler available from AUR, and most +Debian-based systems have a mipsel cross compiler in apt; for these, the normal +dependencies installation command will provide them. We know Void Linux and +Fedora don't have a MIPS compiler, for instance. + +If your distro doesn't have the MIPS compiler available, +the [PlayStation](../install/playstation.md) page provides instructions for +manual installation; please do this in addition to the normal dependencies. + +### Next, build ROM images В якості результату, ви тепер можете (після встановлення правильних залежностей побудови) виконати лише одну команду, з свіжого Git clone, для побудови образів ROM: diff --git a/site/docs/grub/index.md b/site/docs/grub/index.md index 21f4ce8..18e757b 100644 --- a/site/docs/grub/index.md +++ b/site/docs/grub/index.md @@ -1,24 +1,26 @@ --- -title: GRUB payload +title: Libreboot GRUB payload documentation x-toc-enable: true ... GRUB already has excellent documentation, but there are aspects of libreboot that deserve special -treatment. libreboot provides the option to boot GRUB directly, running on +treatment. Libreboot provides the option to boot GRUB directly, running on bare metal (instead of using BIOS or UEFI services). +Boot Linux from GRUB +-------------------- + [The Linux section](../linux/) also has libreboot-specific guides for dealing with Linux distributions when using GRUB directly, in this setup. [A similar section exists for BSD operating systems](../bsd/) GRUB keyboard layouts -===================== +--------------------- It is possible to use *any* keymap in GRUB. -Custom keyboard layout ----------------------- +### Custom keyboard layout Keymaps are stored in `config/grub/keymap/` diff --git a/site/docs/grub/index.md.description b/site/docs/grub/index.md.description new file mode 100644 index 0000000..a9f756b --- /dev/null +++ b/site/docs/grub/index.md.description @@ -0,0 +1 @@ +Documentation pertaining to the GNU boot loader named GRUB, as it applies to Libreboot. GRUB is provided as a coreboot payload, on many Libreboot configurations. diff --git a/site/docs/index.md b/site/docs/index.md index 05ef75b..9684d2d 100644 --- a/site/docs/index.md +++ b/site/docs/index.md @@ -1,5 +1,5 @@ --- -title: Documentation +title: Installing Libreboot Free/Opensource BIOS/UEFI firmware ... Always check [libreboot.org](https://libreboot.org/) for the latest updates to @@ -9,7 +9,7 @@ the [main news section](../news/). [Answers to Frequently Asked Questions about libreboot](../faq.md). Need help? -========== +---------- Help is available on [Libreboot IRC](../contact.md) and other channels. @@ -22,18 +22,18 @@ Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. Installing libreboot -==================== +-------------------- - [How to install libreboot](install/) -Documentation related to operating systems -============================ +Installing operating systems +---------------------------- -- [How to install BSD on an x86 host system](bsd/) -- [Linux Guides](linux/) +- [Install BSD operating systems on Libreboot](bsd/) +- [Install Linux on a Libreboot system](linux/) Information for developers -========================== +-------------------------- - [How to compile the libreboot source code](build/) - [Build system developer documentation](maintain/) @@ -41,8 +41,9 @@ Information for developers - [U-Boot payload](uboot/) Other information -================= +----------------- +- [Libreboot Static Site Generator](sitegen/) - [Miscellaneous](misc/) - [List of codenames](misc/codenames.md) diff --git a/site/docs/index.md.description b/site/docs/index.md.description new file mode 100644 index 0000000..745796e --- /dev/null +++ b/site/docs/index.md.description @@ -0,0 +1 @@ +Documentation pertaining to Libreboot installation. Learn how to install Libreboot, and use coreboot payloads such as the GNU boot loader GRUB. diff --git a/site/docs/index.tr.md b/site/docs/index.tr.md new file mode 100644 index 0000000..485230a --- /dev/null +++ b/site/docs/index.tr.md @@ -0,0 +1,42 @@ +--- +title: Libreboot Özgür/Açık Kaynak BIOS/UEFI Yazılımını Yükleme +... + +Libreboot ile ilgili en son güncellemeler için her zaman [libreboot.org](https://libreboot.org/) adresini kontrol edin. Haberler ve sürüm duyuruları [ana haberler bölümünde](../news/) bulunabilir. + +[Libreboot hakkında Sıkça Sorulan Sorular](../faq.md). + +Yardıma mı ihtiyacınız var? +-------------------------- + +[Libreboot IRC](../contact.md) ve diğer kanallarda yardım alabilirsiniz. + +Profesyonel kurulum istiyorsanız, Minifree Ltd seçili donanımlarda [Libreboot ön yüklü](https://minifree.org/) sistemler satmaktadır ve ayrıca cihazınızı göndererek Libreboot kurulumu yaptırabileceğiniz bir [Libreboot ön yükleme hizmeti](https://minifree.org/product/installation-service/) sunmaktadır. + +Libreboot'un kurucusu ve baş geliştiricisi Leah Rowe aynı zamanda Minifree Ltd'nin sahibi ve işletmecisidir; satışlar Libreboot projesi için finansman sağlamaktadır. + +Libreboot'u yükleme +------------------ + +- [Libreboot nasıl yüklenir](install/) + +İşletim sistemlerini yükleme +--------------------------- + +- [Libreboot üzerine BSD işletim sistemleri kurulumu](bsd/) +- [Libreboot sistemine Linux kurulumu](linux/) + +Geliştiriciler için bilgiler +--------------------------- + +- [Libreboot kaynak kodunu nasıl derleyebilirsiniz](build/) +- [Yapı sistemi geliştirici dokümantasyonu](maintain/) +- [GRUB yükleyici](grub/) +- [U-Boot yükleyici](uboot/) + +Diğer bilgiler +------------- + +- [Libreboot Statik Site Oluşturucu](sitegen/) +- [Çeşitli](misc/) +- [Kod adları listesi](misc/codenames.md) \ No newline at end of file diff --git a/site/docs/index.uk.md b/site/docs/index.uk.md index 3d6bba7..cf0fd85 100644 --- a/site/docs/index.uk.md +++ b/site/docs/index.uk.md @@ -9,7 +9,7 @@ libreboot. Новини, включаючи оголошення про випу [Відповіді на поширені запитання про libreboot](../faq.md). Need help? -========== +---------- Help is available on [Libreboot IRC](../contact.md) and other channels. @@ -22,18 +22,18 @@ Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. Встановлення libreboot -==================== +---------------------- - [Як встановити libreboot](install/) Документація, яка має відношення до операційних систем -============================ +----------------------------------------------------- - [Як встановити BSD на x86 хостову систему](bsd/) - [Керівництва Linux](linux/) Інформація для розробників -========================== +-------------------------- - [Як зібрати джерельний код libreboot](build/) - [Документація розробника системи побудови](maintain/) @@ -41,8 +41,9 @@ operates Minifree Ltd; sales provide funding for the Libreboot project. - [Корисне навантаження U-Boot](uboot/) Інша інформація -================= +--------------- +- [Libreboot Static Site Generator](sitegen/) - [Різне](misc/) - [Список кодових назв](misc/codenames.md) diff --git a/site/docs/index.zh-cn.md b/site/docs/index.zh-cn.md index 459a513..7e92669 100644 --- a/site/docs/index.zh-cn.md +++ b/site/docs/index.zh-cn.md @@ -7,7 +7,7 @@ libreboot 的最新更新,可以在 [libreboot.org](https://libreboot.org) 上 [libreboot 常见问题解答](../faq.md). Need help? -========== +---------- Help is available on [Libreboot IRC](../contact.md) and other channels. @@ -20,18 +20,18 @@ Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. 安装 libreboot -==================== +-------------- - [如何安装 libreboot](install/) 操作系统相关文档 -============================ +---------------- - [如何在 x86 机器上安装 BSD](bsd/) - [Linux 指南](linux/) 开发者信息 -========================== +---------- - [如何编译 libreboot 源代码](build/) - [构建系统开发者文档](maintain/) @@ -39,8 +39,9 @@ operates Minifree Ltd; sales provide funding for the Libreboot project. - [U-Boot payload](uboot/) 其它信息 -================= +-------- +- [Libreboot Static Site Generator](sitegen/) - [杂项](misc/) - [代号列表](misc/codenames.md) diff --git a/site/docs/index.zh-cn.md.description b/site/docs/index.zh-cn.md.description new file mode 100644 index 0000000..b2861be --- /dev/null +++ b/site/docs/index.zh-cn.md.description @@ -0,0 +1 @@ +Libreboot 项目提供基于 coreboot 的自由且开源的引导固件. GNU GRUB, SeaBIOS, U-Boot. diff --git a/site/docs/install/acer_g43t-am3.md.description b/site/docs/install/acer_g43t-am3.md.description new file mode 100644 index 0000000..ddc02dd --- /dev/null +++ b/site/docs/install/acer_g43t-am3.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Acer G43T-AM3 motherboard. diff --git a/site/docs/install/c201.md b/site/docs/install/c201.md index 50db03e..63273e3 100644 --- a/site/docs/install/c201.md +++ b/site/docs/install/c201.md @@ -1,22 +1,29 @@ --- -title: ASUS Chromebook C201 installation guide +title: Install Libreboot ASUS Chromebook C201 x-toc-enable: true ... +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +ASUS Chromebook C201 motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + WARNING: This board is known to have non-functioning video init at the time of writing, 19 February 2023. It is as yet unsolved. See: Introduction -=========== +------------ This page contains information about assembly and disassembly, for flashing the ASUS Chromebook C201 externally. It will also link to internal flashing instructions, and information about U-Boot. -Flashrom --------- +### Flashrom A special fork of flashrom, maintained by Google, is required for flashing. More information about this is present in the generic [chromebook flashing @@ -26,8 +33,7 @@ NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog now, as of 27 January 2024, which is a fork of flashrom, but the chromium fork is another fork of flashrom, and you should use that on chromebooks. -Depthcharge payload (obsolete) ------------------------------- +### Depthcharge payload (obsolete) This board was also supported in Libreboot 20160907, with the Depthcharge payload. Support was dropped in later releases, and then re-added in the @@ -40,7 +46,7 @@ instructions pertaining to Depthcharge: * U-boot payload -============== +-------------- U-Boot was ported to coreboot CrOS devices, courtesy of Alper Nebi Yasak (`alpernebbi` on Libreboot IRC). @@ -50,7 +56,7 @@ Read the section pertaining to U-boot payload: [u-boot payload documentation for Libreboot](../uboot/) Internal flashing -================= +------------------ External flashing is possible, but only necessary in the event of a *brick*. If you're flashing good firmware, and the machine boots properly, you can @@ -62,8 +68,7 @@ the information has moved. See: [chromebook flashing instructions](chromebooks.md) -Write-protect screw -------------------- +### Write-protect screw The chromebook flashing instructions, linked above, refer to a *screw* that can be turned, to disable flash protection. This is necessary, for internally @@ -78,15 +83,15 @@ below. The write protect screw is located next to the SPI flash chip, circled in red in the picture below. It has to be removed. Refer to the following photos: -[![Screws](https://av.libreboot.org/c201/screws.jpg)](https://av.libreboot.org/c201/screws.jpg) +![ASUS Chromebook C201 underside](https://av.libreboot.org/c201/screws.jpg "ASUS Chromebook C201 underside") -[![WP screw](https://av.libreboot.org/c201/wp-screw.jpg)](https://av.libreboot.org/c201/wp-screw.jpg) +![ASUS Chromebook C201 write protect screw](https://av.libreboot.org/c201/wp-screw.jpg "ASUS Chromebook C201 write protect screw") The write protect screw can be put back in place later, when the device is known to be in a working state. External flashing -================= +----------------- If the machine is no longer booting, due to bad firmware, you can unbrick it externally. Refer to [external flash instructions](spi.md). diff --git a/site/docs/install/c201.md.description b/site/docs/install/c201.md.description new file mode 100644 index 0000000..a493aac --- /dev/null +++ b/site/docs/install/c201.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your ASUS Chromebook C201. diff --git a/site/docs/install/chromebooks.md b/site/docs/install/chromebooks.md index a8b762f..7692307 100644 --- a/site/docs/install/chromebooks.md +++ b/site/docs/install/chromebooks.md @@ -1,8 +1,19 @@ --- -title: Chromebook flashing instructions +title: Install Libreboot on a Chromebook x-toc-enable: true ... +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on various ARM64-based +Chromebook laptops. Libreboot replaces proprietary BIOS/UEFI firmware, though +it should be noted that Google already ships coreboot and their own payload +called Depthcharge, which is all free software; the difference with Libreboot +is that it replaces Depthcharge with *U-Boot* (as a coreboot payload), which +provides a lightweight UEFI boot implementation that can boot regular Linux and +BSD systems more easily than Depthcharge. + NOTE: daisy, peach and veyron boards were temporarily removed from lbmk. They should be re-added to Libreboot at a later date. The reasons are written on the hardware compatibility page. For now, Libreboot only @@ -13,17 +24,20 @@ custom firmware on ChromeOS devices. This guide usually refers to all of them as "Chromebook"s since it's the most common form factor. Flashrom -======== +-------- A special fork of flashrom, maintained by Google, is required for flashing these Chromebook devices. See: -You must then compile this from source, and run it. +This document assumes you’ll be using ChromeOS to do the internal flashing. +ChromeOS already comes with this special fork of flashrom pre-installed. But if +you are using another OS or an external flasher, you will need to compile and +use the aforementioned flashrom fork. Enable ChromeOS "Developer Mode" -================================ +-------------------------------- Chromebooks are locked-down by default to only run ChromeOS. Most things you will want to do on these require you unlock it by enabling their @@ -37,6 +51,26 @@ screen. Waiting for 30 seconds or pressing `Ctrl + D` on this screen will proceed to boot into ChromeOS, which then erases all data on the device and reboots again into a clean ChromeOS installation. +Before following steps to configure your device as new in the first screen, you +should be able to see a “Enable debugging features” link that you should click +on. A confirmation dialog displays. Click Proceed. The system reboots, use +`Ctrl + D` again and displays a dialog with password prompts. Set the new root +password. Click Enable. The screen displays messages indicating success or +failure. Click OK. You'll see the first screen again. Follow the remaining +prompts to configure your Chrome device. + +Once you are finished configuring your device, you’ll be giving the option to +sign in; here you may use the guest account option in the bottom if you like. + +Now in the desktop we’ll set a password to use “sudo”: Use +`Ctrl+Alt+Forward Arrow` (the one two key to the right of esc key, representing +F2) to open a “Developer console” (similar to opening a tty) where the first +line ends with “localhost login”. Enter root and the password you just set for +it. Then you must run `chromeos-setdevpassword` and set another password, which +is the one that is actually used when running “sudo”. Now use +`Ctrl+Alt+Backward Arrow` (the key next to the right of esc, representing F1) +to get back to the desktop. + With Developer Mode enabled, you can launch a terminal emulator inside ChromeOS by pressing the `Ctrl + Alt + T` key combination. Run `shell` inside the resulting `crosh` prompt to actually get to a `bash` session @@ -44,7 +78,7 @@ where you can run programs. Most of the root file system is read-only, except for `/usr/local` and any mounted drives under `/media/removable`. Identify your device -==================== +-------------------- It's more common to refer to ChromeOS boards by their codenames, and many compatible devices can share a single codename. Libreboot ROM @@ -56,7 +90,7 @@ device's. There are a number of ways to find it, some are: - Run `crossystem hwid` or `crossystem fwid` in a terminal Back up stock firmware -====================== +---------------------- The stock firmware on your device comes with some irreplaceable data that is unique to your device. This can include the serial number and @@ -78,7 +112,7 @@ If you can already boot a conventional Linux distro on your Chromebook, you may be able to use `flashrom -p linux_mtd` on that system instead. Check external flashability -=========================== +--------------------------- If a ROM image you flash is broken, you may need to restore the stock firmware to fix the board to get internal flashing working. Refer to the @@ -93,7 +127,7 @@ mechanism that lets you flash externally using a special USB debugging cable. However, most boards that Libreboot supports do not have this. Disable write protection -======================== +------------------------ Chromebooks have the SPI flash chip partially write-protected by default, but thankfully this protection can be disabled by the device @@ -108,6 +142,12 @@ that asserts the WP pin on the flash chip. The screw can be identified by the fact that it bridges electrical contacts, but finding and removing it might require you to disassemble most of the board. +In my case as an example, my kevin board had the protection screw +[here](https://av.libreboot.org/board/kevin/write_protection_screw.jpg). It was +tricky for me to find it since it was one of the screws that seemed to hold +the heat sink in place, which I thought made it an unlikely candidate. I +recommend you leave it unscrew never the less after flashing. + Newer boards have a root-of-trust chip enforcing write-protection. The [Closed Case Debugging](https://chromium.googlesource.com/chromiumos/platform/ec/+/cr50_stab/docs/case_closed_debugging_gsc.md) mechanism should be used to disable hardware write-protection. Opening @@ -128,7 +168,7 @@ compile and use that flashrom fork to disable write-protection. There is no `lbmk` support yet for automatically building it. Prepare the ROM image -===================== +--------------------- Libreboot ROM image layouts are currently incompatible with the regions that should be carried over from the stock firmware. However, the @@ -143,11 +183,7 @@ keep backups of the original firmware. TODO: Instructions to preserve vital data when FMAPs are compatible. Flash the ROM image -=================== - -WARNING: Although none are supported yet, make sure not to flash ROM -images on x86 Chromebooks without injecting non-redistributable code -first (like Intel ME firmware). This is not yet documented here. +------------------- You can flash the ROM image both internally and externally. For the latter, see the [external flashing guide](spi.md) and the ChromiumOS @@ -163,7 +199,7 @@ If you can already boot a conventional Linux distro on your Chromebook, you may be able to use `flashrom -p linux_mtd` on that system instead. Install an operating system (experimental research) -=========================== +------------------------------------------------ In general, ARM-compatible distros targeting U-boot can be used. There are three general methods for installing that vary depending on the distribution: @@ -173,25 +209,23 @@ three general methods for installing that vary depending on the distribution: 3. extlinux.conf - a newer flat, bootloader-spec text file that typically lives in /boot/extlinux/extlinux.conf -Successful installations: -------------------------- +### Successful installations: * [ArchLinuxARM on RK3399-based Chromebooks](../uboot/uboot-archlinux.md). * [Debian Bookworm on Samsung Chromebook Plus XE513C24](../uboot/uboot-debian-bookworm.md). +* [Trisquel Aramo on Samsung Chromebook Plus XE513C24](../uboot/uboot-trisquel-aramo.md). * [Debian on Asus Chromebook C201](https://wiki.debian.org/InstallingDebianOn/Asus/C201). -Unsuccessful installations: ---------------------------- +### Unsuccessful installations: * [OpenBSD on Samsung Chromebook Plus XE513C24](../uboot/uboot-openbsd.md). -Other promising ARM-compatible distros: ---------------------------------------- +### Other promising ARM-compatible distros: * [Armbian](https://www.armbian.com/uefi-arm64/). See also -======== +-------- * [ChromiumOS Documentation](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/) * [ChromiumOS Firmware Test Manual](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/firmware_test_manual.md) diff --git a/site/docs/install/chromebooks.md.description b/site/docs/install/chromebooks.md.description new file mode 100644 index 0000000..a349cb7 --- /dev/null +++ b/site/docs/install/chromebooks.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on various ARM64-based Chromebook laptops. diff --git a/site/docs/install/d945gclf.md b/site/docs/install/d945gclf.md index d1aad19..ae6efe1 100644 --- a/site/docs/install/d945gclf.md +++ b/site/docs/install/d945gclf.md @@ -1,5 +1,5 @@ --- -title: Intel D945GCLF desktop board +title: Install Libreboot on Intel D945GCLF and/or D945GCLF2 x-toc-enable: true ... @@ -18,18 +18,18 @@ x-toc-enable: true | **Graphics** | ? | | **Display** | None. | | **Memory** | Up to 2GB | -| **Architecture** | x86_64 | +| **Architecture** | x86\_64 | | **Original boot firmware** | Intel BIOS | | **Intel ME/AMD PSP** | Not present. | | **Flash chip** | SOIC-8 512KiB | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | Notes | @@ -47,13 +47,22 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Doesn't work | + +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Intel D945GCLF and/or D945GCLF2 desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + If you just want flashing instructions, go to [../install/d945gclf.md](../install/d945gclf.md) D945GCLF2D also reported working by a user. Introduction -============ +------------ This board is a mini-itx desktop board for 2008. It uses an atom 230, which is a singe core CPU but it is hyperthreaded so it appears to have @@ -76,8 +85,7 @@ hyperthreaded). Since the board is almost identical (and coreboot code seem to indicate that it works, since MAX\_CPU=4 is set), it is believed that it should also work but this is untested. -Remarks about vendor bios: --------------------------- +### Remarks about vendor bios: - Without coreboot/libreboot this board is completely useless, since the vendor bios is very bad. It cannot boot from any HDD whether it is @@ -96,15 +104,14 @@ And SPI SOIC8 flash chip\ ![](https://av.libreboot.org/d945gclf/20160923_141550.jpg){width="50%" height="50%"} Flashing instructions {#clip} -===================== +----------------------------- Refer to [spi.md](spi.md) for how to re-flash externally. Here is an image of the flash chip:\ ![](https://av.libreboot.org/d945gclf/d945gclf_spi.jpg) -How to replace thermal paste and fan ------------------------------------- +### How to replace thermal paste and fan This board comes with very crappy disposable loud fan, that one has no bearings, which can not be repaired or oiled properly, do not waste your diff --git a/site/docs/install/d945gclf.md.description b/site/docs/install/d945gclf.md.description new file mode 100644 index 0000000..9f804ce --- /dev/null +++ b/site/docs/install/d945gclf.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Intel D945GCLF motherboard. diff --git a/site/docs/install/deguard.md b/site/docs/install/deguard.md index 9a78966..92b88ea 100644 --- a/site/docs/install/deguard.md +++ b/site/docs/install/deguard.md @@ -1,14 +1,32 @@ --- -title: Disabling Intel Boot Guard on MEv11 +title: Disabling Intel Boot Guard on MEv11 for Libreboot installation x-toc-enable: true ... +Deguard enables open source BIOS/UEFI firmware +------------------------------------------- + +On *some* (not all) motherboards, the vendor chooses to fuse a key during +manufacturing, which ensures that you can *only* boot firmware cryptographically +signed and verified by *them*. This is a form of DRM that otherwise prevents +use of coreboot-based firmware, such as Libreboot. We are *against* DRM in the +Libreboot project. *Intel* markets the Boot Guard as a security feature, but +we regard it simply as an *attack* +on [Free Software](https://writefreesoftware.org/learn). + +This document will teach you about *deguard*, which is a utility that modifies +the Intel ME (which implements Boot Guard) in such a way as to *disable* the +Intel Boot Guard, by exploiting a known security vulnerability on MEv11. The +Libreboot project *uses deguard* for *several* coreboot ports, such as +the [Lenovo ThinkPad T480 with Libreboot](t480.md) or +the [Dell OptiPlex 3050 Micro with Libreboot](dell3050.md). + This covers Intel Skylake, Kaby Lake and Kaby Lake Refresh / Coffeelake machines; note that Coffeelake includes KabyLake Refresh and may have MEv12. This page concerns only those platforms that have Intel MEv11, not MEv12. The facts on this page are applicable to both *mobile* and *desktop* platforms. -The Intel Boot Guard is a security mechanism implemented by intel, but not all +The Intel Boot Guard is a "security" mechanism implemented by intel, but not all vendors enable it. If enabled, the bootblock in the flash is protected at boot time by cryptographic signature verification; this means only the vendor can update the flash. @@ -17,10 +35,14 @@ On systems with MEv11, a bug exists in older versions (of MEv11) that allows for unsigned code execution, at a very early stage in the boot process, to the point that almost all of the ME firmware in flash can be fully replaced. The ME is also what implements Boot Guard, and the hack is possible *before* Boot -Guard is enforced, allowing for it to be disabled. +Guard is enforced, allowing for it to be disabled. This does *not* unfuse the +keys set by the manufacturer, but rather, it bypasses all checks against them. See: [CVE-2017-5705](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html) +Deguard utility +--------------- + Mate Kukri, who authored the ThinkPad T480/T480 and OptiPlex 3050 Micro ports, wrote a tool called *deguard*, which Libreboot uses on these boards. This tool reconfigures the ME, exploiting it so as to disable the Boot Guard. @@ -35,6 +57,9 @@ and Libreboot provides a mirror of this repository: More information is available there. +How it works +------------ + This is done by externally flashing an older version. Libreboot's build system automatically downloads this older version, runs `me_cleaner` on it, and applies the deguard hack; this includes machine-specific ME configuration, which is @@ -50,6 +75,9 @@ normally only available to vendors; the *deguard* utility written by Mate Kukri is available under a free software license, and included by default in Libreboot releases. It can be used for *any* MEv11-based system. +How to use deguard +------------------ + To download deguard in lbmk (Libreboot's build system), do this: ./mk -f deguard @@ -65,6 +93,21 @@ were never fused, even if they were. [Previous work](https://trmm.net/TOCTOU/) has been done by others, related to the Boot Guard, but nothing quite so thorough and easy to use as deguard existed previously! +T480/T480s MFS data +------------------- + +As of Libreboot 20241206, the upstream deguard project did not contain an MFS +config for Lenovo ThinkPad T480 and T480s, because Libreboot added them in an +out-of-tree patch (under Mate Kukri's direct guidance). + +Therefore, if you're using deguard on a standalone/custom coreboot setup without +using Libreboot/lbmk, please do ensure that they are there. The tool itself +provides a README, or you could simply import the config data from lbmk if +you wish. + +How does deguard work? +---------------------- + Mate Kukri was able to figure this out and implement deguard, using existing work done by PT Research and Youness El Alaoui, exploiting the Intel SA 00086 bug which you can read more about here: @@ -82,7 +125,12 @@ years to try to hack around it, as a matter of user freedom. So remember: when Intel is talking about security, they mean *their* security, not yours. To them, you are simply flashing malicious code. But they are the ones with malice. +Thanks +------ + Mate Kukri and others who work on such hacks are heroes, and they have done a great service to the Libreboot project. Many more machines are now possible to port to coreboot, thanks to this hack. + +The Libreboot project owes Mate Kukri a debt of gratitude, many times over. diff --git a/site/docs/install/deguard.md.description b/site/docs/install/deguard.md.description new file mode 100644 index 0000000..cbc7400 --- /dev/null +++ b/site/docs/install/deguard.md.description @@ -0,0 +1 @@ +Libreboot can disable the Intel Boot Guard, on any Intel 6th, 7th or 8th gen platform with Intel Management Engine version 11.x present, using deguard. diff --git a/site/docs/install/dell3050.md b/site/docs/install/dell3050.md index 398281d..0e7de68 100644 --- a/site/docs/install/dell3050.md +++ b/site/docs/install/dell3050.md @@ -1,10 +1,12 @@ --- -title: Dell OptiPlex 3050 Micro +title: Install Libreboot on Dell OptiPlex 3050 Micro x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -18,7 +20,7 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** | **Variants** | OptiPlex 3050 Micro | | **Released** | 2017 | | **Chipset** | Intel Kaby Lake | -| **CPU** | Intel Kaby Lake | +| **CPU** | Intel Skylake/Kaby Lake | | **Graphics** | Intel HD graphics | | **Memory** | DDR4 SODIMMs (max 32GB, 2x16GB) | | **Architecture** | x86\_64 | @@ -28,12 +30,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ?: UNKNOWN AT THIS TIME ``` @@ -47,32 +49,54 @@ P*: Partially works with blobs | ***Payloads supported*** | | |----------------------------|-----------| | **GRUB (libgfxinit only)** | Works | -| **SeaBIOS** | Broken | +| **SeaBIOS** | Works |
-Introduction -============ + +Open source BIOS/UEFI firmware +------------------------- + +This document will teach you how to install Libreboot, on your +Dell OptiPlex 3050 Micro desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. **Unavailable in Libreboot 20240612 or earlier. You must [compile from source](../build/), or use a version newer than Libreboot 20240612.** +### Buy pre-installed + +**Dell OptiPlex 3050 Micro is available to purchase with Libreboot preinstalled. +See: ** + Official information about the computer can be found here: -Build ROM image from source ---------------------------- +### Warning regarding NVMe SSDs + +Please use at least Libreboot +20241206 *[revision 3](../../news/libreboot20241206.Revisions.md#revision-3-11-december-2024)* +or higher. This is because older revisions contained a bug, where the NVMe +SSD would be *replugged* under Linux, randomly, leading to data loss. + +This is fixed in 20241206 rev3 or higher, by disabling PCI-E hotplug on the +NVMe SSD slot. + +See: [Libreboot 20241206 release](../../news/libreboot20241206.md) + +### Build ROM image from source The build target, when building from source, is thus: - ./mk -b coreboot dell3050micro_fsp_16mb + ./mk -b coreboot dell3050micro_vfsp_16mb Mate Kukri's *deguard* utility disables the Intel Boot Guard on this machine. Libreboot uses this by default, along with `me_cleaner` to provide a neutered ME setup; unlike on other platforms, arbitrary code execution is also -possible inside the ME on this mainboard, giving it much higher potential for +possible inside the ME on this motherboard, giving it much higher potential for software freedom in the future. Issues -====== +------ This machine basically works flawlessly, as of the Libreboot 20241206 release. All the initial bugs were fixed, e.g. PWM fan control works now. A very nice @@ -88,10 +112,9 @@ Selection of audio devices and outputs is a bit idiosyncratic on this board. Just play with pavucontrol for your setup and it should work fine. Installation -============ +------------ -Insert binary files -------------------- +### Insert binary files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure @@ -111,20 +134,18 @@ libre ME could include, for example, running an out-of-bound packet filter on a secure network (with flash write protection, making it invincible to any OS-based software attacks). -MAC address ------------ +### MAC address -This has a realtek NIC inside, instead of Intel, so the MAC address will not +This has a Realtek NIC inside, instead of Intel, so the MAC address will not change. This means: there is no GbE region in the flash. -You can still use something like GNU MAC Changer to change your MAC address +You can still use something like `macchanger` to change your MAC address from Linux if you want to. This is great, because that's one less complexity to deal with during installation. -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. @@ -139,19 +160,81 @@ variables to flash during shutdown sequence, so you should *pull the plug* to shut it down (remove the power by pulling the plug) after flashprog says `VERIFIED`. -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) For general information, please refer to [25xx NOR flash instructions](../install/spi.md) - that page refers to use of socketed flash. The side cover comes off easily, and you can find the flash ICs next to the RAM. Simply remove the screw at the back. The top panel then slides forward, and you -can remove the SSD caddy; from then on, the flash is accossible. +can remove the SSD caddy; from then on, the flash is accessible. Observe the following photo of the flash (SOIC-8): Dell OptiPlex 3050 Micro flash IC -You can otherwise flash internally, including from factory firmware(if the +You can otherwise flash internally, including from factory firmware (if the service jumper is set). + +Errata +------ + +### Power-on after power failure + +Older Libreboot revisions made this machine always turn on, when plugging in +a power supply (charger brick), if a previous power loss was observed. This is +because coreboot sets a special register in the PMC that configures such +behaviour, but it was hardcoded to always-on. This is undesirable for most +people, so Libreboot 20241206 *revision 8* and newer releases contain the +following modification: + + + +If you wish to modify this behaviour again, you could modify the patch +referenced there; the actual location of the `.patch` file may change over +time, so you can basically just modify the coreboot source file +at `src/soc/intel/common/block/pmc/pmclib.c` (for the coreboot tree +under `src/coreboot/` in lbmk, pertaining to your board, which can be determined +by reading the `tree` variable in your board's `target.cfg` file within lbmk). + +Use the patch as reference, to modify the coreboot behaviour as you wish, and +re-compile [from source](../build/). + +### TPM disabled + +The TPM is disabled on this device, to prevent hanging/boot delay in SeaBIOS, +due to buggy TPM drivers there. + +### Legacy 8254 timer + +Legacy 8254 timer enabled in coreboot, to prevent SeaBIOS from hanging. + +### HyperThreading on 3050 Micro + +NOTE: The 3050 Micro is available in different CPU configurations. +Before considering to enable HyperThreading support, make sure it is +supported by the CPU of your 3050 Micro. + +Also called SMT. This is a feature where you get 2 threads on a single core. +It can improve performance in some workloads, but is actually a performance +liability in others, depending on your OS kernel/scheduler and the actual +workload. + +It is a security liability, due to the Spectre/Meltdown attacks, so we +recommend turning it off, at the very least from your running operating system. +On *this* platform, you can easily turn it off from coreboot. + +**Libreboot disables HyperThreading by default**, from Libreboot 20241206 rev8 +onward, on this board. To turn it back on, please [build from source](../build/) +and before running the build command, do this: + + ./mk -m coreboot dell3050micro_vfsp_16mb + +In the menu that appears, go *Chipset -> Enable Hyper-Threading* and turn it on. +Then exit from the menu, saving the config where prompted. You will see this +menu twice, because there are *two* configs for each of these boards. + +SMT is rarely of benefit in practise, but can be useful in some circumstances. +For example, if you're compiling a large codebase from source that takes hours, +SMT increases the building speed by about 15 percent; for example, a 3 hour +build job might take about 2 hours and 40 minutes instead. diff --git a/site/docs/install/dell3050.md.description b/site/docs/install/dell3050.md.description new file mode 100644 index 0000000..3bcb6e6 --- /dev/null +++ b/site/docs/install/dell3050.md.description @@ -0,0 +1 @@ +Dell OptiPlex 3050 installation. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/docs/install/dell7010.md b/site/docs/install/dell7010.md index dc4fb1e..493a003 100644 --- a/site/docs/install/dell7010.md +++ b/site/docs/install/dell7010.md @@ -1,13 +1,15 @@ --- -title: Dell OptiPlex 7010/9010 SFF +title: Install Libreboot on Dell OptiPlex 7010/9010 SFF x-toc-enable: true ... **This is only for the SFF variant. The MT variant is also supported, but for the MT variant, you must flash the [T1650 ROM image](t1650.md) instead.** -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -33,12 +35,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ?: UNKNOWN AT THIS TIME ``` @@ -46,7 +48,7 @@ P*: Partially works with blobs |---------------------------------------------------|----| | **Internal flashing with original boot firmware** | W+ | | **Display (if Intel GPU)** | W+ | -| **Display (discrete CPU, SeaBIOS payload only)** | W* | +| **Display (discrete GPU, SeaBIOS payload only)** | W* | | **Audio** | W+ | | **RAM Init** | W+ | @@ -56,8 +58,14 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works |
-Introduction -============ + +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Dell OptiPlex 7010 SFF and/or OptiPlex 9010 SFF desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. **Unavailable in Libreboot 20240612 or earlier. You must [compile from source](../build/), or use a version newer than Libreboot 20240612.** @@ -65,20 +73,22 @@ source](../build/), or use a version newer than Libreboot 20240612.** Official information about the computer can be found here: -Build ROM image from source ---------------------------- +### Build ROM image from source The build target, when building from source, is thus: ./mk -b coreboot dell7010sff_12mb -NOTE: The same 7010 SFF image also works on 9010 SFF. It's the same mainboard. +NOTE: The same 7010 SFF image also works on 9010 SFF. It's the same motherboard. -Installation -============ +Alternatively, you can use one of Libreboot's pre-compiled release images. -Insert binary files -------------------- +Install Libreboot +----------------- + +Libreboot can be installed via internal and/or external flashing methods. + +### Insert vendor files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure @@ -88,15 +98,13 @@ Libreboot's build system automatically downloads and processes these files if you build Libreboot from source, but the same logic that it uses must be re-run if you're using a release image. -Set MAC address ---------------- +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). -WARNING about CPU/GPU compatibility -------------------------------- +### WARNING about CPU/GPU compatibility If you want to use onboard graphics, you must have a CPU that has a GPU built into it. You can find a list here: @@ -110,8 +118,7 @@ used, SeaBIOS executes its VGA ROM which provides video init, instead of coreboot's native Intel video init. GRUB piggybacks off of what SeaBIOS did, so the GRUB payload will also work. -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. @@ -127,8 +134,7 @@ variables to flash during shutdown sequence, so you should *pull the plug* to shut it down (remove the power by pulling the plug) after flashprog says `VERIFIED`. -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) For general information, please refer to [25xx NOR flash instructions](../install/spi.md) - that page refers to use of socketed flash. diff --git a/site/docs/install/dell7010.md.description b/site/docs/install/dell7010.md.description new file mode 100644 index 0000000..71ba34a --- /dev/null +++ b/site/docs/install/dell7010.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Dell OptiPlex 7010 SFF. diff --git a/site/docs/install/dell780.md b/site/docs/install/dell780.md index 1772b11..8ef63c6 100644 --- a/site/docs/install/dell780.md +++ b/site/docs/install/dell780.md @@ -1,5 +1,5 @@ --- -title: Dell OptiPlex 780 MT/USFF +title: Install Libreboot on Dell OptiPlex 780 MT/USFF x-toc-enable: true ... @@ -29,12 +29,12 @@ Dell OptiPlex 780 ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ?: UNKNOWN AT THIS TIME ``` @@ -52,8 +52,14 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works | -Introduction -============ + +Open source BIOS/UEFI firmware +------------------------- + +This document will teach you how to install Libreboot, on your +Dell OptiPlex 780 desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. **Unavailable in Libreboot 20240612 or earlier. You must [compile from source](../build/), or use a version newer than Libreboot 20240612.** @@ -61,8 +67,7 @@ source](../build/), or use a version newer than Libreboot 20240612.** Official information about the computer can be found here: -Build ROM image from source ---------------------------- +### Build ROM image from source The build target, when building from source, is thus: @@ -75,25 +80,27 @@ The `_truncate` image is needed if you're flashing Libreboot internally from the original Dell firmware. Otherwise, you only need the regular images that lack `_truncate` in the file name. -100% FREE -========= +Alternatively, you can use release images instead of compiling from source. -This mainboard does not rely on any binary blobs in the flash. It is using +### 100% FREE / OPEN SOURCE! + +This motherboard is entirely free software in the main boot flash. It is using the Intel X4X / ICH10 platform, same as on the already supported -Gigabyte GA-G41M-ES2L mainboard. +Gigabyte GA-G41M-ES2L motherboard. -Installation -============ +Install Libreboot +----------------- -Set MAC address ---------------- +These next sections will teach you how to install Libreboot, on your +Dell OptiPlex 780 motherboard. + +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). -WARNING about CPU/GPU compatibility -------------------------------- +### WARNING about CPU/GPU compatibility Coreboot has libre initialisation code for Intel graphics, but libre initialisation code is not available for most graphics cards. This machine can @@ -102,8 +109,7 @@ used, SeaBIOS executes its VGA ROM which provides video init, instead of coreboot's native Intel video init. GRUB piggybacks off of what SeaBIOS did, so the GRUB payload will also work. -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) **Always make sure to dump a copy of the current flash first. ALSO: [make sure /dev/mem protection is disabled](devmem.md) for the flashing to work!** @@ -152,8 +158,7 @@ the full image; the one without `_truncate` in the file name uses all of the flash, with the BIOS region ending at the 8MB limit, so the BIOS region is therefore 2MB larger on those images. -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) For general information, please refer to [25xx NOR flash instructions](../install/spi.md) - that page refers to use of socketed flash. diff --git a/site/docs/install/dell780.md.description b/site/docs/install/dell780.md.description new file mode 100644 index 0000000..2a8e1d2 --- /dev/null +++ b/site/docs/install/dell780.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Dell OptiPlex 780. diff --git a/site/docs/install/dell9020.md b/site/docs/install/dell9020.md index 5a1273e..f512150 100644 --- a/site/docs/install/dell9020.md +++ b/site/docs/install/dell9020.md @@ -1,13 +1,15 @@ --- -title: Dell OptiPlex 9020 SFF/MT (and 7020), and XE2 MT/SFF +title: Install Libreboot on Dell OptiPlex 9020 SFF/MT (or 7020), or XE2 MT/SFF x-toc-enable: true ... **NOTE: Dell XE2 MT/SFF are also known to work, using the 9020 images. Same motherboards as the 9020 and 7020.** -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -37,12 +39,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ?: UNKNOWN AT THIS TIME ``` @@ -50,7 +52,7 @@ P*: Partially works with blobs |---------------------------------------------------|----| | **Internal flashing with original boot firmware** | W+ | | **Display (if Intel GPU)** | W+ | -| **Display (discrete CPU, SeaBIOS payload only)** | W* | +| **Display (discrete GPU, SeaBIOS payload only)** | W* | | **Audio** | W+ | | **RAM Init** | W+ | @@ -60,8 +62,14 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works |
-Introduction -============ + +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Dell OptiPlex 9020/7020 SFF/MT or XE2 SFF/MT desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. **Unavailable in Libreboot 20240126 or earlier. You must [compile from source](../build/), or use a version newer than Libreboot 20240126** @@ -70,12 +78,11 @@ Official information about this machine can be found here: ECC memory support -================== +------------------ The 9020 MT/SFF do not have ECC memory support. However: -Dell Precision T1700 --------------------- +### Dell Precision T1700 The T1700 is a version of the same motherboard, but with ECC support. You can flash the 9020 MT image on this board, and it will boot. @@ -84,7 +91,7 @@ Please note however that the native raminit (libre raminit) provided by Libreboot does not yet support ECC. You *may* be able to use ECC modules, but you won't actually have functioning ECC. -ECC support currently requires `mrc.bin`, which is a blob for raminit. +ECC support currently requires `mrc.bin`, which is vendor firmware for raminit. Libreboot removed this some time ago, instead favouring only the libre raminit. Patches are welcome, otherwise you can use an older revision of Libreboot with `mrc.bin` if you need ECC; it's unknown whether both the Haswell and @@ -97,18 +104,19 @@ if a blob *can* be avoided, it must be avoided. Therefore, `mrc.bin` is avoided since the libre raminit works pretty well these days (ECC notwithstanding). Buy Libreboot preinstalled -====================== +-------------------------- You can buy this machine professionally serviced, with Libreboot preinstalled and your choice of Linux/BSD system. Many upgrades are also available. See: - +**Minifree now sells the Libreboot 3050 Micro, instead of the Libreboot +9020 SFF. See: ** Sales are conducted to provide funding for the Libreboot project. Leah Rowe who runs Minifree, is also Libreboot's founder and lead developer. Patch -===== +----- Mate Kukri is the author of the original coreboot port. Thanks go to Kukri. Kukri's patch is here: @@ -118,16 +126,14 @@ Kukri's patch is here: This patch, at this revision (patchset 31), is what Libreboot uses for this port. -QUBES: how to get it working -------------------- +### QUBES: how to get it working Qubes requires IOMMU to be turned on. Please now read the next section. Qubes *WILL* work, if you configure Libreboot as directed below, but otherwise it will fail by default. This is because Libreboot *disables the IOMMU by default*, on this board. -Graphics cards and IOMMU --------------- +### Graphics cards and IOMMU IOMMU is buggy for some reason (we don't know why yet), when you plug in a graphics card. The graphics card simply won't work. On some of them, @@ -155,8 +161,7 @@ IOMMU, and only if vt-d is present. This is still the behaviour in Libreboot, but Libreboot adds an additional check: if `iommu` is not set in nvram, it defaults to on, but if it's set to disabled, then IOMMU is not initialised. -Enable IOMMU ------------- +### Enable IOMMU IOMMU is *disabled by default*, universally, on this board. You can turn it on, by modifying the ROM image prior to flashing, or modifying it prior to @@ -175,7 +180,7 @@ Then flash the ROM image. You can find nvramtool under `src/coreboot/default/util/nvramtool`. Do this in lbmk if you don't already havse `src/coreboot/default/`: - ./update trees -f coreboot default + ./mk -f coreboot default Then do this: @@ -202,8 +207,7 @@ with IOMMU enabled: Make sure to configure your image accordingly. -7020 compatibility ------------------- +### 7020 compatibility 7020/9020 MT each have the same motherboard. Flash the 9020 ROM from Libreboot on your 7020, and it will work. @@ -211,25 +215,31 @@ on your 7020, and it will work. Ditto 7020/9020 SFF, it's the same motherboard. However, Libreboot provides separate targets for MT and SFF. -Build ROM image from source ---------------------------- +### Build ROM image from source -For the MT variant (7020 MT and 9020 MT): +For the **20 MT variant (7020 MT and 9020 MT): ./mk -b coreboot dell9020mt_nri_12mb -For the SFF variant (7020 SFF and 9020 SFF): +For the **20 SFF variant (7020 SFF and 9020 SFF): ./mk -b coreboot dell9020sff_nri_12mb +For the T1700 MT variant: + + ./mk -b coreboot t1700mt_bmrc_12mb + +For the T1700 SFF variant: + + ./mk -b coreboot t1700sff_bmrc_12mb + It is important that you choose the right one. The MT variant is the full MTX tower. Installation -============ +------------ -Insert binary files -------------------- +### Insert binary files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure @@ -239,15 +249,13 @@ Libreboot's build system automatically downloads and processes these files if you build Libreboot from source, but the same logic that it uses must be re-run if you're using a release image. -Set MAC address ---------------- +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. @@ -267,8 +275,7 @@ the original Dell BIOS, remove power from the computer instead of shutting it down normally. It's recommended to use a live USB instead of the internal drive to prevent potential filesystem corruption.** -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) **REMOVE all power sources and connectors from the machine, before doing this. This is to prevent short circuiting and power surges while flashing.** diff --git a/site/docs/install/dell9020.md.description b/site/docs/install/dell9020.md.description new file mode 100644 index 0000000..5dedde4 --- /dev/null +++ b/site/docs/install/dell9020.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Dell OptiPlex 9020 MT and SFF, also XE2 SFF and MT. diff --git a/site/docs/install/dell_thermal.md b/site/docs/install/dell_thermal.md index a28552d..5e87935 100644 --- a/site/docs/install/dell_thermal.md +++ b/site/docs/install/dell_thermal.md @@ -17,7 +17,7 @@ Basically, what you need to do is: laptop came with, if you bought it on ebay for example). Arctic MX-6 is good. * Check that the fan works reliably -Also: the `intel_pstate` driver can be used to artifically cap CPU speed. See: +Also: the `intel_pstate` driver can be used to artificially cap CPU speed. See: diff --git a/site/docs/install/dell_thermal.md.description b/site/docs/install/dell_thermal.md.description new file mode 100644 index 0000000..80847b4 --- /dev/null +++ b/site/docs/install/dell_thermal.md.description @@ -0,0 +1 @@ +Thermal protection has a few idiosyncrasies, on the various motherboards supported by Libreboot. This guide will explain what they are. diff --git a/site/docs/install/devmem.md b/site/docs/install/devmem.md index d4ded98..c8d6916 100644 --- a/site/docs/install/devmem.md +++ b/site/docs/install/devmem.md @@ -1,5 +1,5 @@ --- -title: Disabling /dev/mem protections +title: Disabling /dev/mem protections on Linux and BSD x-toc-enable: true ... @@ -12,7 +12,7 @@ access once you no longer need it, as this is a useful security layer against any wrongful operations that you may later inadvertently run as root. Also disable SecureBoot -======================= +----------------------- If you're using a UEFI setup, it's probably because you're using a latter Intel platform and want to flash Libreboot internally, from @@ -22,19 +22,23 @@ If the factory firmware implements UEFI, and this is how you boot when using the factory firmware, please ensure that *SecureBoot* is disabled, because it will interfere with lower memory accesses if left enabled. +If you can, boot in BIOS/CSM mode just to be sure, again with SecureBoot +disabled. + FLASH ERRORS (and workarounds) -======================= +------------------------------ **NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) -now, as of 27 January 2024, which is a fork of flashrom.** +now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** This section relates to installing libreboot on supported targets. Right out of the gate, some users may experience errors with flashprog when using the internal programmer. They are: -/dev/mem access error ---------------------- +### /dev/mem access error NOTE: if running `flashprog -p internal` for software based flashing, and you get an error related to `/dev/mem` access, you should reboot with @@ -46,8 +50,7 @@ is `kernel.securelevel=-1`; see [NetBSD securelevel manual](https://wiki.netbsd.org/tutorials/kernel_secure_levels/) and [OpenBSD securelevel manual](https://man.openbsd.org/securelevel). -ERROR: Could not get I/O privileges ------------------------------------- +### ERROR: Could not get I/O privileges Error message: `ERROR: Could not get I/O privileges (Function not implemented)` diff --git a/site/docs/install/devmem.md.description b/site/docs/install/devmem.md.description new file mode 100644 index 0000000..cc57306 --- /dev/null +++ b/site/docs/install/devmem.md.description @@ -0,0 +1 @@ +Libreboot installation relies heavily on port IO and access to lower memory, which is usually restricted. Learn how to enable access on Linux and BSD. diff --git a/site/docs/install/ga-g41m-es2l.md b/site/docs/install/ga-g41m-es2l.md index a63301d..55091d3 100644 --- a/site/docs/install/ga-g41m-es2l.md +++ b/site/docs/install/ga-g41m-es2l.md @@ -1,5 +1,5 @@ --- -title: Gigabyte GA-G41M-ES2L desktop board +title: Install Libreboot on Gigabyte GA-G41M-ES2L ...
@@ -24,12 +24,12 @@ GA-G41M-ES2L | **Flash chip** | 2x8Mbit | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -48,8 +48,13 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works |
-Introduction -============ +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Gigabyte GA-G41M-ES2L desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. This is a desktop board using intel hardware (circa \~2009, ICH7 southbridge, similar performance-wise to the ThinkPad X200. It can make @@ -89,7 +94,7 @@ You can learn more about using the build system, lbmk, here:\ [libreboot build instructions](../build/) RAM -=== +--- **This board is very picky with RAM. If it doesn't boot, try an EHCI debug dongle, serial usb adapter and null modem cable, or spkmodem, to get a @@ -105,25 +110,25 @@ Many other modules will probably work just fine, but raminit is very picky on this board. Your mileage *will* fluctuate, wildly. MAC ADDRESS -=========== +----------- NOTE: due to a bug in the hardware, the MAC address is hardcoded in coreboot. Therefore, you must set your own MAC address in your operating system. -Use [macchanger](http://www.gnu.org/software/macchanger) in your +Use macchanger in your distro, to set a valid MAC address. By doing this, your NIC should work nicely. Flash chip size {#flashchips} -=============== +--------------------- Use this to find out: flashprog -p internal Flashing instructions {#clip} -===================== +-------------------------- Refer to [spi.md](spi.md) for how to set up an SPI programmer for external flashing. *You can only externally reprogram one of the chips @@ -164,5 +169,8 @@ NOTE: If you don't flash both chips, the recovery program from the default factory BIOS will kick in and your board will be soft bricked. Make sure that you flash both chips! -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** + diff --git a/site/docs/install/ga-g41m-es2l.md.description b/site/docs/install/ga-g41m-es2l.md.description new file mode 100644 index 0000000..54a301f --- /dev/null +++ b/site/docs/install/ga-g41m-es2l.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Gigabyte GA-G41M-ES2L motherboard. diff --git a/site/docs/install/hp2170p.md b/site/docs/install/hp2170p.md index 90c233b..247f329 100644 --- a/site/docs/install/hp2170p.md +++ b/site/docs/install/hp2170p.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook 2170p +title: Install Libreboot on HP EliteBook 2170p x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -22,20 +24,20 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** | **Graphics** | Intel HD Graphics 4000 | | **Display** | 1366x768 11.6" TFT | | **Memory** | Two slots, max 8GB/slot (2x16GB), DDR3/sodimm | -| **Architecture** | x86_64 | +| **Architecture** | x86\_64 | | **EC** | SMSC KBC1126, proprietary (in main boot flash) | | **Original boot firmware** | HP UEFI firmware | -| **Intel ME/AMD PSP** | Present. Can be disabled with me_cleaner. | +| **Intel ME/AMD PSP** | Present. Can be disabled with me\_cleaner. | | **Flash chip** | SOIC-8 16MiB (128Mbit), in a socket | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -53,52 +55,49 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works |
-Introduction -============ + +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +HP EliteBook 2170p laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. This is a portable, 11.6" Ivy Bridge platform from HP. More information is available on the [coreboot -documentation](https://doc.coreboot.org/mainboard/hp/2170p.html) - that page -said (on 16 August 2023) that GRUB hangs due to the `at_keyboard` module, but -this is no longer true; it's -[fixed](https://git.savannah.gnu.org/cgit/grub.git/commit/?id=830456a6e3b6ac92d10f9261177722a308652a1a) -in the latest GRUB revisions, and Libreboot's version of GRUB contains this fix. +documentation](https://doc.coreboot.org/mainboard/hp/2170p.html). **Unavailable in Libreboot 20230625 or earlier. You must [compile from source](../build/), or use at least Libreboot 20231021.** -Build ROM image from source ---------------------------- +### Build ROM image from source The build target, when building from source, is thus: ./mk -b coreboot hp2170p_16mb -Installation -============ +Install Libreboot +----------------- -Insert binary files -------------------- +### Insert binary files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure to adhere to this advice will result in a bricked machine) -Set MAC address ---------------- +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) **REMOVE all power sources like battery, charger and so on, before doing this. This is to prevent short circuiting and power surges while flashing; although diff --git a/site/docs/install/hp2170p.md.description b/site/docs/install/hp2170p.md.description new file mode 100644 index 0000000..9f4d0d2 --- /dev/null +++ b/site/docs/install/hp2170p.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP EliteBook 2170p. diff --git a/site/docs/install/hp2560p.md b/site/docs/install/hp2560p.md index 70fd672..f340a1c 100644 --- a/site/docs/install/hp2560p.md +++ b/site/docs/install/hp2560p.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook 2560p +title: Install Libreboot on HP EliteBook 2560p x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -34,16 +36,20 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** | **SeaBIOS with GRUB** | Works |
+Open source BIOS/UEFI firmware +------------------------- -Brief board info -================ +This document will teach you how to install Libreboot, on your +HP EliteBook 2560p laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. HP EliteBook 2560p is a 12.5" laptop you can read more about here: Installation of Libreboot -========================= +------------------------- Coreboot also has some information: diff --git a/site/docs/install/hp2560p.md.description b/site/docs/install/hp2560p.md.description new file mode 100644 index 0000000..2a968df --- /dev/null +++ b/site/docs/install/hp2560p.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP EliteBook 2560p. diff --git a/site/docs/install/hp2570p.md b/site/docs/install/hp2570p.md index f187603..b46a292 100644 --- a/site/docs/install/hp2570p.md +++ b/site/docs/install/hp2570p.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook 2570p +title: Install Libreboot on HP EliteBook 2570p x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -34,15 +36,23 @@ HP EliteBook 2570p | **SeaBIOS with GRUB** | Works |
+Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +HP EliteBook 2570p laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + Brief board info -================ +---------------- Vendor info here: - + Installation of Libreboot -========================= +------------------------- Coreboot also has some information: diff --git a/site/docs/install/hp2570p.md.description b/site/docs/install/hp2570p.md.description new file mode 100644 index 0000000..651f9a8 --- /dev/null +++ b/site/docs/install/hp2570p.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP EliteBook 2570p. diff --git a/site/docs/install/hp8200sff.md b/site/docs/install/hp8200sff.md index 8897646..6b1b61b 100644 --- a/site/docs/install/hp8200sff.md +++ b/site/docs/install/hp8200sff.md @@ -1,10 +1,12 @@ --- -title: HP Elite 8200 SFF/MT and 6200 Pro Business +title: Install Libreboot on HP Elite 8200 SFF/MT and 6200 Pro Business x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -21,17 +23,17 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** | **CPU** | Intel Sandy/Ivy Bridge | | **Graphics** | Intel HD Graphics or PCI-e low profile card | | **Memory** | Up to 32GB (4x8GB) | -| **Architecture** | x86_64 | +| **Architecture** | x86\_64 | | **Intel ME/AMD PSP** | Present, neutered | | **Flash chip** | SOIC-8 8MiB | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -49,22 +51,18 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works |
-Disable security before flashing -================================ +Open source BIOS/UEFI firmware +------------------------------ -Before internal flashing, you must first disable `/dev/mem` protections. Make -sure to re-enable them after you're finished. - -See: [Disabling /dev/mem protection](../install/devmem.md) - -Introduction -============ +This document will teach you how to install Libreboot, on your +HP Elite 8200 SFF desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. Libreboot has support for this, in the Git repository and release versions from 20230423 onwards. -Brief board info ----------------- +### Brief board info HP Elite 8200 SFF is a small-form-factor desktop of Intel Sandybridge platform which you can read more about here: @@ -79,7 +77,15 @@ Here's the [Technical Reference Manual](https://web.archive.org/web/201601091432 This system supports Ivy Bridge processors too. The original BIOS won't even POST with those, but with Libreboot they work fully. -Installation of Libreboot +Disable security before flashing +-------------------------------- + +Before internal flashing, you must first disable `/dev/mem` protections. Make +sure to re-enable them after you're finished. + +See: [Disabling /dev/mem protection](../install/devmem.md) + +Install Libreboot ------------------------- You can actually just compile the Libreboot ROM for this, and flash the @@ -146,8 +152,10 @@ between the pins until you can see the normal BIOS boot screen. ![](https://av.libreboot.org/hp8200sff/fdo\_screwdriver.jpg) -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** Now, run this command: @@ -266,7 +274,7 @@ the *ROM* by using the `-C` option in nvramtool. You can find this under the directory `src/coreboot/default/util/nvramtool` when downloading coreboot inside of lbmk by running the command: - ./update trees -f coreboot default + ./mk -f coreboot default Go in there and type `make` to build nvramtool. Simply run nvramtool without arguments, and it will show a list of options. diff --git a/site/docs/install/hp8200sff.md.description b/site/docs/install/hp8200sff.md.description new file mode 100644 index 0000000..3b36651 --- /dev/null +++ b/site/docs/install/hp8200sff.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP Elite 8200 SFF motherboard. diff --git a/site/docs/install/hp820g2.md b/site/docs/install/hp820g2.md index 966bca9..b29baee 100644 --- a/site/docs/install/hp820g2.md +++ b/site/docs/install/hp820g2.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook 820 G2 +title: Install Libreboot on HP EliteBook 820 G2 x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -35,12 +37,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -59,30 +61,56 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works |
-Brief board info: +Open source BIOS/UEFI firmware +------------------------- -Full hardware specifications can be found on HP's own website: - - - -Introduction -============ +This document will teach you how to install Libreboot, on your +HP EliteBook 820 G2 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. Please build this from source with lbmk: ./mk -b coreboot hp820g2_12mb More information is available in the [build guide](../build/), including how -to install build dependencies. Building from source is required, because there -aren't any ROM images for this board, in regular Libreboot releases. The -reason is that the vendor inject scripts don't currently work, because coreboot -compresses the refcode when inserting it at build time, and the process of -compression is not yet reproducible; it's not feasible to do so, and making -it not be compressed in flash would not be ideal either, so this is simply -a source-only port in Libreboot. +to install build dependencies. + +Alternatively, you can use pre-compiled release images. + +Full hardware specifications can be found on HP's own website: + + + +Pre-compiled images now possible! +-------------------------------- + +From Libreboot 20241206 **revision 8** onwards, pre-compiled ROM images *are* +now available. Previous releases excluded images for this board, because vendor +file insertion was not reproducible, so you would get checksum errors. This +has been fixed with the following patch: + + + +The refcode is inserted uncompressed, whereas upstream uses LZMA compression. +We can't predict how the implementation will change in the future, and any +behavioural changes would probably affect the checksum on insertion. Older +releases also didn't handle `rmodtool` on refcode insertion, which is used +to make the file relocatable in CBFS. See: + + + +As of Libreboot 20241206 rev8, you can now use pre-compiled release images +and [insert vendor files](ivy_has_common.md). + +The lack of refcode compression costs about 110KB, because the refcode file is +about 180KB uncompressed, but would be about 70KB compressed in flash. We +insert it uncompressed, so it's 180KB in flash. This is a small sacrifice, +considering that you still have about 10MB of unused flash space left, at least +as of the 20241206 rev8 release. HP Sure Start -============= +------------- There is a 16MB flash and a 2MB flash. Read this page for info: @@ -113,7 +141,7 @@ the Libreboot installation, because it's also important when updating Libreboot later on. Installation of Libreboot -========================= +------------------------- Make sure to set the MAC address in the flash: [Modify MAC addresses with nvmutil](../install/nvmutil.md). @@ -157,20 +185,50 @@ Refer generally to the [main flashing guide](../install/) and to the [external flashing guide](../install/spi.md) so that you can learn how to actually flash it. -TPM 2.0 potentially supported -============================== +TPM 2.0 supported +----------------------------- + +** DO NOT DO THIS WITH ORIGINAL BOOT FIRMWARE, IT BECAMES UNBOOTABLE; see + ** The onboard TPM is an SLB 9660, which supports TPM 1.2 but it is known to be -compatible with TPM 2.0 via firmware upgrade. Although not yet tested, we have -some notes about that here: +compatible with TPM 2.0 via firmware upgrade, but incompatible with stock rom. -[../../tasks/#hp-820-g2-tpm](../../tasks/#hp-820-g2-tpm) +Only by externally backing up the stock flash and private flash, flashing libreboot, booting to OS, downgrading it, then reflashing stock firmware from backup would make it work again. **Untested, may work with HP TPM Configuration Utility on Windows.** + +One way to do it is using the TPMFactoryUpd tool from + +iavael's + +or +crass's github repo with SLB 966x firmware; + + +after making it and checking the machine's tpm version with; + +``` +TPMFactoryUpd -info +``` + +Before upgrading, make sure the ownership is unclaimed and tpm enabled. +to update, you should use config file in the firmware folder inside the downloaded and extracted 9665FW update package_1.5.zip, then start the upgrade process: + +``` +TPMFactoryUpd -update config-file -config TPM12_latest.cfg +``` Not yet used meaningfully by Libreboot itself, but the TPM can be used to implement things like measured boot. +Similar models working with this firmware +---------- + +More testing is needed, but works almost flawlessly; + + + References -========== +---------- See: diff --git a/site/docs/install/hp820g2.md.description b/site/docs/install/hp820g2.md.description new file mode 100644 index 0000000..a174b2b --- /dev/null +++ b/site/docs/install/hp820g2.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP EliteBook 820 G2. diff --git a/site/docs/install/hp8300usdt.md b/site/docs/install/hp8300usdt.md index 0585c8b..3656c51 100644 --- a/site/docs/install/hp8300usdt.md +++ b/site/docs/install/hp8300usdt.md @@ -1,10 +1,12 @@ --- -title: HP Compaq Elite 8300 USDT +title: Install Libreboot HP Compaq Elite 8300 USDT x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -24,15 +26,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** | **Intel ME/AMD PSP** | Present, neutered | | **Flash chip** | SOIC-16 16MiB | -Disable security before flashing -================================ +Open source BIOS/UEFI firmware +------------------------- -Before internal flashing, you must first disable `/dev/mem` protections. Make -sure to re-enable them after you're finished. - -See: [Disabling /dev/mem protection](../install/devmem.md) - -# Introduction +This document will teach you how to install Libreboot, on your +HP Elite 8300 USDT desktop motherboard. Libreboot replaces proprietary +BIOS/UEFI firmware. This is a small but powerful desktop using Sandy or Ivy Bridge CPUs (of up to 65W TDP). @@ -58,9 +57,21 @@ These features are tested and confirmed working: * Wake on LAN * Rebooting -# Installation +Disable security before flashing +-------------------------------- -## Internal flashing +Before internal flashing, you must first disable `/dev/mem` protections. Make +sure to re-enable them after you're finished. + +See: [Disabling /dev/mem protection](../install/devmem.md) + +Install Libreboot +----------------- + +These next sections will teach you how to install Libreboot on your +HP Elite 8300 USDT motherboard. + +### Internal flashing Internal flashing is possible. OEM BIOS versions 2.87 and 2.90 are confirmed compatible with this guide. BIOS 2.05 is confirmed **not** to work. @@ -81,8 +92,10 @@ crystal (small metal cylinder) and the power cable for the optical drive. Boot into an OS of your choice (that has flashprog support). -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** The BIOS should no longer impose any write-protections. You can now use `flashprog -p internal` freely. @@ -111,7 +124,7 @@ You can now move the jumper back to its original place. By default, Libreboot applies no write-protection, so updating it can be done without the jumper anyway. -## External flashing +### External flashing Unbricking is possible by external flashing. You first need to remove the optical disk drive and 2.5" HDD/SSD and the metal bracket that diff --git a/site/docs/install/hp8300usdt.md.description b/site/docs/install/hp8300usdt.md.description new file mode 100644 index 0000000..3e84f10 --- /dev/null +++ b/site/docs/install/hp8300usdt.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP Elite 8300 USDT motherboard. diff --git a/site/docs/install/hp8460p.md b/site/docs/install/hp8460p.md index 414a78e..376ec82 100644 --- a/site/docs/install/hp8460p.md +++ b/site/docs/install/hp8460p.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook 8460p +title: Install Libreboot on HP EliteBook 8460p x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -31,12 +33,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -54,8 +56,16 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works |
-Introduction -============ + +Open source BIOS/UEFI firmware +------------------------- + +These next sections will teach you how to install Libreboot, on your +HP EliteBook 8460p laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +Vendor manual [here](https://web.archive.org/web/20240814185019/https://h10032.www1.hp.com/ctg/Manual/c03253774.pdf). **Unavailable in Libreboot 20231106 or earlier. You must [compile from source](../build/), or use a release newer than 20231106.** @@ -64,38 +74,35 @@ This is a beastly 14" Sandy Bridge platform from HP. **NOTE: Until otherwise stated, only the Intel GPU variant is supported in Libreboot.** -Build ROM image from source ---------------------------- +### Build ROM image from source The build target, when building from source, is thus: ./mk -b coreboot hp8460pintel_8mb -Installation -============ +Install Libreboot +----------------- -Insert binary files -------------------- +**Please take care to insert the vendor files, if using release images.** + +### Insert binary files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure to adhere to this advice will result in a bricked machine) -Set MAC address ---------------- +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To -change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). +change the MAC address, please read [nvmutil documentation](/nvmutil.md). -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) **REMOVE all power sources like battery, charger and so on, before doing this. This is to prevent short circuiting and power surges while flashing.** diff --git a/site/docs/install/hp8460p.md.description b/site/docs/install/hp8460p.md.description new file mode 100644 index 0000000..fb08fe9 --- /dev/null +++ b/site/docs/install/hp8460p.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP EliteBook 8460p. diff --git a/site/docs/install/hp8470p.md b/site/docs/install/hp8470p.md index 85afd7f..1d337fa 100644 --- a/site/docs/install/hp8470p.md +++ b/site/docs/install/hp8470p.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook 8470p +title: Install Libreboot on HP EliteBook 8470p x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -31,12 +33,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -54,51 +56,49 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works |
-Introduction -============ -**Unavailable in Libreboot 20230625 or earlier. You must [compile from -source](../build/), or use at least Libreboot 20231021.** +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +HP EliteBook 8470p laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. Official information about the laptop can be found here: - + This is a beastly 14" Ivy Bridge platform from HP. **NOTE: Until otherwise stated, only the Intel GPU variant is supported in Libreboot.** -Build ROM image from source ---------------------------- +### Build ROM image from source The build target, when building from source, is thus: ./mk -b coreboot hp8470pintel_16mb Installation -============ +------------ -Insert binary files -------------------- +### Insert binary files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure to adhere to this advice will result in a bricked machine) -Set MAC address ---------------- +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) **REMOVE all power sources like battery, charger and so on, before doing this. This is to prevent short circuiting and power surges while flashing.** diff --git a/site/docs/install/hp8470p.md.description b/site/docs/install/hp8470p.md.description new file mode 100644 index 0000000..617bfe9 --- /dev/null +++ b/site/docs/install/hp8470p.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP EliteBook 8470p. diff --git a/site/docs/install/hp8560w.md b/site/docs/install/hp8560w.md index e5a261a..fea69c7 100644 --- a/site/docs/install/hp8560w.md +++ b/site/docs/install/hp8560w.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook 8560w +title: Install Libreboot on HP EliteBook 8560w x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -31,12 +33,12 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -54,8 +56,16 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works |
-Introduction -============ + +Open source BIOS/UEFI firmware +------------------------- + +These next sections will teach you how to install Libreboot, on your +HP EliteBook 8560w laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +Vendor manual [here](https://web.archive.org/web/20240629174138/https://h10032.www1.hp.com/ctg/Manual/c03424153.pdf). **Unavailable in Libreboot 20240126 or earlier. You must [compile from source](../build/), or use a release newer than 20240126.** @@ -64,8 +74,7 @@ This is a beastly 15" Sandy Bridge mobile workstation from HP. **Wi-Fi does not work. It shows correctly in lspci, but stays hard blocked.** -GPU ---- +### GPU This laptop has upgradeable GPU: it has a socketed MXM-A 3.0 card. So far, only Quadro 1000M and 2000M (which shipped with the laptop originally) have @@ -89,38 +98,33 @@ If you have an eDP panel, you should be able to use newer cards than that. As long as the card has an onboard VBIOS, Libreboot will execute it and everything *should* work. **However, this is currently untested.** -Build ROM image from source ---------------------------- +### Build ROM image from source The build target, when building from source, is thus: ./mk -b coreboot hp8560w_8mb Installation -============ +------------ -Insert binary files -------------------- +### Insert binary files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure to adhere to this advice will result in a bricked machine) -Set MAC address ---------------- +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. -Flash a ROM image (hardware) ------------------ +### Flash a ROM image (hardware) **REMOVE all power sources like battery, charger and so on, before doing this. This is to prevent short circuiting and power surges while flashing.** diff --git a/site/docs/install/hp8560w.md.description b/site/docs/install/hp8560w.md.description new file mode 100644 index 0000000..33f47d8 --- /dev/null +++ b/site/docs/install/hp8560w.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your HP EliteBook 8560w. diff --git a/site/docs/install/hp9470m.md b/site/docs/install/hp9470m.md index f26209b..ee99f37 100644 --- a/site/docs/install/hp9470m.md +++ b/site/docs/install/hp9470m.md @@ -1,10 +1,12 @@ --- -title: HP EliteBook Folio 9470m +title: Install Libreboot on HP EliteBook Folio 9470m x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -34,20 +36,30 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** | **SeaBIOS with GRUB** | Works |
-Introduction -============ +Open source BIOS/UEFI firmware +------------------------------ + +These sections will teach you how to install Libreboot, on your +HP EliteBook Folio 9470m laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. HP EliteBook Folio 9470m is a 14" ultrabook with a backlit keyboard. +Vendor manual [here](https://web.archive.org/web/20240509202822/http://h10032.www1.hp.com/ctg/Manual/c03909856.pdf). + Libreboot has support for this, in the Git repository and release versions from Libreboot 20230423 onwards. -Installation of Libreboot -========================= +Install Libreboot +----------------- You must first compile the Libreboot ROM - ./mk -b coreboot hp9470m_16mb + ./mk -b coreboot hp9470m_16mb + +**You can also use release images, instead of compiling, but please make +sure to follow the notes below about vendorfile insertion, first!** More information about building ROM images can be found in the [build guide](../build). @@ -69,8 +81,7 @@ in the same guide linked above, or read the nvmutil manual: [Modify MAC addresses with nvmutil](../install/nvmutil.md). -Disassembly ------------ +### Disassembly Remove the battery. @@ -91,6 +102,8 @@ Some part of the board might turn on when programming. If programming fails, you might have to attach the laptop to a charger. Make sure the laptop powers off before running flashprog. No LEDs should be lit. -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** diff --git a/site/docs/install/hp9470m.md.description b/site/docs/install/hp9470m.md.description new file mode 100644 index 0000000..7815a45 --- /dev/null +++ b/site/docs/install/hp9470m.md.description @@ -0,0 +1 @@ +HP EliteBook Folio 9470m added. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/docs/install/ich9utils.md b/site/docs/install/ich9utils.md index 2be3496..324f9c2 100644 --- a/site/docs/install/ich9utils.md +++ b/site/docs/install/ich9utils.md @@ -10,7 +10,8 @@ can modify the ifd file with coreboot's ifdtool. You can use nvmutil to modify the GbE NVM MAC address** **If all you want to do is change the MAC address, you might use `nvmutil` -instead. See: [nvmutil documentation](../install/nvmutil.md).** +instead. See: [nvmutil documentation](../install/nvmutil.md), or use +the [inject script](ivy_has_common.md).** The documentation below is *still valid*, if you actually want to use ich9utils. You can find it in older Libreboot releases, up to Libreboot 20230625. The only @@ -26,7 +27,7 @@ scrapped. Anyway, ich9utils documentation: Introduction -============ +------------ The `ich9utils` utility from Libreboot is used to manipulate Intel Flash Descriptors for ICH9M on laptops such as ThinkPad X200 or T400. Specifically, @@ -74,7 +75,7 @@ More information about the ME can be found at Another project: ich9utils -========= +--------- You can find `ich9utils` on the [Git page](../../git.md) or you can download `lbmk` from the same page at an under revision (around Libreboot 20230625 or @@ -84,7 +85,7 @@ Go in there and type `make` to get the binaries: `ich9deblob`, `ich9gen` and `ich9show`. ICH9 show utility {#ich9show} -================ +--------------------------- The *ich9show* utility outputs the entire contents of the descriptor and GbE regions in a given ROM image as supplied by the user. Output is in Markdown @@ -92,7 +93,7 @@ format (Pandoc variant) so that it can be converted easily into various formats. It could even be piped *directly* into pandoc! ICH9 gen utility {#ich9gen} -================ +--------------------------- When you simply run `ich9gen` without any arguments, it generates descriptor+GbE images with a default MAC address in the GbE region. If you wish @@ -184,8 +185,7 @@ Your libreboot.rom image is now ready to be flashed on the system. Refer back to [../install/\#flashprog](../install/#flashprog) for how to flash it. -Write-protecting the flash chip -------------------------------- +### Write-protecting the flash chip The `ich9gen` utility (see below) generates two types of descriptor+GbE setup: @@ -199,7 +199,7 @@ the contents of flash). For ease of use, libreboot provides ROMs that are read-write by default. ICH9 deblob utility {#ich9deblob} -=================== +----------------------------------- This was the tool originally used to disable the ME on X200 (later adapted for other systems that use the GM45 chipset). @@ -209,7 +209,7 @@ not rely on dumping the factory.rom image (whereas, ich9deblob does). Simply speaking, `ich9deblob` takes an original dump of the boot flash, where that boot flash contains a descriptor that defines the existence of Intel ME, and modifies it. The Intel Flash Descriptor is modified to disable the ME -region. It disables the ME itself aswell. The GbE region is moved to the +region. It disables the ME itself as well. The GbE region is moved to the location just after the descriptor. The BIOS region is specified as being after the descriptor+GbE regions, filling the rest of the boot flash. @@ -278,7 +278,7 @@ back to [index.md/\#gm45](index.md/#gm45) for how to flash it. demefactory utility {#demefactory} -=================== +---------------------------------- This utility has never been tested, officially, but it *should* work. diff --git a/site/docs/install/ich9utils.md.description b/site/docs/install/ich9utils.md.description new file mode 100644 index 0000000..c89e04e --- /dev/null +++ b/site/docs/install/ich9utils.md.description @@ -0,0 +1 @@ +Documentation pertaining to the deprecated ich9utils which can generate or modify Intel Flash Descriptors, and Intel GbE NVM images. diff --git a/site/docs/install/index.md b/site/docs/install/index.md index 6c141c3..3ed0252 100644 --- a/site/docs/install/index.md +++ b/site/docs/install/index.md @@ -1,21 +1,34 @@ --- -title: Libreboot installation guides +title: Install Libreboot Open Source BIOS/UEFI boot firmware x-toc-enable: true ... +Open source BIOS/UEFI boot firmware +------------------------------ + +With x86 machines, you can use the SeaBIOS or the GNU boot loader named GRUB as +a payload. On ARM +systems, you can use the U-Boot payload (coreboot still initialises hardware). +An x86/x86\_64 U-Boot UEFI payload is also available. + This article will teach you how to install Libreboot, on any of the supported -laptop, desktop and server motherboards. +laptop, desktop and server motherboards of Intel/AMD x86/x86\_64 and ARM64 +platform. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. **ALWAYS remember to make a backup of the current flash, when overwriting it, regardless of what firmware you currently have and what firmware you're re-flashing it with; this includes updates between Libreboot releases. Use the `-r` option in flashprog instead `-w`, to read from the flash.** -**SAFETY WARNING!** -==================================================================== +SAFETY WARNING! +--------------- -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](../../news/safety.md).**] +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** **If you're using release ROMs, some files may be missing inside them, and must be added. See: [Inserting Vendor Files](ivy_has_common.md).** @@ -23,7 +36,7 @@ be added. See: [Inserting Vendor Files](ivy_has_common.md).** If you're [building from source](../build/), you can ignore the above guidance. Install Libreboot via external flashing -================= +--------------------------------------- Refer to the following article:\ [Externally rewrite 25xx NOR flash via SPI protocol](spi.md) @@ -35,7 +48,7 @@ externally or internally - if only external flashing is available, then it's usually the case that only external dumping is available too. Need help? -========== +---------- Help is available on [Libreboot IRC](../../contact.md) and other channels. @@ -48,7 +61,7 @@ Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. Which systems are supported by Libreboot? -======================================== +----------------------------------------- Before actually reading the installation guides, please ensure that your system is fully supported by Libreboot. More information about the Libreboot @@ -56,27 +69,21 @@ build system can be found in the [lbmk maintenance manual](../maintain/), and information about porting new systems in the [porting manual](../maintain/porting.md). -With x86 machines, you can use the SeaBIOS or GNU GRUB payloads. On ARM -systems, you can use the U-Boot payload (coreboot still initialises hardware). - Libreboot currently supports the following systems: -Games consoles --------------- +### Games consoles - [Sony Playstation](playstation.md) (PS1/PSX) -Servers (AMD, x86) ------------------- +### Servers (AMD, x86) - [ASUS KFSN4-DRE motherboard](kfsn4-dre.md) - [ASUS KGPE-D16 motherboard](kgpe-d16.md) -Desktops (AMD, Intel, x86) --------------------------- +### Desktops (AMD, Intel, x86) -- **[Dell OptiPlex 7020/9020 MT and SFF](dell9020.md) - Also [available to buy - with Libreboot preinstalled](https://minifree.org/product/libreboot-9020/)** - Dell OptiPlex XE2 MT/SFF also known to work +- [Dell OptiPlex 3050 Micro](dell3050.html) - **Also [available to buy with Libreboot pre-installed](https://minifree.org/product/libreboot-3050-micro/)** +- [Dell OptiPlex 7020/9020 MT and SFF](dell9020.md) - Dell OptiPlex XE2 MT/SFF also known to work - [Acer G43T-AM3](acer_g43t-am3.md) - Apple iMac 5,2 - [ASUS KCMA-D8 motherboard](kcma-d8.md) @@ -84,7 +91,6 @@ Desktops (AMD, Intel, x86) research is needed) - 9010 also known to work. No GPIO changes, so it should be safe to flash. - [Dell OptiPlex 780 variants e.g. MT, USFF](dell780.md) -- [Dell OptiPlex 3050 Micro](dell3050.md) - [Dell OptiPlex 7010/9010 SFF](dell7010.md) **(for MT, please use the T1650 image)** - Dell Precision T1700 (use the same ROM as 9020 MT, but it won't have ECC support) - [Dell Precision T1650](t1650.md) **(the same ROM works on 7010/9010 MT variant)** @@ -94,14 +100,11 @@ Desktops (AMD, Intel, x86) - Intel D510MO and D410PT motherboards - [Intel D945GCLF](d945gclf.md) -Laptops (Intel, x86) --------------------- +### Laptops (Intel, x86) -- [Lenovo ThinkPad T480 and ThinkPad T480s](t480.md) -- **Lenovo ThinkPad T440p - Also [available - to buy with Libreboot preinstalled](https://minifree.org/product/libreboot-t440p/)** -- **Lenovo ThinkPad W541 - Also [available to - buy with Libreboot preinstalled](https://minifree.org/product/libreboot-w541/)** - NOTE: W540 also compatible (same mainboard, so flash the same ROM) +- [Lenovo ThinkPad T480 and ThinkPad T480s](t480.html) - Also **[available to buy with Libreboot pre-installed](https://minifree.org/product/libreboot-t480/)** +- Lenovo ThinkPad T440p +- Lenovo ThinkPad W541 - Lenovo ThinkPad X230 - *Also* available on Minifree: - [Apple MacBook1,1 and MacBook2,1](macbook21.md) - [Dell Latitude E4300, E6400, E6400 XFR and E6400 ATG, all with Nvidia or Intel @@ -129,19 +132,17 @@ Laptops (Intel, x86) - Lenovo Thinkpad X220 / X200 Tablet - [Lenovo Thinkpad X230 / X230 Tablet](x230_external.md) -Laptops (ARM, with U-Boot payload) ----------------------------------- +### Laptops (ARM, with U-Boot payload) - [ASUS Chromebook Flip C101 (gru-bob)](chromebooks.md) - [Samsung Chromebook Plus (v1) (gru-kevin)](chromebooks.md) -Emulation ---------- +### Emulation - [Qemu x86 and arm64](../misc/emulation.md) -**Disable security before flashing** -================================ +Disable security before flashing +-------------------------------- **Before internal flashing, you must first disable `/dev/mem` protections. Make sure to re-enable them after you're finished.** @@ -149,7 +150,7 @@ sure to re-enable them after you're finished.** **See: [Disabling /dev/mem protection](devmem.md)** ROM image file names -==================== +-------------------- Libreboot ROM images are named like this: `payload_board_inittype_displaytype_keymap.rom` @@ -179,7 +180,7 @@ executed instead, if the primary payload is SeaBIOS, whether that be pure SeaBIOS or a SeaGRUB setup. EC firmware updates -=================== +------------------- Obviously, free EC firmware would be preferable, but it is not the case on all machine. We would like to have free EC firmware on more machines, but for @@ -200,31 +201,28 @@ It is recommended that you update to the latest EC firmware version. The Updating the EC can sometimes provide benefit depending on the vendor. For example, they might fix power issues that could then enhance battery life. -ThinkPads ---------- +### ThinkPads See: Otherwise, check the Lenovo website to find the update utility for your -mainboard. +motherboard. -HP EliteBooks -------------- +### HP EliteBooks EC firmware is required in the main boot flash, but Libreboot's build system automatically downloads this from HP for each machine, and inserts it, so you don't have to worry. Just make sure that [vendor files are inserted](ivy_has_common.md) if using release images. -Other ------ +### Other The same wisdom applies to other laptop vendors. Non-laptops typically do not have embedded controllers in them. Libreboot installation instructions -=================================== +----------------------------------- In general, if Libreboot is already running, you can skip towards the final section on this page, which provides general internal @@ -239,8 +237,7 @@ Therefore, before following generic guides, make sure to check first whether your board has special instructions, otherwise use the generic guide at the end of this article. -Intel GbE MAC address (IFD-based systems) ---------------------------------------- +### Intel GbE MAC address (IFD-based systems) On all Intel platforms except X4X (e.g. Gigabyte GA-G41M-ES2L) and i945 ones (e.g. ThinkPad X60, ThinkPad T60, MacBook2,1), an Intel Flash Descriptor is @@ -250,8 +247,7 @@ flash, and can (must) be changed prior to installation. You can use [nvmutil](nvmutil.md) to change the MAC address. You will perform this modification to the ROM image, before flashing it. -Flash lockdown / boot security -------------------- +### Flash lockdown / boot security This is referred to informally as *Secure libreBoot*. @@ -263,10 +259,9 @@ See: [GRUB hardening / Secure libreBoot](../linux/grub_hardening.md) If you already did this, it's possible that you may no longer be able to flash internally. If that is the case, you must [flash externally](spi.md). -Updating an existing installation ---------------------------------- +### Updating an existing installation -Unless otherwise stated, in sections pertaining to each mainboard below, +Unless otherwise stated, in sections pertaining to each motherboard below, an existing Libreboot installation can be updated via internal flashing, without any special steps; simply follow the general internal flashing guide, in the final section further down this page. @@ -278,33 +273,29 @@ If you currently have the factory firmware, you probably need to flash externally; on *some* machines, internal flashing is possible, usually with special steps required that differ from updating an existing installation. -The next sections will pertain to specific mainboards, where indicated, +The next sections will pertain to specific motherboards, where indicated, followed by general internal flashing instructions where applicable. -HP EliteBook 820 G2 (internal and external) -------------------- +### HP EliteBook 820 G2 (internal and external) See: [HP EliteBook 820 G2 flashing guide](hp820g2.md) The flashprog command is identical, except programmer selection, on external and internal flashing; internal is only possible if you already have Libreboot. -HP EliteBook 8560w (vendor BIOS) --------------------- +### HP EliteBook 8560w (vendor BIOS) If you have the factory firmware: [HP 8560w external flashing guide](hp8560w.md) -Dell Latitude laptops (vendor BIOS) ---------------------- +### Dell Latitude laptops (vendor BIOS) See: [Dell Latitude flashing guide](latitude.md) This applies to all supported Dell Latitude models. Remember to [update the MAC address with nvmutil](nvmutil.md), before flashing. -ThinkPad X200/T400/T500/W500/R400/R500 --------------------------------------- +### ThinkPad X200/T400/T500/W500/R400/R500 If you're running one of these with Lenovo BIOS, you must externally flash Libreboot, because the original firmware restricts writes to the flash. @@ -325,35 +316,30 @@ You can find WSON8 probes online, that are similar to a SOIC8/SOIC16 clip. Your mileage may very, but WSON8 has the same pinout as SOIC8 so you might have some luck with that. -Intel D510MO/D410PT (vendor BIOS) ------------------------ +### Intel D510MO/D410PT (vendor BIOS) See: [External flashing guide](spi.md) - both boards are compatible with the same image. -Gigabyte GA-G41M-ES2L (vendor BIOS) ---------------------- +### Gigabyte GA-G41M-ES2L (vendor BIOS) Internal flashing is possible, from factory BIOS to Libreboot, but special steps are required. See: [Gigabyte GA-G41M-ES2L installation guide](ga-g41m-es2l.md) -Acer G43T-AM3 (vendor BIOS) --------------------- +### Acer G43T-AM3 (vendor BIOS) See: [Acer G43T-AM3](acer_g43t-am3.md) -MacBook 1,1 / 2,1 / iMac 5,2 (vendor BIOS) -------------------------- +### MacBook 1,1 / 2,1 / iMac 5,2 (vendor BIOS) MacBook *1,1* requires [external flashing](spi.md). MacBook *2,1* can always be flashed internally. iMac 5,2 can be flashed internally. Also check the [Macbook2,1 hardware page](macbook21.md) -ASUS KCMA-D8 / KGPE-D16 (vendor BIOS) --------------------------- +### ASUS KCMA-D8 / KGPE-D16 (vendor BIOS) [You must flash it externally](spi.md) (DIP-8 section) - also look at the [KGPE-D16 hardware page](kgpe-d16.md). @@ -363,8 +349,7 @@ Further information is available on the [KCMA-D8 page](kcma-d8.md). KGPE-D16 installation is essentially the same, with the same type of flash IC (DIP-8). Refer to the external flashing guide. -ASUS KFSN4-DRE (vendor BIOS) -------------------------- +### ASUS KFSN4-DRE (vendor BIOS) This board uses LPC flash in a PLCC32 socket. This coreboot page shows an example of the push pin as a proof of concept: @@ -375,27 +360,23 @@ See: [ASUS KFSN4-DRE guide](kfsn4-dre.md) Hot-swap the flash IC with another one while it's running, and flash it internally. -Intel D945GCLF (vendor BIOS) ---------------------------------- +### Intel D945GCLF (vendor BIOS) See: [Intel D945GCLF flashing guide](d945gclf.md) -Dell OptiPlex 3050 Micro (vendor BIOS) ---------------------- +### Dell OptiPlex 3050 Micro (vendor BIOS) Refer to the [3050 Micro page](dell3050.md). Internal flashing also possible. This has the Intel Boot Guard, but Libreboot uses the *deguard* utility to disable the Boot Guard on this Intel 7th gen board. -Dell OptiPlex 7010/9010 SFF (vendor BIOS) ---------------------- +### Dell OptiPlex 7010/9010 SFF (vendor BIOS) Refer to the [7010/9020 SFF page](dell7010.md). Internal flashing also possible. NOTE: If you have the *MT* variant, read the sections below instead (the SFF ROM is only for SFF). -Dell OptiPlex 7010/9010 MT (vendor BIOS) ---------------------- +### Dell OptiPlex 7010/9010 MT (vendor BIOS) This board is essentially identical to the Dell Precision T1650, except that it does not support ECC memory. Same wiring. @@ -403,22 +384,19 @@ it does not support ECC memory. Same wiring. You can flash the T1650 image on this machine. NOTE: This applies to the MT variant, specifically. Do not flash T1650 images on the 7010/9010 *SFF*. -Dell Precision T1650 desktop ------------------------------------- +### Dell Precision T1650 desktop Refer to the [T1650 hardware page](t1650.md). External flashing required, or you can set the Service Mode jumper and flash internally (from vendor firmware, to Libreboot). -Dell OptiPlex 7020/9020/XE2 SFF/MT / Precision T1700 ------------------------------------- +### Dell OptiPlex 7020/9020/XE2 SFF/MT / Precision T1700 Refer to the [7020/9020 hardware page](dell9020.md). Internal flashing (from vendor firmware to Libreboot) is possible if you set the Service Mode jumper. -HP EliteBook laptops (vendor BIOS) --------------------- +### HP EliteBook laptops (vendor BIOS) Refer to the [hardware page]() for info about HP laptops, and read the [external flashing guide](spi.md). @@ -436,18 +414,15 @@ Links to specific HP laptop pages: These pages provide more info about external flashing. You must remember to [insert vendor files](ivy_has_common.md), if you're using release ROMs. -HP Elite 8200 SFF (vendor BIOS) -------------------------- +### HP Elite 8200 SFF (vendor BIOS) See: [HP Elite 8200 SFF install guide](hp8200sff.md) -HP Elite 8300 USDT (vendor BIOS) ----------------------------- +### HP Elite 8300 USDT (vendor BIOS) See: [HP Elite 8200 USDT install guide](hp8300usdt.md) -ThinkPad X220/X220T/T420/T420s/T520 ------------------------------------ +### ThinkPad X220/X220T/T420/T420s/T520 T420/T520: [T420 flash instructions](t420_external.md) @@ -461,8 +436,7 @@ internally; you must use [an external flasher](spi.md). Otherwise, look at [X230 disassembly](x230_external.md). Note that the X220 has a single 8MB flash, instead of 8MB and 4MB. -ThinkPad X230/T430/T530/W530/X230T ----------------------------------- +### ThinkPad X230/T430/T530/W530/X230T Internal flashing from vendor BIOS to Libreboot is possible, but not recommended. See: [IvyBridge ThinkPad internal flashing](ivy_internal.md). @@ -472,8 +446,7 @@ See: [ThinkPad X230 install guide](x230_external.md). Otherwise, refer to [external SPI flashing](spi.md). -ThinkPad T60/X60/X60Tablet/X60S -------------------------------- +### ThinkPad T60/X60/X60Tablet/X60S Only the Intel GPU is compatible. Do not flash the ATI GPU models. @@ -566,23 +539,20 @@ bootblock, set bucts back to zero: The second flash can be done by simply following the general internal flashing guide further down on this page. -ThinkPad T480/T480S (vendor BIOS) ----------------------- +### ThinkPad T480/T480S (vendor BIOS) See: * [ThinkPad T480/T480S](t480.md) -Thinkpad T440p/W541 (vendor BIOS) ---------------------- +### Thinkpad T440p/W541 (vendor BIOS) Guides: * [ThinkPad T440p flashing guide](t440p_external.md) * [ThinkPad W541 flashing guide](w541_external.md) -HP EliteBook laptops (vendor BIOS) -------------------------- +### HP EliteBook laptops (vendor BIOS) Each machine has it's own guide: @@ -595,16 +565,14 @@ Each machine has it's own guide: * [HP EliteBook 8560w](hp8560w.md) * [HP EliteBook Folio 9470m](hp9470m.md) -HP Elite desktops (vendor BIOS) -------------------------- +### HP Elite desktops (vendor BIOS) Each machine has it's own guide: * [HP Elite 8200 SFF/MT](hp8200sff.md) (HP 6200 Pro Business probably works too) * [HP Elite 8300 USDT](hp8300usdt.md) -ARM-based Chromebooks ---------------------- +### ARM-based Chromebooks See: [Chromebook flashing instructions](chromebooks.md) @@ -613,8 +581,7 @@ the x86 machines, because the Chromebooks still use flashrom with the `-p host` argument instead of `-p internal` when flashing, and you typically need to flash externally, due to Google's security model. -QEMU (arm64 and x86) --------------------- +### QEMU (arm64 and x86) Libreboot can be used on QEMU (virtual machine), which is useful for debugging payloads and generally trying out Libreboot, without requiring real hardware. @@ -622,12 +589,12 @@ payloads and generally trying out Libreboot, without requiring real hardware. See: [Libreboot QEMU guide](../misc/emulation.md) Install via host CPU (internal flashing) -======================================== +---------------------------------------- NOTE: This mainly applies to the x86 machines. Please check other sections listed above, to see if there is anything -pertaining to your mainboard. Internal flashing means that you boot Linux or +pertaining to your motherboard. Internal flashing means that you boot Linux or BSD on the target machine, and run `flashprog` there, flashing the machine directly. @@ -636,14 +603,13 @@ directly. Internal flashing is often unavailable with the factory firmware, but it is usually possible when Libreboot is running (barring special circumstances). -Run flashprog on host CPU ------------------------- +### Run flashprog on host CPU **Always remember to [insert vendor files](ivy_has_common.md), when using release images. Otherwise, these files are added automatically at build time, when building from source (but they are not present in release images).** -### Flash chip size +#### Flash chip size Use this to find out: @@ -651,7 +617,7 @@ Use this to find out: In the output will be information pertaining to your boot flash. -### Howto: read/write/erase the boot flash +#### Howto: read/write/erase the boot flash How to read the current chip contents: @@ -665,7 +631,7 @@ How to erase and rewrite the chip contents: sudo flashprog -p internal:laptop=force_I_want_a_brick,boardmismatch=force -w libreboot.rom NOTE: `force_I_want_a_brick` is not scary. Do not be scared! This merely disables -the safety checks in flashprog. Flashrom and coreboot change a lot, over the years, +the safety checks in flashprog. Flashprog and coreboot change a lot, over the years, and sometimes it's necessary to use this option. If you're scared, then just follow the above instructions, but remove that option. So, just use `-p internal`. If that doesn't work, next try `-p internal:boardmismatch=force`. If that doesn't @@ -681,7 +647,7 @@ NOTE: there are exceptions where the above is not possible. Read about them in the sections below: Removed boards -============== +-------------- These boards were in Libreboot, but have been removed with the intention of re-adding them at a later date. They were removed due to issues. List: @@ -698,8 +664,7 @@ re-adding them at a later date. They were removed due to issues. List: - [Samsung Chromebook XE303 (daisy-snow)](chromebooks.md) - Lenovo ThinkPad X301 (still in lbmk, but with `release="n"`) -NOTES about removed boards --------------------------- +### NOTES about removed boards **WARNING: veyron speedy boards (e.g. C201) have non-functional video init as of 19 February 2023, and no fix is yet available on that date. See: @@ -718,7 +683,7 @@ for now, and have been deleted from the Libreboot 20221214 and 20230319 releases. - see: and ** -d945gclf: Doesn't boot at all, according to last report. D510MO is still in +D945GCLF: Doesn't boot at all, according to last report. D510MO is still in lbmk but still was reported problematic; other boards should be fine (see list above). diff --git a/site/docs/install/index.md.description b/site/docs/install/index.md.description new file mode 100644 index 0000000..6ffec3a --- /dev/null +++ b/site/docs/install/index.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on various laptop, desktop and server motherboards. Boot payloads like GNU GRUB. diff --git a/site/docs/install/ivy_has_common.md b/site/docs/install/ivy_has_common.md index faa34bd..fc7dfdd 100644 --- a/site/docs/install/ivy_has_common.md +++ b/site/docs/install/ivy_has_common.md @@ -1,74 +1,234 @@ --- -title: Insert vendor files on Sandybridge/Ivybridge/Haswell +title: Insert vendor files not included in Libreboot release images x-toc-enable: true ... -Please make sure to install [build dependencies](../build/) if following this -guide, and note that this guide assumes you use [lbmk.git](../git.md), not the -release archives, even if you're using release *ROM images*, which is fine. +Open source BIOS/UEFI firmware +------------------------------ -Coreboot is nominally free software, but requires certain vendor code on some -boards, for certain functionalities; we cover this more thoroughly in -the [Freedom Status](../../freedom-status.md) page and in the [Binary Blob -Reduction Policy](../../news/policy.md). +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware, but some newer boards still +occasionally need code from the hardware manufacturer in order to boot properly. +This document will teach you how to handle such a scenario, and how to check +for it. For more context, please read Libreboot's [Binary Blob Reduction +Policy](../../news/policy.md) and [Freedom Status](../../freedom-status.md) +pages. -Therefore, you should just follow this guide if in any doubt. Otherwise, the -freedom status page lists all boards that require vendor files, and it says -what they are. This is because Libreboot cannot directly distribute some of them, -but they are extracted from vendor updates at build time, and inserted into -images; when those images are then archived for release, the non-redistributable -filejs are removed. +**PLEASE MAKE SURE you read and follow the instructions on this page, prior +to flashing Libreboot, if required for your motherboard; failure to heed this +warning can and will result in a soft-brick, which would then necessitate +recovery via [external flashing](spi.md) - regardless, you are advised to +also read the external flashing guide just in caes, and have an external +flasher handy in case you need it.** -The same logic can be used after the fact, to re-download and re-insert these -files; the page that you're reading now will tell you how to do so. +Even if your board doesn't need vendor firmware inserted, you can also use this +guide to change the GbE MAC address in the flash, if your board has an Intel +Gigabit Ethernet device (where an Intel Flash Descriptor is used). -*If in doubt, just follow these instructions anyway; if your board doesn't need -vendor files inserted, nothing will happen. You only need to follow this guide -if you use release ROMs; if you're building directly from source, using the -Libreboot build system, then you can just flash the result.* +WARNING: eCryptfs file name limits +---------------------------------- -Injecting vendor files into ROM +Do not run the build system on a eCryptfs file system, because it has +very short file name limits and Libreboot's build system deals with very +long file names. We commonly get reports from this by Linux Mint users +who encrypt their home directory with eCryptfs; regular LUKS encryption will +do nicely. + +Install build dependencies first ------------------------------------ -You must determine the correct board name, for your board, based on the list -generated when running this command: +**You will be compiling several small utilities from source code. This means +you need the compilers and various libraries.** - ./mk -b coreboot list +**Please make sure to install [build dependencies](../build/)** before using this +guide, and note that this guide assumes you use [lbmk.git](../../git.md). + +**Failure to adhere to this warning will result in vendor file insertion not +working. The insertion must work correctly, prior to Libreboot installation, +if your board requires it, otherwise your board simply will not boot.** + +Introduction +------------ + +On *some* boards, but certainly not all of them, certain files are required from +the hardware vendor. Libreboot has strict [rules](../../news/policy.md) +governing this, and you can find more information on +the [Freedom Status](../../freedom-status.md) page. + +Libreboot can't directly distribute *all* of these files, so some of them are +downloaded at build-time, and processed for insertion into the firmware images. +**On pre-compiled ROM images in releases, these files are removed, and can be +re-added using the same automation that was applied during the build process.** + +Examples of these files can be found on +the [Freedom Status](../../freedom-status.md) page. + +**If in doubt, you should simply follow these instructions. If your board +doesn't need vendor files, the tar archive won't be modified.** + +### MAC address + +Regardless of whether your board needs vendorfiles or not, you can also use +this command to change the MAC address on systems with Intel GbE regions in +the flash, where an Intel gigabit ethernet device is used. + +For example, a Lenovo ThinkPad X200 doesn't need any files added, but can still +have the mac address changed; please continue reading! + +### Injecting vendor files into tarballs + +**WARNING: Older versions of nvmutil used `?` for random characters. Newer +versions use `x` instead. If you have an older version, use `?` instead, +when generating random characters in MAC addresses.** In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image. If you only wish to flash a release rom then the process of injecting the necessary files is quite simple. Run the injection script pointing to the release archive you downloaded: - ./vendor inject libreboot-RELEASE_targetname.tar.xz + ./mk inject libreboot-RELEASE_targetname.tar.xz -**You are strongly advised only to insert it on the tarball, because then -checksums are verified to ensure that the vendor files were inserted correctly. -Otherwise, you can do it manually on each individual image, specifying the -board name with the instructions provided below:** +**NOTE: As of Libreboot 20241206 rev8 or newer, the above command will behave +the same way as if you declared `setmac` without argument, mentioned below:** + +Where a GbE region is present in the flash, you can also use the above command +to change the MAC address, by modifying it like so: + + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac + +Note that `setmac`, without additional argument, will *randomise* the MAC +address, setting a *local*, *unicast* MAC address. You can specify a custom +MAC address, like so: + + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac 00:1f:16:00:01:02 + +The `setmac` command, without argument, is technically redundant, since MAC +addresses are randomised by default, every time you run the inject script. + +If you wish to *skip* changing the MAC address (not recommended), you can +use the `keep` argument, like so: + + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac keep + +The `setmac` command works by inserting a reference GbE file, contained within +lbmk. The `keep` command makes lbmk *skip* changing your current GbE region; +it does not, for example, restore the reference GbE image from lbmk. + +The `setmac` command, when not using `keep`, copied the default GbE file within +lbmk for that board, modifying the temporary copy and then inserting that. To +insert the *original file*, without modification, you can do this: + + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac restore + +The `restore` setting does the same as `setmac` (without `keep`), but skips +running `nvmutil`; it also skips building nvmutil. Essentially, this will +restore the default MAC address from standard release images. + +The above MAC address is a random example; please make sure to use one that matches +your board, if you wish. You can also use randomisation this way; the `x` character +will be randomised, e.g.: + + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac xx:xx:xx:xx:xx:xx + +You can mix and match arbitrary characters with random ones, e.g.: + + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac 0x:xx:12:xa:6x:69 The script can automatically detect the board as long as you do not change the file name. -You can then find flash-ready ROMs in `/bin/release/` -Alternatively, you may patch only a single rom file, but you must supply the -correct board target name as alluded to above. -For example: +On Libreboot 20241206 rev8 or newer, releases newer than the 20241206 series, +and in the latest lbmk Git repository branch revisions (`master` branch), the +commands above *directly modify the tarball*. - ./vendor inject -r x230_libreboot.rom -b x230_12mb +Older versions left the tarball unmodified, and extracted the modified images +to `bin/release/` - on current behaviour, you inject the tarball and then +extract the tarball yourself afterward, to flash the modified images. -Optionally, you can use this script to modify the mac address of the rom with the `-m` flag. -For example: +### Behaviour changes in Libreboot 20241206 rev8 - ./vendor inject -r x230_libreboot.rom -b x230_12mb -m 00:f6:f0:40:71:fd +*Older* versions of this script would have produced the injected images under +the `bin/release/` directory, and/or allow you to do it on specific ROM images. + +The *current* version, pertaining to this documentation, *only* supports injecting +tarballs, because the tarball-based mechanism verifies checksums on images, +after insertion. + +The older versions of this script would have left the tarball unmodified, while +producing `bin/release/` containing your images. + +The *current* version, pertaining to this documentation, modifies the tarball +itself. You can inject and un-inject. To un-inject, you can do: + + ./mk inject libreboot-RELEASE_targetname.tar.xz nuke + +Running the `nuke` command will remove vendorfiles, and re-generate a file inside +the archive named `vendorhashes`. When running regular inject, not `nuke`, +the `vendorfiles` file is removed after insertion; this way, subsequent +injections are avoided, by detecting whether they're needed on the basis of +that file. + +The nuke command is available because Libreboot's build system uses it when +producing release archives. You otherwise shouldn't use `nuke` yourself, except +for testing purposes or if you're just curious. + +Libreboot 20241206 rev8 have different command structure for the inject script. +Older versions could insert into lone ROM images, with a special command, and +generally didn't have good error checking. The new version of this script is +much safer and easier to use. **These changes are also present in the latest +lbmk git repository.** + +ALSO: Non-injected images do, on Libreboot 20241206 rev8 or higher, have 1 byte +of padding - yes, *1 byte* - at the end, to make flashprog fail to flash it due +to size mismatch versus chip size, and the words `DO_NOT_FLASH` are inserted +into the file name. With both of these things, the user is unlikely to flash +an image that hasn't been injected. + +After injection, the `DO_NOT_FLASH` file name prefix is removed, as is the +padding, so that the injected images are ready to flash, and the tarball is +re-generated with these images. + +ALSO: If vendorfiles are not needed, or if an error occurs, modification of +the tarball is avoided and it's left alone, UNLESS the following condition is +met: + +If no errors occured, but no vendor files are needed, you can still inject a +new MAC address, where there is a GbE region. If there isn't a GbE region, +such modification is skipped (some boards don't have Intel gigabit ethernet, +and might have a different ethernet adapter instead). + +When vendor files are inserted and/or a MAC address is inserted, the tarball +is re-generated. MAC address insertion is handled with [nvmutil](nvmutil.md); +the steps there are applied automatically. + +Older release images, prior to 20241206 rev8, do not have `DO_NOT_FLASH` or +the 1-byte padding, so watch out! However, this script, the new version, is +backwards compatible with older releases. + +That's one possible use for the `nuke` command, running it yourself. If you're +distributing the older release images, you could inject them, and then nuke +them; doing so will re-generate the `vendorhashes` file, *and* retroactively +pad them (and add `DO_NOT_FLASH` to the image file names). It would be pointless +for Libreboot to retroactively modify the official images in this way, since +20241206 rev8 and newer already has this done to it. Just be careful when +using the older tarballs. Check that the files were inserted -================================== +---------------------------------- + +### Automatic verification You *must* ensure that the files were inserted. The inject command automatically verifies checksums of the complete images, when you run it directly on a -release tarball, but not when running it manually on an individual image; -checking it manually is useful for the latter, but you should probably just -insert it into the tarball. +release tarball. + +If there was an error, and/or the checksums didn't match, then the tarball won't +be modified. If you're using newer release images with `DO_NOT_FLASH` and +the one-byte padding (as described above), that's a good indicator, but older +release images didn't have this modification. + +### Manual inspection + +You could check the files manually, if you're paranoid, after insertion. Some examples of how to do that in lbmk: @@ -85,7 +245,15 @@ below): ./elf/cbfstool/TREENAME/cbfstool libreboot.rom print You should check that the files were inserted in cbfs, if needed; for example, -EC firmware or MRC firmware. +EC firmware or MRC firmware, perhaps FSP. + +FSP is redistributable by Intel, but not with modification. Since coreboot has +to de-concatenate FSP into its modules, and modify pointers in the FSP-M module, +for raminit, Libreboot treats FSP modules like other injectable vendor files. + +(in the original 20241206 release, FSP was directly baked in; the change +described above was applied in Libreboot 20241206 and newer, and the 3050micro +image from Libreboot 20241008 was removed from Libreboot's rsync server) Next: @@ -96,22 +264,28 @@ Run hexdump on it: hexdump flashregion_2_intel_me.bin -Check the output. If it's all `0xFF` (all ones) or otherwise isn't a bunch -of code, then the Intel ME firmware wasn't inserted. +Check the output. If it's all `0xFF` (all ones) or zeroes or otherwise isn't a +bunch of code, then the Intel ME firmware wasn't inserted. You could also run +the `me_cleaner` program on this file, to see if it gives you any information, +if you're not savvy enough to look at stuff in hexdump. You'll note the small size of the Intel ME, e.g. 84KB on sandybridge platforms. This is because lbmk *automatically* neuters it, disabling it during -early boot. This is done using `me_cleaner`, which lbmk imports. - -NOTE: the MAC changer makes use of `nvmutil`, which you can read more about in -the [nvmutil documentation](nvmutil.md). +early boot. This is done using `me_cleaner`, which lbmk imports. If the platform +uses MEv11 with Intel Boot Guard, the boot guard is automatically disabled +by processing the MEv11 image with Mate Kukri's [deguard](deguard.md) utility. Errata -====== +------ + +This section should not concern you, if you're using newer Libreboot releases. +This section largely concerns *bugs* which existed in older releases, pertaining +to this documentation, and design changes made accordingly. NOTE: As of Libreboot releases from May 2024 onward, the Intel MRC is no longer -included for Haswell; MRC is a blob for raminit, but we now provide libre -raminit. The following targets no longer exist in the build system: +included for Haswell; MRC is a firmware for raminit, but we now provide native +raminit written by Angel Pons, for the coreboot project. The following targets +no longer exist in the build system: * `t440pmrc_12mb` (use `t440plibremrc_12mb` instead) * `t440pbmrc_12mb` (use `t440plibremrc_12mb` instead) @@ -122,12 +296,33 @@ raminit. The following targets no longer exist in the build system: * `dell9020mt_12mb` (use `dell9020mt_nri_12mb` instead) * `dell9020mtbmrc` (use `dell9020mt_nri_12mb` instead) +FSP images are also no longer baked in on release images, from +Libreboot 20241206 rev8 or higher (or releases newer than the 20241206 series), +but the machines that use them still need them; they are injected instead, +using the commands shown above on this very page. Older images with FSP baked +directly into release images had `_fsp` in the file names; newer images that +need it to be injected have `_vfsp` in the file name. Releases from Libreboot +20241206 release series at revision 8 or higher, or releases newer than the +20241206 series, no longer include `_fsp` images as they are set `release="n"` +in the build system; these releases include `_vfsp` images instead. Newer +targets added in the future, that need FSP, will also have `_vfsp` in the +file name, for consistency. + +To eliminate any doubt: `_fsp` targets were also removed from lbmk, +on 1 April 2025. Not everyone was aware of this change, yet the resulting build +was identical (when compiling from source). To eliminate all questions about it, +the `_fsp` targets were removed entirely. Please use the `_vfsp` targets from +now on, when dealing with any machine that uses Intel FSP. + This is written as errata because some users may still be using older release images but on the newer build system from May 2024 onward; you must use the Libreboot 20240225 release if you want to inject MRC and so on, for these older targets. -Libreboot's [binary blob reduction policy](../../news/policy.md) is very strict, -and states: if a blob can be avoided, it must be avoided. Therefore, the MRC -is removed on Haswell and Libreboot will only use the libre raminit (called -NRI, short for Native Ram Initialisation). +Libreboot's [Binary Blob Reduction Policy](../../news/policy.md) is very strict, +and states: if it can be done with free software exclusively, then it should be +done with free software exclusively. Therefore, the MRC is removed on Haswell +and Libreboot will only use the libre raminit (called NRI, short for Native Ram +Initialisation). + +The four freedoms are absolute. diff --git a/site/docs/install/ivy_has_common.md.description b/site/docs/install/ivy_has_common.md.description new file mode 100644 index 0000000..6bad493 --- /dev/null +++ b/site/docs/install/ivy_has_common.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your, with vendor code. Libreboot's strict Binary Blob Reduction Policy is observed. diff --git a/site/docs/install/ivy_has_common.uk.md b/site/docs/install/ivy_has_common.uk.md deleted file mode 100644 index d5edc98..0000000 --- a/site/docs/install/ivy_has_common.uk.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: Insert vendore files on Sandybridge/Ivybridge/Haswell -x-toc-enable: true -... - -Regarding vendorfile insertion: if unsure, just follow these instructions. -If a given target does not require vendor files, none will be inserted. - -**TODO: Re-translate this again to Ukrainian. It was translated before, but -the english page got heavily re-written.** - -**NOTE: This page also applies to PM45 machine Dell Latitude E6400 if it -contains an Nvidia GPU (Libreboot vendor scripts can insert the VGA ROM)** - -This is not a general purpose installation guide, but you *should read it* -before installing Libreboot! *This* guide *must* be followed, no matter what -method you use to install Libreboot; even if you compile from source, you should -still read this page for later reference. - -For how to use an external programmer see the [25xx NOR flashing guide](/docs/install/spi.html) - -Introduction -============ - -**PLEASE MAKE SURE you have build dependencies installed first. Although you -do not need to re-compile release ROMs, you should follow these instructions -before reading the instructions below: -** - -Coreboot is nominally free software, but requires certain vendor code on some -boards, for certain functionalities; it differs per board, and some boards do -not require vendor code of any kind in the flash. We cover this more thoroughly in -the [Freedom Status](../../freedom-status.md) page and in the [Binary Blob -Reduction Policy](../../news/policy.md). - -Well, not all of these files are freely redistributable. Coreboot does provide -vendor files in some cases, if the vendor has allowed it. In other cases, -extraction from factory firmware is required, or you can extract them from -vendor-supplied updates - Libreboot's build system does the latter. - -When you [compile Libreboot ROM images from source](../build/), Libreboot will -automatically download any given vendor files required, for any given board -target. This is done without user intervention, and only when absolutely needed -to make the machine boot properly. - -The problem? ------------- - -Well, if the files cannot be freely redistributed, then we can't provide them. -So how do we handle *that*, in the context of Libreboot releases? - -The solution ------------- - -The answer is very simple: these files are **NOT** provided, at all! However, -the very same logic used by the build system can be run standalone, to re-insert -these vendor files on release ROMs. The `inject` script detects what files are -needed for your ROM image. - -The script will detect what board you're inserting on, or you can manually tell -it what board, and it will fetch them for you, inserting them, so that your -board is ready to flash - flashing it without these required files may result in -a brick. - -Vendor file locations --------------- - -During auto-download of files, they are saved to these locations within the -Libreboot build system: - -* ME firmware: `vendor/*/me.bin` - the `*` can be any given directory. Different ones will - be used by given boards, but the directory name may not match the board - target name. -* SMSC SCH5545 fan control firmware (for Dell T1650): `vendor/t1650/sch5545ec.bin` - - ditto 7010/9010 MT/SFF optiplex machines. -* SMSC KBC1126 embedded controller firmware, on HP EliteBooks: `ec/` -* Intel MRC firmware, provides raminit on HP EliteBook 820 G2 - -The above list refers to the *non-redistributable files*, and these are not -directly included in releases. These are auto-downloaded during the build. -The `me.bin` files are produced by extracting them from vendor updates and -neutering them with `me_cleaner` so that Intel ME is disabled during early boot. - -Inject vendor files into ROM ------------------------------------- - -You must determine the correct board name, for your board, based on the list -generated when running this command: - - ./mk -b coreboot list - -In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image. - -If you only wish to flash a release rom then the process of injecting the necessary files is quite simple. -Run the injection script pointing to the release archive you downloaded: - - ./vendor inject /path/to/libreboot-20230319-18-g9f76c92_t440pmrc_12mb.tar.xz - -The script can automatically detect the board as long as you do not change the file name. -You can then find flash-ready ROMs in `/bin/release/` - -Alternatively, you may patch only a single rom file, but you must supply the -correct board target name as alluded to above. -For example: - - ./vendor inject -r x230_libreboot.rom -b x230_12mb - -Optionally, you can use this script to modify the mac address of the rom with the `-m` flag. -For example: - - ./vendor inject -r x230_libreboot.rom -b x230_12mb -m 00:f6:f0:40:71:fd - -Check that the files were inserted -================================== - -You *must* ensure that the files were inserted. - -Some examples of how to do that in lbmk: - - ./update trees -d coreboot TREENAME - -Now you find `cbutitls/default`, which is a directory containing `cbfstool` -and `ifdtool`. Do this on your ROM image (`libreboot.rom` in the example -below): - - ./cbutils/default/cbfstool libreboot.rom print - -You should check that the files were inserted in cbfs, if needed; for example, -EC firmware or MRC firmware. - -Next: - - ./cbutils/default/ifdtool -x libreboot.rom - -This creates several `.bin` files, one of which says `me` in it (Intel ME). -Run hexdump on it: - - hexdump flashregion_2_intel_me.bin - -Check the output. If it's all `0xFF` (all ones) or otherwise isn't a bunch -of code, then the Intel ME firmware wasn't inserted. - -You'll note the small size of the Intel ME, e.g. 84KB on sandybridge platforms. -This is because lbmk *automatically* neuters it, disabling it during -early boot. This is done using `me_cleaner`, which lbmk imports. - -NOTE: the MAC changer makes use of `nvmutil`, which you can read more about in -the [nvmutil documentation](nvmutil.md). - -Errata -====== - -NOTE: As of Libreboot releases from May 2024 onward, the Intel MRC is no longer -included for Haswell; MRC is a blob for raminit, but we now provide libre -raminit. The following targets no longer exist in the build system: - -* `t440pmrc_12mb` (use `t440plibremrc_12mb` instead) -* `t440pbmrc_12mb` (use `t440plibremrc_12mb` instead) -* `w541mrc_12mb` (use `w541_12mb` instead) -* `w541bmrc_12mb` (use `w541_12mb` instead) -* `dell9020sff_12mb` (use `dell9020sff_nri_12mb` instead) -* `dell9020sffbmrc` (use `dell9020sff_nri_12mb` instead) -* `dell9020mt_12mb` (use `dell9020mt_nri_12mb` instead) -* `dell9020mtbmrc` (use `dell9020mt_nri_12mb` instead) - -This is written as errata because some users may still be using older release -images but on the newer build system from May 2024 onward; you must use the -Libreboot 20240225 release if you want to inject MRC and so on, for these older -targets. - -Libreboot's [binary blob reduction policy](../../news/policy.md) is very strict, -and states: if a blob can be avoided, it must be avoided. Therefore, the MRC -is removed on Haswell and Libreboot will only use the libre raminit (called -NRI, short for Native Ram Initialisation). diff --git a/site/docs/install/ivy_internal.md b/site/docs/install/ivy_internal.md index 0a5fd0c..a724307 100644 --- a/site/docs/install/ivy_internal.md +++ b/site/docs/install/ivy_internal.md @@ -1,13 +1,26 @@ --- -title: Ivybridge internal flashing +title: Install Libreboot internally on Lenovo ThinkPad X230 x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad X230 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +This document demonstrates an *internal flashing* method, by exploiting a +little-known security vulnerability in Lenovo's original UEFI firmware. + +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** Ch1p's guide -============ +------------ This page tells you how to flash an ivybridge ThinkPad with Libreboot, internally, when it has the Lenovo firmware on it. It was written independently @@ -34,9 +47,6 @@ coreboot patch: Anyway, follow ch1p's guide or this one. Ch1p was on Libreboot IRC and linked the above guide, so it has been added here to honour him. -Introduction -============ - External flashing still recommended ----------------------------------- @@ -56,7 +66,7 @@ or just a dead ThinkPad. Proceed at your own risk! If you prefer external flashing, see: [external flashing](x230_external.md) Internal flashing from vendor firmware (ThinkPads only) ----------------------------------------- +------------------------------------------------------- IVYBRIDGE ONLY: diff --git a/site/docs/install/ivy_internal.md.description b/site/docs/install/ivy_internal.md.description new file mode 100644 index 0000000..8c24b2f --- /dev/null +++ b/site/docs/install/ivy_internal.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad X230. diff --git a/site/docs/install/kcma-d8.md b/site/docs/install/kcma-d8.md index 960eb2a..bd9801f 100644 --- a/site/docs/install/kcma-d8.md +++ b/site/docs/install/kcma-d8.md @@ -1,12 +1,17 @@ --- -title: ASUS KCMA-D8 desktop/workstation board +title: Install Libreboot on ASUS KCMA-D8 x-toc-enable: true ... TODO: this page is OLD. check that the info is still valid. -Introduction -============ +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +ASUS KCMA-D8 server/workstation motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. Specifications available here: @@ -36,7 +41,7 @@ If you currently have the ASUS firmware, please ignore the above link and instead refer to the section below: Flashing -======== +-------- The default ASUS firmware write-protects the flash, so you have to remove the chip and re-flash it using external hardware. @@ -56,7 +61,7 @@ Refer to the following guide:\ [Externally rewrite 25xx NOR flash via SPI protocol](../install/spi.md) PCI option ROMs -=============== +--------------- Unlike Libreboot 20160907, Libreboot in newer releases now supports finding and loading PCI option ROMs automatically, both in GRUB and SeaBIOS on this machine. @@ -66,21 +71,21 @@ So for example, if you wish to use an add-on graphics card, you can! It's no problem, and should work just fine. CPU coolers -=========== +----------- With some creativity, standard AM3+ coolers will work fine. 2 x Socket C32 (LGA1207) available, so you can use 2 CPUs. (up to 32GiB per CPU) CPU compatibility -================= +----------------- - Opteron 4100 series: Incompatible - Opteron 4200 series: Compatible - Opteron 4300 series: Compatible Board status (compatibility) {#boardstatus} -============================ +------------------------------------- There are two ways to identify a supported KCMA-D8 board: @@ -99,24 +104,24 @@ For more detailed information regarding the coreboot port, see Form factor {#formfactor} -=========== +----------------------- This board is ATX form factor. While the [ATX standard, version 2.2](https://web.archive.org/web/20120725150314/http://www.formfactors.org/developer/specs/atx2_2.pdf) specifies board dimensions 305mm x 244mm, this board measures 305mm x 253mm; please ensure that your case supports this extra ~cm in width. IPMI iKVM module add-on {#ipmi} -======================= +---------------------------- Don't use it. It uses proprietary firmware and adds a backdoor (remote out-of-band management chip, similar to the [Intel Management Engine](../../faq.md#intelme). Fortunately, the firmware is unsigned (possible to replace) and physically separate from the -mainboard since it's on the add-on module, which you don't have to +motherboard since it's on the add-on module, which you don't have to install. Flash chips {#flashchips} -=========== +----------------------- 2MiB flash chips are included by default, on these boards. It's on a P-DIP 8 slot (SPI chip). The flash chip can be upgraded to higher sizes: @@ -133,13 +138,13 @@ Ideally, you should not hot-swap. Only remove the IC when the system is powered down and disconnected from mains. Native graphics initialization {#graphics} -============================== +----------------------------------------- Only text-mode is known to work, but linux(kernel) can initialize the framebuffer display (if it has KMS - kernel mode setting). NOTE: This section relates to the onboard ASpeed GPU. You *can* use an add-on -PCI-E GPU in one of the available slots on the mainboard. Nvidia GTX 780 cards +PCI-E GPU in one of the available slots on the motherboard. Nvidia GTX 780 cards are what libreboot recommends; it has excellent support in Nouveau (free Linux kernel / mesa driver for Nvidia cards) and generally works well; however, the performance won't be as high in Nouveau, compared to the non-free Nvidia driver @@ -147,7 +152,7 @@ because the Nouveau driver can't increase the GPU clock (it doesn't know how, as of 18 March 2021). Current issues {#issues} -============== +---------------------- - Opteron 4100 series CPUs are currently incompatible - LRDIMM memory modules are currently incompatible diff --git a/site/docs/install/kcma-d8.md.description b/site/docs/install/kcma-d8.md.description new file mode 100644 index 0000000..cb0fb2a --- /dev/null +++ b/site/docs/install/kcma-d8.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your ASUS KCMA-D8 motherboard. diff --git a/site/docs/install/kfsn4-dre.md b/site/docs/install/kfsn4-dre.md index e11ea92..68829f8 100644 --- a/site/docs/install/kfsn4-dre.md +++ b/site/docs/install/kfsn4-dre.md @@ -1,5 +1,5 @@ --- -title: ASUS KFSN4-DRE server/workstation board +title: Install Libreboot on ASUS KFSN4-DRE x-toc-enable: true ... @@ -12,7 +12,7 @@ x-toc-enable: true |----------------------------|------------------------------------------------| | **Manufacturer** | ASUS | | **Name** | KFSN4-DRE | -| **Released** | ? | +| **Released** | 2007 | | **Chipset** | nVIDIA nForce Professional 2200 | | **CPU** | AMD Opteron 2000 series (Barcelona Family) | | **Graphics** | XGI Z9s VGA Controller | @@ -24,12 +24,12 @@ x-toc-enable: true | **Flash chip** | PLCC 1MiB (Upgradable to 2MiB) | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -48,24 +48,34 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Partially works |
+Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +ASUS KFSN4-DRE server/workstation motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + This is a server board using AMD hardware (Fam10h). It can also be used for building a high-powered workstation. Powered by libreboot. Flashing instructions can be found at [../install/\#flashprog](../install/) -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** Form factor {#formfactor} -=========== +--------------------- These boards use the SSI EEB 3.61 form factor; make sure that your case supports this. This form factor is similar to E-ATX in that the size is identical, but the position of the screws are different. Flash chips {#flashchips} -=========== +----------------------- These boards use LPC flash (not SPI), in a PLCC socket. The default flash size 1MiB (8Mbits), and can be upgraded to 2MiB (16Mbits). @@ -78,18 +88,18 @@ extractor. These can be found online. See * Native graphics initialization {#graphics} -============================== +--------------------------------------- Native graphics initialization exists (XGI Z9s) for this board. Framebuffer- and text-mode both work. A serial port is also available. Memory -====== +------- DDR2 533/667 Registered ECC. 16 slots. Total capacity up to 64GiB. Hex-core CPUs {#hexcore} -============= +--------------------- PCB revision 1.05G is the latest version of this board and the best one (the revision number is be printed on the board), if you want to use @@ -103,7 +113,8 @@ To be sure your board supports a CPU check the official ASUS website here: If you are running a Hex-Core CPU on any board version, please contact us. Board configurations {#configurations} -============== +---------------------------------------- + There are 7 different configurations of this board: "standard", 2S, iKVM, iKVM/IST, SAS, SAS/iKVM and SAS/iKVM/IST. @@ -122,7 +133,7 @@ The IST versions with PCB revision 1.05G are the ones who are believed to support the six core Opteron Istanbul processors (2400 and 8400 series). Current issues {#issues} -============== +----------------------- - There seems to be a 30 second bootblock delay (observed by tpearson); the system otherwise boots and works as expected. See @@ -149,7 +160,7 @@ Current issues {#issues} the USB booting doesn't work. Other information -================= +------------------ [specifications](https://web.archive.org/web/20181212180051/http://ftp.tekwind.co.jp/pub/asustw/mb/Socket%20F/KFSN4-DRE/Manual/e3335_kfsn4-dre.pdf) diff --git a/site/docs/install/kfsn4-dre.md.description b/site/docs/install/kfsn4-dre.md.description new file mode 100644 index 0000000..81bafe8 --- /dev/null +++ b/site/docs/install/kfsn4-dre.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your ASUS KFSN4-DRE motherboard. diff --git a/site/docs/install/kgpe-d16.md b/site/docs/install/kgpe-d16.md index e6bc293..19a3e7c 100644 --- a/site/docs/install/kgpe-d16.md +++ b/site/docs/install/kgpe-d16.md @@ -3,10 +3,18 @@ title: ASUS KGPE-D16 server/workstation board x-toc-enable: true ... +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +ASUS KGPE-D16 server/workstation motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + TODO: OLD page. TODO: check that all the info is still valid. -Introduction -============ +Free your BIOS today! +--------------------- This is a server board using AMD hardware (Fam10h *and Fam15h* CPUs available). It can also be used for building a high-powered workstation. @@ -26,34 +34,34 @@ possible to re-flash using software running in Linux on the KGPE-D16, without using external hardware. CPU compatibility -================= +----------------- Opteron 62xx and 63xx CPUs work just fine. Board status (compatibility) {#boardstatus} -============================ +--------------------- See . Form factor {#formfactor} -=========== +---------------------- These boards use the SSI EEB 3.61 form factor; make sure that your case supports this. This form factor is similar to E-ATX in that the size is identical, but the position of the screws are different. IPMI iKVM module add-on {#ipmi} -======================= +-------------------------- Don't use it. It uses proprietary firmware and adds a backdoor (remote out-of-band management chip, similar to the [Intel Management Engine](../../faq.md#intelme). Fortunately, the firmware is unsigned (possibly to replace) and physically separate from the -mainboard since it's on the add-on module, which you don't have to +motherboard since it's on the add-on module, which you don't have to install. Flash chips {#flashchips} -=========== +-------------------------- 2MiB flash chips are included by default, on these boards. It's on a P-DIP 8 slot (SPI chip). The flash chip can be upgraded to higher sizes: @@ -72,13 +80,13 @@ This guide shows how to flash the chip:\ [25xx NOR flashing guide](../install/spi.md) Native graphics initialization {#graphics} -============================== +---------------------------------- Only text-mode is known to work, but linux(kernel) can initialize the framebuffer display (if it has KMS - kernel mode setting). Current issues {#issues} -============== +---------------------------------- - LRDIMM memory modules are currently incompatible (IT MAY WORK NOWADAYS, TODO TEST) diff --git a/site/docs/install/kgpe-d16.md.description b/site/docs/install/kgpe-d16.md.description new file mode 100644 index 0000000..fea4ece --- /dev/null +++ b/site/docs/install/kgpe-d16.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your ASUS KGPE-D16 motherboard. diff --git a/site/docs/install/latitude.md b/site/docs/install/latitude.md index 67722f6..89472fc 100644 --- a/site/docs/install/latitude.md +++ b/site/docs/install/latitude.md @@ -1,19 +1,33 @@ --- -title: Flashing Libreboot on Dell Latitude laptops +title: Install Libreboot on Dell Latitude laptops x-toc-enable: true ... +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on various models of +Dell Latitude laptop motherboard, namely Dell Latitude E4300, E6400, E6400 XFR, +E6400 ATG, E5420, E5520, E5530, E6420, E6430, E6520, E6530, E6230, E6330 +and E6220; you must only install Libreboot on models with *Intel graphics*. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +In case any models are unlisted in the above paragraph, you should also check +the full list of supported Dell Latitude models on the [Libreboot hardware +compatibility](./#which-systems-are-supported-by-libreboot) page. + All of the Dell Latitude models can be flashed internally, which means that you do not need to disassemble them. You can do it from Linux/BSD, using the instructions on this page. Disable security before flashing -================================ +-------------------------------- -**[SAFETY WARNING: Always insert vendor files before flashing.](../../news/safety.md), -or look directly at [Injecting Vendor Files](ivy_has_common.md). If you flash -Libreboot without inserting vendor files, you will brick the machine; if you -do, please follow the external flashing instructions linked below.** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** Please also [disable /dev/mem protection](devmem.md), otherwise flashprog and dell-flash-unlock won't work. You can re-enable the protections after @@ -24,13 +38,13 @@ Note that Libreboot does not currently implement UEFI on x86 platforms, but you can set up [Secure libreBoot](../linux/grub_hardening.md) after flashing. MAC address -=========== +----------- Make sure to set your own MAC address in the ROM image before flashing. Please read the [nvmutil manual](nvmutil.md) which says how to do this. Thermal safety -============== +-------------- **Thermal safety**: this machine shuts down very quickly, when the machine exceeds 80c CPU temperature, which is far more conservative than on most @@ -39,18 +53,16 @@ excellent. More info available [here](../install/dell_thermal.md). This is a known bug, but otherwise the machine will be mostly stable. Machine-specific notes -====================== +---------------------- -Latitude E6400 --------------- +### Latitude E6400 Vendor files not required for Dell Latitude E6400 if you have the Intel GPU. If you have the Nvidia model, please use the `e6400nvidia_4mb` target, and -make sure to run the inject script. +make sure to run the [inject script](ivy_has_common.md) prior to flashing. -E6400 nvidia issues -------------------- +### E6400 nvidia issues See: @@ -59,8 +71,7 @@ The `nv` drivers on BSD systems generally work, but can have severe performance issues; use of a tiling window manager is recommended, on BSD systems, because moving windows around can literally lag a lot otherwise, on most window managers. -dGPU variants -------------- +### dGPU variants On everything except E6400, Libreboot only supports the variant with an Intel GPU. Therefore, you must *only* purchase a Dell Latitude that has the Intel @@ -68,7 +79,7 @@ graphics; even on E6400, this is good advice, due to issues with the Nvidia GPU on E6400, documented later in this guide. Internal flashing -================= +----------------- You can simply boot Linux/BSD, on the Dell Latitude you wish to flash, and run `flashprog` from there, for Libreboot installation. Certain other steps @@ -130,12 +141,11 @@ successful. If you don't see that, or you're unsure, please [contact the Libreboot project via IRC](../../contact.md). External flashing -================= +----------------- -General guidance ----------------- +### General guidance -Machine-specific disassembly instructions not provided, but you can find +Machine-specific disassembly instructions are not provided, but you can find the hardware maintenance manual for your Latitude module online. Just search for it. The flash chips(s) is/are usually under the keyboard/palmrest. Near to the PCH/southbridge. @@ -153,10 +163,9 @@ Please read the [external SPI flash guide](spi.md) External flashing is usually not required, on these machines. -Chip size guidance ------------------- +### Chip size guidance -SOme Dell Latitudes use a single flash chip, so you can +Some Dell Latitudes use a single flash chip, so you can just use the ROM images as-is. If there are two flash chips, you must split the ROM images. Check the silk diff --git a/site/docs/install/latitude.md.description b/site/docs/install/latitude.md.description new file mode 100644 index 0000000..b13ae1d --- /dev/null +++ b/site/docs/install/latitude.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on various Dell Latitude laptop models. diff --git a/site/docs/install/mac_address.md b/site/docs/install/mac_address.md index 8d8cbc9..ac15557 100644 --- a/site/docs/install/mac_address.md +++ b/site/docs/install/mac_address.md @@ -4,7 +4,7 @@ x-toc-enable: true ... Introduction (GM45+e1000) -========================= +------------------------- This section is applicable to all libreboot-supported laptops with the mobile 4 series chipset (as shown in `$ lspci`) @@ -17,15 +17,11 @@ for the built-in gigabit ethernet controller is stored inside the flash chip, along with libreboot and other configuration data. Therefore, installing libreboot will overwrite it. -Thus, for these laptops, prebuilt libreboot already contains a generic -MAC address in the configuration section. This address is `00:f5:f0:40:71:fe -in builds before 2018-01-16 and `00:4c:69:62:72:65` (see the ascii character -set) afterwards. +Thus, for these laptops, prebuilt libreboot images already contain a generic +MAC address in the GbE region. Unless you change it, your computer will boot and use it. This can lead to network problems if you have more than one libreboot computer on -the same layer2 network (e.g. on the same network switch). The switch -(postman) will simply not know who to deliver to as the MAC (house) addresses -will be the same. +the same layer2 network (e.g. on the same network switch). To prevent these address clashes, you can either modify prebuilt libreboot to use an address of your own choosing or you can change the address in your @@ -35,7 +31,7 @@ In either case, it is a good idea to write down the address that your computer originally had. Obtaining the existing MAC address -================================== +---------------------------------- The existing MAC address may be obtained by the following methods: @@ -65,7 +61,7 @@ The existing MAC address may be obtained by the following methods: updated. Changing the MAC address in the operating system -================================================ +------------------------------------------------ There are three portable ways of doing so: @@ -90,19 +86,8 @@ init scripts or you can use your operating system's own networking configuration. Refer to your operating system's documentation for how to do this. -Changing the MAC address on X200/T400/T500/W500 -=============================================== - -On GM45 laptops with ICH9M southbridge and Intel PHY module, the MAC address -is hardcoded in boot flash, which means it can be changed if you re-flash. - -See [ich9utils documentation](../install/ich9utils.md) - -If *all* you want to do is change the MAC address, you might try `nvmutil` -instead. See notes below: - -Changing the MAC address on ivybridge/sandybridge/haswell (e.g. X230/T440p) -========================================================= +Changing the MAC address (e.g. X230/T440p) +----------------------------------------------------------------- See [nvmutil documentation](../install/nvmutil.md) @@ -111,15 +96,6 @@ Sandybridge, Ivybridge and Haswell platforms, but it can be used on any platform with a valid GbE region in flash, where an Intel Flash Descriptor is used; this includes older GM45+ICH9M machines supported by Libreboot. -The `ich9utils` program is more useful in an lbmk context, because it -generates an entire Intel Flash Descriptor and GbE region from scratch; -coreboot has a similar method in its build system, using its own utility -called bincfg, but this tool is unused in lbmk. - -No tool like ich9utils exists for these boards yet, but lbmk includes the IFD -and GbE files in-tree (Intel ME is handled by extracting from Lenovo updates, -which the build system automatically fetches from the internet). - You can use `nvmutil` to change the existing MAC address in a GbE region. This sets the "hardcoded" MAC address, typically a globally assigned one set by -the vendor. +the vendor, but you can use local addresses, and you can use randomised MACs. diff --git a/site/docs/install/mac_address.md.description b/site/docs/install/mac_address.md.description new file mode 100644 index 0000000..123a08f --- /dev/null +++ b/site/docs/install/mac_address.md.description @@ -0,0 +1 @@ +Libreboot lets you modify the MAC address on various supported motherboards. This guide will teach you how to change your MAC address, by various means. diff --git a/site/docs/install/macbook21.md b/site/docs/install/macbook21.md index 5ebd843..e5db56b 100644 --- a/site/docs/install/macbook21.md +++ b/site/docs/install/macbook21.md @@ -1,5 +1,5 @@ --- -title: MacBook2,1 and MacBook1,1 +title: Install Libreboot on MacBook2,1 and MacBook1,1 x-toc-enable: true ... @@ -20,19 +20,19 @@ x-toc-enable: true | **Graphics** | Intel GMA 950 | | **Display** | 1280x800 TFT | | **Memory** | 512MB, 1GB (upgradable to 4GB with 3GB usable) | -| **Architecture** | x86_64 | +| **Architecture** | x86\_64 | | **EC** | Proprietary | | **Original boot firmware** | Apple EFI | | **Intel ME/AMD PSP** | Not present. | | **Flash chip** | SOIC-8 2MiB (Upgradable to 16MiB) | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -50,6 +50,15 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works | + +Open source BIOS/UEFI firmware +------------------------- + +This document will teach you how to install Libreboot, on your +Apple MacBook 2,1 2005-2007 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + The MacBook1,1 and MacBook2,1 are very similar to the ThinkPad X60. It shares some hardware with the X60 such as the chipset. @@ -63,21 +72,20 @@ uses Core Duo processors (supports 32-bit OS but not 64-bit), and it is believed that this is the only difference. Compatibility -============= +------------- The following pages list many models of MacBook1,1 and MacBook2,1: * * -Models ------- +### Models Specifically (Order No. / Model No. / CPU) for the MacBook1,1: * MA255LL/A / A1181 (EMC 2092) / Core Duo T2500 *(tested - working)* * MA254LL/A / A1181 (EMC 2092) / Core Duo T2400 *(tested - working)* -* MA472LL/A / A1181 (EMC 2092) / Core Duo T2500 (untested) +* MA472LL/A / A1181 (EMC 2092) / Core Duo T2500 *(tested - working)* For the MacBook2,1: @@ -86,9 +94,11 @@ For the MacBook2,1: * MA701LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T7200 *(tested - working)* * MB061LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7200 *(tested - + working)* * MA700LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T7200 *(tested - working)* -* MB063LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7400 *(tested - working)* +* MB063LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7400 *(tested - + working)* * MB062LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7400 *(tested - working)* @@ -99,20 +109,22 @@ then don't forget to [send a patch](../../git.md), confirming that it actually works! Internal flashing -================= +----------------- MacBook2,1 can always be flashed internally, even if running Apple firmware: sudo flashprog -p internal:laptop=force_I_want_a_brick,boardmismatch=force -w your.rom -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** The MacBook1,1 can't be flashed internally if running the Apple EFI firmware. You must flash externally. External flashing -================= +----------------- MacBook1,1 requires external flashing, if running the default Apple firmware. MacBook2,1 can be flashed internally, regardless. @@ -132,7 +144,7 @@ Refer to the following guide:\ [Externally rewrite 25xx NOR flash via SPI protocol](../install/spi.md) OSes using Linux on Apple EFI firmware -====================================== +-------------------------------------- You have 2 choices for booting up OSes using Linux as their kernel on the MacBook: @@ -141,8 +153,7 @@ on the MacBook: * Boot via a CD or DVD. -Boot via a CD or DVD --------------------- +### Boot via a CD or DVD The Apple EFI firmware contains a PC BIOS emulation layer for booting Microsoft Windows on CDs and DVDs. That emulation layer **only** works @@ -172,8 +183,7 @@ should boot up properly automatically. to it using GRUB, despite the fact that it does sometimes show up. You also won't be able to boot it up when using Libreboot.* -Boot via USB ------------- +### Boot via USB This method is harder than booting from a CD/DVD and may soft-brick your MacBook but it's the only way to boot up successfully from a USB. @@ -211,14 +221,14 @@ the CMOS/PRAM battery, wait a few minutes, and put it back in. to reconfigure GRUB2 correctly, else your system won't boot.* Coreboot wiki page -================== +------------------ The following page has some information: * Issues and solutions/workarounds -================================ +-------------------------------- There is one mouse button only, however multiple finger tapping works. The Apple logo on the @@ -229,8 +239,7 @@ should [cover it up](http://cweiske.de/tagebuch/tuxbook.htm). software. Webcams are a privacy and security risk; cover it up! Or remove it.* -Make it overheat less ---------------------- +### Make it overheat less NOTE: on newer libreboot revisions, this section is less relevant, because C3 states are supported now. However, this section may still be useful, so it will @@ -270,8 +279,7 @@ PLATFORM_PROFILE_ON_BAT=low-power The MacBook will still overheat, just less. -Enable AltGr ------------- +### Enable AltGr The keyboard has a keypad enter instead of an AltGr. The first key on the right side of the spacebar is the Apple "command" key. On its @@ -295,12 +303,11 @@ line: to the file /etc/vconsole.conf and then restart the computer. -Make touchpad more responsive ------------------------------ +### Make touchpad more responsive Linux kernels of version 3.15 or lower might make the touchpad extremely sluggish. A user reported that they could get better -response from the touchpad with the following in their xorg.conf: +response from the touchpad with the following in their `xorg.conf`: ``` Section "InputClass" diff --git a/site/docs/install/macbook21.md.description b/site/docs/install/macbook21.md.description new file mode 100644 index 0000000..8464830 --- /dev/null +++ b/site/docs/install/macbook21.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Apple MacBook 2,1 and 1,1 circa 2006. diff --git a/site/docs/install/nvmutil.md b/site/docs/install/nvmutil.md index 1746d8e..ac26aef 100644 --- a/site/docs/install/nvmutil.md +++ b/site/docs/install/nvmutil.md @@ -1,10 +1,11 @@ --- -title: nvmutil manual +title: nvmutil usage instructions x-toc-enable: true ... With this software, you can change the MAC address inside GbE regions -on any system that uses an Intel Flash Descriptor. +on any system that uses an Intel Flash Descriptor. This software works well +on most/all of the major Linux or BSD operating systems. This is the reference documentation for `nvmutil`, but an automated script using nvmutil is available for ivy/sandybridge and haswell hardware, when @@ -15,38 +16,71 @@ inserting vendor files, which you can use to change the MAC address. See: You can use the documentation below, if you wish to use `nvmutil` manually. Continue reading... -Introduction -============ +Change the Intel GbE MAC address +-------------------------------- -This is the manual for `nvmutil`, included in the Libreboot, -build system (lbmk) under `util/nvmutil/`. This program lets you modify -the MAC address, correct/verify/invalidate checksums, -swap/copy and dump regions on Intel PHY NVM images, -which are small binary configuration files that go -in flash, for Gigabit (ethernet) Intel NICs. +This is the manual for `nvmutil`, included within the [Libreboot build +system](../maintain/) (lbmk) under `util/nvmutil/`. This program lets you modify +the MAC address, correct/verify/invalidate checksums, swap/copy and dump regions +on Intel PHY NVM images, which are small binary configuration files that go in +flash, for Gigabit (ethernet) Intel NICs. -This software is largely targeted at coreboot users, -but it can be used on most modern Intel systems, or -most systems from about 2008/2009 onwards. +**Please [install build dependencies](../build/) before you do this.** -NOTE: Libreboot X200/X200T/X200S/T400/T400S/T500/W500/R400 -users should know that this software does *not* -replace `ich9gen`, because that program generates entire -ICH9M IFD+GbE regions, in addition to letting you set the -MAC address. *This* program, `nvmutil`, can *also* set -the MAC address on those machines, but it operates on a -single GbE dump that is already created. +This software is largely targeted at coreboot users, but it can be used on most +modern Intel systems, or most systems from about 2008/2009 onwards, regardless +of which boot firmware they have. -This program is operated on dumps of the GbE NVM image, -which normally goes in the boot flash (alongside BIOS/UEFI -or coreboot, IFD and other regions in the flash). The first -half of this README is dedicated to precisely this, telling -you how to dump or otherwise acquire that file; the second -half of this README then tells you how to operate on it, -using `nvmutil`. +This program is operated on dumps of the GbE NVM image, which normally goes in +the boot flash (alongside BIOS/UEFI or coreboot, IFD and other regions in +the flash). The first half of this README is dedicated to precisely this, +telling you how to dump or otherwise acquire that file; the second half of this +README then tells you how to operate on it, using `nvmutil`. + +Automatic MAC address changer +----------------------------- + +**Please [install build dependencies](../build/) before you do this.** + +**WARNING: Older versions of nvmutil used `?` for random characters. Newer +versions use `x` instead. If you have an older version, use `?` instead, +when generating random characters in MAC addresses.** + +Instead of running nvmutil manually, like below, you can +also use the inject command, like so (examples): + + ./mk inject libreboot-RELEASE_targetname.tar.xz + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac 00:1f:16:00:11:22 + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac 00:xx:16:0x:1x:22 + ./mk inject libreboot-RELEASE_targetname.tar.xz setmac restore + +This writes the MAC address on the GbE region of the image. You must do this +on the tarball, from the ROM image release archives, and then extract the +archive. + +These same commands also [download/insert certain vendor files](ivy_has_common.md) +if needed, on the given board. + +Without argument after the tarball, it behaves the same as `setmac`. If `setmac` +is provided without argument, or no argument is given, the MAC address is +randomised. Otherwise, you can specify an arbitrary address. + +The `x` character is random, and you can specify that any of them be random, +while setting others (or all of them) arbitrarily. On the corresponding nibble, +the bit for unicast/multicast and global/local are set accordingly, so that +randomly generated addresses are *always* unicast and *local*, unless the +corresponding nibble is set arbitrarily; if the latter, then an error is thrown +if the arbitrary nibble corresponds to a multicast MAC address (and when errors +are thrown, the file shall remain unchanged). More information about error +handling is provided, later in this document. + +The `restore` option restores the original one. The command works by using a +reference GbE image file present in Libreboot's build system, for the given +motherboard. How to download newer versions -============================== +------------------------------ Simply pull down the latest changes in `lbmk.git`. The `nvmutil` software is now part of lbmk, since 17 November 2022. @@ -56,7 +90,7 @@ More info about git: * Context -======= +------- On many Intel systems with an IFD (Intel Flash Descriptor), the Intel PHY (Gigabit Ethernet) stores its configuration, binary @@ -82,13 +116,25 @@ fact work nicely, but software such as Linux will check that this is correct. If the checksum is invalid, your kernel will refuse to make use of the NIC. -This NVM section is the first 128 bytes of a 4KB region in flash. -This 4KB region is then repeated, to make an 8KB region in +This NVM section is the first 128 bytes of a *block size* KB region in flash. +This *block size* KB region is then repeated, to make an *block size multipled +by two* KB region in flash, known as the *GbE region*. In `nvmutil`, the first part is referred to as *part 0* and the second part as *part 1*. -Known compatible PHYs ---------------------- +The block size can be 4KB, 8KB or 64KB, meaning that GbE files can +be 8KB, 16KB or 128KB; the first half is part 0 and the second half is part 1. +The first 4KB of each part is what we are concerned with; and in each 4KB part +is the 128-byte NVM area at the very start, containing our configuration. + +**NOTE: Support for 16KB and 128KB files was only added *after* the +Libreboot 20241206 release. It will be available in all releases after that, +or you can simply compile nvmutil from the Libreboot Git repository lbmk, +from directory `util/nvmutil/` - on the older releases, and older versions of +nvmutil, only 8KB GbE files are supported, but we mostly only use 8KB files +anyway (you're very unlikely to encounter 16KB or 128KB files).** + +### Known compatible PHYs TODO: write a full list her ofe what actual PHYs are known to work. @@ -101,7 +147,7 @@ files; it is assumed that intel would later change the file size and/or checksum value and/or checksum location. How to obtain the GbE file -========================== +-------------------------- The chip containing your BIOS/UEFI firmware (or coreboot) has it, if you have an Intel PHY for gigabit ethernet. @@ -111,11 +157,12 @@ containing your NIC's configuration. This is the part that many people will struggle with, so we will dedicated an entire next section to it: -Use flashprog ------------- +### Use flashprog -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** If you wish to operate on the GbE section that's already flashed, you should *dump* the current full ROM image. @@ -138,7 +185,16 @@ a single-flash setup. In that case, it's recommended to dump both chips, as `spi1.rom` and `spi2.rom`; you can then cat them together: - cat spi1.rom spi2.rom > rom.bin + cat spi1.rom spi2.rom > rom.bin # WARNING: see note below + +**WARNING: After concatenating the files, please ensure that you did so in +the correct order. In `hexdump -C rom.bin` you can check for the Intel Flash +Descriptor near the start of the file, for the bytes `5a a5 f0 0f`. You may +alternatively attempt extraction with `ifdtool -x rom.bin`, adding +the `--platform OPTION` option if needed, based on output from `--help` if +you need to (it lists platform strings for certain newer Intel platforms). If +ifdtool extraction fails, then that is another indication that you did not +cat the files correctly.** If your GbE region is locked (per IFD settings), you can dump and flash it using external flashing equipment. The Libreboot @@ -152,8 +208,7 @@ option should be changed accordingly. Read flashprog documentation, and make sure you have everything properly configured. -Use ifdtool ------------ +### Use ifdtool NOTE: This has only been tested on systems that use IFDv1 (Intel Flash Descriptor, version 1). This distinction, between @@ -170,12 +225,24 @@ with `make`, to get an ifdtool binary. To make internal flashing possible later on, you might do: - ifdtool --unlock rom.bin + ifdtool --unlock rom.bin # READ THE WARNING BELOW FIRST + +**WARNING: On ThinkPad T480/T480s and OptiPlex 3050 Micro, do this instead:** + + ifdtool --platform sklkbl --unlock rom.bin Running this command will create a modified image, named `rom.bin.new`. This file will have all regions set to read-write, per configuration in the Intel Flash Descriptor. +Note: if you want the original image to be modified, without needing to +keep track of `rom.bin.new` as mentioned above, use the -O switch. For example, +repeating the above command: + + ifdtool --unlock rom.bin -O rom.bin + +(add the `--platform` option if you need to) + In addition to unlocked regions, you may wish to *neuter* the Intel Management Engine, removing all the nasty spying features from it, using `me_cleaner`. See: @@ -188,7 +255,7 @@ article, so you should read their documentation. Now run this: - ifdtool -x rom.bin + ifdtool -x rom.bin # For T480/3050micro, add: --platform sklkbl Several files will be created, and the one you need to operate on is named `flashregion_3_gbe.bin` so please @@ -198,7 +265,7 @@ Read the notes below about how to use the `nvmutil` program, operating on this file. When you're done, you can insert the modified GbE file back into your ROM image, like so: - ifdtool -i gbe:flashregion_3_gbe.bin rom.bin + ifdtool -i gbe:flashregion_3_gbe.bin rom.bin # For T480/3050micro, add: --platform sklkbl This will create the file `rom.bin.new`, which contains your modified GbE section with the NVM images inside; this @@ -215,6 +282,16 @@ region, like so: flashprog -p internal --ifd -i gbe -w rom.bin.new +**WARNING: If using `--ifd` in flashprog, note that flashprog probably doesn't +have anything similar to the `--platform` option in ifdtool. Therefore, you +way wish to specify the regions manually. You can do this quite simply, by:** + + ifdtool -f layout.txt rom.bin # For T480/3050micro, add: --platform sklkbl + +and instead of `--ifd` in flashprog, use: + + flashprog -p internal -l layout.txt -i gbe -w rom.bin.new + If you're running flashprog from host CPU on the target system, and it's dual flash, you can just flash the concatenated image, which you created earlier by running @@ -227,8 +304,11 @@ the `-p internal` parameter to something else. In this situation, you should re-split the file accordingly, if you have a dual-IC flash set, like so: - dd if=rom.bin.new of=spi2.rom bs=1M skip=8 - dd if=rom.bin.new of=spi1.rom bs=1M count=8 + dd if=rom.bin.new of=spi2.rom bs=1M skip=8 # WARNING: see note below + dd if=rom.bin.new of=spi1.rom bs=1M count=8 # WARNING: see note below + +**WARNING: The commands above assume SPI1 is 8MB and SPI2 is 4MB, making 12MB +total. Please adapt accordingly, for your own configuration.** These files would then be flashed externally, separately, using an external programmer. @@ -241,7 +321,7 @@ SPI1. You should adjust the above parameters, according to your configuration. How to compile source code -========================== +-------------------------- The nvmutil source code is located under `util/nvmutil/` in the lbmk repository. A makefile is included there, for you to build an @@ -266,8 +346,7 @@ The `nvmutil` software has been build-tested on `Clang`, `GCC` and `tcc`. Only standard library functions (plus `err.h`) are used, so you don't need any extra libraries. -How to compile it ------------------ +### How to compile nvmutil First, ensure that the current working directory is your copy of the nvmutil source code! @@ -283,7 +362,7 @@ whatever is in your `$PATH` for userspace programs). TODO: Add `make install` to the Makefile, portably. How to use nvmutil -================== +------------------ You run it, passing as argument the path to a file, and you run commands on that file. This section will tell you how to @@ -295,8 +374,7 @@ done that, you could still run it in cwd for instance: ./nvm bla bla bla -Exit status ------------ +### Exit status The `nvmutil` program uses `errno` extensively. The best error handling is done this way, the Unix way. Error handling is extremely @@ -317,13 +395,12 @@ command only requires read access on files. Where sufficient permission is not given (read and/or write), nvmutil will exit with non-zero status. Non-zero status will also be returned, if the target file is *not* -of size *8KB*. +of size *8KB*, *16KB* or *128KB*. Additional rules regarding exit status shall apply, depending on what command you use. Commands are documented in the following sections: -Change MAC address ------------------- +### Change MAC address The `nvm` program lets you change the MAC address. It sets a valid checksum, after changing the MAC address. This program @@ -337,7 +414,7 @@ The following rules are enforced in code: * User cannot specify multicast addresses * User cannot specify `00:00:00:00:00:00` * When generating random addresses, if the right - most nibble of the left-most byte is `?` (random), + most nibble of the left-most byte is `x` (random), nvmutil will (in code) force the generated MAC address to be local (not global), and will prevent a multicast address from being generated. @@ -360,20 +437,20 @@ How to use (the MAC address in just an example): You can also set random MAC addresses: - nvm gbe.bin setmac ??:??:??:??:??:?? + nvm gbe.bin setmac xx:xx:xx:xx:xx:xx In this example, every character is random. However, you can mix and match random characters with static ones. For example: - nvm gbe.bin setmac 00:1f:16:??:??:?? + nvm gbe.bin setmac 00:1f:16:xx:xx:xx You can also pass it without a MAC address: nvm gbe.bin setmac If you only type `setmac` without specifying a MAC address, -it will do the same thing as `setmac ??:??:??:??:??:??`. +it will do the same thing as `setmac xx:xx:xx:xx:xx:xx`. This will set the last three bytes randomly, while the MAC address would begin with `00:1f:16`. @@ -388,8 +465,7 @@ corrected if you use the `setchecksum` command in `nvmutil`. It is common for vendor gbe files to contain one valid part and one invalid part, per checksum rules. -Verify checksums (and show MAC addresses) ------------------------------------------ +### Verify checksums (and show MAC addresses) This command *only* requires *read* access on files. @@ -405,13 +481,12 @@ NOTE: This will exit with zero status if at least one part contains a valid checksum. If both parts are invalid, nvmutil will exit with non-zero status. -Copy part ---------- +### Copy part This command requires read *and* write access on files. The `nvm` program can copy one NVM part to another. It copies -the *entire* 4KB part, within the 8KB file. +the *entire* *block size* KB part, within the *two blocks* KB file. Overwrite part 0 with the contents of part 1: @@ -426,12 +501,11 @@ will be performed, and nvmutil will exit with non-zero status. Otherwise, it will (if all other conditions are met) exit with zero status. -Swap parts ----------- +### Swap parts This command requires read *and* write access on files. -The `nvm` program can swap both 4KB parts in the GbE +The `nvm` program can swap both *block size* KB parts in the GbE file. It does this, via simple XOR swaps. How to use: @@ -446,8 +520,7 @@ If *at least one* part is valid, nvmutil will return with zero exit status. If both parts are invalid, it will return non-zero. -Set valid checksum ------------------- +### Set valid checksum This command requires read *and* write access on files. @@ -467,8 +540,7 @@ set the checksum. There is no feasible way to guard against use on the wrong file, unlike with the other commands. Please make SURE you're running this on the correct file!* -Set invalid checksum --------------------- +### Set invalid checksum This command requires read *and* write access on files. @@ -498,7 +570,7 @@ Intel gigabit NICs that don't have a valid checksum. This is software-defined, and not enforced by the hardware. History -======= +------- A historical change log is included at [docs/install/nvmutilimport.md](nvmutilimport.md), @@ -526,33 +598,13 @@ it was part of osboot, is still available (for reference) here: * -LICENSE -======= +Please use the latest nvmutil version *from lbmk*. The above information is +provided only for reference; it may be useful for future auditing. -This page is released under different copyright terms than most other pages -on this website. - -The `nvmutil` software and documentation are released under the following -terms: - -Copyright 2022 Leah Rowe - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +TODO +---- +* Adapt this into a manpage (useful for Linux package repositories / BSD ports) +* Send nvmutil upstream to coreboot, for inclusion under `util/` +* In addition to the manpage, when sending to coreboot, also adapt this page + for inclusion into doc.coreboot.org diff --git a/site/docs/install/nvmutil.md.description b/site/docs/install/nvmutil.md.description new file mode 100644 index 0000000..a344dc9 --- /dev/null +++ b/site/docs/install/nvmutil.md.description @@ -0,0 +1 @@ +Instructions pertaining to nvmutil, which is software that can modify the MAC address and other information inside Intel GbE NVM images. diff --git a/site/docs/install/nvmutilimport.md b/site/docs/install/nvmutilimport.md index 4fa6f82..e5801a4 100644 --- a/site/docs/install/nvmutilimport.md +++ b/site/docs/install/nvmutilimport.md @@ -1,12 +1,9 @@ -nvmutil assimilation -==================== +nvmutil import notes +-------------------- Detailed revision history can be found in the Git repository; for code, look at `lbmk.git` and for documentation, look at `lbwww.git`. -Assimilation by Libreboot -========================= - With no additional changes to nvmutil, the project became part of lbmk, which is the Libreboot build system. Please refer to Libreboot's imported version of the nvmutil documentation: [nvmutil.md](nvmutil.md) @@ -22,8 +19,10 @@ shall be preserved on notabug. See: -nvmutil 20221106 -================ +Version history (osboot) +------------------------ + +### nvmutil 20221106 Very minor bugfix release: @@ -33,8 +32,7 @@ Very minor bugfix release: * Documentation inaccuracies fixed (pertaining to nvmutil exit statuses) * Documentation generally tidied up a bit -nvmutil 20221103 -================ +### nvmutil 20221103 Not much has changed, as this just fixes minor bugs and behavioural quirks seen in the previous release: @@ -49,8 +47,7 @@ quirks seen in the previous release: fully readable. Previously, nvmutil would exit non-zero if one or both checksums was correct, but it now only does this if both are invalid -nvmutil 20220828 -================ +### nvmutil 20220828 No new features have been added. This is a code cleanup and bugfix release. @@ -73,8 +70,7 @@ No new features have been added. This is a code cleanup and bugfix release. were made (e.g. cleaner argument handling). Tested with tcc on an x86\_64 machine, where a 0.16% binary size increase was observed. -nvmutil 20220815 -================ +### nvmutil 20220815 No new features have been added. This is a code cleanup and bugfix release. @@ -105,8 +101,7 @@ No new features have been added. This is a code cleanup and bugfix release. reduces code bloat in nvmutil. The code still warns you if the MAC address is multicast -nvmutil 20220810 -================ +### nvmutil 20220810 * 3.4% reduction in binary size (as tested with tcc on x86\_64), due to code optimizations, *while* adding new checks and new features. @@ -130,8 +125,7 @@ nvmutil 20220810 * The `setmac` command can now be used without specifying a MAC address, which will cause the same behaviour as `setmac ??:??:??:??:??:??` -nvmutil 20220808 -================ +### nvmutil 20220808 Released on 8 August 2022. Changes: @@ -173,8 +167,7 @@ Released on 8 August 2022. Changes: reduction; the other 2/3 of that reduction is due to increased code efficiency in general. -Regarding code size reduction ------------------------------ +#### Regarding code size reduction My test setup is an x86\_64 machine with `tcc` used as the compiler; the libc doesn't really matter, if @@ -215,8 +208,7 @@ binary sizes are much larger with those compilers, even with optimization flags; despite this, the Makefile in nvmutil assumes GCC/Clang and sets `CFLAGS` to `-Os`. -nvmutil 20220802 -================ +### nvmutil 20220802 Released on 2 August 2022. Changes: @@ -236,8 +228,7 @@ Released on 2 August 2022. Changes: * More human-friendly messages and help text * help/version commands actually listed in help output -nvmutil 20220731 -================ +### nvmutil 20220731 Released on 31 July 2022. Changes: @@ -250,8 +241,7 @@ Released on 31 July 2022. Changes: That's it. Bug fixes and safety features added. Enjoy! -nvmutil 20220728 -================ +### nvmutil 20220728 Initial release. It is functionally equivalent to the older `nvmutils`, developed for the osboot project. This diff --git a/site/docs/install/nvmutilimport.md.description b/site/docs/install/nvmutilimport.md.description new file mode 100644 index 0000000..aebe579 --- /dev/null +++ b/site/docs/install/nvmutilimport.md.description @@ -0,0 +1 @@ +Historical information pertaining to nvmutil which can modify MAC addresses on Intel GbE NVM images. diff --git a/site/docs/install/playstation.md b/site/docs/install/playstation.md index 5872774..c64fa66 100644 --- a/site/docs/install/playstation.md +++ b/site/docs/install/playstation.md @@ -1,10 +1,12 @@ --- -title: Sony PlayStation (PS1/PSX) +title: Install Libreboot Open BIOS on Sony PlayStation (PS1/PSX) x-toc-enable: true ... -The PlayStation is a computer like any other. It ought to run all Free Software -if you want it to, and you can! +The PlayStation is a computer like any other. It ought to run +all [Free Software](https://writefreesoftware.org/learn) if you want it to, and +you can! In this document, you will learn how to replace the Sony BIOS on your +PlayStation, with a fully Open Source one instead.
@@ -27,21 +29,32 @@ if you want it to, and you can! | **Original boot firmware** | Sony PS1 BIOS (USA/JPN/EU) | | **Flash chip** | 512KB Mask ROM |
-Introduction -============ + +Open source playstation (PS1/PSX) BIOS +--------------------------------- This uses the free/opensource BIOS developed by the PCSX-Redux team, which you can learn more about here: -Build from source ------------------ +### Download pre-built BIOS -Pre-compiled builds will be in the next Libreboot release, after -version 20240612. For now, you must compile it from source, but the Libreboot -build system provides automation for this. Please use the latest lbmk -revision [from Git](../../git.md). +Get it here: + + + +Other mirrors are available, at the [Canoeboot download](../../download.md) +page; look in the `roms/playstation/` directory for a given Libreboot release. +This is built from the available sources in Libreboot releases, based on the +information written below. + +You can use this in a PlayStation emulator or on real hardware - the rest of +this page will tell you how to use it. + +### Build from source + +OPTIONAL: You could alternatively use the pre-built version (see above). First, please make sure you have build dependencies. The build logic in lbmk has been tested on Debian 12 (x86\_64) and you can do this for example, as root: @@ -67,7 +80,7 @@ This commonly only builds the BIOS part. If you want to build all of PCSX-Redux, you can, but lbmk does not provide automation for this. Installation -============ +------------ If all went well, you should see `openbios.bin` located under the `bin/playstation/` (within lbmk). Alternatively, you may be using @@ -75,8 +88,7 @@ a release *after* Libreboot 20240612 that has it pre-built. Either way is fine. The `openbios.bin` file is your new BIOS build. -Emulators ---------- +### Emulators Most PlayStation emulators rely on low-level emulation to execute the real BIOS. The Open BIOS by PCSX-Redux (as distributed by Libreboot) can also be used, and @@ -91,8 +103,7 @@ provided with your chosen PlayStation emulator. You can even freely redistribute this BIOS, because it's free software (released under MIT license), which is a major advantage over Sony's original BIOS. -Hardware --------- +### Hardware Not yet tested by the Libreboot project, but the PCSX-Redux developers have stated that it will work on the real console. *It should be noted that the Open @@ -116,7 +127,7 @@ BIOS much more polished, but a number of games have been tested and it's more or less fully reliable in most cases. Game compatibility -================== +------------------ The upstream maintains a compatibility list, here: @@ -126,7 +137,7 @@ NOTE: Google Docs, but an option exists on there to export it for LibreOffice Calc. The list is provided as a spreadsheet. Remarks about hardware -==================== +---------------------- Modern NOR flash can be used. You specifically want a TSOP-32 SMD/SMT type device, one that operates at 3.3v (tolerance 2.7 to 3.6v), organised into 512KB blocks, @@ -146,10 +157,28 @@ We do not yet provide instructions for how to install this on real hardware, in the Libreboot project, but this can be done at a future date. Other mods (hardware) -=============== +--------------------- -Video timings -------------- +### Modchip (mayumi v4) example + +Click the photo for full size. It shows a Mayumi v4 modchip and Dual Frequency +Oscillator mod installed (blue board is the modchip and the black board is +the DFO mod). Mods installed by Leah Rowe, as a proof of concept: + +Sony PlayStation (PSOne) console + +The modchip disables the copy protection and region restrictions. A modchip is +still advised, even if using an Open BIOS. The Open BIOS could be modified to +send commands that disable the wobble check, thus invalidating the need for +a modchip, but even then there are still caveats. Please read: + + + +The most technically correct solution, regardless of which BIOS you have, to +also install the modchip and DFO board, as shown. More info is written about +these in the next sections below: + +### Video timings The Open BIOS will not implement any DRM, so it's possible that you might boot out of region games. In an emulator, this is no problem, but it can prove @@ -199,8 +228,7 @@ By fixing the timings in this way, your region-free console will also have correct timings, thus maximum game compatibility, and colours will always be correct no matter what video cable you're using. -Modchips --------- +### Modchips If using hardware, you will probably still want a modchip. Many proprietary modchip firmwares exist, such as Old crow, MultiMode3 and Mayumi; these run on @@ -228,8 +256,7 @@ not yet been confirmed by the Libreboot project. More hardware testing is planned, but the Open BIOS works perfectly in emulators. Give it a try! -Boot games on SD cards ------------------------ +### Boot games on SD cards The [PicoStation](https://github.com/paulocode/picostation) project provides free firmware for RP2040 devices, which you can solder into a modboard which @@ -240,8 +267,7 @@ real playstation (the picostation replaces your CD drive). Not only is this useful in a development context, but it can also be used when your CD drive has worn out and no longer reads discs properly. -Final remarks -------------- +### Final remarks Combined with PsNee and PicoStation, the Open BIOS from PCSX-Redux team will turn your 90s PlayStation into a very hackable machine. There is @@ -253,7 +279,7 @@ simply computers, fully reprogrammable and as such, Libreboot is happy to provid this support, for the Sony PlayStation Credit -====== +------ Thanks go to the PCSX-Redux team for their excellent work reverse engineering the Sony PS1 BIOS. diff --git a/site/docs/install/playstation.md.description b/site/docs/install/playstation.md.description new file mode 100644 index 0000000..1f92b23 --- /dev/null +++ b/site/docs/install/playstation.md.description @@ -0,0 +1 @@ +Install free/opensource BIOS boot firmware on your Sony PlayStation (PS1/PSX), optionally compiling it with GNU GCC. This uses PCSX-Redux Open BIOS. diff --git a/site/docs/install/r400.md b/site/docs/install/r400.md index eac5e37..e5b782d 100644 --- a/site/docs/install/r400.md +++ b/site/docs/install/r400.md @@ -1,5 +1,5 @@ --- -title: Flashing the ThinkPad R400 +title: Install Libreboot on Lenovo ThinkPad R400 x-toc-enable: true ... @@ -28,12 +28,12 @@ x-toc-enable: true | **Flash chip** | SOIC-8/SOIC-16 4MiB/8MiB (Upgradable to 16MiB) | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -52,16 +52,13 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works | -Dell Latitude E6400 -=================== +Open source BIOS/UEFI firmware +------------------------- -**If you haven't bought an R400 yet: the [Dell Latitude -E6400](../install/latitude.md) is much easier to flash; no disassembly required, -it can be flashed entirely in software from Dell BIOS to Libreboot. It is the -same hardware generation (GM45), with same CPUs, video processor, etc.** - -Introduction -============ +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad R400 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. It is believed that all or most R400 laptops are compatible. See notes about [CPU @@ -74,17 +71,26 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16. *The R400 laptops come with the ME (and sometimes AMT in addition) before flashing libreboot. libreboot disables and removes it by using a -modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)* -(contains notes, plus instructions) +modified descriptor.* Flashing instructions can be found at [../install/\#flashprog](../install/#flashprog) -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** + +Dell Latitude E6400 +------------------- + +**If you haven't bought an R400 yet: the [Dell Latitude +E6400](../install/latitude.md) is much easier to flash; no disassembly required, +it can be flashed entirely in software from Dell BIOS to Libreboot. It is the +same hardware generation (GM45), with same CPUs, video processor, etc.** EC update {#ecupdate} -========= +-------------------- It is recommended that you update to the latest EC firmware version. The [EC firmware](../../faq.md#ec-embedded-controller-firmware) is separate from @@ -109,7 +115,7 @@ TODO: put hardware register logs here like on the [X200](x200.md) and [T400](t400.md) page. Installation notes -================== +------------------ [External flashing](spi.md) required, if Lenovo BIOS is running. @@ -129,15 +135,14 @@ ROM properly first. Although ROM images are provided pre-built in libreboot, there are some modifications that you need to make to the one you chose before flashing. (instructions referenced later in this guide) -Serial port {#serial_port} ------------ +### Serial port {#serial_port} EHCI debug might not be needed. It has been reported that the docking station for this laptop has a serial port, so it might be possible to use that instead. A note about CPUs -================= +----------------- [ThinkWiki](http://www.thinkwiki.org/wiki/Category:R400) has a list of CPUs for this system. The Core 2 Duo P8400 and P8600 are believed to @@ -145,13 +150,12 @@ work in libreboot. The Core 2 Duo T9600 was confirmed to work, so the T9400 probably also works. *The Core 2 Duo T5870/5670 and Celeron M 575/585 are untested!* -Quad-core CPUs --------------- +### Quad-core CPUs Incompatible. Do not use. A note about GPUs -================= +----------------- Some models have an Intel GPU, while others have both an ATI and an Intel GPU; this is referred to as "Dual Graphics" (previously @@ -165,32 +169,33 @@ Intel GPU is used and the ATI GPU is disabled, so native graphics initialization works all the same. CPU paste required -================== +------------------ See [\#paste](#paste). Flash chip size {#flashchips} -=============== +----------------------------- Use this to find out: flashprog -p internal -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** MAC address {#macaddress} -=========== +------------------------- Refer to [mac\_address.md](../install/mac_address.md). External flashing -================= +----------------- Refer to [spi.md](spi.md) as a guide for external re-flashing. -Disassembly ------------ +### Disassembly Remove all screws:\ ![](https://av.libreboot.org/r400/0000.jpg)\ @@ -276,7 +281,7 @@ Read [this article](spi.md) to learn how you may flash the chip, which is near to the RAM. Thermal paste (IMPORTANT) -========================= +------------------------- Because part of this procedure involved removing the heatsink, you will need to apply new paste. Arctic MX-4 is ok. You will also need isopropyl @@ -293,7 +298,7 @@ show how to properly apply the thermal paste. Other guides online detail the proper application procedure. Memory -====== +------ In DDR3 machines with Cantiga (GM45/GS45/PM45), northbridge requires sticks that will work as PC3-8500 (faster PC3/PC3L sticks can work as PC3-8500). diff --git a/site/docs/install/r400.md.description b/site/docs/install/r400.md.description new file mode 100644 index 0000000..51cc603 --- /dev/null +++ b/site/docs/install/r400.md.description @@ -0,0 +1 @@ +ThinkPad R400 installation. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/docs/install/spi.md b/site/docs/install/spi.md index b3264d3..043a416 100644 --- a/site/docs/install/spi.md +++ b/site/docs/install/spi.md @@ -4,7 +4,7 @@ x-toc-enable: true ... Need help? -========== +---------- Help is available on [Libreboot IRC](../../contact.md) and other channels. @@ -16,14 +16,51 @@ if you want to send your machine in to have Libreboot installed for you. Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. -Introduction -============ +Install open source BIOS/UEFI firmware +-------------------------------------- -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +This guide is predominantly about *installing Libreboot* (flashing it) onto +your motherboard's main system flash. You can also adapt this guide for dumping, +erasing and verifying firmware images; this guide shows you how to use +the [flashprog](https://flashprog.org/) software with various external +25XX NOR flash programmers. This guide is written for *Linux* users, but BSD +operating systems are also compatible with flashprog; Windows might be feasible, +ditto Apple's MacOS, as flashprog can also run on those, but they are not +officially supported by Libreboot, and *we recommend* that you use Linux/BSD. + +Although this documentation is written *for the Libreboot project*, it can be +used on any compatible 25xx NOR flash, on any number of devices, such as home +routers and even certain videogame systems. If you're a refurbisher, and not +a Libreboot-based one, but just a regular refurbisher e.g. on eBay, dealing +with proprietary UEFI firmware (and perhaps Windows installations), it may be +that on some of them, SMM-based flash writes are performed to store UEFI firmware +configurations (instead of the old NVRAM/CMOS memory); you could adapt this +guide (and read flashprog documentation) to erase/flash custom configurations, +for example when unlocking boot passwords on the computers that you sell. This +is the power of [Free Software](https://writefreesoftware.org/learn); flashprog +is a Free Software project. The use-case scenario of the humble eBay seller is +real; several of them have in fact used this guide in the past. + +So keep that in mind; this is part of the Libreboot installation instructions, +but it can be used for *any* flashing operation on *any* 25xx NOR flash, with +all sorts of firmware; you could also use this to *reverse* a Libreboot +installation, re-flashing the original vendor firmware if you made a dump of it, +**and we definitely recommend backing that up prior to Libreboot installation**. + +**Please ensure that your programmer's voltage matches that of the flash IC, +and read this guide carefully to account for proper electrical safety. In +general, these programmers operate at 3.3v, so you'll need a logic level +adapter and e.g. buck converter, if you're dealing with a 1.8V flash IC.** + +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** This guide will teach you how to use various tools for externally reprogramming a 25xx NOR flash via SPI protocol. This is the most common type of flash IC for @@ -33,12 +70,12 @@ which uses LPC flash in a PLCC32 socket, which you can simply hot-swap after booting the vendor firmware, and then flash internally. Simple! We will be using -the [flashprog](https://flashprog.org/Flashrom) software which is written to +the [flashprog](https://flashprog.org/) software which is written to dump, erase and rewrite these flash chips. -libreboot currently documents how to use these SPI programmers: +Libreboot currently documents how to use these SPI programmers: -* Raspberry Pi Pico +* Raspberry Pi Pico / Pico 2 * Raspberry Pi (RPi) single-board computers * BeagleBone Black (BBB) * Libre Computer 'Le Potato' @@ -58,10 +95,24 @@ SPI flash, using an on-board SPI programmer (which all boards have). You do this from Linux, with flashprog. *This* guide that you're reading now is for using an *external* programmer. It -is called *external* because it's not the *internal* one on your mainboard. +is called *external* because it's not the *internal* one on your motherboard. Raspberry Pi Pico -================= +----------------- + +### Pico 1 (RP2040) supported + +Pico 2 support was removed, due to stability issues. These are the RP2530 +devices. Pico 1 dongles work just fine (RP2040). + +**NOTE: RP2530 dongles removed in the Libreboot 25.04 testing release, but will +be re-added in future revisions. It was removed due to bugs, so Libreboot only +supports Pico1 (RP2040) for now, and the Pico2 images were also removed from the +December release of 2024, retroactively. Subsequent revisions will once again +re-add Pico 2 support, after it has been better tested.** + +The pinout on Raspberry Pi Pico and Raspberry Pi Pico 2 are identical, but you +must take care to flash the correct image on either device. ![Left to right: Raspberry Pi Pico and Pico H](https://av.libreboot.org/rpi_pico/two_picos.webp) @@ -72,16 +123,19 @@ Additionally, all the software running on it is free, down to the full versions (Pico W & Pico WH) need vendor firmware to use the Wi-Fi chip, but that is not needed for following this guide. -A Pico has proper 3.3V logic levels, unlike a ch341a. Which means it won't -destroy your board by sending 5V to it. If you have a 1.8V flash chip, -you need to add a logic level converter. +### Download serprog firmware pre-compiled -First, connect just the Pico to your computer with a micro-USB cable. -Mount it like any other USB flash drive. If it isn't detected, you might need -to press the BOOTSEL button while you plug it in (this forces it into the -bootloader mode). +Download the pico serprog tarball from Libreboot releases. For example, the +Libreboot 20241206rev8 one would be +named: `libreboot-20241206rev8_pico_serprog.tar.xz` - it's available under +the `roms/` directory in each release. With these binaries, you can easily +get started. -You can download the serprog firmware here:\ +### Build serprog firmware from source (OPTIONAL) + +**Pre-compiled binaries are also available, in Libreboot releases.** + +You can alternatively download the serprog firmware here:\ \ or here:\ @@ -90,7 +144,7 @@ You can also find the source code for these, under `src/` in Libreboot release archives (source code tarball), and/or under `src/` in `lbmk.git` if downloading using the build instructions below. -Copy the file `rpi-pico-serprog.uf2` into your Pico. To build this firmware, you +Alternatively to the binaries, you could build it yourself or you could also clone `lbmk.git` and [install build dependencies](../build/#first-install-build-dependencies), then inside lbmk, do: @@ -98,8 +152,34 @@ do: ./mk -b pico-serprog This will automatically build the rpi-pico firmware, and the file will be -at `bin/serprog_rp2040/serprog_pico.uf2` -and `bin/serprog_rp2040/serprog_pico_w.uf2`. +at `bin/serprog_pico/serprog_pico.uf2` +and `bin/serprog_pico/serprog_pico_w.uf2`. + +### Install the serprog firmware + +First, connect just the Pico to your computer with a micro-USB cable. +Mount it like any other USB flash drive. If it isn't detected, you might need +to press the BOOTSEL button while you plug it in (this forces it into the +bootloader mode). + +When you have the build, or if you're using a release build, copy the +file `.uf2` file into your Pico. You must make sure to build the correct +target, or otherwise copy the correct file, because many RP2040 and RP2530 +devices exist and Libreboot provides images for **all of them** in the same +release tarball. + +**NOTE: Other RP2040/2530 devices will also work. You just have to match +the right pins and use the correct firmware file!** + +### Logic levels + +A Pico has proper 3.3V logic levels, unlike a ch341a. Which means it won't +destroy your board by sending 5V to it. If you have a 1.8V flash chip, +you need to add a logic level converter. **Please ensure that you have matched +the voltage of your programmer to the voltage of your chip; both the data lines +and power lines to the chip must match.** + +### Wiring Disconnect the Pico and proceed to wire it to your [flash chip](/docs/install/spi.html#identify-which-flash-type-you-have). @@ -113,6 +193,8 @@ above](https://av.libreboot.org/rpi_pico/pinout_serprog.png) ![A Raspberry Pi Pico connected to a SOIC16 flash chip](https://av.libreboot.org/rpi_pico/soic16_x200.webp) +![SOIC-8 to Pico pinout diagram](https://av.libreboot.org/rpi_pico/soic8_pico_pinouts.jpg) + Headers were manually soldered on the top side, and the plastic packaging was repurposed as an insulating base. These might be nice to have, but by no means necessary. If your headers are on the other side, just keep in mind @@ -123,7 +205,7 @@ will appear: [453876.669019] cdc_acm 2-1.2:1.0: ttyACMx: USB ACM device -Take note of the ttyACMx. Flashrom is now usable +Take note of the ttyACMx. Flashprog is now usable (substitute ttyACMx with what you observed earlier). flashprog -p serprog:dev=/dev/ttyACMx,spispeed=16M @@ -131,11 +213,13 @@ Take note of the ttyACMx. Flashrom is now usable spispeed=32M usually works, but since it's not much faster it's probably not worth it. The 12Mbps USB port is limiting the actual speed here. -Do not use CH341A! -================== +Higher speeds might work nicely, on Pico 2. + +Do not buy CH341A! +------------------ NOR flashes on libreboot systems run on 3.3V DC or 1.8V DC, and this includes -data lines. CH341A has 5V logic levels on data lines, which will damage your +data lines. CH341A can have 5V logic levels on data lines, which can damage your SPI flash and also the southbridge that it's connected to, plus anything else that it's connected to. @@ -162,12 +246,12 @@ build up and possibly fire (and definitely damaged circuitry). On SOIC8, pin 3 is WP and 4 is GND, so a direct 3.3v connection there is quite hazardous for that reason; all the more reason to use a pull-up resistor.** -The mainboard that you want to flash (if using e.g. pomona clip) will probably +The motherboard that you want to flash (if using e.g. pomona clip) will probably have pull-up resistors on it already for WP/HOLD, so simply cutting WP/HOLD on the CH341A would also be acceptable. The pull-up resistors that you place (in such a mod) on the CH341A are only useful if you also want to flash chips in the ZIF socket. If pull-up resistors exist both on e.g. the laptop -mainboard and on the CH341A, it just means the equivalent series resistance +motherboard and on the CH341A, it just means the equivalent series resistance will be of the two resistors (on each line) in parallel. If we assume that a laptop is likely to have a resistor size of ~3.3k for pull-ups, then a value of ~5.6k ohms on the CH341A side seems reasonable. @@ -193,10 +277,71 @@ resistors) performed, on the black CH341A:\ The green version (not shown above) may come with 3.3v logic already wired, but -still needs to have pull-up resistors placed for WP/HOLD. +still needs to have pull-up resistors placed for WP/HOLD. Some of them may have +switchable voltage instead, via a physical toggle on the board. + +Disclaimer: A few (not many, but wily) people have criticised this section of the +documentation, due to a misconception about what it really means and also because +this section was previously very poorly written. So to be clear: + +Yes, we are quite well aware that the CH341A can in fact operate at 3.3v, +even unmodified black models; the VCC line is 3.3v, and if when you either +directly wire VCC to WP/HOLD pins yourself, or a pull-up resistor on the +motherboard you're flashing pulls these high at 3.3v, then the logic levels +on the data lines do in fact switch to 3V *during an erase, read or write cycle*. +When no flashing operation is underway, the data lines are outputting at almost +negligable current, so the actual amount of heat generated will be negligable, +and therefore damage is unlikely. However, as stated above and as we will state +again: + +* This is bad electrical design. The CH341A can switch flexibly between 3V + and 5V operation, but most flashes today are 1.8V or 3V anyway, and there are + all kinds of scenarios (such as over-current or surge event) where this 5V + idle logic level could still be applied. Modifying your CH341a to 3.3v + only, as defined in the datasheet (and by this page) is highly recommended. +* The drive level is extremely poor anyway, on CH341a, making ISP-based + flashing ill advisable in many cases, such as where the PCH (Intel platforms) + is partly active and the data lines have lower resistance, because some + boards have 0ohms or very low resistance on these lines. +* No pull-ups on the WP/hold lines, when flashing in the socket; they are high + via 0ohm trace to VCC, whereas you are advised to use a pull-up resistor to + mitigate over-current events. +* Crap LDO on the board, and no ESD/overcurrent protection; the CH341a probably + can't provide much current on the VCC line, especially for ISP-based flashing + where the flash shares a common power rail with many other components. + +CH341a is cheap junk. Get yourself a Raspberry Pi Pico instead; it's about the +same price, but of much higher quality from an electrical design perspective, +supports much higher (12mA!) drive levels on data lines, can control multiple +chip selects at once; it's just better, in every way. And the Raspberry Pi is +completely reprogrammable, so you can use it for something else when you're +done, e.g. UART dongle, or if you're wily enough, [PlayStation 1 Optical Disc +Emulator](https://github.com/paulocode/picostation) - the Pico is simply a +highly versatile tool, much better value for money. + +There is only one instance where the CH341a is *good*, and that is when you're +actually flashing a loose (not soldered) chip, in the ZIF socket on the CH341a +board. It's a DIP-8 socket, and you can also buy WSON-8 and SOIC-8 or SOIC-16 +adapters for it; you can also plug a special adapter board into it that converts +the voltages (VCC and data lines) to 1.8V, for 1.8V flashes (you could also +use that same 1.8V adapter circuit in a breadboard wired to your Pico). On +socket-based flashing, *which is specifically what the CH341a was designed +for*, you don't have to worry about weak drive level because there is nothing +contending with it on the flash IC's data pins. + +The *socket-based* flashing operation is what we recommend this programmer +for, *only if you already have one*. We still recommend fixing the issue with +the WP/HOLD pins as described above; if you're doing this, note that there are +also newer models that have a voltage switch and logic level shifter already +on the board, which can be very useful. *Clip-based* flashing (ISP / in-system +programming) is, specifically, what we advise against using the CH341a for. + +Why pay $10 for a CH341a when you can pay $10 for a Raspberry Pi Pico which is +electrically and functionally superior in every way? And the Pico is completely +open source, right down to the boot rom. Identify which flash type you have -================================== +---------------------------------- In all of them, a dot or marking shows pin 1 (in the case of WSON8, pad 1). @@ -204,8 +349,7 @@ Use the following photos and then look at your board. When you've figured out what type of chip you have, use that knowledge and the rest of this guide, to accomplish your goal, which is to read from and/or write to the boot flash. -SOIC8 ------ +### SOIC8 ![](https://av.libreboot.org/chip/soic8.jpg) @@ -220,8 +364,7 @@ SOIC8 | 7 | HOLD | | 8 | VCC | -SOIC16 ------- +### SOIC16 ![](https://av.libreboot.org/chip/soic16.jpg) @@ -238,8 +381,7 @@ SOIC16 SOIC8 and SOIC16 are the most common types, but there are others: -WSON8 ------ +### WSON8 It will be like this on an X200S or X200 Tablet:\ @@ -250,15 +392,13 @@ On T400S, it is in this location near the RAM:\ ![](https://av.libreboot.org/t400s/soic8.jpg)\ NOTE: in this photo, the chip has been replaced with SOIC8. -DIP8 ----- +### DIP8 ![](https://av.libreboot.org/dip8/dip8.jpg) Pinout is the same as SOIC8 above. -Supply Voltage --------------- +### Supply Voltage Historically, all boards that Libreboot supports happened to have SPI NOR chips which work at 3.3V DC. With the recent addition of Chromebooks whose chips are @@ -271,18 +411,16 @@ connect it to the chip through an adapter or logic level converter, never directly. Software configuration -====================== +---------------------- -General/Le potato ------------------ +### General/Le potato The [generic guide](spi_generic.md) is intended to help those looking to use an SBC which is not listed in this guide. The guide will, however, use the libre computer 'Le Potato' as a reference board. If you have that board, you should refer to the [generic guide.](spi_generic.md) -BeagleBone Black (BBB) ----------------------- +### BeagleBone Black (BBB) SSH into your BeagleBone Black. It is assumed that you are running Debian 9 on your BBB. You will run `flashprog` from your BBB. @@ -344,8 +482,7 @@ Note: flashprog can never write if the flash chip isn't found automatically. This means that it's working (the clip isn't connected to any flash chip, so the error is fine). -Caution about BBB ------------------ +### Caution about BBB BeagleBone Black is not recommended, because it's very slow and unstable for SPI flashing, and nowadays much better options exist. We used to mainly @@ -354,8 +491,7 @@ Software on it, but nowadays there are superior options. TODO: document other SPI flashers -Rasberry Pi (RPi) ------------------ +### Rasberry Pi (RPi) SSH into your Raspberry Pi. You will run `flashprog` from your Raspberry Pi. @@ -374,9 +510,9 @@ Under the Interface section, you can enable SPI. The device for communicating via SPI as at `/dev/spidev0.0` -RPi Drive Strength ------------------- -Flashrom on the RPi may not be able to detect the SPI flash chip on some +### RPi Drive Strength + +Flashprog on the RPi may not be able to detect the SPI flash chip on some systems, even if your wiring and clip are set up perfectly. This may be due to the drive strength of the Raspberry Pi GPIOs, which is 8mA by default. Drive strength is essentially the maximum current the pin can output while also @@ -432,8 +568,7 @@ See for more information about the drive strength control on the Pi. -Caution about RPi ------------------ +### Caution about RPi Basically, the Raspbian project, now called Raspberry Pi OS, put in their repo an update that added a new "trusted" repository, which just so happened to be @@ -453,8 +588,7 @@ They then removed it, after a public backlash, via the following commits: * * -Libre firmware on RPi ---------------------- +### Libre firmware on RPi The boot firmware on older Raspberry Pi models can be replaced, with entirely libre firmware. This may be a useful additional step, for some users. See: @@ -465,12 +599,11 @@ Website: -Install flashprog ----------------- +### Install flashprog If you're using a BBB or RPi, you will do this while SSH'd into those. -Flashrom is the software that you will use, for dumping, erasing and rewriting +Flashprog is the software that you will use, for dumping, erasing and rewriting the contents of your NOR flash. In the libreboot build system, from the Git repository, you can download and @@ -499,7 +632,7 @@ for use on x86-64 systems running Ubuntu 20.04, but it should work in Raspbian on the Raspberry Pi. Alternatively, you may download flashprog directly from upstream -at +at If you're flashing a Macronix flashchip on a ThinkPad X200, you will want to use a special patched version of flashprog, which you can download here: @@ -514,13 +647,12 @@ at `config/dependencies/` which you can install using the `apt-get` software. How to use flashprog -=================== +-------------------- Read past these sections, further down this page, to learn about specific chip types and how to wire them. -Reading -------- +### Reading Before flashing a new ROM image, it is highly advisable that you dump the current chip contents to a file. @@ -580,8 +712,7 @@ You can combine both flashes together with `cat` for example: Note that you will need this combined rom if you intend to manually extract vendor files, which is a method not officially supported by Libreboot's build system. -Writing -------- +### Writing Next, run this command (RPi): @@ -617,15 +748,13 @@ For example, to split a rom for the x230, t430, t530, or t440p run: Flash the resulting roms to each of their respective chips according to the above instructions. - Hardware configuration -====================== +---------------------- Refer to the above guidance about software configuration. The following advice will teach you how to wire each type of flash chip. -WARNINGS --------- +### WARNINGS Do not connect the power source until your chip is otherwise properly wired. For instance, do not connect a test clip that has power attached. @@ -648,24 +777,22 @@ voltage range is between 2.7V and 3.6V, but 3.3V is the most ideal level). DO NOT connect more than 1 DC power source to your flash chip either! Mixing voltages like that can easily cause damage to your equipment, and to -your chip/mainboard. +your chip/motherboard. -MISO/MOSI/CS/CLK lines ----------------------- +### MISO/MOSI/CS/CLK lines You may want to add 47ohm series resistors on these lines, when flashing the chips. Only do it on those lines (NOT the VCC or GND lines). This provides some protection from over-current. On Intel platforms, the SPI flash is usually connected via such resistors, directly to the Southbridge chipset. -ISP programming and VCC diode ------------------------------ +### ISP programming and VCC diode ISP means in-system programming. It's when you flash a chip that is already -mounted to the mainboard of your computer that you wish to install libreboot +mounted to the motherboard of your computer that you wish to install libreboot on. -It may be beneficial to modify the mainboard so that the SPI flash is powered +It may be beneficial to modify the motherboard so that the SPI flash is powered (on the VCC pin) through a diode, but please note: a diode will cause a voltage drop. The tolerated range for a chip expecting 3.3V VCC is usually around 2.7V to 3.6V DC, and the drop may cause the voltage to fall outside that. If you do @@ -685,7 +812,7 @@ other components on that board, which share the same power rail. Further, ensure that the pull-up resistors for WP/HOLD are *only* connected to the side of the diode that has continuity with the VCC pin (this is important because if they're not, they won't be held high while doing ISP flashing, even if they're -still held high when the mainboard is fully powered on). +still held high when the motherboard is fully powered on). Furthermore: ensure that the SPI flash is operating at the appropriate supply voltage (2.7V to 3.6V for a 3.3V chip) when fully powered on, after installing @@ -696,11 +823,10 @@ the SOIC8/WSON8 if it uses that, and replace with an IC socket (for SOIC8, WSON8 or DIP8, whatever you want), because then you could easily just insert the flash into a breadboard when flashing. -TODO: Make a page on libreboot.org, showing how to do this on all mainboards +TODO: Make a page on libreboot.org, showing how to do this on all motherboards supported by libreboot. -GPIO pins on BeagleBone Black (BBB) ------------------------------------ +### GPIO pins on BeagleBone Black (BBB) Use this image for reference when connecting the pomona to the BBB: (D0 = MISO or connects @@ -709,8 +835,7 @@ to MISO). On that page, look at the *P9 header*. It is what you will use to wire up your chip for flashing. -GPIO pins on Raspberry Pi (RPi) 40 Pin --------------------------------------- +### GPIO pins on Raspberry Pi (RPi) 40 Pin This diagram shows the pinout for most modern Pi's and Pi derivatives. The diagram shows the pins of an RPi on the left and the two SOIC clips @@ -718,8 +843,7 @@ on the left. ![](https://av.libreboot.org/rpi/wiring.webp) -GPIO pins on Raspberry Pi (RPi) 26 Pin -------------------------------- +### GPIO pins on Raspberry Pi (RPi) 26 Pin Diagram of the 26 GPIO Pins of the Raspberry Pi Model B (for the Model B+ with 40 pins, start counting from the right and leave 14 pins): @@ -728,8 +852,7 @@ B+ with 40 pins, start counting from the right and leave 14 pins): Use this as a reference for the other sections in this page, seen below: -SOIC8/DIP8/WSON8 wiring diagram -------------------------------- +### SOIC8/DIP8/WSON8 wiring diagram Refer to this diagram: @@ -751,13 +874,12 @@ use pull-up resistors on those (see notes below), and decoupling capacitor on pin 8 (VCC). NOTE: On X60/T60 thinkpads, don't connect pin 8. Instead, plug in your the PSU -to the charging port on your mainboard, but do not power on the mainboard. This +to the charging port on your motherboard, but do not power on the motherboard. This will provide a stable 3.3V voltage, with adequate current levels. On those laptops, this is necessary because the flash shares a common 3.3V DC rail with many other ICs that all draw quite a lot of current. -SOIC16 wiring diagram (Raspberry Pi) ------------------------------------- +### SOIC16 wiring diagram (Raspberry Pi) RPi GPIO header:\ ![](https://av.libreboot.org/rpi/0009.webp) @@ -795,14 +917,13 @@ NOTE: pins 1 and 9 are WP/HOLD pins. If flashing a chip on a breadboard, please use pull-up resistors on those (see notes below), and decoupling capacitor on pin 2 (VCC). -Pull-up resistors and decoupling capacitors -------------------------------------------- +### Pull-up resistors and decoupling capacitors **Do this for chips mounted to a breadboard. Ignore this section if you're -flashing a chip that is already soldered to a mainboard.** +flashing a chip that is already soldered to a motherboard.** This section is only relevant if you're flashing a new chip that is not yet -mounted to a mainboard. You need pull-up resistors on the WP and HOLD pins, +mounted to a motherboard. You need pull-up resistors on the WP and HOLD pins, and decoupling capacitors on the VCC pin. If the chip is already mounted to a board, whether soldered or in a socket, these capacitors and resistors will probably already exist on the board and you can just flash it without pulling @@ -819,11 +940,11 @@ The best way is as follows: SOIC8/WSON8/DIP8: pin 3 and 7 must be held to a high logic state, which means that each pin has its own pull-up resistor to VCC (from the voltage plane that pin 8 connects to); anything from 1Kohm to 10Kohm will do. When you're flashing -a chip that's already on a laptop/desktop/server mainboard, pin 3 and 7 are +a chip that's already on a laptop/desktop/server motherboard, pin 3 and 7 are likely already held high, so you don't need to bother. SOIC8/WSON8/DIP8: pin 8, which is VCC, will already have decoupling capacitors on it -if the chip is on a mainboard, but lone chip flashing means that these capacitors +if the chip is on a motherboard, but lone chip flashing means that these capacitors do not exist. A capacitor passes AC but blocks DC. Due to electromagnetic indunctance, and RF noise from high-speed switching ICs, a DC voltage line isn't actually straight (when viewed on an oscilloscope), but actually has low voltage @@ -844,12 +965,11 @@ WP/HOLD are not pin 3/7 like above, but instead pins 1 and 9, so wire your pull-up resistors on those. VCC on SOIC16 is pin 2, so wire your decoupling capacitors up on that. -SOIC8/WSON8/DIP8/SOIC16 not mounted to a mainboard --------------------------------------------------- +### SOIC8/WSON8/DIP8/SOIC16 not mounted to a motherboard If your system has lower capacity SPI flash, you can upgrade. On *most* systems, SPI flash is memory mapped and the maximum (in practise) that you can use is a -16MiB chip. For example, KGPE-D16 and KCMA-D8 mainboards in libreboot have +16MiB chip. For example, KGPE-D16 and KCMA-D8 motherboards in libreboot have 2MiB flash by default, but you can easily upgrade these. Another example is the ThinkPad X200S, X200 Tablet and T400S, all of which have WSON8 where the best course of action is to replace it with a SOIC8 flash chip. @@ -886,7 +1006,7 @@ video, but for WSON8. Sometimes they are called DFN8 or QFN8 sockets. Get one that is 1.27mm pitch. If you're flashing/dumping a lone WSON8, get a WSON8/QFN8/DFN8 socket (1.27mm -pitch) and mount it to a breadboard for flashing. If your mainboard's landing +pitch) and mount it to a breadboard for flashing. If your motherboard's landing pads for the flash IC can take a SOIC8, we recommend that you use a SOIC8 instead because a test clip is possible later on when you wish to re-flash it, however you may be dealing with a board where replacing existing WSON8 with @@ -917,8 +1037,7 @@ and good 60/40 or 63/37 leaded solder (don't use lead-free): ![](https://av.libreboot.org/dip8/adapter.jpg) ![](https://av.libreboot.org/dip8/sop8todip8.jpg) -SOIC8/SOIC16 soldered to a mainboard ------------------------------------- +### SOIC8/SOIC16 soldered to a motherboard This is an example of *in-system programming* or *ISP* for short. @@ -926,16 +1045,16 @@ SOIC8:\ Pomona 5250 is a SOIC8 test clip. There are others available, but this is the best one. Use that. Use the SOIC8 diagram (see above) to wire up your Raspberry Pi. -Your mainboard likely already pulls WP/HOLD (pins 3 and 7) high, so don't +Your motherboard likely already pulls WP/HOLD (pins 3 and 7) high, so don't connect these. VCC on SOIC8's pin 8 probably already has decoupling -capacitors on the mainboard, so just hook that up without using a capacitor. +capacitors on the motherboard, so just hook that up without using a capacitor. SOIC16:\ Pomona 5252 is a SOIC16 test clip. There are others available, but this is the best one. Use that. Use the SOIC16 diagram (see above) to wire up your Raspberry Pi. WP/HOLD pins are pins 1 and 9, and likely already held high, so no pull-up resistors needed. You do not need a decoupling capacitor for pin 2 (VCC) either -because the mainboard will already have one. +because the motherboard will already have one. Here is an example of a test clip connected for SOIC16:\ ![](https://av.libreboot.org/rpi/0002.jpg) @@ -943,10 +1062,9 @@ Here is an example of a test clip connected for SOIC16:\ And here is an example photo for SOIC8:\ ![](https://av.libreboot.org/x60/th_bbb_flashing.jpg) -DIP8 soldered to the mainboard ------------------------------- +### DIP8 soldered to the motherboard -It is extremely cursed for DIP8 to be soldered directly to the mainboard. It is +It is extremely cursed for DIP8 to be soldered directly to the motherboard. It is usually mounted to a socket. The pins are large enough that you can just use test hooks to wire up your chip @@ -959,8 +1077,7 @@ directly soldered. It is almost always mounted in a socket. Your DIP8 IC has the same pinout as a SOIC8 IC. -Replace WSON8 IC with SOIC8 ---------------------------- +### Replace WSON8 IC with SOIC8 **NOTE: You can alternatively purchase WSON8 probes from a site like Aliexpress. They look similar to SOIC8 clips, and they work similarly.** @@ -1075,7 +1192,7 @@ evaporates quickly and it does not leave a corrosive residue. ------------------------------------------------------------------------------- LICENSING -========= +--------- This page is released under different copyright terms than most other pages on this website. @@ -1084,11 +1201,7 @@ This page and the photos on it are available under [CC BY SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt) Check the Git repository for history of who owns what part of the document. -Some of these resources originate from the *old* Libreboot git repository, -before Libreboot split into separate repositories that include its `lbmk` -repository. - -Photos showing a BeagleBone Black are under the normal GNU Free Documentation +Photos showing a BeagleBone Black are under the normal GFDL license like other pages and images on this website, or you can use them under the CC-BY-SA 4.0 license if you wish (I, Leah Rowe, own all BBB photos shown on this page, except for the one on the beaglebone website, and that one is diff --git a/site/docs/install/spi.md.description b/site/docs/install/spi.md.description new file mode 100644 index 0000000..c3ad0ed --- /dev/null +++ b/site/docs/install/spi.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware by way of external flashing, using compatible 25xx NOR programmer (SPI flasher). diff --git a/site/docs/install/spi.zh-cn.md b/site/docs/install/spi.zh-cn.md index 44f1a92..3b2220a 100644 --- a/site/docs/install/spi.zh-cn.md +++ b/site/docs/install/spi.zh-cn.md @@ -4,7 +4,7 @@ x-toc-enable: true ... Need help? -========== +---------- Help is available on [Libreboot IRC](../../contact.md) and other channels. @@ -16,18 +16,18 @@ if you want to send your machine in to have Libreboot installed for you. Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. -Introduction -============ +Install open source BIOS/UEFI firmware +------------ -**[安装之前请先阅读这些指示](../../news/safety.md),否则你的机器可能会成砖:[安全措施](../../news/safety.md)** +**[安装之前请先阅读这些指示](ivy_has_common.md),否则你的机器可能会成砖:[安全措施](ivy_has_common.md)** 本指南将教你怎样使用各种工具,通过 SPI 协议对 25xx NOR flash 进行外部再编程。这是 coreboot 所支持的计算机中,最常见的 flash IC 类型。目前 libreboot 支持的每个系统,基本都使用这种类型的引导 flash;唯一的例外就是 ASUS KFSN4-DRE,它在 PLCC32 芯片座中使用了 LPC flash,你可以在供应商固件启动后,对其进行热切换,然后再内部刷入。十分简单! -我们会用到 [flashprog](https://flashprog.org/Flashrom) 软件,这个软件可以读出、擦除及重写这些 flash 芯片。 +我们会用到 [flashprog](https://flashprog.org/) 软件,这个软件可以读出、擦除及重写这些 flash 芯片。 libreboot 目前记录了这些 SPI 编程器的使用方法: -* Raspberry Pi Pico +* Raspberry Pi Pico / Pico 2 * 树莓派(Raspberry Pi,RPi) * BeagleBone Black(BBB) * Libre Computer 'Le Potato' @@ -41,7 +41,16 @@ libreboot 目前记录了这些 SPI 编程器的使用方法: 你在读的*这个*教程,使用的是*外部*编程器。之所以叫*外部*,是因为用的不是主板上的*内部*编程器。 Raspberry Pi Pico -================= +----------------- + +### RP2040/RP2530 both supported + +**Pico 2 and other RP2530 dongles also supported, on Libreboot 20241206 rev8 +or higher. Releases before this only supported the original Pico, and other +RP2040 dongles; newer Libreboot releases now support both RP2040 and RP2530.** + +The pinout on Raspberry Pi Pico and Raspberry Pi Pico 2 are identical, but you +must take care to flash the correct image on either device. ![Left to right: Raspberry Pi Pico and Pico H](https://av.libreboot.org/rpi_pico/two_picos.webp) @@ -52,21 +61,26 @@ Additionally, all the software running on it is free, down to the full versions (Pico W & Pico WH) need vendor firmware to use the Wi-Fi chip, but that is not needed for following this guide. -A Pico has proper 3.3V logic levels, unlike a ch341a. Which means it won't -destroy your board by sending 5V to it. If you have a 1.8V flash chip, -you need to add a logic level converter. +### Download serprog firmware pre-compiled -First, connect just the Pico to your computer with a micro-USB cable. -Mount it like any other USB flash drive. If it isn't detected, you might need -to press the BOOTSEL button while you plug it in (this forces it into the -bootloader mode). +Download the pico serprog tarball from Libreboot releases. For example, the +Libreboot 20241206rev8 one would be +named: `libreboot-20241206rev8_pico_serprog.tar.xz` - it's available under +the `roms/` directory in each release. With these binaries, you can easily +get started. -You can download the serprog firmware here:\ +### Build serprog firmware from source + +You can alternatively download the serprog firmware here:\ \ or here:\ -Copy the file `rpi-pico-serprog.uf2` into your Pico. To build this firmware, you +You can also find the source code for these, under `src/` in Libreboot release +archives (source code tarball), and/or under `src/` in `lbmk.git` if downloading +using the build instructions below. + +Alternatively to the binaries, you could build it yourself or you could also clone `lbmk.git` and [install build dependencies](../build/#first-install-build-dependencies), then inside lbmk, do: @@ -74,15 +88,48 @@ do: ./mk -b pico-serprog This will automatically build the rpi-pico firmware, and the file will be -at `bin/serprog_rp2040/serprog_pico.uf2` -and `bin/serprog_rp2040/serprog_pico_w.uf2`. +at `bin/serprog_pico/serprog_pico.uf2` +and `bin/serprog_pico/serprog_pico_w.uf2`. + +### Install the serprog firmware + +First, connect just the Pico to your computer with a micro-USB cable. +Mount it like any other USB flash drive. If it isn't detected, you might need +to press the BOOTSEL button while you plug it in (this forces it into the +bootloader mode). + +When you have the build, or if you're using a release build, copy the +file `.uf2` file into your Pico. You must make sure to build the correct +target, or otherwise copy the correct file, because many RP2040 and RP2530 +devices exist and Libreboot provides images for **all of them** in the same +release tarball. + +**NOTE: Other RP2040/2530 devices will also work. You just have to match +the right pins and use the correct firmware file!** + +### Logic levels + +A Pico has proper 3.3V logic levels, unlike a ch341a. Which means it won't +destroy your board by sending 5V to it. If you have a 1.8V flash chip, +you need to add a logic level converter. **Please ensure that you have matched +the voltage of your programmer to the voltage of your chip; both the data lines +and power lines to the chip must match.** + +### Wiring Disconnect the Pico and proceed to wire it to your [flash chip](/docs/install/spi.html#identify-which-flash-type-you-have). -![Raspberry Pi Pico pinout, when using the firmware linked above](https://av.libreboot.org/rpi_pico/pinout_serprog.png) +**NOTE: SCK and CLK mean the same thing. The diagram below says SCK, and other +parts of this guide say CLK. It's the same thing!** -![A Raspberry Pi Pico connected to a SOIC16 flash chip](https://av.libreboot.org/rpi_pico/soic16_x200.webp) +![Raspberry Pi Pico pinout, when using the firmware linked +above](https://av.libreboot.org/rpi_pico/pinout_serprog.png) + +![A Raspberry Pi Pico connected to a SOIC16 flash +chip](https://av.libreboot.org/rpi_pico/soic16_x200.webp) + +![SOIC-8 to Pico pinout diagram](https://av.libreboot.org/rpi_pico/soic8_pico_pinouts.jpg) Headers were manually soldered on the top side, and the plastic packaging was repurposed as an insulating base. These might be nice to have, but by no @@ -94,7 +141,7 @@ will appear: [453876.669019] cdc_acm 2-1.2:1.0: ttyACMx: USB ACM device -Take note of the ttyACMx. Flashrom is now usable +Take note of the ttyACMx. Flashprog is now usable (substitute ttyACMx with what you observed earlier). flashprog -p serprog:dev=/dev/ttyACMx,spispeed=16M @@ -102,8 +149,10 @@ Take note of the ttyACMx. Flashrom is now usable spispeed=32M usually works, but since it's not much faster it's probably not worth it. The 12Mbps USB port is limiting the actual speed here. +Higher speeds might work nicely, on Pico 2. + 不要使用 CH341A! -================== +---------------- libreboot 支持的机器,NOR flash 使用的是 3.3V DC 或 1.8V DC,这也包括了数据线路。CH341A 在数据线路上有 5V 逻辑电平,这会损伤 SPI flash 和它连接的南桥,以及它连接的其它任何东西。 @@ -134,26 +183,23 @@ libreboot 支持的机器,NOR flash 使用的是 3.3V DC 或 1.8V DC,这也 绿色版本(上面未展示)可能已经连接了 3.3v 逻辑电平,但仍然需要为 WP/HOLD 增加上拉电阻。 识别你的 flash 类型 -================================== +------------------- 每一个 flash,都会有一个点或者标记,表明这是第 1 引脚(如 WSON8 的第 1 焊盘)。 参考下面的图片,再看看你的主板。搞清楚你的芯片类型之后,根据你了解的情况及本教程剩下的部分,来实现你的目标,即对你的引导 flash 进行读/写。 -SOIC8 ------ +### SOIC8 ![](https://av.libreboot.org/chip/soic8.jpg) -SOIC16 ------- +### SOIC16 ![](https://av.libreboot.org/chip/soic16.jpg) SOIC8 和 SOIC16 是最常见的类型,但也有其他的类型: -WSON8 ------ +### WSON8 X200S 或 X200 Tablet 上是像这样的:\ ![](https://av.libreboot.org/x200t_flash/X200T-flashchip-location.jpg) @@ -162,28 +208,24 @@ T400S 上,是在 RAM 附近的这个位置:\ ![](https://av.libreboot.org/t400s/soic8.jpg)\ 注意: 本照片中的芯片换成了 SOIC8 -DIP8 ----- +### DIP8 ![](https://av.libreboot.org/dip8/dip8.jpg) -电源电压 --------------- +### 电源电压 之前,Libreboot 支持的所有主板,刚好都有在 3.3V DC 下工作的 SPI NOR 芯片。因为最近添加了额定 1.8V DC 芯片的 Chromebook,所以就不再是这么回事了。 检查主板上芯片的元件型号,再查找一下它的数据表。找出它需要的电源电压并记下来。如果它和你外部刷写硬件的输出电压不匹配,那你只能通过适配器或者逻辑电平转换器,把它连至芯片,而绝不能直接连接。 软件配置 -====================== +-------- -通用/Le potato ------------------ +### 通用/Le potato [通用指南](spi_generic.md)可以帮助你使用本指南未列出的 SBC(单板电脑)。不过,那份指南会使用 libre computer 'Le Potato' 作为参考板。如果你有那块板子,你应该参考 [通用指南](spi_generic.md)。 -BeagleBone Black(BBB) ----------------------- +### BeagleBone Black(BBB) SSH 连接到你的 BeagleBone Black。假定你在 BBB 上用的是 Debian 9。你将在 BBB 上运行 `flashprog`。 @@ -240,15 +282,13 @@ Note: flashprog can never write if the flash chip isn't found automatically. 这表示正常工作了(夹子没连接任何 flash 芯片,所以出错是正常的)。 -BBB 注意事项 ------------------ +### BBB 注意事项 不建议使用 BeagleBone Black,因为拿它来进行 SPI 刷写,速度很慢而且不稳定,并且现在有更好的选择了。我们以前建议使用 BBB,因为它可以完全运行自由软件,但现在有了更佳的选择。 计划:讲解其他 SPI 刷写工具 -Rasberry Pi(RPi) ------------------ +### Rasberry Pi(RPi) SSH 连接到树莓派。你将在树莓派上运行 `flashprog`。 @@ -265,8 +305,7 @@ SSH 连接到树莓派。你将在树莓派上运行 `flashprog`。 用于 SPI 通讯的设备位于 `/dev/spidev0.0`。 -RPi 驱动强度(Drive Strength) ------------------- +### RPi 驱动强度(Drive Strength) RPi 的 flashprog 可能无法检测到一些系统的 SPI flash,即使你已经完美地连好了线并夹住了芯片。这可能是因为树莓派 GPIO 的驱动强度,它默认是 8mA。驱动强度本质上就是,在保持高电平最低电压的同时,引脚最高能输出的电流。对树莓派而言,这个电压是 3.0 V。 @@ -296,8 +335,7 @@ RPi 的 flashprog 可能无法检测到一些系统的 SPI flash,即使你已 见 了解树莓派上的驱动强度控制。 -RPi 注意事项 ------------------ +### RPi 注意事项 基本上,Raspbian 项目,即现在的 Raspberry Pi OS,对其仓库进行了更新,增加了一个新的“受信任”仓库,这刚好是一个微软软件仓库。他们这么做,似乎是为了 VS Code,但问题在于,这可以让微软自由地控制他们喜欢的依赖(根据 apt-get 规则)。每当你更新,你都会对微软的服务器发送请求。不觉得这很奇怪吗? @@ -310,8 +348,7 @@ RPi 注意事项 * * -RPi 的自由固件 ---------------------- +### RPi 的自由固件 旧款树莓派的引导固件可以替换成完全自由的固件。对有些用户而言,这额外的一步可能很有用。参见: @@ -321,12 +358,11 @@ RPi 的自由固件 -安装 flashprog ----------------- +### 安装 flashprog 如果你在使用 BBB 或者 RPi,你需要在 SSH 进去之后再这么做。 -Flashrom 是用来读出、擦除、重写 NOR flash 内容的软件。 +Flashprog 是用来读出、擦除、重写 NOR flash 内容的软件。 使用 Git 仓库中的 libreboot 构建系统,你可以下载并安装 flashprog。首先下载 [lbmk Git 仓库](https://codeberg.org/libreboot/lbmk),然后执行: @@ -341,19 +377,18 @@ Flashrom 是用来读出、擦除、重写 NOR flash 内容的软件。 接下来,会出现一个 `flashprog/` 目录,其中有一个 `flashprog` 可执行文件。如果你在运行上面的依赖命令的时候,出现了缺失包的错误,则修改 `config/dependencies/ubuntu2004`。那个脚本会在 apt-get 中下载并安装构建依赖,它是为运行 Ubuntu 的 x86-64 系统写的,但在树莓派上的 Raspbian 应该能用。 -或者,你可以直接从上游下载 flashprog,位于: +或者,你可以直接从上游下载 flashprog,位于: 如果你是在 ThinkPad X200 上刷写 Macronix flash 芯片,则要使用一个 flashprog 的特别修改版,下载地址在这里: —— 其中有修改版的源代码,也有可以直接运行的二进制文件。将 `--workaround-mx` 参数传给 flashprog。这会缓解稳定性问题。 如果你直接下载了 flashprog 源代码,你可以进入目录并直接运行 `make`。在 libreboot 构建系统中,`config/dependencies/` 处的脚本写明了构建依赖,你可以直接使用 `apt-get` 软件安装。 如何使用 flashprog -=================== +------------------ 请先阅读本页更下方的部分,了解特定的芯片类型及其接线方法。 -读出 -------- +### 读出 刷入新的 ROM 镜像之前,强烈建议你将当前芯片的内容读出到一个文件。 @@ -393,8 +428,7 @@ BBB 的话,这样: 注意,如果你要手动提取 blob,那你就需要这个组合而成的 rom。 -写入 -------- +### 写入 接下来,运行这个命令(RPi): @@ -427,12 +461,11 @@ Verifying flash... VERIFIED. 硬件配置 -====================== +-------- 软件配置请参考上面的教程。下面的建议会教你如何为每种 flash 芯片接线。 -警告 --------- +### 警告 在芯片还没有正确接好线时,先不要连接电源。例如,不要连接到接通电源的测试夹。 @@ -444,13 +477,11 @@ Verifying flash... VERIFIED. 也不要给你的 flash 芯片连接超过 1 个 DC 电源!那样混合电压的话,很容易损伤你的设备及芯片/主板。 -MISO/MOSI/CS/CLK 接线 ----------------------- +### MISO/MOSI/CS/CLK 接线 在刷写这些芯片的时候,你可能也想增加 47 欧姆的串联电阻(不是加在 VCC 或 GND 线上)。这可以提供一些过流保护。在 Intel 平台上,SPI flash 直接连接到南桥芯片组时,通常会通过这样的电阻。 -ISP 编程及 VCC 二极管 ------------------------------ +### ISP 编程及 VCC 二极管 ISP 即系统内编程(in-system programming)。它指的是,一块芯片已经装在了你想安装 libreboot 的电脑的主板上,而你要对这块芯片进行刷写。 @@ -466,22 +497,19 @@ ISP 即系统内编程(in-system programming)。它指的是,一块芯片 计划:在 libreboot.org 创建一个页面,讲怎么在 libreboot 支持的所有主板这么做。 -BeagleBone Black(BBB)上的 GPIO 引脚 ------------------------------------ +### BeagleBone Black(BBB)上的 GPIO 引脚 把 pomona 夹子连接到 BBB 时,参考这张图片: (D0 = MISO 或连接到 MISO)。 如果你要用 *P9 排针*来连接芯片刷写的话,请看那个页面的那个部分。 -40 引脚树莓派(RPi)的 GPIO 引脚 --------------------------------------- +### 40 引脚树莓派(RPi)的 GPIO 引脚 下图展示了大多数现代树莓派及其衍生版的引脚分配。图中右边是 RPi 的引脚,左边是两个 SOIC 夹。 ![](https://av.libreboot.org/rpi/wiring.webp) -26 引脚树莓派(RPi)的 GPIO 引脚 -------------------------------- +### 26 引脚树莓派(RPi)的 GPIO 引脚 树莓派 B 款 26 GPIO 引脚图(对 40 引脚的 B+ 款而言,从右边开始数,剩下 14 个引脚): @@ -489,8 +517,7 @@ BeagleBone Black(BBB)上的 GPIO 引脚 此处的信息,也请在阅读以下其他部分时参考: -SOIC8/DIP8/WSON8 接线图 -------------------------------- +### SOIC8/DIP8/WSON8 接线图 参考此表: @@ -511,8 +538,7 @@ SOIC8/DIP8/WSON8 接线图 注意:在 X60/T60 thinkpad 上,不要连接第 8 引脚。而是将你的 PSU 接在主板供电口上,但不要启动主板。这会提供稳定的 3.3V 电压及足够的电流。在这些笔记本上,这是必要的,因为 flash 和其他许多 IC 共用一路 3.3V DC 电源,这些 IC 都会分走很多电流。 -SOIC16 接线图(树莓派) ------------------------------------- +### SOIC16 接线图(树莓派) RPi GPIO 排针:\ ![](https://av.libreboot.org/rpi/0009.webp) @@ -548,8 +574,7 @@ BBB P9 排针:\ 注意:第 1 和第 9 引脚是 WP/HOLD 引脚。在面包板上刷写芯片时,请对它们使用上拉电阻(见上面的注记),并在第 2 引脚(VCC)使用去耦电容。 -上拉电阻和去耦电容 -------------------------------------------- +### 上拉电阻和去耦电容 **如果芯片是装在面包板上的,那请遵循这里的步骤。如果你要刷写的芯片已经焊接在了主板上,那请忽略这一部分。** @@ -570,8 +595,7 @@ SOIC8/WSON8/DIP8:如果芯片在主板上,那第 8 引脚,即 VCC,就已 SOIC16:同上,但在面包板上使用 SOIC16 socket。在 SOIC16 上,WP/HOLD 不同于上面的第 3/7 引脚,而是第 1 和第 9 引脚,所以要把上拉电阻接到那里。SOIC16 上的 VCC 是第 2 引脚,所以要把去耦电容接到那里。 -SOIC8/WSON8/DIP8/SOIC16 未安装在主板上 --------------------------------------------------- +### SOIC8/WSON8/DIP8/SOIC16 未安装在主板上 如果你的机器的 SPI flash 容量较低,那你可以升级。在*大多数*机器上,SPI flash 是经过映射的内存,而(实际上)你最大可以使用 16MiB 的芯片。例如,libreboot 的 KGPE-D16 和 KCMA-D8 主板默认有 2MiB flash,但你可以对它们轻松升级。另一个例子是 ThinkPad X200S、X200 Tablet 和 T400S,它们都有 WSON8,而最佳的方案就是将它替换为 SOIC8 flash 芯片。 @@ -608,8 +632,7 @@ SOIC8/WSON8/DIP8/SOIC16 未安装在主板上 ![](https://av.libreboot.org/dip8/adapter.jpg) ![](https://av.libreboot.org/dip8/sop8todip8.jpg) -SOIC8/SOIC16 焊接在主板上 ------------------------------------- +### SOIC8/SOIC16 焊接在主板上 这是*系统内编程*或 *ISP* 的一个简短例子。 @@ -625,8 +648,7 @@ Pomona 5252 是一个 SOIC16 测试夹。也有其他的可以用,但这个是 SOIC8 例子的照片如下:\ ![](https://av.libreboot.org/x60/th_bbb_flashing.jpg) -DIP8 焊接在主板上 ------------------------------- +### DIP8 焊接在主板上 把 DIP8 直接焊接在主板上怪异至极。它通常是安装在芯片座上的。 @@ -636,8 +658,7 @@ DIP8 焊接在主板上 DIP8 IC 的引脚分配和 SOIC8 IC 一样。 -使用 SOIC8 替换 WSON8 IC ---------------------------- +### 使用 SOIC8 替换 WSON8 IC **NOTE: You can alternatively purchase WSON8 probes from a site like Aliexpress. They look similar to SOIC8 clips, and they work similarly.** @@ -703,7 +724,7 @@ WSON8 IC:\ ------------------------------------------------------------------------------- 许可证 -========= +------ 本页面发布所使用的版权条款,不同于本网站上大多数其他页面。 @@ -711,6 +732,6 @@ WSON8 IC:\ 部分这些资源源自于*旧的* Libreboot git 仓库,Libreboot 随后分离成了单独的仓库,包括 `lbmk` 仓库。 -展示了 BeagleBone Black 的照片,以 GNU Free Documentation License 许可,如同本网站的其他页面和图像。如果你想的话,你也可以在 CC-BY-SA 4.0 下使用它们(我,Leah Rowe,拥有本页展示的全部 BBB 照片的所有权,除了 beaglebone 网站上的那一张以外;而那一张只是在这里链接的,而不是托管在 av.libreboot.org 服务器的)。 +展示了 BeagleBone Black 的照片,以 GFDL 许可,如同本网站的其他页面和图像。如果你想的话,你也可以在 CC-BY-SA 4.0 下使用它们(我,Leah Rowe,拥有本页展示的全部 BBB 照片的所有权,除了 beaglebone 网站上的那一张以外;而那一张只是在这里链接的,而不是托管在 av.libreboot.org 服务器的)。 本页面的该版本托管在 `lbwww` git 仓库,其图像托管在 `lbwww-img` 仓库(来自用户 libreboot)。 diff --git a/site/docs/install/spi_generic.md b/site/docs/install/spi_generic.md index 5de2868..2b130f7 100644 --- a/site/docs/install/spi_generic.md +++ b/site/docs/install/spi_generic.md @@ -1,13 +1,20 @@ --- -title: Generic SPI Flashing Guide +title: Generic SPI Flashing Guide for Libreboot Installation x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** + +Background information +---------------------- There are a plethora of single board computers with which you can flash libreboot to a SOIC chip. Some users might be daunted by the price of a raspberry pi. @@ -25,7 +32,7 @@ All of this means that you should try to find a board that is *known* to support It is *not* enough to know that the board itself supports SPI. Selecting an Operating System -============================= +----------------------------- In theory, any linux based operating system will do. In practice, many distros are highly limited when it comes to single-board-computers. @@ -39,7 +46,7 @@ If your SBC supports [Raspbian](https://www.raspberrypi.com/software/) then usin As a bonus, you may refer to the [main guide](spi.md) if the SBC you have supports raspbian, should you get confused with this guide. Connecting to your Programmer -============================= +----------------------------- Many SBC operating systems enable ssh by default. If the OS you chose does not enable ssh on first boot, try checking the distro documentation and looking for terms such as 'headless install.' @@ -57,10 +64,10 @@ SSH to your programmer using the default credentials as specified in your distro The IP address is the one determined in the earlier step. For example: -`ssh root@192.168.0.167` + ssh root@192.168.0.167 Finding GPIO Pins -================= +----------------- If you have determined that a board supports SPI then the only step left is to determine the correct location of the SPI pins. @@ -72,7 +79,7 @@ Match each of the categories in the 'signal' column with those in the 'pin' colu Using this method, you can theoretically use any single board computer with SPI support. Enabling SPI -============ +------------ The modules needed and methods to enable SPI vary based on the SBC you choose. You should always make sure there is a well documented method for enabling SPI on your SBC before purchasing. @@ -83,8 +90,8 @@ sudo ldto enable spicc spicc-spidev sudo ldto merge spicc spicc-spidev ``` -Using Flashrom -============== +Using flashprog +-------------- Most linux distros will provide flashprog in their default repositories. You can also download flashprog in binary form with [libreboot utils.](https://libreboot.org/download.html#https) diff --git a/site/docs/install/spi_generic.md.description b/site/docs/install/spi_generic.md.description new file mode 100644 index 0000000..d5b425d --- /dev/null +++ b/site/docs/install/spi_generic.md.description @@ -0,0 +1 @@ +Learn how to flash Libreboot using Le Potato, which supports SPI flashing on NOR 25xx ICs. diff --git a/site/docs/install/t1650.md b/site/docs/install/t1650.md index 3228d5b..d6e0bed 100644 --- a/site/docs/install/t1650.md +++ b/site/docs/install/t1650.md @@ -1,10 +1,12 @@ --- -title: Dell Precision T1650 +title: Install Libreboot on Dell Precision T1650 x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
@@ -29,20 +31,20 @@ OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ?: UNKNOWN AT THIS TIME ``` | ***Features*** | | |---------------------------------------------------|----| -| **Internal flashing with original boot firmware** | ? | +| **Internal flashing with original boot firmware** | W* | | **Display (if Intel GPU)** | W+ | -| **Display (discrete CPU, SeaBIOS payload only)** | W* | +| **Display (discrete GPU, SeaBIOS payload only)** | W* | | **Audio** | W+ | | **RAM Init** | W+ | @@ -52,8 +54,14 @@ P*: Partially works with blobs | **SeaBIOS** | Works | | **SeaBIOS with GRUB** | Works |
-Introduction -============ + +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Dell Precision T1650 desktop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. **Unavailable in Libreboot 20230625 or earlier. You must [compile from source](../build/), or use at least Libreboot 20231021.** @@ -65,18 +73,19 @@ This is similar code-wise to [Dell OptiPlex 9010](https://doc.coreboot.org/mainboard/dell/optiplex_9010.html) which coreboot supports. -Build ROM image from source ---------------------------- +### Build ROM image from source The build target, when building from source, is thus: ./mk -b coreboot t1650_12mb -Installation -============ +Alternatively, you can use release images, but please ensure that you've +inserted vendor files prior to flashing; see notes. -Insert binary files -------------------- +Install Libreboot +----------------- + +### Insert vendor files If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the [guide](../install/ivy_has_common.md) for that. (failure @@ -86,15 +95,13 @@ Libreboot's build system automatically downloads and processes these files if you build Libreboot from source, but the same logic that it uses must be re-run if you're using a release image. -Set MAC address ---------------- +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To change the MAC address, please read [nvmutil documentation](../install/nvmutil.md). -WARNING about CPU/GPU compatibility -------------------------------- +### WARNING about CPU/GPU compatibility At the time of testing this board, I didn't have a CPU with graphics built in, so I could only use discrete graphics on the PCI-E slot (in my case, Nvidia @@ -127,14 +134,27 @@ way (SeaBIOS first) because Libreboot's configuration does not tell *coreboot* to execute VGA Option ROMs, and it's important that we try to prevent bricks whenever possible. -Flash a ROM image (software) ------------------ +### Flash a ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. -Flash a ROM image (hardware) ------------------ +Internal flashing is *also* possible from the factory BIOS, if you set the +service mode jumper. This shorts `HDA_SDO` (Soft Descriptor Override), which +disables the ME after early bringup and disables IFD-based flash protections. + +Observe, below the PCI slots: + + + +Here is a close-up: + + + +Simply short those pins, on the header, using a jumper. When you do this, all +flash protections will be disabled. + +### Flash a ROM image (hardware) **REMOVE all power sources and connectors from the machine, before doing this. This is to prevent short circuiting and power surges while flashing.** @@ -183,4 +203,4 @@ flashing instructions [in Chinese](../install/spi.zh-cn.md): Other aspects of the machine are not much to write home about. It's a standard desktop PC form factor, and you can just run whatever you want on it. -Enjoy! +Enjoy your Libreboot machine! diff --git a/site/docs/install/t1650.md.description b/site/docs/install/t1650.md.description new file mode 100644 index 0000000..f010158 --- /dev/null +++ b/site/docs/install/t1650.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Dell Precision T1650. diff --git a/site/docs/install/t400.md b/site/docs/install/t400.md index 3596e0b..6d8f73e 100644 --- a/site/docs/install/t400.md +++ b/site/docs/install/t400.md @@ -1,5 +1,5 @@ --- -title: Flashing the ThinkPad T400 externally +title: Install Libreboot on Lenovo ThinkPad T400 x-toc-enable: true ... @@ -27,12 +27,12 @@ x-toc-enable: true | **Flash chip** | SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable to 16MiB) | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -51,16 +51,13 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works | -Dell Latitude E6400 -=================== +Open source BIOS/UEFI firmware +------------------------- -**If you haven't bought an T400 yet: the [Dell Latitude -E6400](../install/latitude.md) is much easier to flash; no disassembly required, -it can be flashed entirely in software from Dell BIOS to Libreboot. It is the -same hardware generation (GM45), with same CPUs, video processor, etc.** - -Introduction -============ +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad T400 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. It is believed that all or most laptops of the model T400 are compatible. See notes about [CPU @@ -73,17 +70,26 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16. *The T400 laptops come with the ME (and sometimes AMT in addition) before flashing libreboot. libreboot disables and removes it by using a -modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)* -(contains notes, plus instructions) +modified descriptor.* Flashing instructions can be found at [../install/\#flashprog](../install/#flashprog) -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** + +Dell Latitude E6400 +------------------- + +**If you haven't bought an T400 yet: the [Dell Latitude +E6400](../install/latitude.md) is much easier to flash; no disassembly required, +it can be flashed entirely in software from Dell BIOS to Libreboot. It is the +same hardware generation (GM45), with same CPUs, video processor, etc.** EC update {#ecupdate} -========= +--------------------- It is recommended that you update to the latest EC firmware version. The [EC firmware](../../faq.md#ec-embedded-controller-firmware) is separate from @@ -105,7 +111,7 @@ The T400 is almost identical to the X200, code-wise. See [x200.md](x200.md). Installation notes -============ +------------------ [External flashing](spi.md) required, if Lenovo BIOS is running. @@ -121,15 +127,14 @@ the screws on page 114 (with title "1130 Keyboard bezel") are swapped and if you follow the HMM you will punch a hole through the bezel in the upper right corner. -Serial port {#serial_port} ------------ +### Serial port {#serial_port} EHCI debug might not be needed. It has been reported that the docking station for this laptop has a serial port, so it might be possible to use that instead. A note about CPUs -================= +----------------- [ThinkWiki](http://www.thinkwiki.org/wiki/Category:T400) has a list of CPUs for this system. The Core 2 Duo P8400, P8600 and P8700 are believed @@ -137,8 +142,7 @@ to work in libreboot. T9600, T9500, T9550 and T9900 are all compatible, as reported by users. -Quad-core CPUs --------------- +### Quad-core CPUs Very likely to be compatible, but requires hardware modification. Based on info from German forum post about installing Core Quad CPU on T500 found in coreboot mailing list. Currently work in progress and no guide available. @@ -146,9 +150,8 @@ Based on info from German forum post about installing Core Quad CPU on T500 foun - [Coreboot mailing list post](https://mail.coreboot.org/pipermail/coreboot/2016-November/082463.html) - [German forum post about install Core Quad on T500](https://thinkpad-forum.de/threads/199129) - A note about GPUs -================= +----------------- Some models have an Intel GPU, while others have both an ATI and an Intel GPU; this is referred to as "switchable graphics". In the *BIOS @@ -161,29 +164,28 @@ Intel GPU is used and the ATI GPU is disabled, so native graphics initialization works all the same. CPU paste required -================== +------------------ See [\#paste](#paste). Flash chip size {#flashchips} -=============== +--------------------------- Use this to find out: flashprog -p internal MAC address {#macaddress} -=========== +------------------------ Refer to [mac\_address.md](mac_address.md). How to flash externally -========================= +----------------------- Refer to [spi.md](spi.md) as a guide for external re-flashing. -The procedure -------------- +### The procedure Remove *all* screws, placing them in the order that you removed them:\ ![](https://av.libreboot.org/t400/0001.jpg) ![](https://av.libreboot.org/t400/0002.jpg) @@ -281,7 +283,7 @@ Refer to the external flashing instructions [here](spi.md), and when you're done, re-assemble your laptop. Thermal paste (IMPORTANT) -========================= +------------------------- Because part of this procedure involved removing the heatsink, you will need to apply new paste. Arctic MX-4 is ok. You will also need isopropyl @@ -298,7 +300,7 @@ show how to properly apply the thermal paste. Other guides online detail the proper application procedure. Memory -====== +------ In DDR3 machines with Cantiga (GM45/GS45/PM45), northbridge requires sticks that will work as PC3-8500 (faster PC3/PC3L sticks can work as PC3-8500). diff --git a/site/docs/install/t400.md.description b/site/docs/install/t400.md.description new file mode 100644 index 0000000..b5a4efd --- /dev/null +++ b/site/docs/install/t400.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo Thinkpad T400. diff --git a/site/docs/install/t420_external.md b/site/docs/install/t420_external.md index b7b9536..4bda72e 100644 --- a/site/docs/install/t420_external.md +++ b/site/docs/install/t420_external.md @@ -1,12 +1,16 @@ --- -title: ThinkPad T420 external flashing +title: Install Libreboot on Lenovo ThinkPad T420 x-toc-enable: true ... -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad T420 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. -Read the [Ivybridge/Haswell common guide](/docs/install/ivy_has_common.html) if you want more information. Please note, for Thinkpad T420, splitting the rom is not required. The following instructions expect you to have these on hand: + a clone of lbmk, can be obtained from `https://codeberg.org/libreboot/lbmk` @@ -18,26 +22,17 @@ The following instructions expect you to have these on hand: Preparing a release Rom ----------------------- -You must patch the release rom with the necessary vendor files *and then* flash it to your board. +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** -In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image. +**Please follow this prior to flashing, or you may brick your machine.** -If you only wish to flash a release rom then the process of injecting the necessary files is quite simple. -Run the injection script pointing to the release archive you downloaded: - - ./vendor inject /path/to/libreboot-20230423_t420_8mb.tar.xz - -The script can automatically detect the board as long as you do not change the file name. -You can then find flash-ready ROMs in `/bin/release/` - -Alternatively, you may patch only a single rom file. - - ./vendor inject -r t420_libreboot.rom -b t420_8mb - -Optionally, you can use this script to modify the mac address of the rom with the `-m` flag. -For example: - - ./vendor inject -r t420_libreboot.rom -b t420_8mb -m 00:f6:f0:40:71:fd +Please [inject vendor files](ivy_has_common.md) prior to flashing. You can also +use this guide to change the built-in MAC address for your Intel Gigabit +Ethernet device; doing so is advisable, because otherwise you will have a +default, generic MAC address. Disassembly ----------- diff --git a/site/docs/install/t420_external.md.description b/site/docs/install/t420_external.md.description new file mode 100644 index 0000000..f098f4e --- /dev/null +++ b/site/docs/install/t420_external.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad T420. diff --git a/site/docs/install/t440p_external.md b/site/docs/install/t440p_external.md index 0bf7166..24691ee 100644 --- a/site/docs/install/t440p_external.md +++ b/site/docs/install/t440p_external.md @@ -1,24 +1,36 @@ --- -title: ThinkPad T440p external flashing +title: Install Libreboot on Lenovo ThinkPad T440p x-toc-enable: true ... +Open source BIOS/UEFI firmware +------------------------- + +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad T440p laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + Buy Libreboot preinstalled -========================== +-------------------------- -This laptop is available to buy with Libreboot pre-installed: - +**Minifree now sells the Libreboot T480, instead of the Libreboot T440p. See: +** -Introduction -============ +Safety advice +------------- -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** -Read the [Ivybridge/Haswell common guide](/docs/install/ivy_has_common.html) if you want more information. +Read the [Ivybridge/Haswell common guide](ivy_has_common.md) if you want more information. All of the following instructions assume that you've cloned lbmk and are operating from the root of that project. To do so, run @@ -27,39 +39,16 @@ root of that project. To do so, run You can now follow the rest of the instructions. -Preparing a release Rom ------------------------ +### Preparing a release Rom -You must patch the release rom with the necessary vendor files *and then* flash it to your board. +**Please follow this prior to flashing, or you may brick your machine.** -Lbmk includes a script that will automatically inject the necessary files into a rom file. -The script can determine the board automatically if you have not changed the name, but you can also manually set the board name with the `-b` flag. +Please [inject vendor files](ivy_has_common.md) prior to flashing. You can also +use this guide to change the built-in MAC address for your Intel Gigabit +Ethernet device; doing so is advisable, because otherwise you will have a +default, generic MAC address. -In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image. - -If you only wish to flash a release rom then the process of injecting the necessary files is quite simple. -Run the injection script pointing to the release archive you downloaded: - - ./vendor inject /path/to/libreboot-RELEASE_targetname.tar.xz - -The script can automatically detect the board as long as you do not change the file name. -You can then find flash-ready ROMs in `/bin/release/` - -Alternatively, you may patch only a single rom file. -For example: - - ./vendor inject -r t440p_libreboot.rom -b t440plibremrc_12mb - -Optionally, you can use this script to modify the mac address of the rom with the `-m` flag. -For example: - - ./vendor inject -r t440p_libreboot.rom -b t440plibremrc_12mb -m 00:f6:f0:40:71:fd - -NOTE: this makes use of `nvmutil`, which you can read more about in -the [nvmutil documentation](nvmutil.md). - -Splitting The Rom ------------------ +### Splitting The Rom You can use `dd` to easily split your rom into the two separate portions for external flashing. @@ -71,9 +60,7 @@ Flash the top chip with top.rom, and tho bottom chip with bottom.rom. Don't worry about knowing which chip is which on a standard setup; flashprog will let you know if the image size is incorrect for the chip you're flashing. - -Disassembly ------------ +### Disassembly Start by removing the back cover screws and the main battery.\ @@ -100,7 +87,16 @@ You should now be able to see the two flash chips near the RAM.\ You can now proceed to [flashing](/docs/install/spi.html) this machine. Errata -====== +------ + +### thinkpad\_acpi issues {#thinkpad-acpi} + +It has been reported by that `thinkpad_acpi` does not load correctly on the T440p. + +If you encounter this, check [this page](../../faq.md#thinkpad-acpi) +for details as to how to fix this. + +### target names NOTE: As of Libreboot releases from May 2024 onward, the Intel MRC is no longer included for Haswell; MRC is a blob for raminit, but we now provide libre diff --git a/site/docs/install/t440p_external.md.description b/site/docs/install/t440p_external.md.description new file mode 100644 index 0000000..2daa0de --- /dev/null +++ b/site/docs/install/t440p_external.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad T440p. diff --git a/site/docs/install/t480-thunderbolt-20241206-unstable.patch b/site/docs/install/t480-thunderbolt-20241206-unstable.patch new file mode 100644 index 0000000..d69c343 --- /dev/null +++ b/site/docs/install/t480-thunderbolt-20241206-unstable.patch @@ -0,0 +1,136 @@ +From 67b0219a665462ae71f6ba5104edc55ad6245ca7 Mon Sep 17 00:00:00 2001 +From: Mate Kukri +Date: Thu, 5 Dec 2024 20:42:40 +0000 +Subject: [PATCH] thunderbolt fix-ish + +it shows up, but resume is no dice. + +Change-Id: I2d91a1d290b35e7ea3a1193b4be7b4ba936e4a15 +--- + src/mainboard/lenovo/sklkbl_thinkpad/Kconfig | 1 + + src/mainboard/lenovo/sklkbl_thinkpad/dsdt.asl | 13 +++++++++++++ + .../lenovo/sklkbl_thinkpad/variants/t480/gpio.c | 8 ++++---- + .../sklkbl_thinkpad/variants/t480/overridetree.cb | 4 ++++ + .../lenovo/sklkbl_thinkpad/variants/t480s/gpio.c | 8 ++++---- + .../sklkbl_thinkpad/variants/t480s/overridetree.cb | 4 ++++ + 6 files changed, 30 insertions(+), 8 deletions(-) + +diff --git a/src/mainboard/lenovo/sklkbl_thinkpad/Kconfig b/src/mainboard/lenovo/sklkbl_thinkpad/Kconfig +index 21076315ab..0766c03716 100644 +--- a/src/mainboard/lenovo/sklkbl_thinkpad/Kconfig ++++ b/src/mainboard/lenovo/sklkbl_thinkpad/Kconfig +@@ -19,6 +19,7 @@ config BOARD_LENOVO_SKLKBL_THINKPAD_COMMON + select SOC_INTEL_COMMON_BLOCK_HDA_VERB + select SPD_READ_BY_WORD + select SYSTEM_TYPE_LAPTOP ++ select DRIVERS_INTEL_DTBT + + config BOARD_LENOVO_E460 + bool +diff --git a/src/mainboard/lenovo/sklkbl_thinkpad/dsdt.asl b/src/mainboard/lenovo/sklkbl_thinkpad/dsdt.asl +index 237500775f..849540d32d 100644 +--- a/src/mainboard/lenovo/sklkbl_thinkpad/dsdt.asl ++++ b/src/mainboard/lenovo/sklkbl_thinkpad/dsdt.asl +@@ -35,4 +35,17 @@ DefinitionBlock( + } + + #include ++ ++ Scope (\_SB) ++ { ++ External (\TBTS, MethodObj) ++ ++ Method (MPTS, 1, Serialized) ++ { ++ If (CondRefOf (\TBTS)) ++ { ++ \TBTS() ++ } ++ } ++ } + } +diff --git a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/gpio.c b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/gpio.c +index f7c29e1f39..edfa09fbb7 100644 +--- a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/gpio.c ++++ b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/gpio.c +@@ -86,7 +86,7 @@ static const struct pad_config gpio_table[] = { + PAD_NC(GPP_C18, NONE), + PAD_NC(GPP_C19, NONE), + PAD_CFG_GPO(GPP_C20, 0, DEEP), /* EPRIVACY_ON */ +- PAD_CFG_GPO(GPP_C21, 0, DEEP), /* TBT_FORCE_PWR */ ++ PAD_CFG_GPO(GPP_C21, 1, DEEP), /* TBT_FORCE_PWR */ + PAD_CFG_GPI_SCI(GPP_C22, NONE, DEEP, EDGE_SINGLE, INVERT), /* -EC_SCI */ + PAD_CFG_GPI_SCI(GPP_C23, NONE, DEEP, EDGE_SINGLE, INVERT), /* -EC_WAKE */ + +@@ -191,9 +191,9 @@ static const struct pad_config gpio_table[] = { + PAD_NC(GPP_G1, NONE), + PAD_NC(GPP_G2, NONE), + PAD_NC(GPP_G3, NONE), +- PAD_CFG_GPO(GPP_G4, 0, DEEP), /* TBT_RTD3_PWR_EN */ +- PAD_CFG_GPO(GPP_G5, 0, DEEP), /* TBT_FORCE_USB_PWR */ +- PAD_CFG_GPO(GPP_G6, 0, DEEP), /* -TBT_PERST */ ++ PAD_CFG_GPO(GPP_G4, 1, DEEP), /* TBT_RTD3_PWR_EN */ ++ PAD_CFG_GPO(GPP_G5, 1, DEEP), /* TBT_FORCE_USB_PWR (TBT_RTD3_USB_PWR_EN) */ ++ PAD_CFG_GPO(GPP_G6, 1, DEEP), /* -TBT_PERST */ + PAD_CFG_GPI_SCI(GPP_G7, NONE, DEEP, LEVEL, INVERT), /* -TBT_PCIE_WAKE */ + }; + +diff --git a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/overridetree.cb b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/overridetree.cb +index 2f0b20d91a..6d8725ad5a 100644 +--- a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/overridetree.cb ++++ b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480/overridetree.cb +@@ -106,6 +106,10 @@ chip soc/intel/skylake + register "PcieRpAdvancedErrorReporting[8]" = "1" + register "PcieRpLtrEnable[8]" = "1" + register "PcieRpHotPlug[8]" = "1" ++ ++ chip drivers/intel/dtbt ++ device pci 0.0 on end ++ end + end + + # M.2 2280 caddy - x2 +diff --git a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/gpio.c b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/gpio.c +index a98dd2bc4e..732917ebfa 100644 +--- a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/gpio.c ++++ b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/gpio.c +@@ -82,7 +82,7 @@ static const struct pad_config gpio_table[] = { + PAD_NC(GPP_C18, NONE), + PAD_NC(GPP_C19, NONE), + PAD_CFG_GPO(GPP_C20, 0, DEEP), /* EPRIVACY_ON */ +- PAD_CFG_GPO(GPP_C21, 0, DEEP), /* TBT_FORCE_PWR */ ++ PAD_CFG_GPO(GPP_C21, 1, DEEP), /* TBT_FORCE_PWR */ + PAD_CFG_GPI_SCI(GPP_C22, NONE, DEEP, EDGE_SINGLE, INVERT), /* -EC_SCI */ + PAD_CFG_GPI_SCI(GPP_C23, NONE, DEEP, EDGE_SINGLE, INVERT), /* -EC_WAKE */ + +@@ -187,9 +187,9 @@ static const struct pad_config gpio_table[] = { + PAD_NC(GPP_G1, NONE), + PAD_NC(GPP_G2, NONE), + PAD_NC(GPP_G3, NONE), +- PAD_CFG_GPO(GPP_G4, 0, DEEP), /* TBT_RTD3_PWR_EN */ +- PAD_CFG_GPO(GPP_G5, 0, DEEP), /* TBT_FORCE_USB_PWR */ +- PAD_CFG_GPO(GPP_G6, 0, DEEP), /* -TBT_PERST */ ++ PAD_CFG_GPO(GPP_G4, 1, DEEP), /* TBT_RTD3_PWR_EN */ ++ PAD_CFG_GPO(GPP_G5, 1, DEEP), /* TBT_FORCE_USB_PWR (TBT_RTD3_USB_PWR_EN) */ ++ PAD_CFG_GPO(GPP_G6, 1, DEEP), /* -TBT_PERST */ + PAD_CFG_GPI_SCI(GPP_G7, NONE, DEEP, LEVEL, INVERT), /* -TBT_PCIE_WAKE */ + }; + +diff --git a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/overridetree.cb b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/overridetree.cb +index cea5e485d2..9b952215c5 100644 +--- a/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/overridetree.cb ++++ b/src/mainboard/lenovo/sklkbl_thinkpad/variants/t480s/overridetree.cb +@@ -106,6 +106,10 @@ chip soc/intel/skylake + register "PcieRpAdvancedErrorReporting[4]" = "1" + register "PcieRpLtrEnable[4]" = "1" + register "PcieRpHotPlug[4]" = "1" ++ ++ chip drivers/intel/dtbt ++ device pci 0.0 on end ++ end + end + + # M.2 2280 SSD - x2 +-- +2.39.5 + diff --git a/site/docs/install/t480.md b/site/docs/install/t480.md index a10374b..d8f454e 100644 --- a/site/docs/install/t480.md +++ b/site/docs/install/t480.md @@ -1,51 +1,53 @@ --- -title: Lenovo ThinkPad T480/T480S information +title: Install Libreboot on Lenovo ThinkPad T480 and/or T480s x-toc-enable: true ... -Libreboot supports both the T480 and T480S variants. It is available in +Libreboot supports both the T480 and T480s variants. It is available in the *Libreboot 20241206* release or later. -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).**
-ThinkPad T480 +Lenovo ThinkPad T480 with Libreboot pre-installed
| ***Specifications*** | | |----------------------------|------------------------------------------------| -| **Manufacturer** | Lenovo | -| **Name** | ThinkPad T480 | -| **Variants** | ThinkPad T480, ThinkPad T480S | +| **Manufacturer** | Lenovo | +| **Name** | ThinkPad T480 | +| **Variants** | ThinkPad T480, ThinkPad T480s | | **Released** | 2018 | -| **Chipset** | Intel Kaby Lake Refresh | -| **CPU** | Intel Kaby Lake Refresh | -| **Graphics** | Intel or Intel+Nvidia | -| **Memory** | DDR4 DIMMs; max 40GB (T480S), 64GB(T480) | -| **Architecture** | x86\_64 | -| **Original boot firmware** | Lenovo UEFI firmware | -| **Intel ME/AMD PSP** | Present. Can be disabled with me\_cleaner. | -| **Intel Boot Guard** | [Pwned](deguard.md). Disabled using the deguard utility. | -| **Flash chip** | SOIC-8 16MB/128Mbit system firmware | +| **Chipset** | Intel Kaby Lake Refresh | +| **CPU** | Intel Kaby Lake Refresh | +| **Graphics** | Intel or Intel+Nvidia | +| **Memory** | DDR4 DIMMs; max 40GB (T480s), 64GB(T480) | +| **Architecture** | x86\_64 | +| **Original boot firmware** | Lenovo UEFI firmware | +| **Intel ME/AMD PSP** | Present. Can be disabled with me\_cleaner. | +| **Intel Boot Guard** | [Pwned](deguard.md). Disabled using the deguard utility.| +| **Flash chip** | SOIC-8 16MB/128Mbit system firmware | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ?: UNKNOWN AT THIS TIME ``` | ***Features*** | | |---------------------------------------------------|----| -| **Internal flashing with original boot firmware** | N | +| **Internal flashing with original boot firmware** | N | | **Display (if Intel GPU)** | W+ | -| **Display (discrete CPU, SeaBIOS payload only)** | N | +| **Display (discrete GPU, SeaBIOS payload only)** | N | | **Audio** | W+ | | **RAM Init** | W* | @@ -56,7 +58,24 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works |
-Regarding memory: T480S (S model) has 8GB onboard RAM, and an available DIMM +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad T480 and/or T480s laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +Buy pre-installed +----------------- + +**ThinkPad T480/T480S is available to purchase with Libreboot pre-installed. See: +** + +ThinkPad T480/T480s information +------------------------- + +Regarding memory: T480s (S model) has 8GB onboard RAM, and an available DIMM slot on which an additional 32GB SODIMM can be installed. The regular T480 has two DIMM slots, allowing 2x32GB DDR4 SODIMMs. @@ -65,81 +84,30 @@ ports; he is also the author of the deguard utility, which is used to disable the Intel Boot Guard on these machines; disabling the Boot Guard was necessary in order to get coreboot working! -Introduction -============ - -**Unavailable in Libreboot 20241008 or earlier. You must [compile from -source](../build/), or alternatively an image from Libreboot 20241206 or higher. - Official information about the T480 can be found here:\ -...and information about the T480S can be found here:\ +...and information about the T480s can be found here:\ -This port is implemented in Libreboot by merging Mate Kukri's T480/T480S -patchset. See: - as of 5 -December 2024, Libreboot's code matches that of patchset 22. +This port is implemented in Libreboot by merging Mate Kukri's T480/T480s +patchset. See: - as of 6 +January 2025, Libreboot's code matches that of patchset 25. -What works in this port: +Preparing a release Rom ----------------------- -Intel graphics, internal screen, ethernet, USB, WLAN, HDA verbs (e.g. headphone -jack), S3 suspend/resume, M2 NVMe SSDs and SATA, **all works perfectly**. -External video outputs and webcam also work. Microphone works, line-out works... -everything works. UART also available via line-out jack (jumpers required on -the mainboard). +**Please follow this prior to flashing, or you may brick your machine.** -The thunderbolt controller is currently unconfigured, so you can't use -Thunderbolt, but the thunderbolt and regular USB-C connector can both be -used for charging, and both can be used for video output (it shows up in xrandr -as a DisplayPort). NOTE: - is the patchset enabling -Thunderbolt, but it currently breaks on S3 resume from sleep, so it's not -included yet. This will be added to the Libreboot 20241206 release as a hotpatch -when it's ready, and in the next testing release after Libreboot 20241206. This -is true as of 6 December 2024. +Please [inject vendor files](ivy_has_common.md) prior to flashing. You can also +use this guide to change the built-in MAC address for your Intel Gigabit +Ethernet device; doing so is advisable, because otherwise you will have a +default, generic MAC address. -Backlight controls work, via software control (e.g. `xbacklight` utility), but -the Fn keys for it don't currently work, as of 6 December 2024. - -Nvidia dGPU doesn't work and is disabled as of 6 December 2024; the Intel graphics -are still available even on Nvidia models, so Intel graphics are used. - -WWAN slot untested. - -Build ROM image from source ---------------------------- - -The build target, when building from source, is thus: - - ./mk -b coreboot t480_fsp_16mb - ./mk -b coreboot t480s_fsp_16mb - -**NOTE: The T480 and T480 may be similar, but they do have several critical -differences in their wiring, so you MUST flash the correct image. Please -choose one of the above build targets accordingly.** - -Installation -============ - -Insert binary files -------------------- - -If you're using a release ROM, please ensure that you've inserted extra firmware -required refer to the [guide](../install/ivy_has_common.md) for that. **(failure -to adhere to this advice will result in a BRICKED machine)** - -Libreboot's build system automatically downloads and processes these files if -you build Libreboot from source, but the same logic that it uses must be re-run -if you're using a release image. This is to bypass certain restrictions on -direct distribution, for files such as the Intel Management Engine firmware. - -Absolutely unsigned Intel ME! ------------------------------ +### Absolutely unsigned Intel ME! Libreboot already disables the Intel ME by default, using `me_cleaner`, but -the T480/T480 specifically has an additional quirk: +the T480/T480s specifically have an additional quirk: One of the benefits of [deguard](deguard.md) for Intel MEv11 is that it sets the ME in such a state where you can run unsigned code in there. This is how @@ -148,14 +116,69 @@ restrictions; more information about deguard is available on a dedicated page. The deguard utility could also be used to enable the red-unlock hack, which would permit unsigned execution of new CPU microcode, though much more -research is needed. Because of these two facts, this makes the T480/T480S the +research is needed. Because of these two facts, this makes the T480/T480s the most freedom-feasible of all relatively modern x86 laptops. With deguard, you have complete control of the flash. This is unprecedented on recent Intel systems in Libreboot, so it's certainly a very interesting port! -Set MAC address ---------------- +Libreboot uses both `me_cleaner` *and* `deguard` on the T480/T480s. + +### What works in this port: + +Intel graphics, internal screen, ethernet, USB, WLAN, HDA verbs (e.g. headphone +jack), S3 suspend/resume, M2 NVMe SSDs and SATA, B+M key NVMe SSDs in WWAN slot, +**all works perfectly**. External video outputs and webcam also work. Microphone +works, line-out works... everything works. UART also available via line-out jack +(jumpers required on the motherboard). + +There *are* a few minor exceptions as to what works; this will be covered in +other sections of this page. This port is *almost* perfect, but with some caveats. + +Build images from source +------------------------ + +Please refer to the standard [build instructions](../build/) first. + +The build target, when building from source, is thus: + + ./mk -b coreboot t480_vfsp_16mb + ./mk -b coreboot t480s_vfsp_16mb + +**NOTE: The T480 and T480s may be similar, but they do have several critical +differences in their wiring, so you MUST flash the correct image. Please +choose one of the above build targets accordingly.** + +Installation +------------ + +**Please read carefully**, because *many* prerequisite steps are required +prior to Libreboot installation. + +### Insert binary files (DO THIS FIRST) + +**If you're using a release ROM**, please ensure that you've inserted extra firmware +required. Refer to the [guide](../install/ivy_has_common.md) for that. **(failure +to adhere to this advice will result in a BRICKED machine)** + +Libreboot's build system automatically downloads and processes these files if +you build Libreboot from source, but the same logic that it uses must be re-run +if you're using a release image. This is to bypass certain restrictions on +direct distribution, for files such as the Intel Management Engine firmware. + +The pre-compiled images do not contain an Intel ME, so you must first insert it +using the above guide. Libreboot's build system automatically grabs it, disables +it after boot with `me_cleaner`, and configures it with [deguard](deguard.md) +to disable the Intel Boot Guard - this automation is either applied at build +time, or you can use it on release images. + +Again: + +If you're [building from source](../build/) via Libreboot's build system, these +files are inserted during build. You only need to manually insert them, using +the above linked guide, on the pre-compiled release images! + +### Set MAC address This platform uses an Intel Flash Descriptor, and defines an Intel GbE NVM region. As such, release/build ROMs will contain the same MAC address. To @@ -165,86 +188,275 @@ change the MAC address, please read [nvmutil documentation](../install/nvmutil.m argument when using it: `--platform sklkbl`** - otherwise, ifdtool will handle the IFD incorrectly! -WARNING about GPU compatibility -------------------------------- - -The Nvidia GPUs were tested, on models that have them. It is completely -dysfunctional and currently disabled in Libreboot. On models that have Nvidia, -the Intel graphics is still available so Libreboot uses Intel graphics -exclusively. - -The Intel GPU is fully supported with native source code (libgfxinit) in -coreboot, which Libreboot uses for initialisation. - -Use of Intel graphics is recommended, because it has much better (and libre) -driver support in Linux, and free initialisation code in coreboot, whereas -Nvidia is mostly all binary blobs (unless perhaps you use the nouveau driver in -Linux). - -Thunderbolt issue (READ THIS BEFORE FLASHING) ------------------- +### Thunderbolt issue (READ THIS BEFORE FLASHING) The thunderbolt firmware on launch units had a bug where certain debug info is written on certain events, such as plugging in a charger to the USB-C -connector. This logging is stored in the Thunderbolt firmware's own SPI flash, +connector. Log data is stored in the Thunderbolt firmware's own SPI flash, which is separate from the main SPI flash containing the system firmware e.g. coreboot. -If that flash gets full, thunderbolt (on factory firmware) stops working and -fast charging stops working. It can be prevented by updating the Thunderbolt -firmware. You can do this from Lenovo's firmware, using these instructions: +This photo shows that flash chip on a ThinkPad T480: + +ThinkPad T480 NOR flash (thunderbolt firmware) + +It's also present on the T480S (S model), but in a different location; on +the S model, the main system flash is still located somewhere near the +centre of the board, and the ThunderBolt flash near the edge of the board, as +it is on the T480, but the T480/T480s use slightly different wiring and they +have a slightly different board layout. + +#### What is the problem? + +If that flash gets full, thunderbolt PCI-E stops working and fast charging +stops working, but slow charging still works. The issue can be prevented by +updating the firmware. See: If you're already affected by the bug, you can restore it to a working state -by flashing the Thunderbolt firmware externally. For example this is where its -NOR flash is on a T480: +by flashing the Thunderbolt firmware externally. You *cannot* fix the issue +with Lenovo's software-based flasher, if the issue is already present, so +you *must* flash externally in that case; you can also flash externally, even +if the issue is not yet present. -ThinkPad T480 NOR flash (thunderbolt firmware) +#### External flashing recommended -This page shows how to do that: - - - -You unbrick the Thunderbolt controller by pulling the firmware from Lenovo's -update, from Lenovo's update utility. Once extracted, you then pad it properly -so that it can be flashed manually, using a normal SPI flasher (the same one -that you would use to flash Libreboot). +The benefit of flashing it *externally* is that you would then no longer need +to boot Windows, because there is currently no way of doing it from Linux, and +Lenovo does not provide a *boot image* like they do for UEFI updates. So, to +use Lenovo's software-based flasher, you must install and boot Windows. We +always recommend using Free Software whenever possible, *so we always recommend +flashing the new firmware externally, as a matter of course.* Use the [25XX NOR flashing guide](spi.md) if you need to flash this chip. It's the same guide that you will use for the main system flash, which is a separate flash IC. -AGAIN: This is not the Libreboot flash IC. This is separate to the system flash. -Read on to know how to reprogram the main system flash! +#### Download ThunderBolt firmware -Flash a ROM image ------------------ +The firmware can be extracted from Lenovo's updater, specifically the `.exe` +file. For your convenience, lbmk (Libreboot's build system) can download this +for you. Run the following commands in lbmk: -**MAKE SURE** to update the Lenovo UEFI firmware before installing Libreboot. -You must also make a dump of the NOR flash, before updating Lenovo's firmware, -and once again before flashing Libreboot, being sure you have good dumps. +(please install [build dependencies](../build/) first) + +Commands: + + ./mk -d coreboot t480s_vfsp_16mb + ./mk -d coreboot t480_vfsp_16mb + +You will find the files at these locations in lbmk: + +* `vendorfiles/t480/tb.bin` +* `vendorfiles/t480s/tb.bin` + +These have already been padded, to the correct size of 1MB, whereas the original +size (within the `.exe` file) was 256KB. + +These files are *also* generated, if you used the `./mk inject` command, +on a pre-compiled release image, as documented [here](ivy_has_common.md). + +#### Flash the ThunderBolt firmware + +**WARNING: DO NOT FLASH IT FIRST; YOU MUST PERFORM SOME PRE-REQUISITE STEPS +FIRST, BEFORE FLASHING `tb.bin`**: + +**Firstly, please note that this procedure has *only* been tested with Lenovo's +UEFI firmware installed on the main flash. Please ensure that you have also +switched Lenovo UEFI/EC firmware to the specific version referenced on this +page, for your board.** - for the rest of this, we will assume that you've not +yet flashed Libreboot, though there's no reason in principle why this can't +also work *after* you've flashed Libreboot; it's just that we only tested it +from Lenovo UEFI firmware. + +Now, *remove* the CR2032 battery (yellow coin-cell battery). Please also ensure +that you've disabled *ThunderBolt Assist* in the Lenovo UEFI setup menu. You +should also disable the internal battery, on T480 specifically (T480s only has +an internal battery). You should do this with no batteries connected anyway. + +Firstly, make *two dumps* of the flash, using [flashprog](spi.md) - and the +linked guide generally tells you how to dump/flash the chip. Make sure both +dumps have the same checksum, using e.g. `sha512sum`. + +Now, *erase* the flash. This example command is when using a Raspberry Pi Pico, +assuming that the device shows up as `/dev/ttyACM0` - please adapt accordingly +to whatever programmer you have: + + flashprog -p serprog:dev=/dev/ttyACM0 -E + +Note that the `-E` argument is what specifies that the chip should be *erased*. + +Now, you must create a file called `null.bin`, which contains all zeroes: + + dd if=/dev/zero of=null.bin bs=1M count=1 + +Please ensure (in hexdump) that the file does contain all zeroes, and that it +is 1MB in size. You will now flash it, again adapting the command below to +whatever programmer you have: + + flashprog -p serprog:dev=/dev/ttyACM0 -w null.bin + +**NOW, REMOVE the clip. Button it back up and turn the T480 on, with both +the battery and the charger connected, plugging in the battery first.** + +It *should* boot up and show the Lenovo boot screen. Give it a few moments. +When you've confirmed that it has booted the Lenovo firmware, *shut down* the +machine and remove the battery / power supply again. It *may take a while* to +boot Lenovo's firmware when doing this, so please be very patient. + +After you've confirmed that the machine boots, I say again: make sure to shut +it down fully, removing all batteries and power supplies. + +It is at this moment that you will externally flash the `tb.bin` file. Please +make sure to flash the correct one for your board: + +* T480: `vendorfiles/t480/tb.bin` +* T480s: `vendorfiles/t480s/tb.bin` + +#### Manual TBT.bin extraction (optional) + +If you already used the `./mk -d` commands above, to grab `tb.bin`, then you +can skip this section. + +Libreboot's automated build system has a lot more dependencies. If you want to +avoid installing them, and extract the file manually, you can. Simply download +the `.exe` file and do this: + + innoextract filename.exe + +The `innoextract` utility will probably be available in your distro's package +manager. You can otherwise find it here:\ + - credit goes to Daniel Scharrer for +writing this excellent software. + +A directory will be created with the extracted files. Inside it, you will +find a file named `TBT.bin`. You can pad it like so: + + dd if=/dev/null of=TBT.bin bs=1 seek=1048576 + +Note that the `seek` variable here matching 1MB flash size. If you encounter +a different flash size, adapt accordingly (the same applies when creating +the `null.bin` file). Libreboot's build system makes this size configurable +per board, on the theory that we may encounter other flash sizes in the future, +when we add more ThinkPads of this generation to Libreboot. + +#### Continue flashing ThunderBolt firmware + +Ok, so you have the file. Now you can flash it. + +Example: + + flashprog -p serprog:dev=/dev/ttyACM0 -w tb.bin + +Adapt `tb.bin` in the command above, to the actual one that you wish to flash. + +You *MUST* do it in the exact order as prescribed above. After flashing +the `tb.bin` image, un-clip and simply re-assemble. After you boot up, it should +once again show the boot screen, and USB-C / ThunderBolt will work perfectly. + +You can repeat the above steps to restore the old firmware version. This is why +you were instructed to make a backup, on the off-chance that you may wish to do +so for some reason in the future. + +#### ThunderBolt troubleshooting + +If you accidentally flashed an incorrect firmware image, or you didn't properly +erase and boot first before flashing the new image, you can simply repeat the +steps again; on erase/null, you then boot up and *wait* and it'll eventually +show the boot screen again. If it doesn't work, just keep doing it until it does. + +Credits go +to [Adam McNutt](https://gitlab.com/MobileAZN/lenovo-t480-thunderbolt-firmware-fixes) +who originally provided such instructions, for the ThinkPad T480. The information +there was adapted for *this* guide, in the Libreboot documentation. Libreboot +may very well support other ThinkPads from the same generation, in a future +release after Libreboot 20241206, and many of those have this same issue; when +it does, Libreboot will document this fix for those machines too, and probably +move these instructions to a dedicated page on the website. + +### Flash a Libreboot ROM image (software) If you're already running Libreboot, and you don't have flash protection turned on, [internal flashing](../install/) is possible. +The default Libreboot setup removes all flash restrictions, allowing you to +flash internally, from a Linux or BSD systems running on the T480/T480. You must +also [disable /dev/mem protections](devmem.md) for internal flashing to work. + +### Flash a ROM Libreboot image (hardware) + +#### Prepare your external programmer + +**First, please assimilate all knowledge in +the [25XX NOR flashing guide](spi.md) - it shows how to program these flash +chips, using a dedicated flash programmer, which is something that you will +physically connect to the flash chip.** + +Again: this is only necessary if you have Lenovo BIOS, or if you enabled [flash +write protections](../linux/grub_hardening.md) on an existing Libreboot setup. + +#### Update Lenovo firmware first + +*Before* installing Libreboot for the first time, it is important that you +first update the Lenovo UEFI firmware and EC firmware to a *specific* version, +mentioned below. + +**MAKE SURE to update the Lenovo UEFI firmware before installing Libreboot. +You must also make a dump of the NOR flash, before updating Lenovo's firmware, +and once again before flashing Libreboot, being sure you have good dumps.** + +**T480: Make sure to use the `n24ur39w` release, when updating Lenovo firmware. +Or downgrade to this version. This is because the EC UART support in coreboot +specifically taps into the EC code of that release. See:\ +\ +and it can be downloaded here:\ +\ +NOTE: T480s (S model) doesn't have EC UART support yet, so it doesn't matter +yet which version you update to on the S model.** + +Prep a USB stick with it: + + geteltorito -o t480_bios_update.img /path/to/your/downloaded.iso + +Now DD it to the raw USB flash device: + + dd if=t480_bios_update.img of=/dev/sdX bs=4M conv=fsync status=progress + +You must disable *Secure Rollback Prevention* in the BIOS, under +UEFI BIOS Update Option; please also enable *Flash BIOS Updating by +End Users*. The *Windows UEFI Firmware Update* option is probably a do-not-care. +If you're on a newer version of the UEFI firmware, you will want rollback +protection disabled so that you can use this exact version. + +You must disable SecureBoot, and enable legacy/CSM boot, and boot it in BIOS +mode, not UEFI mode. Make sure your battery is well-charged, and boot it with +a battery and with the power supply plugged in. Select *option 2* in the menu, +to update your BIOS, which also updates the EC firmware. This is the Lenovo +BIOS/UEFI updater. Once you've updated, you can flash Libreboot. + +Please ensure also that you've already dealt with the Thunderbolt issue, which +is described above. After all of this, you can flash Libreboot. + +#### Disassemble the T480 + Find videos online of how to disassemble this, and/or find Lenovo's own service manual online. Otherwise, observe: ThinkPad T480 underside chassis Remove all screws, and you can gently pry off the lower chassis and remove, -which then allows you to see the inner mainboard: +which then allows you to see the inner motherboard: ThinkPad T480 PCB **WARNING: PLEASE MAKE SURE to remove the battery before flashing. The T480 -and T480S can both contain INTERNAL batteries, and the T480 has an additional +and T480s can both contain INTERNAL batteries, and the T480 has an additional external battery. Remove the internal battery via the connector, like so (T480):** ThinkPad T480 internal battery -On the T480S (S model) the internal battery is much larger, and the connector +On the T480s (S model) the internal battery is much larger, and the connector on it is built into the battery, so it is necessary to carefully remove the entire battery; on regular T480 (non-S model) the internal battery can be isolated via the connector as depicted above. @@ -262,53 +474,77 @@ To be clear: the system flash (16MB) is what you put Libreboot on. The Thunderbolt firmware flash is much smaller, so you'll know because flashprog will complain about wrong flash size if you're trying to flash the wrong one. -On the T480S (S model), the flashes are in slightly different places but in +On the T480s (S model), the flashes are in slightly different places but in both machines, the system flash (for Libreboot) is toward the centre, near the memory. -Backlight controls -------------------- +Post-installation +----------------- -The `xbacklight` (or equivalent in Wayland) can be used to manually control -the backlight; the buttons on the keyboard do not currently work, at least as -of 6 December 2024. +These next sections will tell you how to use certain hardware features, which +work a little bit differently due to idiosyncrasies of coreboot. -You could map the appropriate xbacklight command in Linux to a hotkey combo, -depending on your window manager or desktop environment. +### How to use the headphone jack -UART ----- +Sometimes the headphone jack might not work automatically. Simply install +the `pavucontrol` program. Under Output Devices, you can select the headphones +you've inserted manually. -A serial console is possible via the line-out (headphone jack). Not yet tested -on the T480S (S model), nor implemented, but it is working on the regular -T480 (non-S model). +If it says "Unplugged", try it anyway. The HDA Verb may be incorrect. This +will be investigated and a hotfix patch made to the Libreboot 20241206 images. -**TODO: show photo and wiring diagram here.** +You must also be used *pulseaudio*, not *pipewire*, because even manual +switching doesn't work in pipewire. **It only works in pulseaudio.** -Use baud rate 115200 in your favourite serial terminal client, e.g. GNU Screen. +### How to use HDMI audio -Next to the headphone jack on the T480, you will find pads for two 0ohm jumpers, -normally unpopulated, but you can bridge each jumper yourself using a 0ohm 0201 -jumper; alternatively, simply strip a bit a wire (30awg solid core) and carefully -solder the wire across each of the pad jumpers, then carefully using a pair -of side cutters to cut off the excess wire, being careful not to rip the pads! +You can get audio from Displayport/HDMI, but you must select it manually. +For example, you can select it in `pavucontrol` if you're using PulseAudio or +PipeWire. -If you do this, please make sure to have the latest EC firmware as of 5 -December 2024 (do not use older than what was latest on this day, and don't -use newer versions), because the code for this in coreboot targets a specific -area of code within the EC firmware. +### Touchscreen on T480 -You can then wire a 3.5mm stereo plug. On the other end you will wire your -TX/RX lines as you wish, to a suitable UART adapter; any 3.3v-rated TTL -adapter should work. The Raspberry Pi Pico can be used for this, which is handy -because that can also be used as a serprog-based NOR flasher! +The touchscreen was tested, and confirmed working. Not all models have it, +but it does indeed work perfectly on ones that do. -The T480S (S model) schematics is a bit different and the signals are -properly muxed. Note that this is not to be confused with `spkmodem`, which -has not been tested on these boards (but could theoretically be possible too). +### How to use backlight controls -Idea for 2nd NVMe mod ----------------------- +Backlight controls work, via software control (e.g. `xbacklight` utility), but +the Fn keys for it don't currently work, as of 6 December 2024. + +You can set the backlight manually, or use a hotkey, depending on your window +manager or desktop environment. + +### UART (T480 only. Not T480S) + +**You need to have first flashed the correct EC firmware version, as detailed +above.** + +**NOT supported on the S model (T480s). Please only do it on a T480.** + +The EC on ThinkPad T480 has a UART available, and it is enabled in coreboot, +as used by Libreboot. However, you must use a *specific* EC firmware version. +Please read notes elsewhere in this page regarding Lenovo UEFI/EC BIOS updates; +an exact version number is referenced, which you must install prior to Libreboot +installation. + +Ways to flash the EC firmware from Libreboot have not yet been established. Now, +please observe the following photo: + +ThinkPad T480 UART jumpers + +You will solder zero-ohm jumpers on the indicated footprints. These correspond +to TX and RX, which are connected to the R and L lines on the headphone jack, +respectively; a ground will also be available. + +You must solder the zero-ohm jumpers, for UART to work. They are *0201* type +jumpers, which are extremely small. Please only do this if you have *excellent* +soldering skills because it's easy to goof this up if you're not careful. + +You can hook this up to any 3.3v TTL UART dongle, to get a serial console. The +correct baud rate is 115200. + +### Idea for 2nd NVMe mod Interestingly, on boards without the Nvidia graphics, the solder pads for all the componentry (including the GPU) is still present, so you could theoretically @@ -319,8 +555,189 @@ possible, quite feasible to design/manufacture and already supported in the Libreboot firmware in principle, since than PCI-E lane is enabled in the devicetree) Mate Kukri came up with this idea. It's a great idea, so it's written here. -This mod is possible on both the T480 and T480S, though on T480S there would +This mod is possible on both the T480 and T480s, though on T480s there would be less clearance; using a smaller internal battery and having a makeshift NVMe caddy in the remaining space would be how to go about it there. On the regular T480, the existing caddy area could easily fit two NVMe drives. +Errata +------ + +Some features either don't work, or are untested, when running Libreboot on +the ThinkPad T480 or T480s. + +### Microphone not working + +Tested in Debian 12.9 with PulseAudio - the built-in microphone isn't +detected at all. You can use an external USB microphone instead. + +The aux also doesn't seem to work at present; it may be related to the same +issue with headphone jack auto-switching. + +The good news is that the *webcam* seems to work just fine. All this will +need to be investigated. + +### Power-on after power failure + +Older Libreboot revisions made this machine always turn on, when plugging in +a power supply (charger brick), if a previous power loss was observed. This is +because coreboot sets a special register in the PMC that configures such +behaviour, but it was hardcoded to always-on. This is undesirable for most +people, so Libreboot 20241206 *revision 8* and newer releases contain the +following modification: + + + +If you wish to modify this behaviour again, you could modify the patch +referenced there; the actual location of the `.patch` file may change over +time, so you can basically just modify the coreboot source file +at `src/soc/intel/common/block/pmc/pmclib.c` (for the coreboot tree +under `src/coreboot/` in lbmk, pertaining to your board, which can be determined +by reading the `tree` variable in your board's `target.cfg` file within lbmk). + +Use the patch as reference, to modify the coreboot behaviour as you wish, and +re-compile [from source](../build/). + +### TPM disabled + +The TPM is disabled on this device, to prevent hanging/boot delay in SeaBIOS, +due to buggy TPM drivers there. + +### Legacy 8254 timer + +Legacy 8254 timer enabled in coreboot, to prevent SeaBIOS from hanging. + +### HyperThreading on T480/T480s + +Also called SMT. This is a feature where you get 2 threads on a single core. +It can improve performance in some workloads, but is actually a performance +liability in others, depending on your OS kernel/scheduler and the actual +workload. + +It is a security liability, due to the Spectre/Meltdown attacks, so we +recommend turning it off, at the very least from your running operating system. +On *this* platform, you can easily turn it off from coreboot. + +**Libreboot disables HyperThreading by default**, from Libreboot 20241206 rev8 +onward, on this board. To turn it back on, please [build from source](../build/) +and before running the build command, do this: + + ./mk -m coreboot t480_vfsp_16mb # replace t480 with t480s if needed + +In the menu that appears, go *Chipset -> Enable Hyperthreading* and turn it on. +Then exit from the menu, saving the config where prompted. You will see this +menu twice, because there are *two* configs for each of these boards. + +SMT is rarely of benefit in practise, but can be useful in some circumstances. +For example, if you're compiling a large codebase from source that takes hours, +SMT increases the building speed by about 15 percent; for example, a 3 hour +build job might take about 2 hours and 40 minutes instead. + +### NFC support in T480 + +Some T480 models might have NFC support but this is untested in Libreboot, and +probably dosen't work in current Libreboot releases. + +The PCH's NFC device is unsupported in Linux anyway. + +### Smartcard reader + +The smartcard reader is enabled but it is still untested. If you have one, +please test it and report back to the Libreboot project. + +### Thunderbolt not supported yet + +Thunderbolt is a way to get PCI-E on a USB port. With it, you can use +high-bandwidth devices such as 10Gbps network interfaces. + +The thunderbolt controller is currently unconfigured, so you can't use +Thunderbolt, but the thunderbolt and regular USB-C connector can both be +used for charging, and both can be used for video output (it shows up in xrandr +as a DisplayPort). + +[This patch](t480-thunderbolt-20241206-unstable.patch) can be added, enabling +Thunderbolt, but be warned: it is completely untested, as of Libreboot 20241206. +This patch is *NOT* included in the release, because it breaks on S3 resume, +and may cause a kernel panic. Also: currently testing only reveals that the +ThunderBolt controller shows up. + +You also need the [gerrit patch](https://review.coreboot.org/c/coreboot/+/75286) +adding a Thunderbolt driver to coreboot. + +To apply these patches, do the following in a fresh clone of `lbmk.git` and do: + +``` +git checkout 20241206-t480-thunderbolt-unstable +``` + +In it, you'll find this commit: + +``` +commit 3881160b863ff53df9064a29a25aab55c76ee9c4 (HEAD -> 20241206-t480-thunderbolt-unstable) +Author: Leah Rowe +Date: Tue Dec 10 23:35:47 2024 +0000 + + experimental/unstable t480 thunderbolt support + + Signed-off-by: Leah Rowe +``` + +This was created by the following steps, applying the patches referenced above +and amending the coreboot configs for T480/T480s, within lbmk, from a fresh +clone of lbmk (Git repository): + +``` +git reset --hard b910424b5df8ed7c931a7b8f5cc8e34eacf0ca3e # 20241206rev2 +./mk -f coreboot next +cd src/coreboot/next +wget https://libreboot.org/docs/install/t480-thunderbolt-20241206-unstable.patch +git fetch https://review.coreboot.org/coreboot refs/changes/86/75286/12 && git cherry-pick FETCH_HEAD +git am t480-thunderbolt-20241206-unstable.patch +git format-patch -n2 +mv 0001-drivers-intel-dtbt-Add-discrete-Thunderbolt-driver.patch ../../../config/coreboot/next/patches/0010-drivers-intel-dtbt-Add-discrete-Thunderbolt-driver.patch +mv 0002-thunderbolt-fix-ish.patch ../../../config/coreboot/next/patches/0011-thunderbolt-fix-ish.patch +cd - +./mk -u coreboot t480s_fsp_16mb +./mk -u coreboot t480_fsp_16mb +git add config/coreboot/next/patches/ +git add config/coreboot/t480_fsp_16mb/ +git add config/coreboot/t480s_fsp_16mb/ +git commit -s -m "experimental/unstable t480 thunderbolt support" +``` + +**NOTE: With the above change, or if using the branch referenced below, +the build targets will be `t480_fsp_16mb` and `t480s_fsp_16mb`, +not `t480_vfsp_16mb` and `t480s_vfsp_16mb`. + +You can now follow standard [build instructions](../build/). + +The branch named `20241206-t480-thunderbolt-unstable` already has the above +patches applied, including the configuration changes made by `./mk -u`, and +you can follow the same build instructions. In this lbmk branch, that +gerrit patch above (`refs/changes/86/75286/12`) is already included. + +Whether you use the lbmk branch, or you add the patches manually as above, +you can then flash the resulting image and boot it. + +**AGAIN: This will likely cause kernel panics, and it will break on resume +from S3 (resume from sleep). If you do test this, please report whether +the Thunderbolt devices actually work, but remember that you must NOT suspend +or put your machine to sleep.** + +### Nvidia dGPU not supported + +Nvidia dGPU doesn't work and is disabled as of 6 December 2024; the Intel graphics +are still available even on Nvidia models, so Intel graphics are used. + +### WWAN cards + +B+M key NVMe SSDs in WWAN slot works, other cards are untested. + +### thinkpad\_acpi issues {#thinkpad-acpi} + +It has been reported that `thinkpad_acpi` does not load correctly on the T480. +This should also be the case for the T480s. + +If you encounter this issue, check\ +[this page](../../faq.md#thinkpad-acpi) +for details as to how to fix this. diff --git a/site/docs/install/t480.md.description b/site/docs/install/t480.md.description new file mode 100644 index 0000000..7eada21 --- /dev/null +++ b/site/docs/install/t480.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad T480. diff --git a/site/docs/install/t500.md b/site/docs/install/t500.md index fbd067d..e417a9f 100644 --- a/site/docs/install/t500.md +++ b/site/docs/install/t500.md @@ -1,5 +1,5 @@ --- -title: ThinkPad T500 external flashing +title: Install Libreboot on Lenovo ThinkPad T500 and/or W500 x-toc-enable: true ... @@ -23,16 +23,16 @@ x-toc-enable: true | **Architecture** | x86_64 | | **EC** | Proprietary | | **Original boot firmware** | LenovoBIOS | -| **Intel ME/AMD PSP** | Present. Can be completly disabled. | +| **Intel ME/AMD PSP** | Present. Can be completely disabled. | | **Flash chip** | SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable to 16MiB) | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -51,16 +51,13 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works | -Dell Latitude E6400 -=================== +Open source BIOS/UEFI firmware +------------------------- -**If you haven't bought an T500 yet: the [Dell Latitude -E6400](../install/latitude.md) is much easier to flash; no disassembly required, -it can be flashed entirely in software from Dell BIOS to Libreboot. It is the -same hardware generation (GM45), with same CPUs, video processor, etc.** - -Introduction -============ +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad T500 or ThinkPad W500 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. It is believed that all or most T500 laptops are compatible. See notes about [CPU @@ -75,17 +72,26 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16. *The T500 laptops come with the ME (and sometimes AMT in addition) before flashing libreboot. libreboot disables and removes it by using a -modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)* -(contains notes, plus instructions) +modified descriptor.* Flashing instructions can be found at [../install/\#flashprog](../install/#flashprog) -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** + +Dell Latitude E6400 +------------------- + +**If you haven't bought an T500 yet: the [Dell Latitude +E6400](../install/latitude.md) is much easier to flash; no disassembly required, +it can be flashed entirely in software from Dell BIOS to Libreboot. It is the +same hardware generation (GM45), with same CPUs, video processor, etc.** EC update {#ecupdate} -========= +------------------- It is recommended that you update to the latest EC firmware version. The [EC firmware](../../faq.md#ec-embedded-controller-firmware) is separate from @@ -100,14 +106,14 @@ NOTE: this can only be done when you are using Lenovo BIOS. How to update the EC firmware while running libreboot is unknown. libreboot only replaces the BIOS firmware, not EC. -Updated EC firmware has several advantages e.g. bettery battery +Updated EC firmware has several advantages e.g. better battery handling. The T500 is almost identical to the X200, code-wise. See [x200.md](x200.md). Installation notes -================== +------------------ [External flashing](spi.md) required, if Lenovo BIOS is running. @@ -117,15 +123,14 @@ followed (adapted) if you brick your T500, to know how to recover. W500 is also mostly compatible with this guide. -Serial port {#serial_port} ------------ +### Serial port {#serial_port} EHCI debug might not be needed. It has been reported that the docking station for this laptop has a serial port, so it might be possible to use that instead. A note about CPUs -================= +----------------- [ThinkWiki](http://www.thinkwiki.org/wiki/Category:T500) has a list of CPUs for this system. The Core 2 Duo P8400, P8600 and P8700 are believed @@ -135,8 +140,8 @@ confirmed working. T9550 and T9900 was tested by a user, and is compatible as reported in the IRC channel. T9500 and T9400 may also work, but YMMV. -Quad-core CPUs --------------- +### Quad-core CPUs + Very likely to be compatible, but requires hardware modification. Based on info from German forum post about installing Core Quad CPU on T500 found in coreboot mailing list. Currently work in progress and no guide available. @@ -152,7 +157,7 @@ everything nicely: A note about GPUs -================= +----------------- Some models have an Intel GPU, while others have both an ATI and an Intel GPU; this is referred to as "switchable graphics". In the *BIOS @@ -165,29 +170,28 @@ Intel GPU is used and the ATI GPU is disabled, so native graphics initialization works all the same. CPU paste required -================== +------------------ See [\#paste](#paste). Flash chip size {#flashchips} -=============== +----------------------------- Use this to find out: flashprog -p internal MAC address {#macaddress} -=========== +------------------------ Refer to [mac\_address.md](mac_address.md). Clip wiring -=========== +----------- Refer to [spi.md](spi.md) as a guide for external re-flashing. -The procedure -------------- +### The procedure Remove all screws:\ ![](https://av.libreboot.org/t500/0000.jpg)\ @@ -290,7 +294,7 @@ Connect your programmer, then connect GND and 3.3V\ Now flash Libreboot. Thermal paste (IMPORTANT) -========================= +------------------------- Because part of this procedure involved removing the heatsink, you will need to apply new paste. Arctic MX-4 is ok. You will also need isopropyl @@ -307,7 +311,7 @@ show how to properly apply the thermal paste. Other guides online detail the proper application procedure. Wifi -==== +---- It is recommended that you install a new wifi chipset. This can only be done after installing libreboot, because the original firmware has a @@ -319,7 +323,7 @@ the Intel chip that this T500 came with:\ ![](https://av.libreboot.org/t400/0012.jpg) ![](https://av.libreboot.org/t400/ar5b95.jpg) WWAN -==== +---- If you have a WWAN/3G card and/or sim card reader, remove them permanently. The WWAN-3G card has DMA, and proprietary firmware inside; @@ -329,7 +333,7 @@ also track your movements. Not to be confused with wifi (wifi is fine). Memory -====== +------ In DDR3 machines with Cantiga (GM45/GS45/PM45), northbridge requires sticks that will work as PC3-8500 (faster PC3/PC3L sticks can work as PC3-8500). diff --git a/site/docs/install/t500.md.description b/site/docs/install/t500.md.description new file mode 100644 index 0000000..a3f1413 --- /dev/null +++ b/site/docs/install/t500.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad T500. diff --git a/site/docs/install/t60_unbrick.md b/site/docs/install/t60_unbrick.md index f4200a4..67d8e1e 100644 --- a/site/docs/install/t60_unbrick.md +++ b/site/docs/install/t60_unbrick.md @@ -1,10 +1,22 @@ --- -title: ThinkPad T60 Recovery guide +title: Install Libreboot on Lenovo ThinkPad T60 x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Lenovo Thinkpad T60 motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. +*This* version of the guide shows you how to +flash using external hardware, which can be useful for un-bricking. + +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the system, making this difficult. In this situation, @@ -90,10 +102,10 @@ Refer to the external flashing guide: [Externally rewrite 25xx NOR flash via SPI protocol](spi.md) NOTE: Do not use the 3.3v rail from your SPI programmer. Leave that disconnected. -For 3.3v, plug your charger into the mainboard (but do not power on the mainboard) +For 3.3v, plug your charger into the motherboard (but do not power on the motherboard) when the clip is connected. Before removing the clip, disconnect the charger. This will provide adequate 3.3v DC at correct current levels. The SPI flash on an -X60 shares a common 3.3V rail with many other components on the mainboard, +X60 shares a common 3.3V rail with many other components on the motherboard, which all draw a lot of current, more than your flasher can provide. Example command: diff --git a/site/docs/install/t60_unbrick.md.description b/site/docs/install/t60_unbrick.md.description new file mode 100644 index 0000000..7e035d9 --- /dev/null +++ b/site/docs/install/t60_unbrick.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad T60. diff --git a/site/docs/install/w541_external.md b/site/docs/install/w541_external.md index e5f9ece..b5f02dd 100644 --- a/site/docs/install/w541_external.md +++ b/site/docs/install/w541_external.md @@ -1,25 +1,32 @@ --- -title: ThinkPad W541/W540 external flashing +title: Install Libreboot on Lenovo ThinkPad W541 and/or W540 x-toc-enable: true ... -NOTE: The same image for W541 also works on W541, as it's the exact same -mainboard. +Open source BIOS/UEFI firmware +------------------------- + +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad W541 and/or W540 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +NOTE: The same image for W541 also works on the W540, as the motherboards are +identical for coreboot purposes. Buy Libreboot preinstalled -========================== +-------------------------- -This laptop is available to buy with Libreboot pre-installed: - +**Minifree now sells the Libreboot T480, instead of the Libreboot W541. See: +** -Introduction -============ +Safety advice +------------- -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) -now, as of 27 January 2024, which is a fork of flashrom. - -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** Read the [Ivybridge/Haswell common guide](/docs/install/ivy_has_common.html) if you want more information. All of the following instructions assume that you've cloned lbmk and are operating from the @@ -30,36 +37,20 @@ root of that project. To do so, run You can now follow the rest of the instructions. +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** + Preparing a release Rom ----------------------- -You must patch the release rom with the necessary vendor files *and then* flash it to your board. +**Please follow this prior to flashing, or you may brick your machine.** -Lbmk includes a script that will automatically inject the necessary files into a rom file. -The script can determine the board automatically if you have not changed the name, but you can also manually set the board name with the `-b` flag. - -In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image. - -If you only wish to flash a release rom then the process of injecting the necessary files is quite simple. -Run the injection script pointing to the release archive you downloaded: - - ./vendor inject /path/to/libreboot-RELEASE_targetname.tar.xz - -The script can automatically detect the board as long as you do not change the file name. -You can then find flash-ready ROMs in `/bin/release/` - -Alternatively, you may patch only a single rom file. -For example: - - ./vendor inject -r w541_libreboot.rom -b w541_12mb - -Optionally, you can use this script to modify the mac address of the rom with the `-m` flag. -For example: - - ./vendor inject -r w541_libreboot.rom -b w541_12mb -m 00:f6:f0:40:71:fd - -NOTE: this makes use of `nvmutil`, which you can read more about in -the [nvmutil documentation](nvmutil.md). +Please [inject vendor files](ivy_has_common.md) prior to flashing. You can also +use this guide to change the built-in MAC address for your Intel Gigabit +Ethernet device; doing so is advisable, because otherwise you will have a +default, generic MAC address. Splitting The Rom ----------------- @@ -70,11 +61,10 @@ external flashing. dd if=libreboot.rom of=top.rom bs=1M skip=8 dd if=libreboot.rom of=bottom.rom bs=1M count=8 -Flash the top chip with top.rom, and tho bottom chip with bottom.rom. +Flash the top chip with top.rom, and the bottom chip with bottom.rom. Don't worry about knowing which chip is which on a standard setup; flashprog will let you know if the image size is incorrect for the chip you're flashing. - Disassembly ----------- @@ -105,7 +95,7 @@ on pin 8 of the chip that you're flashing. Ideally you should pull the other chip select high via 47ohm resistor, which should be enough to prevent damage in the case of accidentally shorting the wrong pin. -Doing this means that you *disable* the chip fou're not flashing. It's very +Doing this means that you *disable* the chip you're not flashing. It's very important that you ensure only the one you want to flash is active, when using an external flasher. @@ -117,8 +107,18 @@ used when flashing either of the chips. You can now proceed to [flashing](/docs/install/spi.html) this machine. +thinkpad\_acpi issues {#thinkpad-acpi} +--------------------------------------- + +It has been reported by a user that `thinkpad_acpi` does not load correctly on +the T440p. Since the W541/W540/T540p are also Haswell machines, you may be +affected by this issue. + +If you encounter this, check [this page](../../faq.md#thinkpad-acpi) +for details as to how to fix this. + Errata -====== +------ NOTE: As of Libreboot releases from May 2024 onward, the Intel MRC is no longer included for Haswell; MRC is a blob for raminit, but we now provide libre diff --git a/site/docs/install/w541_external.md.description b/site/docs/install/w541_external.md.description new file mode 100644 index 0000000..b6406e1 --- /dev/null +++ b/site/docs/install/w541_external.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad W541. diff --git a/site/docs/install/x200.md b/site/docs/install/x200.md index 109246c..070fce9 100644 --- a/site/docs/install/x200.md +++ b/site/docs/install/x200.md @@ -1,5 +1,5 @@ --- -title: First-time ThinkPad X200 flashing +title: Install Libreboot on Lenovo ThinkPad X200 / X200s / X200 Tablet x-toc-enable: true ... @@ -18,19 +18,19 @@ x-toc-enable: true | **Graphics** | Intel GMA X4500MHD | | **Display** | 1280x800/1440x900 TFT | | **Memory** | 1,2,3 or 4GB (Upgradable to 8GB, unofficially) | -| **Architecture** | x86_64 | +| **Architecture** | x86\_64 | | **EC** | Proprietary | | **Original boot firmware** | LenovoBIOS | | **Intel ME/AMD PSP** | Present. Can be completly disabled. | | **Flash chip** | SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (Upgradable to 16MiB) | ``` -W+: Works without blobs; +W+: Works without vendor firmware; N: Doesn't work; -W*: Works with blobs; +W*: Works with vendor firmware; U: Untested; P+: Partially works; -P*: Partially works with blobs +P*: Partially works with vendor firmware ``` | ***Features*** | | @@ -49,16 +49,13 @@ P*: Partially works with blobs | **SeaBIOS with GRUB** | Works | -Dell Latitude E6400 -=================== +Open source BIOS/UEFI firmware +------------------------- -**If you haven't bought an X200 yet: the [Dell Latitude -E6400](../install/latitude.md) is much easier to flash; no disassembly required, -it can be flashed entirely in software from Dell BIOS to Libreboot. It is the -same hardware generation (GM45), with same CPUs, video processor, etc.** - -Introduction -============ +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad X200, X200s or X200 Tablet laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. It is believed that all X200 laptops are compatible. X200S and X200 Tablet will also work, [depending on the configuration](#x200s). @@ -73,17 +70,26 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16. *The X200 laptops come with the ME (and sometimes AMT in addition) before flashing libreboot. libreboot disables and removes it by using a -modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)* -(contains notes, plus instructions) +modified descriptor.* Flashing instructions can be found at [../install/\#flashprog](../install/#flashprog) -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** + +Dell Latitude E6400 +------------------- + +**If you haven't bought an X200 yet: the [Dell Latitude +E6400](../install/latitude.md) is much easier to flash; no disassembly required, +it can be flashed entirely in software from Dell BIOS to Libreboot. It is the +same hardware generation (GM45), with same CPUs, video processor, etc.** EC update {#ecupdate} -========= +--------------------- It is recommended that you update to the latest EC firmware version. The [EC firmware](../../faq.md#ec-embedded-controller-firmware) is separate from @@ -104,7 +110,7 @@ Updated EC firmware has several advantages e.g. better battery handling. Battery Recall {#batteryrecall} -============== +------------------------------ [On 21 April 2015, Lenovo expanded a recall on Lenovo batteries found in some ThinkPad models, which includes the X200 and X200S.](https://pcsupport.lenovo.com/cr/en/solutions/hf004122) To find out if you are affected, use [this Lenovo tool.](https://lenovobattery2014.orderz.com/) @@ -163,14 +169,13 @@ Sources: Mod](http://forum.thinkpads.com/viewtopic.php?p=660662#p660662) - [ThinkWiki.de - X200 Displayumbau](http://thinkwiki.de/X200_Displayumbau) -### X200S +#### X200S explains that the X200S screens/assemblies are thinner. You need to replace the whole lid with one from a normal X200/X201. -How to tell if it has an LED or CCFL? {#led_howtotell} -------------------------------------- +### How to tell if it has an LED or CCFL? {#led_howtotell} Some X200s have a CCFL backlight and some have an LED backlight, in their LCD panel. This also means that the inverters will vary, so you must be careful if @@ -184,7 +189,7 @@ a lamp which contains mercury; dispose according to local, state or federal laws"* (one with an LED backlit panel will say something different). Installation notes -================== +------------------ [External flashing](spi.md) required, if running Lenovo BIOS. @@ -200,20 +205,17 @@ re-flash the chip externally while it is powered off with the battery removed. NOTE: This guide only applies to the regular X200. For X200S and X200 Tablet flashing, please read other guides available on libreboot.org. -Flash chip size -=============== +### Flash chip size Run this command on x200 to find out flash chip model and its size: flashprog -p internal -MAC address -=========== +### MAC address Refer to [mac\_address.md](mac_address.md). -The procedure -------------- +### The procedure This section is for the X200. This does not apply to the X200S or X200 Tablet (for those systems, you have to remove the motherboard @@ -248,7 +250,7 @@ When you're done, put the system back together. If it doesn't boot, try other RAM modules because raminit is very unreliable on this platform (in coreboot). Memory -====== +------ In DDR3 machines with Cantiga (GM45/GS45/PM45), northbridge requires sticks that will work as PC3-8500 (faster PC3/PC3L sticks can work as PC3-8500). @@ -274,8 +276,10 @@ You should see something like this: Now [install Linux](../linux/). -X200S and X200 Tablet users: GPIO33 trick will not work. --------------------------------------------------------- +Errata +------ + +### X200S and X200 Tablet users: GPIO33 trick will not work. sgsit found out about a pin called GPIO33, which can be grounded to disable the flashing protections by the descriptor and stop the ME from diff --git a/site/docs/install/x200.md.description b/site/docs/install/x200.md.description new file mode 100644 index 0000000..7df0131 --- /dev/null +++ b/site/docs/install/x200.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad X200. diff --git a/site/docs/install/x200.tr.md b/site/docs/install/x200.tr.md new file mode 100644 index 0000000..6909b8c --- /dev/null +++ b/site/docs/install/x200.tr.md @@ -0,0 +1,246 @@ +--- +title: Lenovo ThinkPad X200 / X200s / X200 Tablet'e Libreboot Kurulumu +x-toc-enable: true +... + +
+
+ThinkPad X200 +
+ +| ***Özellikler*** | | +|---------------------------|------------------------------------------------| +| **Üretici** | Lenovo | +| **Model** | ThinkPad X200/X200S/X200 Tablet | +| **Çıkış Tarihi** | Temmuz/Eylül 2009 | +| **Yonga Seti** | Intel Cantiga GM45 | +| **İşlemci** | Intel Core 2 Duo (Penryn ailesi) | +| **Ekran Kartı** | Intel GMA X4500MHD | +| **Ekran** | 1280x800/1440x900 TFT | +| **Bellek** | 1,2,3 veya 4GB (Resmi olmayan şekilde 8GB'a kadar yükseltilebilir) | +| **Mimari** | x86\_64 | +| **EC** | Tescilli | +| **Orijinal önyükleme yazılımı** | LenovoBIOS | +| **Intel ME/AMD PSP** | Mevcut. Tamamen devre dışı bırakılabilir. | +| **Flash yongası** | SOIC-8/SOIC-16/WSON-8 4MiB/8MiB (16MiB'a yükseltilebilir) | + +``` +W+: Üretici yazılımı olmadan çalışır; +N: Çalışmaz; +W*: Üretici yazılımı ile çalışır; +U: Test edilmedi; +P+: Kısmen çalışır; +P*: Üretici yazılımı ile kısmen çalışır +``` + +| ***Özellikler*** | | +|------------------|---------------------------------------| +| **Orijinal önyükleme yazılımı ile dahili flaşlama** | N | +| **Ekran** | W+ | +| **Ses** | W+ | +| **RAM Başlatma** | W+ | +| **Harici çıkış** | W+ | +| **Ekran parlaklığı** | P+ | + +| ***Desteklenen Yükleyiciler*** | | +|--------------------------------|-----------| +| **GRUB** | Çalışıyor | +| **SeaBIOS** | Çalışıyor | +| **SeaBIOS ve GRUB** | Çalışıyor | +
+ +Açık kaynak BIOS/UEFI yazılımı +------------------------- + +Bu belge, Lenovo ThinkPad X200, X200s veya X200 Tablet dizüstü bilgisayar anakartınıza +Libreboot'u nasıl kuracağınızı öğretecektir. Libreboot, tescilli BIOS/UEFI yazılımının +yerini alan bir [Özgür Yazılım](https://writefreesoftware.org/learn) projesidir. + +Tüm X200 dizüstü bilgisayarların uyumlu olduğuna inanılmaktadır. X200S ve X200 +Tablet de [yapılandırmaya bağlı olarak](#x200s) çalışacaktır. + +X200 anakartını X201 kasasına takmak mümkün olabilir, ancak bu henüz libreboot +projesi tarafından test edilmemiştir. Aynı durum X200S ve X201S arasında da +geçerli olabilir; bu da test edilmemiştir. *Büyük olasılıkla doğrudur.* + +X200 için iki olası flash yonga boyutu vardır: 4MiB (32Mbit) veya 8MiB (64Mbit). +Bu, avuç içi desteğinin altındaki flash yongasının türüne göre belirlenebilir: +4MiB SOIC-8, 8MiB SOIC-16'dır. + +*X200 dizüstü bilgisayarlar, libreboot'u flaşlamadan önce ME (ve bazen ek olarak AMT) +ile birlikte gelir. libreboot, değiştirilmiş bir tanımlayıcı kullanarak bunu devre +dışı bırakır ve kaldırır.* + +Flaşlama talimatları [../install/\#flashprog](../install/#flashprog) adresinde +bulunabilir. + +**NOT: Libreboot, 27 Ocak 2024 itibariyle artık [flashprog](https://flashprog.org/wiki/Flashprog) +kullanmaktadır; bu, flashrom'un bir çatallamasıdır. Bunun nedeni +[Libreboot 20240225 sürümünde](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom) +açıklanmıştır.** + +Dell Latitude E6400 +------------------- + +**Henüz bir X200 satın almadıysanız: [Dell Latitude E6400](../install/latitude.md) +flaşlaması çok daha kolaydır; sökme işlemi gerekmez, Dell BIOS'tan Libreboot'a +tamamen yazılım üzerinden flaşlanabilir. Aynı donanım neslidir (GM45), aynı +işlemciler, video işlemci vb. ile.** + +EC güncellemesi {#ecupdate} +--------------------- + +En son EC yazılımı sürümüne güncellemeniz önerilir. [EC yazılımı](../../faq.md#ec-embedded-controller-firmware) +libreboot'tan ayrıdır, bu yüzden biz aslında bunu sağlamıyoruz, ancak hala +Lenovo BIOS kullanıyorsanız, hem BIOS hem de EC sürümünü güncelleyecek olan +Lenovo BIOS güncelleme yardımcı programını çalıştırabilirsiniz. Bakınız: + +- [../install/#flashprog](../install/#flashprog) +- +- [X200, X200s, X200si BIOS Güncellemesi](http://pcsupport.lenovo.com/au/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x200/downloads/ds015007) +- [X200t BIOS Güncellemesi](http://pcsupport.lenovo.com/au/en/products/laptops-and-netbooks/thinkpad-x-series-tablet-laptops/thinkpad-x200-tablet/downloads/ds018814) + +NOT: Bu işlem yalnızca Lenovo BIOS kullanırken yapılabilir. libreboot çalışırken +EC yazılımını nasıl güncelleyeceğiniz bilinmemektedir. libreboot yalnızca BIOS +yazılımının yerini alır, EC'nin değil. + +Güncellenmiş EC yazılımının daha iyi pil yönetimi gibi birçok avantajı vardır. + +Pil Geri Çağırma {#batteryrecall} +------------------------------ + +[21 Nisan 2015'te Lenovo, X200 ve X200S'in de dahil olduğu bazı ThinkPad modellerinde +bulunan Lenovo pillerinin geri çağırma kapsamını genişletti.](https://pcsupport.lenovo.com/cr/en/solutions/hf004122) +Etkilenip etkilenmediğinizi öğrenmek için [bu Lenovo aracını kullanın.](https://lenovobattery2014.orderz.com/) +Lenovo, geri çağrılan modellerin sahiplerinin "sistemi kapatmasını, pili çıkarmasını +ve ThinkPad'i yalnızca AC adaptörü ve güç kablosunu takarak çalıştırmasını" öneriyor. +Pil doğrulamasının ardından Lenovo, geri çağrılan pilleri ücretsiz olarak değiştirecektir. +X200/X200s için pil değiştirme talimatları [bu sayfada](https://pcsupport.lenovo.com/cr/en/parts/pd003507/) +bulunabilir. + +LCD uyumluluk listesi {#lcd_supported_list} +---------------------- + +LCD panel listesi (X200 panelleri burada listelenmiştir): + + +X200, X200S ve X200 Tablet için tüm LCD panellerin çalıştığı bilinmektedir. + +### AFFS/IPS paneller {#ips} + +#### X200 + + adresinden +uyarlanmıştır. + +TN ve IPS paneller arasındaki fark için wikipedia'ya bakın. IPS'ler normal bir +TN'den çok daha iyi renk/kontrasta sahiptir ve genellikle iyi görüş açılarına +sahip olacaktır. + +Bunlar X200 tabletten geliyor gibi görünüyor. Üzerinde cam dokunmatik ekran +koruması olmayan bir tane bulmanız gerekiyor (ancak bunu çıkarmak mümkün +olabilir). Ayrıca üzerinde sayısallaştırıcı olmamalıdır (yine, sayısallaştırıcıyı +çıkarmak mümkün olabilir). + +- BOE-Hydis HV121WX4-120, HV121WX4-110 veya HV121WX4-100 - ucuz sayılır, + bulmak zor olabilir + +- Samsung LTN121AP02-001 - yaygın olarak bulunur, ucuz + +*X200'ünüzde LED arkadan aydınlatmalı bir panel varsa, CCFL panellerle uyumlu +bir invertör ve kablo demeti de almanız gerekir. Hangi panel tipine sahip +olduğunuzu görmek için [\#led\_howtotell](#led_howtotell) bölümüne bakın. +İnvertör/kablo gerekiyorsa, parça numaraları şunlardır: bluetooth ve kamera +bağlantıları ile CCFL LVDS kablosu için 44C9909 ve invertör için 42W8009 +veya 42W8010.* + +Bunların parlak ve mat versiyonları vardır. Mat, yansıma önleyici anlamına +gelir ki bu istediğiniz şeydir (bu yazarın görüşüne göre). + +Ekranın nasıl değiştirileceği için HMM'ye (donanım bakım kılavuzu) bakın. + +Kaynaklar: + +- [ThinkPad Forums - X200'de Mat AFFS Panel](http://forum.thinkpads.com/viewtopic.php?f=2&t=84941) +- [ThinkPad Forums - X200 AFFS Modifikasyonu için Parçalar](http://forum.thinkpads.com/viewtopic.php?p=660662#p660662) +- [ThinkWiki.de - X200 Ekran Değişimi](http://thinkwiki.de/X200_Displayumbau) + +#### X200S + + X200S ekranlarının/ +montajlarının daha ince olduğunu açıklıyor. Kapağın tamamını normal bir X200/X201'den +gelen bir kapakla değiştirmeniz gerekiyor. + +### LED mi CCFL mi olduğunu nasıl anlarım? {#led_howtotell} + +Bazı X200'lerde LCD panellerinde CCFL arka aydınlatma, bazılarında LED arka +aydınlatma vardır. Bu aynı zamanda invertörlerin de değişeceği anlamına gelir, +bu yüzden paneli ve/veya invertörü değiştirirken dikkatli olmalısınız. (CCFL +invertör yüksek voltajlıdır ve LED arkadan aydınlatmalı bir paneli tahrip eder). + +CCFL'ler cıva içerir. CCFL arka aydınlatmalı bir X200 (doğru invertörle LED'e +değiştirilmemişse. Tedarikçinize danışın!) şunu söyleyecektir: *"Bu ürün Lityum +İyon Pil, Lityum Pil ve cıva içeren bir lamba içerir; yerel, eyalet veya federal +yasalara göre bertaraf edin"* (LED arkadan aydınlatmalı bir panele sahip olan +farklı bir şey söyleyecektir). + +Kurulum notları +------------------ + +Lenovo BIOS çalışıyorsa [harici flaşlama](spi.md) gereklidir. + +Bu kılavuz, ThinkPad X200'lerinde hala orijinal Lenovo BIOS'u bulunan ve +libreboot isteyenler içindir. Bu kılavuz ayrıca X200'ünüzü bozarsanız, +kurtarmanın nasıl yapılacağını bilmek için de (uyarlanarak) takip edilebilir. + +Orijinal Lenovo yazılımı çalışıyorsa, flash yongasına erişebilmek için klavyeyi +ve avuç içi desteğini çıkarmanız gerekecektir; yonga avuç içi desteğinin hemen +altındadır. Ardından harici bir SPI programlayıcı bağlayacak ve pil çıkarılmış +durumdayken kapalıyken yongayı harici olarak yeniden flaşlayacaksınız. + +NOT: Bu kılavuz yalnızca normal X200 için geçerlidir. X200S ve X200 Tablet +flaşlaması için lütfen libreboot.org'da bulunan diğer kılavuzları okuyun. + +### Flash yonga boyutu + +Flash yonga modelini ve boyutunu öğrenmek için x200'de bu komutu çalıştırın: + + flashprog -p internal + +### MAC adresi + +[mac\_address.md](mac_address.md) dosyasına bakın. + +### Prosedür + +Bu bölüm X200 içindir. Bu, X200S veya X200 Tablet için geçerli değildir +(bu sistemler için, flash yongası kartın diğer tarafında olduğundan anakartı +tamamen çıkarmanız gerekir). + +Bu vidaları çıkarın:\ +![](https://av.libreboot.org/x200/disassembly/0003.jpg) + +Klavyeyi nazikçe ekrana doğru itin, ardından kaldırın ve isteğe bağlı olarak +karttan bağlantısını kesin:\ +![](https://av.libreboot.org/x200/disassembly/0004.jpg) +![](https://av.libreboot.org/x200/disassembly/0005.jpg) + +Parmak izi okuyucusunun kablosunu çıkarın ve ardından avuç içi desteğini +sol ve sağ tarafından kaldırarak yukarı çekin:\ +![](https://av.libreboot.org/x200/disassembly/0006.1.jpg) +![](https://av.libreboot.org/x200/disassembly/0006.jpg) + +Bu, hem SOIC-8 hem de SOIC-16 için flash yongasının konumunu gösterir:\ +![](https://av.libreboot.org/x200/x200_soic16.jpg) +![](https://av.libreboot.org/x200/x200_soic8.jpg) + +Flash yongasının bir kısmını örten bandı kaldırın ve ardından klipsi bağlayın:\ +![](https://av.libreboot.org/x200/disassembly/0008.jpg) + +Artık libreboot'u kurmaya hazır olmalısınız. + +[SPI programlama talimatlarına](spi.md) bakın. + +İşiniz bittiğinde, sistemi tekrar bir araya getirin. Önyükleme yapmazsa, bu +platformda (coreboot'ta) raminit çok güvenilmez olduğu için diğer RAM modüllerini +deneyin. \ No newline at end of file diff --git a/site/docs/install/x200.uk.md b/site/docs/install/x200.uk.md index 3ea6113..7064ab2 100644 --- a/site/docs/install/x200.uk.md +++ b/site/docs/install/x200.uk.md @@ -18,7 +18,7 @@ x-toc-enable: true | **Графіка** | Intel GMA X4500MHD | | **Дісплей** | 1280x800/1440x900 TFT | | **Пам'ять** | 1,2,3 or 4GB (оновлюється до 8GB, неофіційно) | -| **Архітектура** | x86_64 | +| **Архітектура** | x86\_64 | | **EC** | Пропрієтарний | | **Оригінальна прошивка** | LenovoBIOS | | **Intel ME/AMD PSP** | Наявний. Можна повністю вимкнути. | @@ -50,7 +50,7 @@ P*: Частково працює з бінарними компонентами Вступ -============ +----- Вважається що всі ноутбуки X200 сумісні. X200S та X200 Tablet також працюватимуть, [залежно від конфігурації](#x200s). @@ -71,11 +71,13 @@ X200S та X201S; знову ж таки, це неперевірено. *Шви Інструкції з перепрошивки можна знайти за адресою [../install/\#flashprog](../install/#flashprog) -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** Оновлення EC {#ecupdate} -========= +------------------------ Рекомендується оновити мікропрограму EC до останньої версії. [Прошивка EC](../../faq.md#ec-embedded-controller-firmware) є окремою від @@ -96,7 +98,7 @@ Lenovo BIOS, ви можете просто запустити утиліту о з акумулятором. Відкликання батареї {#batteryrecall} -============== +------------------------------------ [21 квітня 2015 року, Lenovo розширила відкликання акумуляторів Lenovo, які були встановлені в деяких моделях Thinkpad, зокрема X200 та X200S.](https://pcsupport.lenovo.com/cr/en/solutions/hf004122) Щоб дізнатися, чи вас це стосується, використовуйте [цей інструмент Lenovo.](https://lenovobattery2014.orderz.com/) @@ -105,8 +107,7 @@ Lenovo радить власникам відкликаних моделей "в Після перевірки батареї, Lenovo безкоштовно замінить відкликані батареї. Інструкції щодо заміни батареї для X200/X200s [можна знайти на цій сторінці.](https://pcsupport.lenovo.com/cr/en/parts/pd003507/) -Список сумісності LCD {#lcd_supported_list} ----------------------- +### Список сумісності LCD {#lcd_supported_list} Список РК-панелей (там перераховані панелі X200): @@ -155,14 +156,13 @@ Lenovo радить власникам відкликаних моделей "в Mod](http://forum.thinkpads.com/viewtopic.php?p=660662#p660662) - [ThinkWiki.de - X200 Displayumbau](http://thinkwiki.de/X200_Displayumbau) -### X200S +#### X200S пояснює, що екрани/блоки X200S тонші. Вам потрібно замінити всю кришку на одну від звичайного X200/X201. -Як визначити, чи у нього LED, чи CCFL? {#led_howtotell} -------------------------------------- +### Як визначити, чи у нього LED, чи CCFL? {#led_howtotell} Деякі X200 мають підсвічування CCFL, а деякі - світлодіодне підсвічування на РК-панелі. Це також означає, що інвертори відрізнятимуться, тому ви повинні бути обережними, @@ -176,7 +176,7 @@ CCFL містять меркурій. На X200 з CCFL підсвіткою (я законів"* (на тому, що має світлодіодне підсвічування, буде написано щось інше). Installation notes -================== +------------------ [External flashing](spi.md) required, if running Lenovo BIOS. @@ -193,19 +193,18 @@ Installation notes будь-ласка прочитайте інші посібники, доступні на libreboot.org. Розмір флеш-чіпа -=============== +---------------- Виконайте цю команду на x200, щоб дізнатися модель флеш-чіпа та його розмір: flashprog -p internal MAC адреса -=========== +---------- Зверніться до [mac\_address.md](mac_address.md). -Процедура -------------- +### Процедура Цей розділ стосується X200. Цей не стосується X200S або X200 Tablet (для цих систем потрібно повністю видалити материнську плату, @@ -240,7 +239,7 @@ Tablet (для цих систем потрібно повністю видал модулі оперативної пам'яті, тому що raminit дуже ненадійний на цій платформі (в coreboot). Пам'ять -====== +------- У машинах DDR3 з Cantiga (GM45/GS45/PM45), північний міст потребує стіків, які працюватимуть як PC3-8500 (швидші стіки PC3/PC3L можуть працювати як PC3-8500). @@ -257,8 +256,7 @@ Tablet (для цих систем потрібно повністю видал ![](https://av.libreboot.org/x200/disassembly/0018.jpg) -Завантажуйтесь! --------- +### Завантажуйтесь! Ви маєте побачити щось подібне цьому: @@ -266,8 +264,7 @@ Tablet (для цих систем потрібно повністю видал Тепер [встановлюйте Linux](../linux/). -Користувачі X200S та X200 Tablet: трюк GPIO33 не спрацює. --------------------------------------------------------- +### Користувачі X200S та X200 Tablet: трюк GPIO33 не спрацює. sgsit дізнався про контакт під назвою GPIO33, який можна заземлити, щоб вимкнути захист прошивки за допомогою дескриптора та зупинити ME від diff --git a/site/docs/install/x230_external.md b/site/docs/install/x230_external.md index 94bf138..864b9ac 100644 --- a/site/docs/install/x230_external.md +++ b/site/docs/install/x230_external.md @@ -1,16 +1,28 @@ --- -title: ThinkPad X230/X230T external flashing +title: Install Libreboot on Lenovo ThinkPad X230/X230T x-toc-enable: true ... -This machine is available to purchase with Libreboot pre-installed: - +Open source BIOS/UEFI firmware +------------------------------ -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad X230 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +**Minifree now sells the Libreboot T480, instead of the Libreboot X230. See: +** + +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** -**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../../news/safety.md), -OR YOU MIGHT BRICK YOUR MACHINE: [SAFETY PRECAUTIONS](../../news/safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](ivy_has_common.md).** NOTE: Internal flashing (from vendor firmware) to Libreboot is possible, on this board, but the steps are a bit more complex than using an external flasher. @@ -28,31 +40,12 @@ You can now follow the rest of the instructions. Preparing a release Rom ----------------------- -You must patch the release rom with the necessary vendor files *and then* flash it to your board. +**Please follow this prior to flashing, or you may brick your machine.** -Lbmk includes a script that will automatically inject the necessary files into a rom image. -The script can determine the board automatically if you have not changed the name, but you can also manually set the board name with the `-b` flag. - -In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image. -Run the injection script pointing to the release archive you downloaded: - - ./vendor inject /path/to/libreboot-20230319-18-g9f76c92_t440_12mb.tar.xz - -The script can automatically detect the board as long as you do not change the file name. -You can then find flash-ready ROMs in `/bin/release/` - -Alternatively, you may patch only a single rom file. -For example: - - ./vendor inject -r x230_libreboot.rom -b x230_12mb - -Optionally, you can use this script to modify the mac address of the rom with the `-m` flag. -For example: - - ./vendor inject -r x230_libreboot.rom -b x230_12mb -m 00:f6:f0:40:71:fd - -NOTE: this makes use of `nvmutil`, which you can read more about in -the [nvmutil documentation](nvmutil.md). +Please [inject vendor files](ivy_has_common.md) prior to flashing. You can also +use this guide to change the built-in MAC address for your Intel Gigabit +Ethernet device; doing so is advisable, because otherwise you will have a +default, generic MAC address. Splitting The Rom ----------------- @@ -67,8 +60,6 @@ Flash the top chip with top.rom, and tho bottom chip with bottom.rom. Don't worry about knowing which chip is which on a standard setup; flashprog will let you know if the image size is incorrect for the chip you're flashing. - - Disassembly ----------- diff --git a/site/docs/install/x230_external.md.description b/site/docs/install/x230_external.md.description new file mode 100644 index 0000000..0cf267f --- /dev/null +++ b/site/docs/install/x230_external.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad X230 via external flashing. diff --git a/site/docs/install/x60_unbrick.md b/site/docs/install/x60_unbrick.md index 2c0263a..c87b855 100644 --- a/site/docs/install/x60_unbrick.md +++ b/site/docs/install/x60_unbrick.md @@ -1,10 +1,20 @@ --- -title: ThinkPad X60 Recovery guide +title: Install Libreboot on Lenovo ThinkPad X60 x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Lenovo ThinkPad X60 laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the system, making this difficult. In this situation, @@ -75,10 +85,10 @@ Refer to the following guide:\ [Externally rewrite 25xx NOR flash via SPI protocol](spi.md) NOTE: Do not use the 3.3v rail from your raspberry pi. Leave that disconnected. -For 3.3v, plug your charger into the mainboard (but do not power on the mainboard) +For 3.3v, plug your charger into the motherboard (but do not power on the motherboard) when the clip is connected. Before removing the clip, disconnect the charger. This will provide adequate 3.3v DC at correct current levels. The SPI flash on an -X60 shares a common 3.3V rail with many other components on the mainboard, +X60 shares a common 3.3V rail with many other components on the motherboard, which all draw a lot of current, more than your programmer can provide. When you're finished flashing, remove the programmer and put it away somewhere. diff --git a/site/docs/install/x60_unbrick.md.description b/site/docs/install/x60_unbrick.md.description new file mode 100644 index 0000000..5eac014 --- /dev/null +++ b/site/docs/install/x60_unbrick.md.description @@ -0,0 +1 @@ +Learn how to install Libreboot free/opensource BIOS/UEFI boot firmware on your Lenovo ThinkPad X60. diff --git a/site/docs/install/x60tablet_unbrick.md b/site/docs/install/x60tablet_unbrick.md index 110a912..304c380 100644 --- a/site/docs/install/x60tablet_unbrick.md +++ b/site/docs/install/x60tablet_unbrick.md @@ -1,10 +1,20 @@ --- -title: ThinkPad X60 Tablet Recovery guide +title: Install Libreboot on Lenovo ThinkPad X60 Tablet x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +Open source BIOS/UEFI firmware +------------------------------ + +This document will teach you how to install Libreboot, on your +Lenovo Thinkpad X60 Tablet laptop motherboard. +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project +that replaces proprietary BIOS/UEFI firmware. + +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the system, making this difficult. In this situation, @@ -55,10 +65,10 @@ Refer to the external flashing guide: [Externally rewrite 25xx NOR flash via SPI protocol](spi.md) NOTE: Do not use the 3.3v rail from your SPI programmer. Leave that disconnected. -For 3.3v, plug your charger into the mainboard (but do not power on the mainboard) +For 3.3v, plug your charger into the motherboard (but do not power on the motherboard) when the clip is connected. Before removing the clip, disconnect the charger. This will provide adequate 3.3v DC at correct current levels. The SPI flash on an -X60 Tablet shares a common 3.3V rail with many other components on the mainboard, +X60 Tablet shares a common 3.3V rail with many other components on the motherboard, which all draw a lot of current, more than most flashers can provide. Reverse the steps to re-assemble your system, after you've flashed the chip. diff --git a/site/docs/install/x60tablet_unbrick.md.description b/site/docs/install/x60tablet_unbrick.md.description new file mode 100644 index 0000000..42c3634 --- /dev/null +++ b/site/docs/install/x60tablet_unbrick.md.description @@ -0,0 +1 @@ +Unbricking a Lenovo ThinkPad X60 Tablet after botched Libreboot installation. diff --git a/site/docs/linux/grub_boot_installer.md b/site/docs/linux/grub_boot_installer.md index 4876ad1..d7a48a3 100644 --- a/site/docs/linux/grub_boot_installer.md +++ b/site/docs/linux/grub_boot_installer.md @@ -1,9 +1,10 @@ --- -title: Installing Linux +title: Boot Linux distro installers on Libreboot x-toc-enable: true ... -# Introduction +GRUB payload assumed +-------------------- This guide assumes that you are using the GRUB bootloader directly. If you're using SeaBIOS, it's quite intuitive and works similarly to other BIOS @@ -17,7 +18,9 @@ Linux distributions, by default). These instructions are intended to be generic, applicable to just about any Linux distribution. -## Prepare the USB Drive in Linux +Prepare the USB Drive in Linux +------------------------------ + If you downloaded your ISO while on an existing Linux system, here is how to create the bootable Linux USB drive: @@ -40,19 +43,25 @@ folder, this is the command we would run: That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). -## Prepare the USB drive in NetBSD +Prepare the USB drive in NetBSD +------------------------------- + [This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any Linux ISO image. -## Prepare the USB drive in FreeBSD +Prepare the USB drive in FreeBSD +-------------------------------- + [This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for installing FreeBSD. Use the `dd` method documented. This will work with any Linux ISO image. -## Prepare the USB drive in LibertyBSD or OpenBSD +Prepare the USB drive in OpenBSD +-------------------------------- + If you downloaded your ISO on a LibertyBSD or OpenBSD system, here is how to create the bootable Linux USB drive: @@ -78,14 +87,17 @@ the OpenBSD installer to it with `dd`. Here's an example: That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). -## GRUB2 config on external media +GRUB2 config on external media +------------------------------- Pick the menu option: *Search for GRUB2 configuration on external media* If the distro installer image has a `grub.cfg` file inside, this menuentry is scripted to find it. This works well for many distros. -## Debian or Devuan net install +Debian or Devuan net installation +--------------------------------- + Download the Debian or Devuan net installer. You can download the Debian ISO from [the Debian homepage](https://www.debian.org/), or the Devuan ISO from [the Devuan homepage](https://www.devuan.org/). @@ -97,12 +109,16 @@ You can select the option, in the Libreboot GRUB menu, to load GRUB config from external media, and that should work just fine. Alternatively, pick one of the ISOLINUX-related menu options. -## Booting ISOLINUX Images (Automatic Method) +Booting ISOLINUX Images (Automatic Method) +------------------------------------------ + Boot it in GRUB using the `Parse ISOLINUX config (USB)` option. A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual ISOLINUX menu provided by that distro. -## Booting ISOLINUX Images (Manual Method) +Booting ISOLINUX Images (Manual Method) +--------------------------------------- + These are generic instructions. They may or may not be correct for your distribution. You must adapt them appropriately, for whatever Linux distribution it is that you are trying to install. @@ -152,7 +168,11 @@ to see a list of USB devices/partitions. Of course, this will vary from distro to distro. If you did all of that correctly, then it should now be booting your USB drive in the way that you specified. -## Troubleshooting +Troubleshooting +--------------- + +### Display modes + Most of these issues occur when using libreboot with coreboot's `text-mode` with libgfxinit for video initialization. This mode is useful for text mode payloads, like `MemTest86+`, which expect `text-mode`, but for Linux @@ -162,6 +182,7 @@ do Kernel Mode Setting, so they are able to initialize a frame buffer in bare metal regardless of whatever coreboot is doing). ### debian-installer Graphical Corruption in Text-Mode (Debian and Devuan) + When using the ROM images that use Coreboot's `text mode`, instead of the coreboot framebuffer, while using libgfxinit, booting the Debian or Devuan net installer results in graphical corruption, because it is trying to switch to a diff --git a/site/docs/linux/grub_boot_installer.md.description b/site/docs/linux/grub_boot_installer.md.description new file mode 100644 index 0000000..cfeafa6 --- /dev/null +++ b/site/docs/linux/grub_boot_installer.md.description @@ -0,0 +1 @@ +Learn how to boot Linux distro installers on your Libreboot system. diff --git a/site/docs/linux/grub_cbfs.md b/site/docs/linux/grub_cbfs.md index 3f7a1fc..8406397 100644 --- a/site/docs/linux/grub_cbfs.md +++ b/site/docs/linux/grub_cbfs.md @@ -3,12 +3,21 @@ title: Modifying grub.cfg in CBFS x-toc-enable: true ... +Configure boot order and so on +------------------------------ + Read [Libreboot flashing guides](../install/) before continuing, and make sure to back up the current flash contents before you consider following this guide. Before you follow this guide, it is advisable that you have the ability to [flash externally](../install/spi.md), just in case something goes wrong. +Libreboot's *GRUB* payload is much more flexible than most other types of boot +payload, but can sometimes require hands-on configuration depending on what you +want to do. + +### Why modify the configuration? + Libreboot's own GRUB configuration automatically scans for one provided by your distro, and this automation will usually work. Sometimes, you might wish to override it with your own custom menuentry or additional logic in the GRUB @@ -17,10 +26,11 @@ to actually *put in the config* will not be covered here. This guide will simply teach you how to modify the config, but not what to put, whereas the [GRUB hardening](../linux/grub_hardening.md) guide specifically -says what to modify; cross reference that page and this page. +says what to modify; cross reference that page and this page, if you want to +follow the GRUB hardening guide. Otherwise, this page contains generic guidance. **Disable security before continuing** -================================ +-------------------------------------- **Before internal flashing, you must first disable `/dev/mem` protections. Make sure to re-enable them after you're finished.** @@ -32,12 +42,11 @@ flashing, from an existing installation. If you're externally flashing the machine, you can ignore this advice. Build dependencies -================== +------------------ **Please first [install build dependencies](../build/).** -Coreboot utilities ------------------- +### Coreboot utilities You need `cbfstool` from coreboot. For whatever board you have, check which coreboot tree it uses in Libreboot's build system, lbmk. For example, let's @@ -59,8 +68,7 @@ This will result in the following binary: `elf/cbfstool/default/cbfstool` We won't assume the path to cbfstool, in the remainder of this guide, so adapt accordingly. -GRUB utilities --------------- +### GRUB utilities Again, let's assume the coreboot board is `x200_8mb`. Check the file `config/coreboot/x200_8mb/target.cfg` for `grubtree` - if it's not set, @@ -72,8 +80,7 @@ This will compile GRUB for the given tree. If you need to use any of the GRUB utilities, this command will build them and in this example, they will be available under `src/grub/default/`. -Flashprog ---------- +### Flashprog Compile flashprog like so: @@ -82,7 +89,7 @@ Compile flashprog like so: A binary will appear at `elf/flashprog/flashprog`. Default GRUB config -=================== +------------------- The coreboot image has its own filesystem, CBFS, and within CBFS is the GRUB binary, and within the GRUB binary is another filesystem called memdisk, where @@ -91,10 +98,9 @@ the default GRUB configuration is located. You can override it by inserting your own GRUB config within CBFS. Acquiring a GRUB config -======================= +----------------------- -Dump the boot flash -------------------- +### Dump the boot flash This is only useful if you already inserted a GRUB config in CBFS. Otherwise, you can grab it from Libreboot's build system, lbmk. @@ -105,8 +111,7 @@ look at the [main flashing guide](../install/). Those guides show how to dump the flash contents, which you are advised to do. -Default GRUB config location ----------------------------- +### Default GRUB config location We'll assume that your GRUB tree is `default`, so the file `config/grub/default/config/payload` is your GRUB config; this will be the @@ -116,7 +121,7 @@ Modify *that* file, or the one you extracted if you already inserted a custom one before, and you will re-insert it when you're done. Insert grubtest.cfg -=================== +------------------- Before reading the next section, please note: if you only have the fallback GRUB config in memdisk, and no configs in CBFS, you can test the modified @@ -128,7 +133,7 @@ Libreboot will not automatically load it, but it will be available from the default GRUB menu. This can be useful for test purposes, hence the name. Insert new grub.cfg -=================== +------------------- If you already have a `grub.cfg` in cbfstool, you can extract and modify that one, e.g.: @@ -155,7 +160,7 @@ test config from the default menu, before deciding whether to make it the main config, as `grub.cfg`, overriding the one in GRUB memdisk. Flash the modified ROM image -============================ +---------------------------- Check the [Libreboot flashing guide](../install/) which says how to flash the new image. diff --git a/site/docs/linux/grub_cbfs.md.description b/site/docs/linux/grub_cbfs.md.description new file mode 100644 index 0000000..c40fb3f --- /dev/null +++ b/site/docs/linux/grub_cbfs.md.description @@ -0,0 +1 @@ +The GNU boot loader GRUB can read from coreboot's file system, and boot Linux/BSD systems from the flash. Learn how to configure this behaviour. diff --git a/site/docs/linux/grub_hardening.md b/site/docs/linux/grub_hardening.md index efdf128..b390235 100644 --- a/site/docs/linux/grub_hardening.md +++ b/site/docs/linux/grub_hardening.md @@ -1,21 +1,53 @@ --- -title: Hardening GRUB +title: Hardened GNU boot loader (GRUB payload) x-toc-enable: true ... +What is Secure libreBoot? +------------------------- + +Libreboot provides open source BIOS/UEFI firmware, replacing proprietary +BIOS/UEFI firmware, and that precisely is Libreboot's primary mission; Libreboot +is a [Free Software](https://writefreesoftware.org/learn) project, *first*. +Our *next* priority is to provide you with *highly secure* boot firmware, free +from backdoors and with well-audited code. *This* document does just that, by +telling you how to *harden* your Libreboot installation against various physical +access attacks. + +### Not UEFI SecureBoot! + +UEFI SecureBoot was invented by Microsoft for booting Microsoft Windows. We +don't use UEFI SecureBoot in the Libreboot project, because UEFI SecureBoot +is *completely inferior* to Libreboot's security model. We call our own +security model *Secure libreBoot* and we use neither BIOS nor UEFI; we use GRUB! + +*Strong encryption* is the name of the game. You will use the *GRUB payload*. GRUB supports various security mechanisms that are not enabled by default. This page will tell you how to enable them, for the purpose of boot security, both detecting and attempting to prevent certain types of attack. +Please also expect to brick your machine at least once, because many of these +changes are highly invasive and may even require you to *modify source code*. **Make sure you have an [external SPI programmer](../install/spi.md), for recovery purposes, just in case you brick your machine. The modifications -documented here are highly invasive and it would be easy to make mistakes.** +documented here are highly invasive. An external SPI programmer can be used +to restore the previous working state, should a brick occur.** + +Libreboot's design philosophy is that the most non-technical user must be +catered to first, which means that certain security hardening steps are skipped +by default. With the steps documented here, you will be able to thwart many +types of physical attack on your machine. Many of the types of configurations +documented here are *unique*, and available only in Libreboot! (or otherwise +only *practical* in Libreboot) Full disk encryption -==================== +-------------------- [Encrypted /boot with LUKS2 on argon2 key derivation is now -possible](../../news/argon2.md). +possible](../../news/argon2.md) - the work is based on that done by +Patrick Steinhardt, importing PHC's Argon2 implementation. This was later added +to GRUB 2.06 on the Arch Linux AUR by Ax333l, and Nicholas Johnson later rebased +it for GRUB 2.12 to use in Libreboot's GRUB payload. This is covered in the [main Linux guide](./#encrypted-boot-via-luks2-with-argon2), in the @@ -30,7 +62,7 @@ You are advised to do this *first*, because steps below depend on certain configuration changes to be made on your installed Linux distro. **Dependencies (do this first)** -============================= +-------------------------------- **Please read this: [Modifying GRUB in CBFS](grub_cbfs.md)** @@ -39,15 +71,14 @@ which tells you what modifications to actually perform, whereas the guide linked above tells you how to apply your modifications for flashing.** Flash write protection -====================== +---------------------- -Although not strictly related to GNU GRUB, flash protection will prevent anyone +Although not strictly related to GRUB, flash protection will prevent anyone except you from overwriting the flash without permission. This is important, because you don't want some malicious software running as root from overwriting your flash, thus removing any of the above protections. -Build-time write protect ---------------------------- +### Build-time write protect Let's assume your board is `x200_8mb`, do: @@ -79,22 +110,27 @@ Anyway, when you're done, save the config and then build it from source in lbmk. See: [build from source](../build/) -IFD-based flash protection --------------------------- +### IFD-based flash protection + +**NOTE: This CAN cause bricks on a lot of machines. You should use this with +care. The FLILL and/or PRx based methods are more reliable - also SMM methods. +You can reconfigure coreboot and enable the chipset-based flash protection there +which accomplishes the same result, and the benefit is that it can't easily +be overridden by an evel maid attack e.g. can't simply set the service jumper +on desktops.** The simplest way is to just do this: - ifdtool -x libreboot.rom -O libreboot.rom + ifdtool --lock libreboot.rom -O libreboot.rom If you did the step before, to compile `cbfstool`, you can find ifdtool in the `elf/` directory, e.g. `elf/ifdtool/default/ifdtool`. Use the ifdtool -version matching the coreboot tree for your mainboard. +version matching the coreboot tree for your motherboard. Note that this only works for Intel-based systems that use an Intel Flash Descriptor, which is actually most Intel systems that Libreboot supports. -Other facts ------------ +### Other facts Strapping `HDA_SDO` or `HDA_DOCK_EN` requires physical access, because you have to short a pin on the HDA chip on the motherboard, or there will be a header @@ -111,8 +147,7 @@ Enable `CONFIG_STRICT_DEVMEM` in your Linux kernel, or set `securelevel` above zero on your BSD setup (but BSD cannot be booted with GRUB very easily so it's a moot point). -FLILL ------ +### FLILL On Intel Flash Descriptor, you can insert up to four (4) commands on a list within, called *FLILL*; not yet documented, but any SPI command listed here @@ -120,14 +155,13 @@ would no longer work during internal flash operations. For example, you could use it to disable certain erase/write commands. You could also use it to disable *reads*. -PRx registers -------------- +### PRx registers Protected Range registers are available on Intel platforms, to disable flash writes. This is not yet documented, and it varies per platform. -GRUB Password -============= +GRUB password +------------- The security of this setup depends on a good GRUB password as GPG signature checking can be disabled through the GRUB console with this command: @@ -165,7 +199,7 @@ GRUB will also ask for a username in addition to the password; the "root" user is specified above, but you can cahnge it to whatever you want. Unset superusers -================ +---------------- Find this line in `grub.cfg`: @@ -180,7 +214,7 @@ because `unset superusers` in fact disables passwordh authentication, so it's very important that you comment out this line. Disable the SeaBIOS menu -==================== +------------------------ **Very important. Make sure you read this carefully.** @@ -208,8 +242,7 @@ Release images with `seagrub` in the name already have this bootorder file, so you only need to disable the menu on these images. If you have the image with `seabios` in the name (instead of `seagrub`), you must do both. -SeaBIOS option ROMs -------------------- +### SeaBIOS option ROMs SeaBIOS will also still execute PCI option ROMs. Depending on your preference, you may wish to disable this, but please note that this will break certain @@ -219,8 +252,27 @@ things like graphics cards. More information is available here: If you're using a graphics card, you *need* VGA option ROMs at least. +### GRUBSEA + +Another option is to make it so that GRUB is the primary payload on your board. +In this setup, SeaBIOS and U-Boot are still available. + +For your board's `target.cfg`, add this: + + payload_grubsea="y" + +E.g. `config/coreboot/x200_8mb/target.cfg` + +You should only do this on setups that have native graphics initialisation +e.g. Intel graphics (or FSP-based Intel graphics initialisation like on +Alderlake which sets up a similar framebuffer). + +If you can't use GRUB as a primary payload, then you can use SeaGRUB as above +and disable the SeaBIOS menu, making SeaBIOS load only GRUB; SeaGRUB is useful +because GRUB will piggyback off of the VGA setup done by SeaBIOS first. + GPG keys -======== +-------- First, generate a GPG keypair to use for signing. Option RSA (sign only) is ok. @@ -262,7 +314,7 @@ into CBFS, using instructions already provided on the GRUB CBFS guide linked above, earlier on in this guide. Enforce GPG check in GRUB -========================= +------------------------- The following must be present in `grub.cfg`, but please note that the background image used by GRUB is in the memdisk by default, not CBFS, so you @@ -281,7 +333,7 @@ the GRUB CBFS guide that was also linked above, earlier on in the article you're currently reading. Install the new image -===================== +--------------------- Now simply flash the new image, using the [flashing instructions](../install/). @@ -292,9 +344,30 @@ and the system is now unbootable, that's OK because you can use an external flasher; please read [external flashing instructions](../install/spi.md) -References -========== +Linux kernel hardening +---------------------- -* [GRUB manual](https://www.gnu.org/software/grub/manual/html_node/Security.html#Security) -* [GRUB info pages](http://git.savannah.gnu.org/cgit/grub.git/tree/docs/grub.texi) -* [Coreboot GRUB security howto](https://www.coreboot.org/GRUB2#Security) +You may also wish to compile your own kernel, because distro kernels will always +have code in the same place, so attackers are more easily able to know exactly +where to attack your kernel (ROP-based attacks). + +The Whonix/KickSecure Linux projects have guidance about Linux kernel +hardening: + +* +* +* + +There's info there about userspace too, but start with kernel first. Libreboot +is a boot firmware project, so Linux kernel hardening is beyond the scope of +the Libreboot project documentation, **for now**. + +(for now, because Libreboot may in fact provide a Linux distro in the flash +at some point, and this page will definitely be updated when that happens) + +References +---------- + +* GRUB manual: *https://www.gnu.org/software/grub/manual/html_node/Security.html#Security* +* GRUB info pages: *http://git.savannah.gnu.org/cgit/grub.git/tree/docs/grub.texi* +* Coreboot GRUB security howto: *https://www.coreboot.org/GRUB2#Security* diff --git a/site/docs/linux/grub_hardening.md.description b/site/docs/linux/grub_hardening.md.description new file mode 100644 index 0000000..f954096 --- /dev/null +++ b/site/docs/linux/grub_hardening.md.description @@ -0,0 +1 @@ +The GNU boot loader GRUB provides many encryption and boot protection schemes to increase security, rivalling schemes like UEFI SecureBoot. diff --git a/site/docs/linux/index.md b/site/docs/linux/index.md index bb17991..884be14 100644 --- a/site/docs/linux/index.md +++ b/site/docs/linux/index.md @@ -1,12 +1,12 @@ --- -title: Linux guides +title: Boot GNU and Linux on a Libreboot system x-toc-enable: true ... -NOTE: This guide pertains to x86 hosts, and does not cover supported CrOS/ARM -chromebooks. For ARM targets, you should refer to u-boot documentation. +GNU boot loader "GRUB" +-------- -This page is useful for those who wish to use the GRUB GRUB payload directly. +This page is useful for those who wish to use the boot loader called GRUB. If you're using SeaBIOS, the boot process will work similarly to traditional BIOS systems; refer to the SeaBIOS documentation on @@ -14,48 +14,26 @@ on Linux is generally assumed, especially for Libreboot development, but Libreboot also works quite nicely with [BSD systems](../bsd/). -Useful links -============ +### Booting Linux from GRUB payload -Refer to the following pages: +NOTE: This guide pertains to x86 hosts, and does not cover supported CrOS/ARM +chromebooks. For ARM targets, you should refer +to [u-boot documentation](../uboot/) - separate [U-Boot x86 +documentation](../uboot/uboot-x86.md) is also available. + +### Useful links + +Refer to these pages, hosted by the Libreboot project: * [How to Prepare and Boot a USB Installer in libreboot Systems](grub_boot_installer.md) * [Modifying the GRUB Configuration in libreboot Systems](grub_cbfs.md) * [How to Harden Your GRUB Configuration, for Security](grub_hardening.md) -NOTE ABOUT VGA MODES and GRUB -============================= - -Libreboot does not support switching VGA modes, when coreboot's libgfxinit is -used on Intel GPUs. Many distros will install GRUB, which Libreboot then finds -and executes, if running SeaBIOS payload; if using GRUB, just the distro's -grub.cfg file is loaded instead, by Libreboot's own GRUB in flash. - -Libreboot GRUB boots in text mode or uses the coreboot framebuffer. Anyway, -set `GRUB_TERMINAL=console` in GRUB and you should be fine. This avoids GRUB, -the one provided by your distro, switching video modes. - -In Debian for example (steps largely the same on other distros): - -Edit `/etc/default/grub` as root, and uncomment or add the line: - - GRUB_TERMINAL=console - -Then still as root, do these commands: - - export PATH="$PATH:/sbin" - update-grub - -NOTE: `update-grub` is very much Debian-centric. Not all distros will have it. -On Arch-based distros for instance, you might do: - - grub-mkconfig -o /boot/grub/grub.cfg - -Now your distro's GRUB menu should work, when your distro's GRUB bootloader is -executed from Libreboot's SeaBIOS payload. +They will provide specific information; the information below pertains mostly +to troubleshooting, and there are some notes about Full Disk Encryption: Encrypted /boot via LUKS2 with argon2 -======================================= +------------------------------------- Full encryption for basic LUKS2 (with PBKDF or argon2 key derivation) is supported in libreboot. Legacy LUKS1 is also supported. On *most* other @@ -103,8 +81,7 @@ At the time of the Libreboot 20231021 release, the GRUB upstream (on gnu.org) did not have these argon2 patches in its source tree, but Libreboot merges and maintains them out of tree. -argon2id --------- +### argon2id You should *specifically* use argon2id. Please ensure this, because some older LUKS2 setups defaulted to the weaker *argon2i*. This post by Matthew @@ -112,10 +89,46 @@ Garret contains information about that: +Libreboot's GRUB Argon2id implementation was created by Patrick Steinhardt, +who adapted PHC's Argon2 implementation for use in GRUB; Ax33l later added it +to Arch Linux AUR for GRUB 2.06, and Nicholas Johnson rebased *that* for +GRUB 2.12 so that Libreboot could use it. + NOTE: You should also read the instructions about about `GRUB_TERMINAL`. +NOTE ABOUT VGA MODES and GRUB +----------------------------- + +Libreboot does not support switching VGA modes, when coreboot's libgfxinit is +used on Intel GPUs. Many distros will install GRUB, which Libreboot then finds +and executes, if running SeaBIOS payload; if using GRUB, just the distro's +grub.cfg file is loaded instead, by Libreboot's own GRUB in flash. + +Libreboot GRUB boots in text mode or uses the coreboot framebuffer. Anyway, +set `GRUB_TERMINAL=console` in GRUB and you should be fine. This avoids GRUB, +the one provided by your distro, switching video modes. + +In Debian for example (steps largely the same on other distros): + +Edit `/etc/default/grub` as root, and uncomment or add the line: + + GRUB_TERMINAL=console + +Then still as root, do these commands: + + export PATH="$PATH:/sbin" + update-grub + +NOTE: `update-grub` is very much Debian-centric. Not all distros will have it. +On Arch-based distros for instance, you might do: + + grub-mkconfig -o /boot/grub/grub.cfg + +Now your distro's GRUB menu should work, when your distro's GRUB bootloader is +executed from Libreboot's SeaBIOS payload. + Rebooting system in case of freeze -=================================== +---------------------------------- Linux kernel has a feature to do actions to the system any time, even with it freezes, this is called a @@ -133,13 +146,12 @@ command line paramter. So append `sysrq_always_enabled=1` to your You can also run `# sysctl kernel.sysrq=1` to enable them. Fedora won't boot? -================== +------------------ This may also apply to CentOS or Redhat. Chroot guide can be found on [fedora website](https://docs.fedoraproject.org/en-US/quick-docs/bootloading-with-grub2/#restoring-bootloader-using-live-disk) -linux16 issue -------------- +### linux16 issue Libreboot's default GRUB config sources fedora's grub config `grub.cfg` (in `/boot/grub2/grub.cfg`), fedora by default makes use of the @@ -153,8 +165,11 @@ Set the `sixteenbit` variable to an empty string, then run: grub2-mkconfig -o /boot/grub2/grub.cfg -BLS issue ---------- +**NOTE: On newer Federa versions, setting the sixteenbit variable is +no longer required and it is no longer present. However, you should still +deal with the BLS issue, mentioned below:** + +### BLS issue With [newer versions of fedora](https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault), scripts from grub package default to generating [BLS](https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/) @@ -166,3 +181,6 @@ to `/etc/default/grub` (or modify existing one if it already exists): Then generate `grub.cfg` with: grub2-mkconfig -o /boot/grub2/grub.cfg + +These idiosyncrasies aside, Fedora is a great distro. It's well-tested with the +Libreboot build system, and it boots up just fine. diff --git a/site/docs/linux/index.md.description b/site/docs/linux/index.md.description new file mode 100644 index 0000000..865155d --- /dev/null +++ b/site/docs/linux/index.md.description @@ -0,0 +1 @@ +Learn how to install Linux distributions on your Libreboot system. diff --git a/site/docs/maintain/index.md b/site/docs/maintain/index.md index c2477a9..a4f9bb4 100644 --- a/site/docs/maintain/index.md +++ b/site/docs/maintain/index.md @@ -1,10 +1,16 @@ --- -title: lbmk maintenance manual +title: LibreBoot MaKe (lbmk) build system design and maintenance manual x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) -now, as of 27 January 2024, which is a fork of flashrom. +Open source BIOS/UEFI firmware +------------------------------ + +Libreboot is a [Free Software](https://writefreesoftware.org/learn) project, +replacing proprietary BIOS/UEFI firmware. It provides coreboot and a number +of *payloads* such as GRUB, U-Boot or SeaBIOS, which boot your operating system. +This document describes the very essence of Libreboot's design, how the project +functions and how releases are made. In addition to this manual, you should also refer to [porting.md](porting.md) and [testing.md](testing.md). @@ -12,7 +18,7 @@ and [testing.md](testing.md). Please also read about the [lbmk coding style and design](style.md). Automated coreboot build system -=============================== +------------------------------- This document describes the entire Libreboot build system, its design philosophy and how it's used to prepare Libreboot releases; it is provided as a *reference* @@ -37,8 +43,18 @@ check itself when running *any* command; if another command had to be executed first, it will do so automatically. Therefore, you can run any part of lbmk on its own, and the entire design is modular. +Use Free Software when possible +------------------------------- + +The coreboot software is nominally free, but occasionally requires an +additional file or two from the vendor on a few systems. The libreboot +project *allows* them, only when they are absolutely required. + +[Strict rules](../../news/policy.md) govern when this allowed, and +the [freedom status page](../../freedom-status.md) provides additional details. + Best practises for learning lbmk -================================ +-------------------------------- The follow sections will cover subdirectories, within lbmk. Contrary to what some may otherwise assume, it's best to learn about everything *except* scripts @@ -56,8 +72,7 @@ bottom-up; most documents take the latter approach, in other projects, but most people naturally want to learn how a specific thing works first, hence the approach taken here. -Don't be deceived by simplicity -------------------------------- +### Don't be deceived by simplicity Libreboot's build system is powerful, and highly configurable, yet deceptively simple at the same time. Remember this rule, a rule that applies to *all* @@ -67,29 +82,81 @@ Libreboot is [regularly](../../news/audit.md) [audited](../../news/audit2.md). Many people will be shocked by how *small* Libreboot is, at its core. You will be surprised by just how much can be done with so little. Continue reading! -libreboot blob reduction policy -============================ +System requirements +------------------- -The coreboot software is nominally free, but it requires additional files from -the vendor on many supported systems. These programs lack source code, and the -coreboot project does not control them, but they can be used to perform -specific initialization tasks. +This concerns system requirements when *building* Libreboot. -The libreboot project *allows* vendor code within coreboot, but there is *still* a -lot of nuance to precisely what is allowed. It is important that you understand -these nuances, when working on *libreboot*. +### Operating system -[Please read the blob reduction guidelines](../../news/policy.md) and also -the [freedom status page](../../freedom-status.md). +Any sensible Linux distribution will do. Libreboot's build system is regularly +testing on all the major distros. Please do report bugs if you encounter +issues. -Before *configuration* info, you will first be shown a brief overview of every -project that Libreboot imports, such as coreboot. +These distros, specifically, are the *most* well-tested: + +* Debian Linux +* Arch Linux +* Fedora Linux + +NOTE: Some patching is also done for non-glibc-based systems, such as +Alpine Linux, though we currently do not have an automated way to install +build dependencies for these distros. + +NOTE: **Linux** is assumed. BSD systems may work, for parts of the build system, +but BSD systems are currently not well-tested with lbmk. + +### **Dependencies** + +**Make sure you have dependencies installed!** + +**The [main build guide](../build) will tell you how to install dependencies.** + +### Host CPU + +At least an Intel Core 2 Duo, though we recommend much faster CPUs if building +entire release archives, e.g. quad-core Haswell CPU or better. + +NOTE: x86 boards require an *x86_64* host CPU with appropriate host toolchains +and libraries. We don't yet cross-compile x86 payloads. + +NOTE2: ARM64 motherboards *are* cross compiled, so you can build for AArch64 +machines quite easily, from x86 or ARM64 machines. + +NOTE3: *32-bit* x86 (i686) machines can be used to compile Libreboot, but +MemTest86\+ is only compiled for 64-bit, and not cross compiled, so builds +are disabled when lbmk detects a 32-bit host CPU. + +### Memory + +At least 2GB per CPU core, ideally 4GB; for example, 16GB RAM is recommended +if you're compiling an a quad-core CPU. + +NOTE: `XBMK_THREADS` environmental variable defaults to 1 if unset. This sets +the number of build threads, which you should match to the number of cores. +For example, when you're building on a quad-core, do this prior to building: + + export XBMK_THREADS=4 + +### Disk space + +About 20GB bare minimum, if only compiling for 1 board. The sources take up a +lot of space. However, Libreboot is always expanding as it's developed. + +At least 50GB of free disk space is therefor recommended. + +We *actually* recommend 100GB, because Libreboot will also have a Linux distro +in flash on a future release. On our testing, disk I/O does not seem to be a +major bottleneck, so any HDD or SSD will do, but we obviously recommend a +fast NVMe (PCI-E) SSD if you can. + +**Before *configuration* info, you will first be shown a brief overview of every +project that Libreboot imports, such as coreboot.** Environmental variables -======================= +----------------------- -XBMK\_THREADS -------------- +### XBMK\_THREADS For example: @@ -100,18 +167,17 @@ This would build on two threads, when running lbmk. It defaults to 1. Previous revisions of lbmk used `nproc` by default, but this was set to 1 instead, because nproc is not available on every operating system. -XBMK\_RELEASE -------------- +### XBMK\_RELEASE -If set to `y`, it signals to `script/roms` that a release is being built, +If set to `y`, it signals that a release is being built, and it will honour `release="n"` in target.cfg files. You could also set this -yourself, when doing regular builds, if you wanted to test how `./build roms` +yourself when doing regular builds, if you wanted to test how `./mk -b coreboot` behaves running it in release mode. Do this if you want to: export XBMK_RELEASE=y Projects/files downloaded/generated by lbmk -=========================================== +-------------------------------------------- The following sections will describe files and directories that are not included in `lbmk.git`, but *are* created by running various lbmk commands; @@ -120,8 +186,7 @@ many of these will also be provided, pre-generated, under release archives. Some of these are *downloaded* by Libreboot's build system, automatically, while others are created during the build process based on these downloaded programs. -bin/ ---------------- +### bin/ This directory is created when running any of the following commands, with the right arguments: @@ -143,16 +208,14 @@ into copies of these images in files under `bin/`. However, modern lbmk now only puts coreboot images in `bin/`, with payloads included. If you still have `elf/` coreboot images in your lbmk tree, please do not -use them (and you may aswell delete them). +use them (and you may as well delete them). -cache/ ---------------- +### cache/ Certain files are cached here automatically, by lbmk. The user need not touch these files. -cache/app --------------- +### cache/app/ When vendor updates are extracted, they go here, which is then processed to find individual files for use in coreboot images (e.g. KBC1126 EC firmware). @@ -160,8 +223,7 @@ find individual files for use in coreboot images (e.g. KBC1126 EC firmware). This directory is constantly over-written, so it's essentially another temporary directory used by the build system. -cache/file/ --------------- +### cache/file/ Files that are downloaded are hashed, and the cached version of the file is stored there, named as the SHA512 checksum. This is used for vendor file @@ -175,8 +237,7 @@ files relative to the directory locations for those repositories, but subfiles are not downloaded to the *cached git repository*, only the work directory used for building in lbmk. -cache/hash ---------------- +### cache/hash/ When lbmk is handling any project, it sorts a list of files under `config/` including `config/project` (or `config/project/TREE`) and `config/data/project`. @@ -189,20 +250,17 @@ If the currently stored hash differs from what's calculated, it means that the project has changed, and the source directories plus builds are deleted. The project source is then re-prepared and re-build. -cache/repo --------------- +### cache/repo/ Git repositories are cached here. This avoids wasting bandwidth, when downloading multiple repositories. **Git submodules are also cached here!** -ec/ ---------------- +### ec/ KBC1126 EC firmware goes here, required on HP EliteBook laptops. These images are inserted into those coreboot images, under `elf/` *and* `bin/`. -elf/ ---------------- +### elf/ **DO NOT flash coreboot ROM images contained under `elf/`. Please use ROM images under `bin/` instead! - In modern lbmk, only the ones under `bin/` are ever @@ -237,23 +295,20 @@ As of Libreboot 20240612, the `elf/` directory must be used by default for all builds, in an effort to make exclusive use of *out-of-source builds*. As such, the `cbutils` directory is no longer used. -mrc/ ---------------- +### mrc/ Intel System Agent downloaded at build time for HP EliteBook 820 G2. The *Haswell* MRC file is no longer downloaded here, because Haswell machines now use native raminit *exclusively*; only Broadwell uses MRC, at present. -pciroms/ ---------------- +### pciroms/ PCI Option ROMs, currently used only for the VGA ROM on models of Dell Latitude E6400 containing an Nvidia GPU; it provides video initialisation, where coreboot currently only initialises Intel GPUs natively, on Libreboot systems. -release/ ---------------- +### release/ The script at `build` create tarballs in here, which constitute regular Libreboot releases. It is meticulously maintained, as per @@ -285,13 +340,11 @@ Or with a custom directory: The build system expects there to be a *git tag*, so make sure there is one. This is used to create the version number for a given release. -src/ ----- +### src/ Third-party source trees are downloaded into this directory, by lbmk. -src/bios\_extract/ ---------------- +### src/bios\_extract/ Used by the vendor file handler scripts. The upstream that we use is here: @@ -300,8 +353,7 @@ The `dell_inspiron_1100_unpacker.py` script is used here, to extract from Dell BIOS updates, to get at the VGA ROM for Nvidia GPU on certain models of Dell Latitude E6400. -src/biosutilities/ ---------------- +### src/biosutilities/ Used by the vendor file handler scripts. The upstream that we use is here: @@ -309,28 +361,26 @@ Used by the vendor file handler scripts. The upstream that we use is here: Specifically: the pfs extract utility from this is used on Dell vendor updates, to extract SCH5545 EC (Environment Control) firmware. -src/coreboot/ ---------------- +### src/coreboot/ Please also visit: Coreboot is the main boot firmware, providing hardware initialisation. Libreboot -makes extensive use of coreboot, on supported mainboards. +makes extensive use of coreboot, on supported motherboards. Coreboot trees go here. Libreboot's build system does not simply use one tree, or multiple branches in the same tree; entirely separate directories are created, for each revision of coreboot used, each able to have its own patches. -These can then be re-use appropriately, per mainboard. For example: +These can then be re-use appropriately, per motherboard. For example: -* `src/coreboot/default` is used by most mainboards. +* `src/coreboot/default` is used by most motherboards. * `src/coreboot/cros` is used by cros devices. This may be less efficient on disk usage, but it simplifies the logic greatly. Coreboot also uses its own toolchain called *crossgcc*, and crossgcc is in fact compiled *per tree* in Libreboot. -src/deguard/ ------------- +### src/deguard/ Mate Kukri's utility that disables the Intel Boot Guard on Intel MEv11-based PCH. More info available on the [deguard page](../install/deguard.md). @@ -355,18 +405,16 @@ out and replaced by deguard, with one specific to the target machine. More information is available on the deguard page, and in the deguard README, which when downloading in lbmk in the `src/deguard/` directory. -src/flashprog/ ---------------- +### src/flashprog/ Please also visit: Although currently unused by any part of lbmk, we provide flashprog for the -convenience of users, and this is copied to release archives. Flashrom is the +convenience of users, and this is copied to release archives. Flashprog is the program that you will use to read, erase and write the flash, containing coreboot firmware. -src/gpio-scripts ----------------- +### src/gpio-scripts This is a fork of the original gpio-scripts. The fork is maintained by Riku Viitanen, based on code written by Angel Pons (author of the Haswell native @@ -377,12 +425,9 @@ machines, when porting new boards to coreboot. NOTE: Not included in Libreboot yet, but `intelp2m` is used instead for this purpose, on much newer Intel systems (from around Skylake era or later). -src/grub/TREE ---------------- +### src/grub/TREE -Please also visit: - -The GNU GRUB bootloader, a reference multiboot implementation with its own +The GRUB bootloader, a reference multiboot implementation with its own small kernel/OS and drivers (e.g. file systems, cryptography). This is the default recommended [coreboot payload](https://doc.coreboot.org/payloads.html) on x86-based Libreboot systems. GRUB will load and execute your Linux kernel, @@ -411,22 +456,19 @@ tree contains NVMe SSD support but not xHCI support. The `default` tree contains no NVMe or xHCI support. All trees otherwise have the same fixes on top of upstream GRUB, e.g. fix for Dell Latitude keyboard controllers. -src/int/ --------- +### src/int/ Riku Viitanen wrote this tool for debugging, when implementing MXM option ROM support in coreboot and SeaBIOS, for the HP EliteBook 8560w. -src/memtest86plus/ ---------------- +### src/memtest86plus/ Please also visit: This is provided inside ROM images, as a payload executed from main GRUB or SeaBIOS payload. It checks for corrupted memory. -src/mxmdump/ ------------- +### src/mxmdump/ Riku Viitanen wrote this utility, for dumping the MXM config on graphics cards that use it. The HP EliteBook 8560w uses these cards, and normally you would @@ -439,8 +481,7 @@ SeaBIOS. If the MXM data is not handled, the VGA option ROM (when executed) will often complain and refuse to boot; some of them can be hacked to bypass this fact, but such hacks are no longer required because of Riku's tool. -src/seabios/ ---------------- +### src/seabios/ Please also visit: @@ -452,15 +493,14 @@ particular, the BSD bootloaders can be executed from SeaBIOS. This is provided as a coreboot payload, either as first payload or it can be executed from GRUB (if GRUB is the main payload, on a given target). -src/u-boot/ ---------------- +### src/u-boot/ Please also visit: This is a bootloader provided on ARM chromebooks, within Libreboot. It also provides UEFI. Information about that can be found on these resources: -* [U-Boot documentation](../u-boot/) +* [U-Boot documentation](../uboot/) * [Chromebook documentation](../install/chromebooks.md) This is currently the only payload on *ARM* systems, within Libreboot. @@ -470,20 +510,18 @@ More information can be found on the [U-Boot x86 page](../uboot/uboot-x86.md); it is available as an alternative to the traditional SeaBIOS and GRUB payloads, and it can successfully boot UEFI applications on x86 Libreboot systems. -src/uefitool/ ---------------- +### src/uefitool/ Please also visit: This is compiled, so as to provide `UEFIExtract`. Currently used by the -vendor download logic within `include/vendor.sh`, to download SCH5545 EC +vendor download logic within `include/inject.sh`, to download SCH5545 EC firmware (used for fan control on Dell Precision T1650). This has also been modified to build reliably on non-glibc-based systems e.g. Alpine Linux, which uses musl libc. -src/pcsx-redux ----------------- +### src/pcsx-redux/ PCSX-Redux is a Sony Playstation (PS1/PSX) emulator, but Libreboot only uses one part from it: the Open BIOS. This is used by Libreboot to provide an @@ -494,8 +532,7 @@ More information available on the [PlayStation page](../install/playstation.md). This is automatically compiled by the main build script, and the resulting BIOS image is provided in Libreboot release archives. -src/pico-serprog ---------------------------- +### src/pico-serprog/ Used by lbmk, to build firmware for serprog-based SPI flashers with RP2040 SoC. Alongside this, `util-fw/rp2040/pico-sdk` is imported which is required for @@ -506,8 +543,7 @@ Please visit these pages: * * -src/stm32-vserprog ----------------------- +### src/stm32-vserprog/ Used by lbmk, to build firmware for serprog-based SPI flashers with STM32 MCU. Alongside this, `libopencm3` is imported which is required for building it. @@ -522,8 +558,7 @@ Before moving onto configurations, we will now cover *utilities* provided by Libreboot itself (included within lbmk, rather than being downloaded like the third party projects listed above): -tmp/ ---------------- +### tmp/ The `TMPDIR` environmental variable is set by lbmk, to a location under `/tmp`, but some users may have `/tmp` mounted as a *tmpfs* (file system in RAM), and @@ -532,8 +567,7 @@ may not have much RAM. Where large files (or a large number of files) are handled by lbmk on a temporary basis, this `tmp/` directory is created and then used. -vendorfiles/ ---------------- +### vendorfiles/ Used by the vendor file handler scripts, referenced in certain coreboot configs. @@ -542,7 +576,7 @@ here; not all such files are downloaded here however, as some are handled under separate directories. util/ -=============== +----- If a codebase is not frequently used by Libreboot, is actively developed (making it not viable to maintain in Libreboot) or the codebase is very large, we would @@ -552,8 +586,7 @@ where the intention is that `lbmk.git` itself should be small and efficient. Where appropriate, and where the code is small enough, or it is otherwise deemed desirable, `lbmk.git` provides a few utilities as part of itself, namely: -util/dell-flash-unlock/ ---------------- +### util/dell-flash-unlock/ This program, written by Nicholas Chin, unlocks the boot flash on Dell Latitude E6400; it permits internal flashing, from factory firmware to Libreboot, so that @@ -562,8 +595,7 @@ the user need not disassemble and flash externally. It also supports several other Dell laptops, with similar ECs. Check the README file included in this directory, for more information. -util/me7\_update\_parser/ ---------------- +### util/me7\_update\_parser/ This is a special fork of `me_cleaner`, specifically for parsing and neutering Intel ME images provided by Lenovo for ThinkPad X220 and other Lenovo @@ -579,12 +611,7 @@ auto-neuters Intel ME images, during build, so that the user does not have to manually extract such images from dumps of the original vendor firmware (in the flash) on a given machine. -Such logic was ported to Libreboot, courtesy of `shmalebx9` as mentioned -on the [who page](../../who.md) - Caleb is a core developer in the Libreboot -project. - -util/nvmutil/ ---------------- +### util/nvmutil/ The `nvmutil` software allows you to set the MAC address on Intel GbE NVM files. It also allows you to set *random* MAC addresses, in addition to @@ -595,12 +622,10 @@ about here: [nvmutil manual](../install/nvmutil.md) -util/spkmodem\_recv/ ---------------- +### util/spkmodem\_recv/ -FSF has original copyright on this; it was imported from coreboot, who in turn -imported it from GRUB with very little modification. Therefore, this code is -canonically based on what is provided in GNU GRUB. +Libreboot imported this from coreboot, who is turn imported it from GRUB with +little to no modification. This is a receiving client for spkmodem, which is a method of providing serial consoles via pulses on the PC speaker. The `spkmodem_recv` client will *decode* @@ -611,11 +636,12 @@ or coreboot source code and you'll find it). However, the original code from GRUB was of quite poor quality and this code is often used. For fun, it was decided that this utility would be imported -directly into `lbmk.git`, and thoroughly cleaned. The lbmk version has been -more or less re-written, using the original logic as a base; variables are -more clearly named. A top-down, OpenBSD-inspired coding style is used, -replacing the GNU coding style implemented in the original code. The [OpenBSD -coding style][https://man.openbsd.org/style.9] is much easier to read. +directly into `lbmk.git`, and thoroughly cleaned. The lbmk version has +been re-written. + +A top-down, OpenBSD-inspired coding style is used, +replacing the coding style implemented in the original code. The [OpenBSD +coding style](https://man.openbsd.org/style.9) is much easier to read. This code has been modified to make use of the `pledge()` system call, when used on [OpenBSD](https://www.openbsd.org/); the original version from GRUB did not @@ -634,13 +660,12 @@ do this. Other improvemnts include: by lbmk: config/ -======= +------- This directory contains configuration files, used by the Libreboot build system. These next sections will cover specific configuration files. -config/PROJECT\*/nuke.list --------------------------- +### config/PROJECT\*/nuke.list The script `include/git.sh` handles deletion of certain files, for downloaded projects, based on a `nuke.list` file that can (for single-tree projects) be @@ -658,8 +683,7 @@ foo/bar.txt Ditto `src/flashprog/`, if you wanted to delete a file from in there, as one other example. Deletions occur when the source tree is created. -config/vendor/ ---------------- +### config/vendor/ URLs and hashes for vendor files containing Intel ME images within them. Where feasible, backup URLs are also provided. SHA512 checksums are defined, so that @@ -675,10 +699,9 @@ installing Libreboot or any other spin of coreboot. This file is also used to define the VGA ROM, on Nvidia models of Dell Latitude E6400. -config/coreboot ---------------- +### config/coreboot/ -### config/coreboot/BOARDNAME/ +#### config/coreboot/BOARDNAME/ Each target name (e.g. `x200_8mb`) has its own directory under here. Targets that do not define defconfigs also exist here; for example, the `default` @@ -693,14 +716,14 @@ the vendor scripts, for adding or removing certain vendor firmware (for example, a config will define where `me.bin` is located, and if it doesn't exist, the vendor scripts will look up that file and download/process it with `me_cleaner`). -### config/coreboot/BOARDNAME/patches/ +#### config/coreboot/BOARDNAME/patches/ For any given coreboot tree, patches with the `patch` file extension are placed here, alphanumerically in the order that they should be applied. These patches are then so applied, when lbmk downloads the given source tree. -### config/coreboot/BOARDNAME/target.cfg +#### config/coreboot/BOARDNAME/target.cfg This file can contain several configuration lines, each being a string, such as: @@ -709,6 +732,7 @@ as: * `rev="ad983eeec76ecdb2aff4fb47baeee95ade012225"` (example entry) * `xarch="i386-elf"` (example entry) * `payload_grub="y"` (example entry) +* `payload_grubsea="y"` * `payload_seabios="y"` (example entry) * `payload_memtest="y"` (example entry) * `payload_uboot="y"` (example entry) @@ -757,6 +781,18 @@ hence `xarch`. The `payload_grub` entry specifies whether or not GRUB is to be included in ROM images. +The `payload_grubsea` entry specifies that GRUB shall be the primary payload, +instead of SeaBIOS; SeaGRUB is disabled in this setup. You should only use this +where an Intel graphics device is present, or otherwise where native graphics +initialisation is present; it is also feasible on Intel Alderlake platforms, +but only where an Intel GPU is present; where a given system can use other +graphics devices, they must be unplugged or otherwise disabled. For example, you +must remove the graphics card on your desktop machine and only use the Intel +graphics, where it is available. Because of this, `payload_grubsea` is not +currently enabled by default (and SeaBIOS is more stable so it's a nice fallback +in case a bug in GRUB would otherwise brick your machine, because you can +bypass it and use SeaBIOS). + The `payload_seabios` entry specifies whether or not SeaBIOS is to be included in ROM images. If GRUB is also enabled, standalone SeaBIOS images will be created alongside SeaGRUB images. SeaGRUB is where SeaBIOS automatically @@ -797,7 +833,7 @@ by this variable, to also be present. The `grubtree` option specifies which GRUB tree to use. If unset, it defers to the `default` GRUB tree. -### config/coreboot/BOARDNAME/config/ +#### config/coreboot/BOARDNAME/config/ Files in this directory are *coreboot* configuration files. @@ -875,8 +911,7 @@ Even if your board doesn't actually use `libgfxinit`, the config for it should still be named as such. From a user's perspective, it really makes no difference. -config/dependencies/ ---------------- +### config/dependencies/ Files here are so named, and called like so: e.g. the `debian` file would be referenced when running: @@ -887,8 +922,7 @@ These files define a list of packages, and the correct package manager command to use on a given distro. This can be used to install build dependencies, which are required for compiling Libreboot from source code. -config/git/ ---------------- +### config/git/ Configuration related to third-party Git repositories, that Libreboot makes use of. @@ -903,8 +937,7 @@ of their own; for example, `config/grub/` exists. Multiple files exist here, and they are *concatenated* in a temporary file by lbmk, which is then scanned to find information about projects. -config/data/PROJECT/mkhelper.cfg --------------------------------- +### config/data/PROJECT/mkhelper.cfg These `mkhelper.cfg` files define common configuration that can be supplied for any single- or multi-tree project. Arguments available are as follows: @@ -949,18 +982,17 @@ In the simplest of terms, you may regard mkhelpers as *plugins*, of a sort. They simply extend the core functionality of the build system, in a way that can differ flexibly between projects. -GRUB config ---------------- +### GRUB config -### config/data/grub/background +#### config/data/grub/background/ Splash screen images applied duing startup when using the GRUB payload. -### config/data/grub/background/background1024x768.png +#### config/data/grub/background/background1024x768.png Used on ThinkPad X60 and T60. -### config/data/grub/background/background1280x800.png +#### config/data/grub/background/background1280x800.png Used on all other machines, besides X60 and T60 thinkpads. @@ -970,23 +1002,23 @@ example, `config/coreboot/x60/target.cfg` specifies this: grub_background="background1024x768.png" -### config/data/grub/background/COPYING +#### config/data/grub/background/COPYING Licensing info for GRUB bootsplash images. -### config/grub/TREE/config/ +#### config/grub/TREE/config/ GRUB configuration files. -### config/grub/config/AUTHORS +#### config/grub/config/AUTHORS Author info for GRUB configuration files. -### config/grub/config/COPYING +#### config/grub/config/COPYING Licensing info for GRUB configuration files. -### config/grub/TREE/config/payload +#### config/grub/TREE/config/payload This is a configuration file. It is used to program GRUB's shell. @@ -1000,7 +1032,7 @@ A `grubtest.cfg` can be inserted into CBFS, but it will not override the default `grub.cfg` (either in CBFS or on memdisk); however, the one in memdisk will provide a menuentry for switching to this, if available. -### config/data/grub/memdisk.cfg +#### config/data/grub/memdisk.cfg This GRUB configuration checks whether `grub.cfg` exists in CBFS and switches to that first (not provided by default) or, if one is not available in CBFS, @@ -1010,12 +1042,12 @@ The GRUB memdisk is a file system within `grub.elf`, itself stored within the coreboot file system named *CBFS*, which is part of the coreboot ROM image on every coreboot target. -### config/data/grub/keymap/ +#### config/data/grub/keymap/ Keymap files used by GRUB. They can alter the character set corresponding to inputted scancodes. -### config/data/grub/keymap/\*.gkb +#### config/data/grub/keymap/\*.gkb The keymap files themselves. These are inserted into the GRUB memdisk, and the `grub.cfg` file can specify which one is to be used. @@ -1024,7 +1056,7 @@ These files are binary-encoded, defining which characters correspond to which scancodes. It is handled by `grub-core/commands/keylayouts.c` in the GRUB source code. -### config/data/grub/module/TREE +#### config/data/grub/module/TREE This defines which modules are inserted into `grub.elf`. These modules can be anything from file systems, small applications/utilities, launchers (e.g. @@ -1038,7 +1070,7 @@ This list is used by lbmk when it runs `grub-mkstandalone`, which is the utility from GRUB that generates `grub.elf` files (to be compressed inside CBFS and then executed as a coreboot payload). -### config/grub/TREE/patches/ +#### config/grub/TREE/patches/ For a given GRUB revision, patches with the `patch` file extension are placed here, alphanumerically in the order that they should be applied. For example, @@ -1047,84 +1079,81 @@ partitions to be decrypted by GRUB. These patches are then so applied, when lbmk downloads the given source tree. -config/ifd/\* ---------------- +### config/ifd/\* Intel Flash Descriptors and GbE NVM images, which are binary-encoded configuration files. These files are referenced in coreboot defconfigs, used by lbmk to build coreboot ROM images. -config/seabios/ ---------------- +### config/seabios/ -### config/data/seabios/build.list +#### config/data/seabios/build.list When a given SeaBIOS tree is compiled, for a given target, this file defines which files to copy from the `seabios/` directory, which are then copied to a location under `elf/seabios`. -### config/seabios/default/ +#### config/seabios/default/ Currently the only tree in use, this defines what SeaBIOS revision is to be used, when the SeaBIOS payload is enabled on a given coreboot target. -### config/seabios/default/config/ +#### config/seabios/default/config/ Configuration files go in here. -### config/seabios/default/config/libgfxinit +#### config/seabios/default/config/libgfxinit Configuration file for when native video initialisation is available in coreboot. -### config/seabios/default/config/normal +#### config/seabios/default/config/normal Configuration file for when native video initialisation is unavailable in coreboot, and VGA ROM initialisation is also not provided by coreboot (in this configuration, the usual setup will be that *SeaBIOS* finds and executes them, instead of coreboot). -### config/seabios/default/config/vgarom +#### config/seabios/default/config/vgarom Configuration file for when native video initialisation is unavailable in coreboot, and VGA ROM initialisation is provided by coreboot; in this setup, SeaBIOS should not execute VGA ROMs. -### config/seabios/default/target.cfg +#### config/seabios/default/target.cfg Similar concept to `target.cfg` files provided by coreboot. This specifies which SeaBIOS revision (from Git) is to be used, when compiling SeaBIOS images. -config/u-boot/ ---------------- +### config/u-boot/ -This directory contains configuration, patches and so on, for each mainboard +This directory contains configuration, patches and so on, for each motherboard that can use U-Boot as a payload in the `lbmk` build system. U-Boot doesn't yet have reliable generic configurations that can work across all coreboot boards (per-architecture), so these are used to build it per-board. -### config/data/u-boot/build.list +#### config/data/u-boot/build.list When a given U-Boot tree is compiled, for a given target, this file defines which files to copy from the U-Boot source build, which are then copied to a location under `elf/u-boot/`. -### config/u-boot/TREENAME/ +#### config/u-boot/TREENAME/ -Each `TREENAME` directory defines configuration for a corresponding mainboard. +Each `TREENAME` directory defines configuration for a corresponding motherboard. It doesn't actually have to be for a board; it can also be used to just define a U-Boot revision, with patches and so on. To enable use as a payload in ROM images, this must have the same name as its `config/coreboot/TREENAME/` counterpart. -### config/u-boot/TREENAME/patches/ +#### config/u-boot/TREENAME/patches/ For any given U-Boot tree, patches with the `patch` file extension are placed here, alphanumerically in the order that they should be applied. These patches are then so applied, when lbmk downloads the given source tree. -### config/u-boot/TREENAME/target.cfg +#### config/u-boot/TREENAME/target.cfg This file can contain several configuration lines, each being a string, such as: @@ -1135,7 +1164,7 @@ as: These are similar in meaning to their coreboot counterparts. -The tree` entry is actually a link, where its value is a directory name +The `tree` entry is actually a link, where its value is a directory name under `config/u-boot`. For example, `tree="default"` would refer to `config/u-boot/default` and the corresponding U-Boot source tree created (when running `./mk u-boot`, which makes use of `target.cfg`) @@ -1160,7 +1189,7 @@ to a non-native arch means that necessary crossgcc-arch will be compiled and be available when building roms, but not necessarily built or discovered when individual scripts are called manually.* -### config/u-boot/TREENAME/config/ +#### config/u-boot/TREENAME/config/ Files in this directory are *U-Boot* configuration files. Configuration file names can be anything, but for now `default` is the only one used. @@ -1190,8 +1219,7 @@ Another interesting config option is `CONFIG_POSITION_INDEPENDENT` for ARM boards, which has been so far enabled in the ones `lbmk` supports, just to be safe. -config/submodule ----------------- +### config/submodule/ In here you can find submodule configurations for projects. It works for both single- and multi-tree projects. Use the existing examples as reference. @@ -1234,14 +1262,12 @@ because files are not extracted, only placed at their configured destination). The destination path in `module.list` is relative to the location of the main Git repository under which it is placed. -config/data/PROJECT -------------------- +### config/data/PROJECT/ Random configuration data provided on a per-project basis. Complements the `config/PROJECT` directory. -U-Boot build system -------------------- +### U-Boot build system If you wish to know about U-Boot, refer here:\ @@ -1273,28 +1299,24 @@ configs, but not for adding them. Adding them is to be done manually, based on the above guidance. Config files in lbmk root directory -=================================== +----------------------------------- -projectsite -------------- +### projectsite Domain name linking to the project home page (e.g. libreboot.org). -projectname ---------------- +### projectname This is a text file, containing a single line that says `libreboot`. This string is used by the build system, when naming releases alongside the version number. -version ---------------- +### version Updated each time lbmk runs, based on either `git describe` or, on release archives, this file is static and never changes. It says what Libreboot revision is currently in use (or was in use, if lbmk isn't running). -versiondate ---------------- +### versiondate Updated each time lbmk runs, based on either `git describe` or, on release archives, this file is static and never changes. It says the *time* of @@ -1304,38 +1326,23 @@ At last, you will now learn about the *scripts* (exclusively written as posix shell scripts) that constitute the entire Libreboot build system, lbmk: Scripts in root directory of lbmk -================================= +--------------------------------- -build ---------------- +### mk -This is the main script. Symlinks `vendor` and `update` also point to it, as -does `mk`. Direct use of this script is considered deprecate, because in a -future audit, it will be removed; the `./mk` commands will be used, -exclusively, so please use only `./mk` as directed here and elsewhere. +This is the main build script. -Take any given file under `script/` and you can do: - - ./build file # (THIS IS NOT A VALID COMMAND) - -For example: +Example commands: ./mk -b coreboot ./mk -Special commands available (not provided by files under `script/`): +Special commands available: ./mk release ./mk inject ./mk -d coreboot TARGET # also downloads vendor files -The `vendor` commands are handled by the `build` script, calling functions -inside `include/vendor.sh`, and the `./mk release` logic is handled -directly by the `build` script. - -More information about `./vendor` commands can be found -here: [inserting vendor files](../install/ivy_has_internal.md) - Information about `./mk release` is written elsewhere on this page. You can also know what build system revision you have by running: @@ -1344,170 +1351,6 @@ You can also know what build system revision you have by running: This script is the beating heart of Libreboot. Break it and you break Libreboot. -include/ -=============== - -This directory contains *helper scripts*, to be included -by main scripts using the `.` command (called the `source` -command in `bash`, but we rely upon posix `sh` only). - -include/git.sh --------------- - -These functions in here previously existed as independent scripts, but they -were unified here, and they are used when you pass the `-f` argument -to `script/update/trees` (e.g. `./mk -f coreboot`). - -These functions deal with git cloning, submodule updates, revision resets and -the application of patch files via `git am`. *Every* git repository downloaded -by lbmk is handled by the functions in this file. - -include/mrc.sh --------------- - -This was previously a separate script. The download logic was removed, and -now the logic under `include/vendor.sh` is used for downloads. This file now -only contains those functions used for extraction of MRC files from Google -Chromebook images, currently only used for Haswell mainboards. - -This is an include, used by `include/vendor.sh`, but it's here in -this file because the vendor download script is GPLv3-only, while the MRC -extract logic in this file is GPLv2-only (forked from coreboot ages ago). Thus, -it is provided as an include to bypass license incompatibility. It has been -heavily modified to use the same style of logic and general control flow used -in the script at `include/vendor.sh`, and it is used from there. - -include/lib.sh ---------------- - -Several other parts of lbmk also use this file. It is added to as little as -possible, and contains miscallaneous functions that don't belong anywhere else. - -The functions here are mostly those that deal with configuration files; scanning -them to set variables and so on. - -This file also contains generic error handling, used by all lbmk scripts. - -This also contains functions to verify the current libreboot version, and check -whether Git is properly initialised on the host system. It also contains -the `setvars` function, which provides a shorthand way of initialising many -variables (combined with use of `eval`), which lbmk uses heavily. - -This function also contains `x_()` which lbmk uses to execute commands -and ensure that they cause an exit (with non-zero status) from lbmk, if they -return an error state. - -This also includes the `mk()` function, which can be used as shorthand to -build multiple projects, but it doesn't handle targets within multi-tree projects, -so if for example you say `mk coreboot`, it would build every coreboot target. -This is useful for the release build logic, because now it can much more simply -build all of Libreboot, while still being flexible about it. - -include/rom.sh ------------ - -This builds coreboot ROM images. Specifically, this contains mkhelper functions. -It also builds serprog images, and it could be used to provide functions for -building other types of firmware. - -Command: `./mk -b coreboot targetname` - -The `targetname` argument must be specified, chosen from this output: - - ./mk -b coreboot list - -Pass several board names if you wish to build only for specific targets. For -example: - - ./mk -b coreboot x60 x200_8mb - -To build *all* targets, specify: - - ./mk -b coreboot - -For x86 targets, these scripts build with the GRUB and/or SeaBIOS payloads -inserted into the ROM images; secondary payloads like Memtest86+ are also -handled and inserted here. - -It heavily makes use of the `target.cfg` file, for a given board. This script -will *only* operate on a single target, from a directory in `config/coreboot/`. - -If `grub_scan_disk` is set, it sets that in the `scan.cfg` file that is to be -inserted into a ROM image, when `payload_grub` is turned on. - -It automatically detects if `crossgcc` is to be compiled, on a given coreboot -tree (in cases where it has not yet been compiled), and compiles it for a -target based on the `arch` entry in `target.cfg`. - -It creates ROM images with GRUB, SeaBIOS, U-Boot, optionally with Memtest86+ -also included, in various separate configurations in many different ROM images -for user installation. - -If no payload is defined in `target.cfg`, the `build/roms` script will exit -with error status. - -If SeaBIOS is to be used, on `libgfxinit` setups, SeaVGABIOS will also be -inserted. This provides a minimal VGA compatibility layer on top of the -coreboot framebuffer, but does not allow for *switching* the VGA mode. It is -currently most useful for directly executing ISOLINUX/SYSLINUX bootloaders, -and certain OS software (some Windows setups might work, poorly, depending on -the board configuration, but don't hold your breath; it is far from complete). - -If SeaBIOS is to be used, in `vgarom` setups or `normal` setups, SeaVGABIOS -is not inserted and you rely on either coreboot and/or SeaBIOS to execute VGA -option ROMs. - -In all cases, this script automatically inserts several SeaBIOS runtime -configurations, such as: `etc/ps2-keyboard-spinup` set to 3000 (PS/2 spinup -wait time), `etc/pci-optionrom-exec` set to 2 (despite that already being -the default anyway) to enable *all* option ROMs, unless `vgarom` setups are -used, in which case the option is set to *0* (disabled) because coreboot is -then expected to handle option ROMs, and SeaBIOS should not do it. - -This script handles U-Boot separately, for ARM-based chromeos devices. - -When the ROM is finished compiling, it will appear under a directory in `bin/` - -This script is the beating heart of Libreboot. Break it, and you break -Libreboot! - -CCACHE is automatically used, when building coreboot, but not currently for -other projects. This is done by cooking coreboot configs at build time, enabling -coreboot's build option for it. - -Serprog images: --------------- - -Build firmware images for serprog-based SPI programmers, where they use an -STM32 MCU. It also builds for RP2040-based programmers like Raspberry Pi Pico. - -Example command: `./mk -b pico-serprog` - -Example command: `./mk -b stm32-vserprog` - -This also uses `rom.sh` as with the coreboot image build logic. It's all -defined in that file, so read the main section pertaining to this file. - -include/vendor.sh ------------------ - -Helper functions for downloading and injecting vendor files. How to use: - - ./mk inject ARGUMENTS - ./mk -d coreboot TARGET - -Refer elsewhere in the documentation for how to handle vendor files. - -script/ -======= - -script/trees ------------- - -*This* is the other beating heart of Libreboot. Used heavily by Libreboot, this -script is what handles defconfig files for SeaBIOS, U-Boot *and* coreboot; it -used to be separate scripts, but the logic was unified under this single script. - It *also* handles simple git trees, where there is only one revision for the project, e.g. GRUB, and the command syntax is the same. Whether a project is multi-tree or single-tree is determined by the presence of the @@ -1622,3 +1465,154 @@ All of this used to about 20 different scripts, all with much-duplicated logic. Now it is unified, efficiently, under a single script. Remember: code equals bugs, so less code equals fewer bugs. + +include/ +-------- + +This directory contains *helper scripts*, to be included +by main scripts using the `.` command (called the `source` +command in `bash`, but we rely upon posix `sh` only). + +### include/git.sh + +These functions in here previously existed as independent scripts, but they +were unified here, and they are used when you pass the `-f` argument to `mk`. + +These functions deal with git cloning, submodule updates, revision resets and +the application of patch files via `git am`. *Every* git repository downloaded +by lbmk is handled by the functions in this file. + +### include/mrc.sh + +This was previously a separate script. The download logic was removed, and +now the logic under `include/inject.sh` is used for downloads. This file now +only contains those functions used for extraction of MRC files from Google +Chromebook images, currently only used for Haswell motherboards. + +This is an include, used by `include/inject.sh`, but it's here in +this file because the vendor download script is GPLv3-only, while the MRC +extract logic in this file is GPLv2-only (forked from coreboot ages ago). Thus, +it is provided as an include to bypass license incompatibility. It has been +heavily modified to use the same style of logic and general control flow used +in the script at `include/inject.sh`, and it is used from there. + +### include/lib.sh and init.sh + +The `init.sh` file contains generic lbmk initialisation, and extra library +functions are contained inside `lib.sh`. + +Several other parts of lbmk also use this file. It is added to as little as +possible, and contains miscallaneous functions that don't belong anywhere else. + +The functions here are mostly those that deal with configuration files; scanning +them to set variables and so on. + +This file also contains generic error handling, used by all lbmk scripts. + +This also contains functions to verify the current libreboot version, and check +whether Git is properly initialised on the host system. It also contains +the `setvars` function, which provides a shorthand way of initialising many +variables (combined with use of `eval`), which lbmk uses heavily. + +This function also contains `x_()` which lbmk uses to execute commands +and ensure that they cause an exit (with non-zero status) from lbmk, if they +return an error state. + +This also includes the `mk()` function, which can be used as shorthand to +build multiple projects, but it doesn't handle targets within multi-tree projects, +so if for example you say `mk coreboot`, it would build every coreboot target. +This is useful for the release build logic, because now it can much more simply +build all of Libreboot, while still being flexible about it. + +### include/rom.sh + +This builds coreboot ROM images. Specifically, this contains mkhelper functions. +It also builds serprog images, and it could be used to provide functions for +building other types of firmware. + +Command: `./mk -b coreboot targetname` + +The `targetname` argument must be specified, chosen from this output: + + ./mk -b coreboot list + +Pass several board names if you wish to build only for specific targets. For +example: + + ./mk -b coreboot x60 x200_8mb + +To build *all* targets, specify: + + ./mk -b coreboot + +For x86 targets, these scripts build with the GRUB and/or SeaBIOS payloads +inserted into the ROM images; secondary payloads like Memtest86+ are also +handled and inserted here. + +It heavily makes use of the `target.cfg` file, for a given board. This script +will *only* operate on a single target, from a directory in `config/coreboot/`. + +If `grub_scan_disk` is set, it sets that in the `scan.cfg` file that is to be +inserted into a ROM image, when `payload_grub` is turned on. + +It automatically detects if `crossgcc` is to be compiled, on a given coreboot +tree (in cases where it has not yet been compiled), and compiles it for a +target based on the `arch` entry in `target.cfg`. + +It creates ROM images with GRUB, SeaBIOS, U-Boot, optionally with Memtest86+ +also included, in various separate configurations in many different ROM images +for user installation. + +If no payload is defined in `target.cfg`, the `build/roms` script will exit +with error status. + +If SeaBIOS is to be used, on `libgfxinit` setups, SeaVGABIOS will also be +inserted. This provides a minimal VGA compatibility layer on top of the +coreboot framebuffer, but does not allow for *switching* the VGA mode. It is +currently most useful for directly executing ISOLINUX/SYSLINUX bootloaders, +and certain OS software (some Windows setups might work, poorly, depending on +the board configuration, but don't hold your breath; it is far from complete). + +If SeaBIOS is to be used, in `vgarom` setups or `normal` setups, SeaVGABIOS +is not inserted and you rely on either coreboot and/or SeaBIOS to execute VGA +option ROMs. + +In all cases, this script automatically inserts several SeaBIOS runtime +configurations, such as: `etc/ps2-keyboard-spinup` set to 3000 (PS/2 spinup +wait time), `etc/pci-optionrom-exec` set to 2 (despite that already being +the default anyway) to enable *all* option ROMs, unless `vgarom` setups are +used, in which case the option is set to *0* (disabled) because coreboot is +then expected to handle option ROMs, and SeaBIOS should not do it. + +This script handles U-Boot separately, for ARM-based chromeos devices. + +When the ROM is finished compiling, it will appear under a directory in `bin/` + +This script is the beating heart of Libreboot. Break it, and you break +Libreboot! + +CCACHE is automatically used, when building coreboot, but not currently for +other projects. This is done by cooking coreboot configs at build time, enabling +coreboot's build option for it. + +### Serprog images: + +Build firmware images for serprog-based SPI programmers, where they use an +STM32 MCU. It also builds for RP2040-based programmers like Raspberry Pi Pico. + +Example command: `./mk -b pico-serprog` + +Example command: `./mk -b stm32-vserprog` + +This also uses `rom.sh` as with the coreboot image build logic. It's all +defined in that file, so read the main section pertaining to this file. + +### include/inject.sh + +Helper functions for downloading and injecting vendor files. How to use: + + ./mk inject ARGUMENTS + ./mk -d coreboot TARGET + +Refer elsewhere in the documentation for how to handle vendor files, and/or +read [the guide](../install/ivy_has_common.md). diff --git a/site/docs/maintain/porting.md b/site/docs/maintain/porting.md index 294757b..8353f69 100644 --- a/site/docs/maintain/porting.md +++ b/site/docs/maintain/porting.md @@ -1,9 +1,11 @@ --- -title: Porting guide for new mainboards +title: Porting Libreboot to new Intel-based motherboards ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** NOTE: This page is largely Intel-centric, at present. It should be revised to cover more vendors. [Patches welcome!](../../git.md) @@ -14,7 +16,11 @@ Most boards in coreboot can be quite easily ported to libreboot. You don't need any knowledge of a particular programming language or technology in general to port a board. If you want to make more major contributions to the build system, -please read the [main maintenance page.](/docs/maintain/index.html) +please read the [LibreBoot MaKe (lbmk) build system design and maintenance +manual](./). + +Background information +---------------------- You will certainly need flashing equipment if you wish to follow this guide. See the [flashing guide](/docs/install/spi.html) to find out what you'll need. @@ -40,7 +46,7 @@ unclear, then contact libreboot developers. The best way to get in touch is via [libreboot irc.](/contact.html#irc-chatroom) Cloning lbmk -============ +------------ Before you try to get any work done, you'll need to clone the lbmk (libreboot make) project. @@ -51,8 +57,8 @@ the project. If you want more information on building lbmk see [the build instructions.](/docs/build/index.html) -Coreboot Config -=============== +Coreboot config +--------------- Coreboot payloads (GRUB, Seabios, etc) are built separately. You therefore only need to focus on the coreboot config(s) for `board.` @@ -71,8 +77,8 @@ You can then easily modify the existing coreboot configs for you board via lbmk. This script will provide a curses interface through which you can easily modify the necessary variables and settings. -The most important thing to change is `Mainboard.` -You must make sure that the mainboard definition in this config matches `board.` +The most important thing to change is `Motherboard.` +You must make sure that the motherboard definition in this config matches `board.` For example, you would want to change lenovo/t420 to lenovo/t420s. Selecting `exit` in the curses interface will prompt you to ask if you want to save your changes, make sure to answer yes. @@ -92,7 +98,7 @@ If you try to flash this rom and it fails, then there are two probable reasons: Solutions to these problems follow in the proceeding sections. Wrong CBFS and or ROM size -========================== +-------------------------- Different boards have different flash chip setups. Generally, you have one or two flash chips with a combined size of 4-16MB. @@ -111,8 +117,8 @@ for various rom sizes. | 12MB | 0xBE0000 | | 16MB | 0xFE0000 | -Getting Help -============ +Getting help +------------ Once you have tried everything above, you might find that the board still doesn't work. diff --git a/site/docs/maintain/porting.uk.md b/site/docs/maintain/porting.uk.md index bae34b4..e390d8e 100644 --- a/site/docs/maintain/porting.uk.md +++ b/site/docs/maintain/porting.uk.md @@ -2,8 +2,10 @@ title: Керівництво перенесення ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** Це керівнитво передбачається для тих, хто має дуже низький рівень знань про прошивку загалом та coreboot окремо. @@ -38,7 +40,7 @@ libreboot як `плата.` Найкращий шлях вийти на зв'язок через [irc libreboot.](/contact.uk.html#кімната-irc) Клонування lbmk -============ +--------------- Перед тим, як ви спробуєте зробити будь-яку роботу, вам потрібно буде клонувати проект lbmk (libreboot make). Щоб зробити це, ви будете потребувати git, встановлений на вашій машині. Ви можете потім клонувати @@ -49,7 +51,7 @@ libreboot як `плата.` Якщо ви хочете більше інформації про побудову lbmk, дивіться [інструкції побудови.](/docs/build/index.uk.html) Конфігурація Coreboot -=============== +--------------------- Корисні навантаження Coreboot (GRUB, Seabios, і так далі) будуються окремо. Ви таким чином тільки потребуєте фокусуватись на конфігурації(ях) coreboot для `плати.` @@ -64,11 +66,11 @@ libreboot як `плата.` Ви можете потім легко модифікувати існуючі конфігурації coreboot для вашої плати через lbmk. - ./update trees -m coreboot t420s_12mb + ./mk -m coreboot t420s_12mb Цей сценарій надать інтерфейс curses, через який ви можете легко модифікувати потрібні змінні та налаштування. -Найбліьш важлива річ - це змінити `Материнську плату (Mainboard).` +Найбліьш важлива річ - це змінити `Материнську плату (Motherboard).` Ви мусити переконатись, що визначення материнської плати в цій конфігурації відповідає `платі.` Наприклад, ви би хотіли змінити lenovo/t420 на lenovo/t420s. Вибір `exit` в інтерфейсі curses виведе вам пропозицію зберегти ваші @@ -79,7 +81,7 @@ libreboot як `плата.` Тепер ви можете побудувати та випробувати rom для `плати.` Як тільки ви завершили це, ви можете спробувати прошивку отриманого rom на вашу плату в якості випробування. - ./build roms t420s_12mb + ./mk -b coreboot t420s_12mb Якщо ви пробуєте прошити цей rom і це провалюється, тоді існує дві можливих причини: @@ -89,7 +91,7 @@ libreboot як `плата.` Рішення до цих проблем ідуть в наступних розділах. Неправильний розмір CBFS та/або розмір ROM -========================== +------------------------------------------ Різні плати мають різні налаштування чіпів флеш-пам'яті. Загалом, ви маєте один або два флеш-пам'яті з сумарним розміром в 4-16Мбайт. @@ -109,7 +111,7 @@ libreboot як `плата.` | 16Мбайт | 0xFE0000 | Отримання допомоги -============ +------------------ Коли ви спробували все вищенаведене, ви могли би знайти, що ця плата досі не працює. diff --git a/site/docs/maintain/style.md b/site/docs/maintain/style.md index 5dc773c..9733a8a 100644 --- a/site/docs/maintain/style.md +++ b/site/docs/maintain/style.md @@ -1,5 +1,5 @@ --- -title: lbmk coding style and design +title: LibreBoot MaKe (lbmk) build system coding style x-toc-enable: true ... @@ -13,7 +13,7 @@ and several practises may persist in spite of it; nonetheless, this article shall serve as a reference for lbmk development. NO BASHISMS -=========== +----------- Libreboot's build system was previously written in Bash, and actually used Bash-specific behaviour. This was later *corrected*, thanks largely to work @@ -27,15 +27,14 @@ and an even more excellent introduction: (seriously, it's good. Read it!) Design -====== +------ Libreboot's build system design is very simple: put as much as possible under `config/`, and keep actual logic to a minimum. You can read about that design in the [lbmk maintenance manual](index.md). -No Makefiles ------------- +### No Makefiles We have Makefiles in some C programs, under `util/`, and projects that we import may use Makefiles, but lbmk itself does not contain any Makefiles. Instead, we @@ -46,7 +45,7 @@ code is more readable. It's easier to implement a cleaner coding style, which the next sections will cover. Coding style -============ +------------ Read and go read a few userland program source trees in OpenBSD's main CVS tree. This is the style that inspires the lbmk @@ -60,19 +59,17 @@ Libreboot scripts, and also C programs like `nvmutil`, are heavily inspired by this style. We insist on its use, because this style is extremely readable and forces you to write better code. -main on top ------------ +### main on top In every lbmk script, it is our intention that there be a `main()` function. All logic should be inside a function, and `main()` should be the function that executes first; at the bottom of each script, insert this line: - main $@ + main "$@" This will execute `main()`, passing any arguments (from the user's shell) to it. -Top-down logic --------------- +### Top-down logic *Every* function called from main should always be *below* the calling function. Therefore, if multiple functions call a given function, that function should be @@ -118,11 +115,10 @@ complicated_function() do_some_complicated_stuff || return 1 } -main $@ +main "$@" ``` -PWD is always root of lbmk --------------------------- +### PWD is always root of lbmk In any script executed by lbmk, under `script/`, the work directory is relative to the main `lbmk` script. In other words, all scripts under `script/` also @@ -131,8 +127,7 @@ assume this. This is actually one of the reasons for that design, as also alluded to in the main [lbmk maintenance manual](index.md). -main should only be a simple skeleton -------------------------------------- +### main should only be a simple skeleton The `main()` function should not implement much logic itself. Each script in lbmk is its own program. The `main()` function should contain the overall @@ -144,7 +139,7 @@ be below a function that builds ROM images with SeaBIOS payloads inside them, when building coreboot ROM images. One task, one script -==================== +-------------------- Not literally *one task*, but one theme, one *kind* of overall task. For example, `script/build/roms` builds final ROM images of coreboot, @@ -155,7 +150,7 @@ another program that does another thing very well; programs communicate with each other via the universal method, namely text. Error handling -============== +-------------- Where feasible, a script should do: @@ -183,8 +178,7 @@ For example: $err "function_name: this shit doesn't work. fix it." -Do not directly exit --------------------- +### Do not directly exit Please try to use `err` for all error exits. @@ -196,8 +190,7 @@ A script should either return zero status, or call `err()`. An individual function may, in some cases, return 1 or 0 itself, which would then be handled accordingly by the calling function. -How to handle errors --------------------- +### How to handle errors There are some instances where errors should be *ignored*, in which case you might do: @@ -211,7 +204,7 @@ command succeeded, then do this. Never mix `&&` and `||` If/else blocks -============== +-------------- Keep these simple, and where possible, maybe don't use them at all! For example: @@ -236,8 +229,7 @@ or do something ``` -Warnings --------- +### Warnings In C, the `stderr` file is 2 as represented by `int fd` style. In shell scripts, it's the same: 1 for standard output, 2 for errors/warnings. The `err` function @@ -249,25 +241,24 @@ should not yield an exit, you should do something like this: printf "function_name: this is dodgy stuff. fix it maybe?\n" 1>&2 Avoid passing arguments excessively -=================================== +----------------------------------- In functions, use of arguments passed to them can be useful, but in general, they should be avoided; use global variables when feasible. Do not exceed 80 characters per line -==================================== +------------------------------------ See: RFC 3676 Excessively long code lines are really annoying to read. Use tab-based indendation -========================= +------------------------- A new line should begin with tab indentation, in a function. -Multi-line commands -------------------- +### Multi-line commands Use \\ at the end, as you would, but use *four spaces* to indent on the follow-up line. For example: @@ -281,14 +272,14 @@ function_name() ``` Use printf! -=========== +----------- Don't use `echo` unless there's some compelling reason to do so. The `printf` functionality is more standard, across various sh implementations. env -=== +--- Don't do: @@ -301,22 +292,22 @@ Do: This is more portable, between various Unix systems. Be portable! -============ +------------ In addition to not using bashisms, commands that lbmk uses must also be portable; where possible, third party projects should be tweaked. This is actually something that is currently lacking or otherwise untested -in Libreboot; it's currently assumed that only Linux (specifically GNU+Linux) +in Libreboot; it's currently assumed that only GNU/Linux (specifically GNU/Linux) will work, because many of the projects that Libreboot makes use of will use -bashisms, or other GNUisms (e.g. GNU-specific C extensions or GNU Make specific +bashisms, or other GNUisms (e.g. GNU-specific C extensions or GMake specific behaviour in Makefiles). Work+testing is sorely needed, in this area. It would be nice if Libreboot could be built on BSD systems, for example. Do as little as possible -======================== +------------------------ Don't over-engineer anything. Write as simply as you can, to perform a single task. This is basically the same as what has been written elsewhere, but it's diff --git a/site/docs/maintain/testing.md b/site/docs/maintain/testing.md index 6d3d749..81980e1 100644 --- a/site/docs/maintain/testing.md +++ b/site/docs/maintain/testing.md @@ -12,7 +12,7 @@ Libreboot strives to make Coreboot accessible for as many users as possible. To accomplish this goal, we must add as many boards as possible. As the total number of supported boards increases it becomes more and more difficult for our main contributors to test every single release for every single supported board. -We therefore need the help of the community in testing releases before they are +We therefore need the help of users in testing releases before they are distributed to users. You do *not* need to be a developer in order to be a board maintainer. @@ -35,12 +35,12 @@ maintainer or multiple maintainers; more is better. Please read the following sections to understand the specifics of maintaining a board. -NOTE: If there are already testers for a given mainboard, *you* can still -provide testing for the same mainboard if that's what you have. The more the +NOTE: If there are already testers for a given motherboard, *you* can still +provide testing for the same motherboard if that's what you have. The more the merrier! Be Contactable -============== +-------------- You should monitor whatever email you provide in your application. There is no specific time-frame for how long it should take after @@ -50,7 +50,7 @@ If you are the *only* maintainer for your board then please take into consideration that your input is especially vital. Have External Flashing Equipment -================================ +-------------------------------- The roms you test will of course be untested. To avoid having a bricked machine, you need to have external flashing @@ -62,7 +62,7 @@ Refer to [Coreboot's documentation](https://doc.coreboot.org/) or ask on IRC if you are unsure. Testing Procedure -================= +----------------- You will receive an email when roms are ready for testing. The email will link to an open issue on our [current git hosting platform.](/git.html#lbmk-libreboot-make) @@ -83,6 +83,6 @@ note: [insert any notes if relevant] For example, a board status comment might look like this: - board: t440p_12mb - status: fail - note: GRUB throws error 'something_is_b0rked' + board: t440p_12mb + status: fail + note: GRUB throws error 'something_is_b0rked' diff --git a/site/docs/maintain/testing.uk.md b/site/docs/maintain/testing.uk.md index 369c4c8..be3f733 100644 --- a/site/docs/maintain/testing.uk.md +++ b/site/docs/maintain/testing.uk.md @@ -37,7 +37,7 @@ Libreboot намагається зробити Coreboot доступним дл краще! Будьте доступними для зв'язку -============== +-------------------------- Вам варто відслідковувати будь-яку електронну пошту, що ви вкажете в вашому поданні. Немає конкретного часового проміжку для того, скільки має пройти часу після того, як @@ -47,27 +47,27 @@ Libreboot намагається зробити Coreboot доступним дл врахуйте, що ваш внесок є особливо значущим. Майте обладнання для зовнішньої прошивки -================================ +------------------------------------- Образи rom, які ви випробуєте, будуть звісно невипробуваними. Задля уникнення отримання непрацездатної машини, вам потрібно мати обладнання для зовнішньої прошивки в наявності для відновлення вашої плати з поламаного rom. -В більшості випадків ви можете посилатися на [керівництво SPI.](../install/spi.html) +В більшості випадків ви можете посилатися на [керівництво SPI](../install/spi.md). В менш частих випадках -таких як, деякі ARM chromebook- ваша плата може бути прошита іншим чином. Посилайтесь на [документацію Coreboot](https://doc.coreboot.org/) або спитайте в IRC, якщо не впевнені. Процедура випробування -================= +--------------------- Ви отримаєте лист електронною поштою, коли образи rom будуть готовими для випробування. -Лист електронною поштою буде посилатися на відкритий issue на нашій [поточній платформі розміщення git.](/git.html#lbmk-libreboot-make) +Лист електронною поштою буде посилатися на відкритий issue на нашій [поточній платформі розміщення git.](../../git.md#lbmk-libreboot-make) Чи ви отримаєте лист електронною поштою через поштовий домен libreboot.org, або один з email розробників, вам варто перевірити (для вашої власної безпеки), -що завантажені rom підписано з [офіційним ключем.](/download.html#gpg-signing-key) +що завантажені rom підписано з [офіційним ключем.](../../download.md#gpg-signing-key) Коли ваше випробування закінчено, прокоментуйте в issue, на яке наведено посилання в вашому відправленому листі електронною поштою, таким чином: @@ -80,6 +80,6 @@ note: [вставьте будь-які приміткі, якщо релева Наприклад, відгук про статус плати міг би виглядати подібним чином: - board: t440p_12mb - status: fail - note: GRUB throws error 'something_is_b0rked' + board: t440p_12mb + status: fail + note: GRUB throws error 'something_is_b0rked' diff --git a/site/docs/misc/codenames.md b/site/docs/misc/codenames.md index c56a431..33740b5 100644 --- a/site/docs/misc/codenames.md +++ b/site/docs/misc/codenames.md @@ -6,7 +6,7 @@ x-toc-enable: true TODO: this page could do with an update. More info, about more boards Introduction -============ +------------ This document lists product codenames for some hardware. Please note that just because a certain device is listed here does NOT mean @@ -28,7 +28,7 @@ of reliability): they will appear silver. List of models and codenames -============================ +---------------------------- ### Codenames @@ -101,6 +101,7 @@ under RAM sticks. - Port Replicator II - Seville-lite ### Miscellaneous + - [Calistoga](https://ark.intel.com/products/codename/5950/Calistoga): 945GM/945PM chipset family name - Napa: calistoga based platform @@ -118,7 +119,8 @@ GM45/GS45/PM45 chipset family name. of it fully describes its operation. See also -======== +-------- + - Many more Intel codenames can be found at [Wikipedia](https://en.wikipedia.org/wiki/List_of_Intel_codenames). - For ThinkPads see [Documentation/thinkpad/codenames.csv @ Coreboot] diff --git a/site/docs/misc/emulation.md b/site/docs/misc/emulation.md index 74def10..c6c8362 100644 --- a/site/docs/misc/emulation.md +++ b/site/docs/misc/emulation.md @@ -1,10 +1,10 @@ --- -title: Building Libreboot for Emulation +title: Building Libreboot for Emulation e.g. QEMU x-toc-enable: true ... -Introduction -============ +Libreboot on QEMU +----------------- Libreboot supports building for qemu as a target board. The resulting rom can then be tested using qemu. @@ -13,11 +13,15 @@ The qemu board is mostly intended to speed up development by removing the need t Qemu may also be useful for end users who intend to make changes to their libreboot rom without having to flash and reboot their machine. Building and Testing -==================== +-------------------- Libreboot can be built for qemu just like any other board. - ./build roms qemu_x86_12mb + ./mk -b coreboot qemu_x86_12mb + +There is also a target that has 64-but U-Boot payload: + + ./mk -b coreboot qemu_x86_64_12mb In order to test the resulting roms, you must have qemu installed on the host machine. Test the roms by pointing qemu to the rom in bios mode. @@ -29,7 +33,7 @@ For example: There is basic support for an arm64 virtual machine as well, although the payloads are not as developed as the x86 one: - ./build roms qemu_arm64_12mb + ./mk -b coreboot qemu_arm64_12mb ``` qemu-system-aarch64 -bios bin/qemu_arm64_12mb/uboot_payload_qemu_arm64_12mb_libgfxinit_corebootfb.rom \ @@ -53,11 +57,10 @@ qemu-system-aarch64 \ -bios bin/qemu_arm64_12mb/*.rom ``` -NOTE: After the 20230625 release, U-Boot support was removed from x86 Qemu. -It works fine on the aaarch64 one. +U-Boot is also available on the x86 QEMU images. Use Cases -========= +--------- While development is the primary motivation for qemu support, the board makes it easy to test minor changes to release roms. For example one can use *cbfstool* from coreboot to edit the background image in a libreboot rom as follows: diff --git a/site/docs/misc/index.md b/site/docs/misc/index.md index 4d54293..fad55de 100644 --- a/site/docs/misc/index.md +++ b/site/docs/misc/index.md @@ -1,12 +1,12 @@ --- -title: Miscellaneous +title: Miscellaneous Libreboot documentation x-toc-enable: true ... TODO: this page is very old, and could do with an update. High Pitched Whining Noise on Idle in Arch-based distros -============================================================== +-------------------------------------------------------- The following removes most of the noise. It reduces what is a high frequency whine (that not everyone can hear) to a slight buzz (which @@ -62,7 +62,6 @@ using [this guide](../linux/grub_cbfs.md). X60/T60: Serial port - how to use (for dock owners) [Note: using a grsec enabled kernel will disable the powertop function. ](https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options) -=================================================== For the Thinkpad X60 you can use the "UltraBase X6" dock (for the X60 Tablet it is called X6 Tablet UltraBase). For the ThinkPad T60, you @@ -85,7 +84,7 @@ There are also others like Minicom but Screen works nicely. By doing this before booting the X60/T60, you will see console output from libreboot. You will also see GRUB displaying on the serial output, -and you will be able to see MemTest86+ on the serial output aswell. You +and you will be able to see MemTest86+ on the serial output as well. You can also configure your distro so that a terminal (TTY) is accessible from the serial console. @@ -97,8 +96,8 @@ Note: part of the tutorial above requires changing your grub.cfg. Just change the `linux` line to add instructions for enabling getty. See [../linux/grub\_cbfs.md](../linux/grub_cbfs.md). -Finetune backlight control on intel gpu's -========================================= +Finetune backlight control on intel GPUs +---------------------------------------- Sometimes the backlight control value (BLC\_PWM\_CTL) set by libreboot is not ideal. The result is either flicker, which could cause nausea or @@ -190,7 +189,7 @@ on page 94. More research needs to be done on this target so proceed with care. Power Management Beeps on Thinkpads -=================================== +----------------------------------- When disconnecting or connecting the charger, a beep occurs. When the battery goes to a critically low charge level, a beep occurs. Nvramtool @@ -225,7 +224,7 @@ Finally, you need to flash the rom with this new image. See here for a detailed explanation. Get EDID: Find out the name (model) of your LCD panel -===================================================== +----------------------------------------------------- Get the panel name: @@ -248,7 +247,7 @@ removing the LCD panel is an option. Usually, there will be information printed on the back. e1000e driver trouble shooting (Intel NICs) -=========================================== +------------------------------------------- Example error, ¿may happen on weird and complex routing schemes(citation needed for cause): diff --git a/site/docs/sitegen/index.md b/site/docs/sitegen/index.md new file mode 100644 index 0000000..fbce19b --- /dev/null +++ b/site/docs/sitegen/index.md @@ -0,0 +1,850 @@ +--- +title: Libreboot Static Site Generator (lbssg) +x-toc-enable: true +... + +Home of your favourite firmware to boot GNU / Linux +--------------------------------------------------- + +This document describes the *static site generator*, which is used to build +the Libreboot website; it was previously called the *Untitled Static Site +Generator* and hosted separately, but it is now an official component of +the Libreboot project, since 25 January 2025. + +This static site generator is simply called the *Libreboot Static Site +Generator*, or just *lbssg* for short. It can be used for any number of +websites, and is in fact used elsewhere, but it is primarily used *by* and +developed *for* the Libreboot project. + +The Git repository is now `lbssg.git`, which you can find linked on +the [Git page](../../git.md). + +Websites made easy +------------------ + +This software is written in POSIX shell (`sh`) scripts, and uses Pandoc to +generate HTML from Markdown files. It is designed to be stupidly simple, +allowing Free and Open Source Software projects to easily host any number of +websites. + +It is a *multi-site* static site generator; a single instance of LBSSG can +handle an unlimited number of websites, all with different *templates* in +Pandoc (for different page layouts), CSS files, footer, header, navigation and +more. + +With lbssg, it is possible to generate an unlimited number of *news* +pages and *blogs*, with auto-generated RSS feeds. + +The variant of markdown is the Pandoc variant, which you can read about here:\ + + +The *templates* feature in Pandoc is really what makes lbssg very powerful. +You can make any number of websites, with many different designs, using Pandoc +templates. This is precisely why lbssg uses Pandoc. See:\ + + +Pandoc's *smart* mode is used. In this mode, it is possible to use HTML +inside Markdown files. For example, if you want to embed videos, use iframes, +use JavaScript and more. + +lbssg is *Free Software*, released under the terms of the GNU General Public +License, version 3 of the license or, at your option, any later version as +published by the Free Software Foundation. You can find a copy of this license +in the `COPYING` file, when you download lbssg, or you can read it +here: https://www.gnu.org/licenses/gpl-3.0.en.html + +(some parts of it are under the MIT license) + +Learn more about Free Software:\ +. + +### Real-world examples + +Here are some websites built using the Libreboot Static Site Generator: + +* (Libreboot fork maintained by Leah Rowe) +* (Leah Rowe's self-hosted servers tutorial website) +* (Libreboot project, maintained by Leah Rowe) +* (Leah Rowe's transgender advocacy website) +* (Leah Rowe's personal blog) + +Requirements +------------ + +Libreboot Static Site Generator is designed to be stupidly simple. You need: + +* Unix-based operating system e.g. Linux-based distro, OpenBSD, FreeBSD. Etc +* Pandoc +* Web server (nginx or OpenBSD httpd recommended) +* Any implementation of these Unix utilities: `sh`, `find`, `grep` and `sed`. + +### POSIX compatibility + +As of revision `9cc6f5dc7349b7f339f99c84789b6c62ea7bb1c7` on 4 December 2023, +lbssg works with any POSIX `sh` implementation. Various utilities like +Sed, Find (that are POSIX) are now used in a POSIX way. This means that +lbssg can be used on pretty much any Unix system such as GNU+Linux, +Alpine Linux, Chimera Linux, BSDs like OpenBSD or FreeBSD, and so on. Older +revisions only worked with GNU tools, but the newer revision also still works +with GNU tools. Older revisions of lbssg were written in `bash`, not `sh`. + +Security notes +--------------- + +USE THIS SOFTWARE AT YOUR OWN RISK. A FULL SECURITY AUDIT IS NEEDED. + +Symlinks are intentionally unsupported, and *ignored*, in site directories +handled by lbssg. This is for security reasons. If you find that symlinks +are permitted, in any way, it's a bug and you should report it! + +At the very least, you are advised to take the following precautions + +* It is HIGHLY recommended that you run lbssg in a heavily chrooted + environment, if you're using this on a production web server. +* Disable symlinks in your web server + +DO NOT use lbssg in a shared hosting environment, especially on a crontab or +other automated setup. You, the operator, must ensure full control of all +sites handled by your lbssg installation. For the time being, this is +recommended until lbssg is full audited for security, and modified +accordingly. Efforts have already been made, but this software is very new +and requires a lot of testing. In general, you should consider lbssg to +be *alpha* quality, at best. It is not yet ready for a stable release; it is +currently only *rolling release*, hosted in a Git repository. + +lbssg only allows sites to be processed under `www/` in the +current working directory. You may choose to put `www/` under the git clone +of lbssg itself. Or you could specify the full path to the `build` script +and process files in a `www/` elsewhere. + +Getting started +--------------- + +Simply make a directory named `www/` somewhere. + +In `www/`, make a directory *per website*. For each website, +set `www/sitename/site/` as the document root in your web server. +lbssg expects this `site` directory to exist. + +### Example website + +Check the `www-example` directory, for an example website. Also look at the +logic in the file named `build`, in the main directory of the untitled static +site generator. + +The Libreboot website is also hosted in a Git repository, if you want a +real-world example of a website that uses lbssg. + +How to use +---------- + +You should use a normal Unix shell (`sh` implementations such as KSH, BASH, +ZSH, CSH etc will all work). This, along with Pandoc. + +See: + +You must then install a web server. The document root for your domain should +point to the `www/sitename/site` directory, where `sitename` is the name of +your site, e.g. `libreboot`, and `www/` is created under your instance of +lbssg. + +The way lbssg is designed, you use it directly, running directly on the +server that then hosts the HTML files. However, it is possible to use it in +other ways; for example, you could rsync the resulting files over ssh, to your +server, while running lbssg locally. It's up to you. + +### Generate entire websites + +For security reasons, lbssg will only operate on sites under `www/sitename/` +where `sitename` can be anything. + +To interact with `untitled`, your current working directory should be the main +directory *of untitled*, *not your website*. In that directory, the file named +`build` and the file named `clean` will exist. + +You can have untitled go through an entire website and, if it detects that such +an action is needed, it will build each page. It will check whether a page +needs to be built. For example, if it was already built and no changes were +made, it will skip that page. It does this, using `date -r file +%s` to check +file modification dates. Files ending in `.date` are created, for files that +are tracked by lbssg. + +For a given directory name under `www/`, do this: + + ./build sites www/directoryname + +You can also do: + + ./build sites directoryname + +For example, if your website was hosted at www/foobar: + + ./build sites foobar + +This will only work if your website is set up correctly. Look at the example +website in `www-example/` and read the sections below. + +To build *all* available websites under `www/`, just run it without an argument: + + ./build sites + +You can specify *multiple* websites. For example: + + ./build sites blogsite catblogsite + +In this example, the following sites would be built: + +* `www/blogsite` +* `www/catblogsite` + +NOTE: If you simply run `./build` without any arguments, the `./build sites` +command will be executed. + +### Build specific pages + +These commands will only operate on pages under `www/sitename/` where `sitename` +can be anything. This is for security reasons. + +If you want to save time (e.g. if you're just editing a few pages), you can +skip checking the entire site (or sites) and update just that page. Use this +command: + + ./build pages www/sitename/site/path/to/page.md + +You can also do: + + ./build pages sitename/path/to/page.md + +lbssg will automatically correct the path, if `www/` and `site/` are missing +from the path. For example, to update the homepage: + + ./build pages sitename/index.md + +You can specify multiple pages, *on multiple sites*. For example: + + ./build pages joebloggsandhisdog/index.md janedoesblog/news/guitar.md + +NOTE: the `mksitemap` and `mknews` functions are not automatically executed +when running these commands. + +NOTE: if you run `./build pages` without specifying any paths to pages, then +the `./build sites` command will be executed instead. However, if you specify +paths and none exist, nothing will happen. + +NOTE: If you simply run `./build` without any arguments, the `./build sites` +command will be executed. + +### Cleaning up + +If you want to un-make your site, such that the HTML files are purged, do this: + + ./clean + +This will clean *all* sites. If you only want to clean a specific site, do +this: + + ./clean sitename + +(sitename would be located at `www/sitename/`, in this example) + +NOTE: an HTML file is only deleted if a corresponding Markdown file exists. +This means that if you permanently delete a markdown file from your site, you +should ensure that the HTML file is also delete dif you don't want that file +to be available anymore. + +### Rolling builds + +If you're running lbssg directly, SSH'd into your httpd machine, you +might want to update an entire website from scratch. This ordinarily means +that you must run `./clean`, first - in other words, the website will be +offline (HTML files deleted) while it re-builds. + +To prevent this, you can use `roll` instead of `build`. For example: + + ./roll sites libreboot + +This also works with pages: + + ./roll pages libreboot/index.md + +You can also do this without argument, as with `build`, and it would build +everything. e.g.: + + ./roll + ./roll sites + ./roll pages + +This is especially useful for very large websites, where an entire re-build +might take 30 seconds or more. + +Markdown files +-------------- + +Write your markdown files, with file extensions ending in __*.*md__ and the +build script will automatically see them. It will convert them into HTML, +stripping off the __*.*md__ file extension and replacing it with `.html` + +Place these markdown files anywhere under `www/sitename/site/` where `sitename` +is whatever you named your website, per directory hierarchy rules of lbssg. + +Again, the `www-example` directory can be extremely useful if you want to play +around first, before you make a real website with lbssg. + +Files in www/sitename/ +---------------------- + +These files affect the site globally, for each website under `www/` + +Each site has its own directory: www/sitename/ + +`sitename` can be anything you want. e.g. `kittenblog` + +www/sitename/site.cfg +--------------------- + +**REQUIRED** + +sitename can be anything. + +site.cfg is the main configuration file for your website. + +Example entries (for libreboot.org): + +``` +TITLE="Libreboot" +CSS="/global.css" +DOMAIN="https://libreboot.org/" +BLOGDIR="news/" +DEFAULTLANG="en" +``` + +NOTE: Older versions of untitled had TITLE like this: + +``` +TITLE="-T Libreboot" +``` + +You must now omit the -T option, because it's hardcoded in the build script. + +### LAZY + +If `LAZY="y"`, lazy image loading will be enabled. This is useful for +conserving bandwidth. The default behaviour is `LAZY="n"` if not set +to `"y"`. See: + + + +### DEFAULTLANG + +This is optional. If unspecified, the default language will be English. Also, +if this entry defines an unsupported language, lbssg will default to +English. + +It specifies the default language, for your website. It may +be that you have multiple languages available on your website, +where __file*.*md__ is your chosen language (e.g. German, Japanese, Englist) +and __file.xx*.*md__ is another language for the same page. xx can be anything. + +### BLOGDIR + +This is the directory for your main news section, if you have a news section. +You do not need to declare this. + +The news section is only valid if it has the right files, in the directory +specified here. You can actually have as many news/blog sections as you like, +but this setting specifies the "main" one. For example, if you're a software +project you might have a news section, and a release section, and they might +both be news pages. News pages have RSS feeds and indexes automatically +generated by `untitled`. + +If your website is primarily a blog, you might leave this string empty. That +way, your *home page* is the news index. In that scenario, you would not place +an index file in the root of your website. Let `untitled` generate it for you! + +### DOMAIN + +This is the URL for the home page of your website. + +### CSS + +Specifies the .css stylesheet that is to be used. See above example. Just add +an entry saying `/path/to/css/file` for the CSS file. The `/` is the root +of your website, when viewed publicly. Basically, / would be the home page, +and everything after that is relative. In other words, it is the URI of your +CSS file. + +The actual domain name is not prefixed, when the CSS stylesheet path is given +inside the generated HTML document. + +### TITLE + +Use the format above. Don't use spaces or special characters. Just keep it +simply. E.g. `-T Gardening` + +This would usually be the name of your website, company, project or whatever +else. + +### SITEMAP + +OPTIONAL. + +Write this in `site.cfg` for a given site: + +``` +SITEMAP="n" +``` + +If you do this, the sitemap will not be generated. lbssg will otherwise +generate a sitemap, by default. + +site/template.include +--------------------- + +**REQUIRED** + +Put a pandoc template here, in this file. + +There is an HTML5 template in `www-example/` which you can adapt for your site. +TODO: make an xhtml template. Patches welcome! + +It is recommended that you put your common site navigation section in this +file (formatted in HTML). + +site/nav.include +---------------- + +**optional** + +Put this in the root of `www/sitename/site/`. You can actually put whatever +you want in here, but it can be used for a navigation menu. You could also use +it to put a side-wide notice, on your website. + +Write this file in Markdown. You could also put a common navigation section +in the template, and use `nav` files for site-wide announcements, or for +announcements on specific pages. How you use lbssg is entirely up to you! + +site/global.css +--------------- + +**optional** + +The filename can actually be anything, for your CSS. In fact, it's entirely +optional. You can leave the CSS string empty in `site.cfg` and just have a +site without CSS. + +The name `global.css` is merely what the example website (in `www-example/`) +uses, but you don't have to use this file name yourself. + +This file is for styling your pages (HTML ones, after building your Markdown +files). + +w3schools has a nice set of tutorials for learning CSS: + + + +site/sitemap.html +----------------- + +The file named __sitemap*.*md__ will be automatically generated, which is then +assembled into `sitemap.html`. This file will sit on the root directory of +your website. + +Do not manually create these files. They are automatically generated by +lbssg. They simply index your entire website. + +NOTE: It only looks at pages where a Markdown file exists. It ignores pages +where an HTML page exists but a Markdown page doesn't. + +site/sitemap.include +-------------------- + +**optional** + +This file MUST be included if you want a sitemap with your own text. + +If this file is missing, a sitemap will be generated but it will contain a +generic header on the page. + +Simply put a title and some text in here. lbssg and Pandoc will do the rest! + +site/footer.include +------------------- + +**optional** + +If present, this will add a common footer to every page on your website. Write +it in Markdown. + +Rules for Markdown files +------------------------ + +This applies to any __*.*md__ file under `www/sitename/site/` where `sitename` +is whatever you named your website, per directory hiearchy rules. + +The file named __file*.*md__ will be converted into HTML and copied (in HTML +format) to `file.html`. + +When you link to other pages, use absolute links or relative links, but don't +link to the `.html` pages. Link directly to the __*.*md__ files. lbssg +static site generator will use Sed to replace these with .html when generating +the HTML pages (it only skips replacing *external* links, +e.g. `https://example.com/cats.md` + +### TOC (Table of Contents) + +See pages in `www-example/` or example websites linked above (such as the +Libreboot project website). Look in the markdown files for those sites, on +pages that specify `x-toc-enable: true`. This is a special directive for the +Pandoc variant of Markdown. Some other Markdown parsers/generators will also +generate a table of contents. + +In the untitled static site generator, when a TOC is enabled, the depth is 4. +This means that, in HTML, the h1, h2, h3 and h4 tags will show up on the TOC. +The TOC is generated *based on* how you use headers in Markdown, and how they +ultimately end up when converted into HTML. + +### file.nav + +If present, the page from __file*.*md__ will have its own navigation menu, +which will override the default nav.include file. + +This can be anything. Write it in Markdown. For example, you could use this to +put announcements on a page. + +### file.css + +Where you have __file*.*md__, you can also include `file.css`, and this CSS +file will be applied specifically to that page. + +This does not replace any global CSS files that you specified in `site.cfg`. It +is applied *after* that one. One possible use-case for this is if you have an +otherwise decent CSS file for your site, but you need to override certain +rules on a specific page. + +### file.template + +Where you have your Markdown file, strip off the `md`, you create a new file +with the same name but with `.template` file extension. This will override the +default, global template, for that page only. + +### file.footer + +If present, this replaces the global footer for the specific page. + +News sections +------------- + +This section defines what files should be placed in directories that are to +be news sections. For instance, you might have a directory on your website +named `news/`, and you would place these files in that directory. + +An index page will be automatically generated, so don't bother making one +yourself. Simply write your news pages. Read the notes below for how to set up +news sections on your website. + +An RSS feed will also be generated, for every news section. + +*You can have as many news sections as you would like!* + +### Rules for news pages + +A table of contents is always enabled, on news pages (but not the news index), +unless you want it to be so. Technically, news indexes have a TOC but the page +isn't formatted such that a TOC will appear when Pandoc does its thing. + +Start your news page like so, in the Markdown +file e.g. __www/catblog/site/news/spots-birthday*.*md__ + +``` +% Page title +% Author name +% Date + +Page text goes here +``` + +### MANIFEST + +Place this file in the root of the directory where you want there to be a +news section. + +The order of the file names dictate what order the links will appear in, on +the news index that is automatically generated (see below). + +### news-list*.*md.include + +This will have a page title, and introductory text. When the index page is +generated (see below), the resulting index will include the contents of this +file, and then links to each page per the contents of `MANIFEST`. + +### index*.*md and index.html + +Do not place these files in directories containing a MANIFEST file. These will +be generated automatically, with an index linking to news articles. + +### news.cfg + +In this file, write the following lines: + +``` +BLOGTITLE="The daily grind" +BLOGDESCRIPTION="Hot takes, juicy gossip and everything inbetween!" +``` + +You can change these strings to whatever you want. Keep it simple! For +example: + +``` +BLOGTITLE="Bianca's worldly musings" +BLOGDESCRIPTION="Come see what I'm thinking about! I have many thoughts" +``` + +For news about your software project, you might say: + +``` +BLOGTITLE="Project announcements" +BLOGDESCRIPTION="News about ongoing development will be documented here" +``` + +### RSS files + +Files ending in `.rss` are automatically generated, if you have news sections. + +Translated pages +---------------- + +lbssg supports having translated pages. + +Here is an example of a website with multiple translations available, built +using untitled:\ + + +### Set a default language + +English is the default in lbssg, but you can *change* the default language! +For example, you might want a Chinese-language website but offer translated +pages in German. lbssg will happily let you do this! + +Simply set the `DEFAULTLANG` entry in `site.cfg`. + +### How to translate pages + +The way it works is quite simple: + +* __file*.*md__ is the original file, in your default language. The *default* + default language is English (en), but it can be anything. +* __file.xx*.*md__ is the translated file. xx can be anything, e.g. de, nl, pt +* `.include` files (footers, nav files, templates etc) are for your default + language +* `.xx.include` is the translated file. again, xx can be anything e.g. de, nl + +For translated pages, if a translated `.include` file is unavailable, the +default-language one will be used. + +You can *also* do this per-page. For example, you might override the default +footer on a page, by including `file.footer`. In this +situation, __file.de*.*md__ will also use `file.footer`. HOWEVER, you can +include `file.de.footer` aswell, if you so choose! + +### Translations done automatically + +Translations are handled *automatically*, *per page*. It does not happen +globally; this way, a website doesn't have to have translated versions of each +page. In Let's look at example scenarios: + +#### file*.*md, file.pt*.*md, file.pl*.*md + +In this example, a language menu will appear on each of these pages, allowing +selection of DEFAULT(e.g. English), Polish or Portuguese + +#### file.pt*.*md, file.pl*.*md + +In this example, no *default* page is included, but Polish and Portuguese are +available. In this example, Portuguese and Polish will be available in a +language select menu on each page. + +### template.LANGUAGE.include + +This is *optional*, so long as `template.include` is included. The translated +file will override. This will override the default template, on the specified +language. + +For example: `site/template.de.include` + +### file.LANGUAGE.template + +You might have `file.template` overriding the default global `template.include` +or `template.LANGUAGE.include` for a given page. + +lbssg *also* lets you override it on a specific *translation* of that page! + +For example: `site/file.de.template` + +### nav.LANGUAGE.include + +Override the default global navigation file, for a given website and a given +language. + +For example: `site/nav.de.include` + +### file.LANGUAGE.nav + +You might have `file.nav` overriding the default global `nav.include` +or `nav.LANGUAGE.include` for a given page. + +lbssg *also* lets you override it on a specific *translation* of that page! + +For example: `site/file.de.nav` + +### footer.LANGUAGE.include + +Override the default global footer file, for a given website, on a given +language. + +For example: `site/footer.de.include` + +### file.LANGUAGE.footer + +You might have `file.footer` overriding the default global `footer.include` +or `footer.LANGUAGE.include` for a given page. + +lbssg *also* lets you override it on a specific *translation* of that page! + +For example: `site/file.de.footer` + +### file.LANGUAGE.css + +You might have `file.css` available for __file*.*md__. +If __page.LANGUAGE*.*md__ exists, `file.LANGUAGE.css` will still be added to +that page, but that page can also have its own `file.LANGUAGE.css`. + +The `file.LANGUAGE.css` file does not override `file.css`. It is merely added. + +If `file.LANGUAGE.css` exists but `file.css` does not, it will still be +applied, but only on __file.LANGUAGE*.*md__. + +lang/xx/strings.cfg +------------------- + +### Add new language support + +On language menus, if a language is unsupported, the two-letter code will be +used. For example, if Russian is unsupported, `ru` will be the anchor text for +selecting Russian, but you can still select it. + +In untitled, you can see the file `lang/en/strings.cfg`. + +In there, you will also see translated ones, e.g. `lang/pl/strings.cfg`. + +If one does not exist for your language, you can create one. Patches welcome! + +Check `lang/en/strings.cfg` to see how it should be done! Entries +in `strings.cfg` are as follows: + +Example `strings.cfg` file: + +### LANGNAME + +This is the anchor text for a given language, on a language select menu, if +a site is to have translations. For example, `de` would be `Deutsch` here, for +the German language. + +Example strings: + +* Deutsch +* English +* Nederlands +* Espanol + +### LANGSELSTR + +This is the text for the language selection menu. **Currently not used** + +E.g. "Select language:" + +### BACKLINK\_PREVDIR + +This is the index link, for the previous directory. This link should be `../` + +### BACKLINK\_CURRENTDIR + +This is the index link, for the current directory. The link should be `./` + +### PUBLISHED\_BY + +For news pages, this string says e.g. "Article published by:" + +### PUBLICATION\_DATE + +For news pages, this string says e.g. "Article published on:" + +### MARKDOWN\_LINK + +This is the anchor text for the Markdown link, to each Markdown file. lbssg +displays the link to the original Markdown file, for each page, on each given +page. + +### RSS\_LINK + +This is the anchor text for the default feed, if a news feed is generated on +a given site. + +The link should be `/feed.xml` + +### SITEMAP\_LINK + +This is a Markdown link to the site map, if one is included on a given site. + +The link should be `/sitemap.md` + +### SHAMELESS\_PLUG + +At the bottom of each page, a string of text can be inserted. By default, this +is a string that says the page was generated by the lbssg Static Site +Generator, along with a link to the lbssg website. + +### PDIR + +The `PDIR` option should be `ltr` or `rtl`. This defines which order the text +should be in. Some languages, such as Arabic and Hebrew, are right-to-left +languages instead of left-to-right. + +Other files +----------- + +Libreboot static site generator only cares about the files specified on this +page. It ignores all other files. + +For things like images, videos and other binary files, it is recommended that +you create a specific directory or subdomain for them, and have only markdown +files on your lbssg website. + +However, it's up to you how you run your infrastructure. + +It is recommended that you use a Git repository to host your website. Then you +can easily keep track of changes to your site. You would use a static version +of lbssg on your server, and just build new changes to your site whenever +you push them. This is actually *why* the `site/` directory is enforced under +the `www/sitename/` directory for each site, so as to encourage good practise +(because by doing it this way, the `.git` directory will not be visible on your +public web server. You do *not* want that directory to be visible!) + +Regarding Untitled -> lbssg transition +--------------------------------------- + +Untitled Static Site Generator renamed to Libreboot Static Site Generator and +became part of the Libreboot project, on 25 January 2025. + +The entire website previously hosted at **https://untitled.vimuser.org/** has +been fully assimilated into the Libreboot website. + +The old Untitled Static Site Generator git repositories were: + +* +* +* +* + +The old repositories have been retained, but are now archived. You can find +the new *lbssg* repositories linked from the [Libreboot Git +page](../../git.md). diff --git a/site/docs/sitegen/index.md.description b/site/docs/sitegen/index.md.description new file mode 100644 index 0000000..19477cd --- /dev/null +++ b/site/docs/sitegen/index.md.description @@ -0,0 +1 @@ +Learn about the Libreboot Static Site Generator, which is used to convert Markdown documents into HTML. This is what generates the Libreboot website. diff --git a/site/docs/uboot/index.md b/site/docs/uboot/index.md index ff8f340..df3e1e4 100644 --- a/site/docs/uboot/index.md +++ b/site/docs/uboot/index.md @@ -1,37 +1,25 @@ --- -title: U-Boot payload (x86 and ARM) +title: U-Boot payload for Libreboot on x86 and ARM x-toc-enable: true ... **NOTE: This documentation refers only to ARM64. For AMD64/i386 (Intel/AMD) U-Boot setups, please read [uboot-x86.md](uboot-x86.md).** -Libreboot has experimental support for using U-Boot as a coreboot -payload since the [20221214](../../news/libreboot20221214.md) release, on ARM64 -systems, and on x86 since late 2024. - -U-Boot integration in Libreboot is currently at a proof-of-concept -stage, with most boards completely untested and most likely not working. ROM images for them are mostly intended for further testing and development. If you have one of these machines and want to help fix things, you can ping `alpernebbi` on Libera IRC, who ported these boards to Libreboot. -As of 14 December 2022, building of U-Boot images has been tested on -Debian. Make sure you have the latest `lbmk` from the Git repository, -and the build dependencies are installed like so, from `lbmk/` as root: - - ./mk dependencies debian - -This installs everything needed for `./build roms`, and part of the -build process makes use of coreboot's own cross-compile toolchain. +Emulation +--------- [QEMU x86/ARM64 virtual machines](../misc/emulation.md) are also supported, which should be easy targets to start tinkering on if you want to contribute. Usage -===== +----- When your board is powered on, U-Boot will ideally turn on the display and start printing console messages there. After a countdown of a few @@ -65,7 +53,7 @@ table, unexpected parts of the SPI ROM image, or do something else entirely. Known issues -============ +------------ U-Boot integration in Libreboot is incomplete. Here is a list of known issues that affect all boards: @@ -83,7 +71,8 @@ issues that affect all boards: - UEFI support is incomplete See also -======== +-------- + - [U-Boot documentation](https://u-boot.readthedocs.io/en/latest/) - [U-Boot documentation (unmigrated files)](https://source.denx.de/u-boot/u-boot/-/tree/master/doc) - [U-Boot and generic distro boot](https://marcin.juszkiewicz.com.pl/2021/03/14/u-boot-and-generic-distro-boot/) diff --git a/site/docs/uboot/index.md.description b/site/docs/uboot/index.md.description new file mode 100644 index 0000000..e351013 --- /dev/null +++ b/site/docs/uboot/index.md.description @@ -0,0 +1 @@ +Free/opensource UEFI payload for Libreboot, via U-Boot UEFI coreboot payload. This is provided by the Libreboot project on ARM64 and x86 platforms. diff --git a/site/docs/uboot/uboot-archlinux.md b/site/docs/uboot/uboot-archlinux.md index e633802..7e4680e 100644 --- a/site/docs/uboot/uboot-archlinux.md +++ b/site/docs/uboot/uboot-archlinux.md @@ -1,14 +1,14 @@ --- -title: Installing ArchLinuxARM on a Chromebook with U-Boot installed +title: Installing ArchLinuxARM on a Chromebook with Libreboot and U-Boot x-toc-enable: true ... Background -========== +---------- -ArchLinuxARM Latest (as of May 1st 2023) boots and can be installed successfully using libreboot 20230319 on a gru_bob chromebook. +ArchLinuxARM Latest (as of May 1st 2023) boots and can be installed successfully using libreboot 20230319 on a gru\_bob chromebook. -The following process should theoretically be applicable to other U-Boot devices and GNU/Linux distributions, but the focus here is specifically on ArchLinuxARM. +The following process should theoretically be applicable to other U-Boot devices and Linux distributions, but the focus here is specifically on ArchLinuxARM. Sources used for this guide include the [following guide to install ArchLinuxARM on a RockPro64,](https://jforberg.se/blog/posts/2023-02-19-rockpro64/rockpro64.html) @@ -18,7 +18,7 @@ And the the instructions from the ArchLinuxARM wiki [here](https://archlinuxarm. The purpose of this guide is to instruct users on how to install an ArchLinuxARM on an external disk that will boot on a gru_bob chromebook, and optionally on the internal eMMC. Many concepts covered in this guide may be familiar to prospective and veteran Libreboot users, with the scope being comprehensive. Boot Method -=========== +----------- There are (at least) three methods that can be used to boot into a Linux distribution from u-boot: 1) EFI - common, modern boot method for amd64 architecture machines. This is not distribution-specific, so if you intend to make a portable drive that is compatible across multiple systems, you may have a use case. @@ -36,7 +36,7 @@ For more information about what actually goes into a boot.scr script, check [thi Since extlinux.conf is supported by multiple bootloaders, making your system more portable, is natively supported by u-boot, it seems to be the best choice for a chromebook. Creating extlinux.conf -====================== +---------------------- Here is an example template of extlinux.conf, [similar examples are found in the u-boot docs](https://u-boot.readthedocs.io/en/latest/develop/distro.html): @@ -46,7 +46,6 @@ menu title Libre-U-Boot menu prompt 0 timeout 50 - label arch menu label Arch Linux ARM linux /Image @@ -63,7 +62,7 @@ label archfallback ``` Formatting and Partitioning Your External Media -=============================================== +----------------------------------------------- Now it's time partition the boot disk. During testing, a microSD card was used in the microSD card slot of the gru-bob chromebook. The libreboot configuration (in the 20230319 release) will boot the microSD card above the onboard eMMC if both are present and bootable. This is useful because it means no knowledge or use of the u-boot console is required. @@ -75,40 +74,47 @@ Find your device with my favourite command, `lsblk` and open it with `fdisk` ``` fdisk /dev/sdX ``` + For users creating a bootable SD card, your device may show up as `/dev/mmcblkX` - if this is the case, make sure to change the commands in this guide to contain that path instead of `/dev/sdX`. In the fdisk tui, create two partitions on a Master Boot Record: + - create a new MBR label - create boot partition of approx. 200MB or greater - set bootable flag on this partition - set type to fat32 (ext2 is also supported by extlinux I believe, but I used fat32) - create a second partition of up to 15.8GB -You will find the appropriate options by typing `m` when using the fdisk tui on GNU/Linux distros. +You will find the appropriate options by typing `m` when using the fdisk tui on Linux distros. Now make the filesystems: + ``` mkfs.vfat /dev/sdX1 mkfs.ext4 /dev/sdX2 - ``` It's now time to get the PARTUUID of `/dev/sdX2`: + ``` sudo blkid | grep "/dev/sdX2" ``` + make sure to note down the PARTUUID of your second partition; not your boot partition. paste this into your extlinux.conf file in the `append` section, e.g.: + ``` append console=ttyS0,115200 console=tty1 rw root=PARTUUID=fc0d0284-ca84-4194-bf8a-4b9da8d66908 ``` + in the template provided above, replace `$PARTUUID` with your own. It's possible to specify root in other ways - check the u-boot docs for more examples. Boot-Disk Creation -================== +------------------ Now that we've got an extlinux.conf file, copy it to your /tmp directory, and we'll begin. + ``` cd /tmp curl -LO http://os.archlinuxarm.org/os/ArchLinuxARM-aarch64-latest.tar.gz @@ -125,6 +131,7 @@ sync umount boot umount root ``` + Note the use of ArchLinuxARM-aarch64-latest.tar.gz and not ArchLinuxARM-gru-latest.tar.gz The current gru build only supports a depthcharge payload and, of course, we're not using depthcharge are we? @@ -135,7 +142,7 @@ Extensive testing with ArchLinuxARM-latest release, showed that booting the fall If you create an extlinux.conf file with paths to both images - like in the template above - you can select either by number at boot. Going Live - Necessary Tweaks -============================= +----------------------------- Once you're at the login prompt, the fun isn't over! Login & password for root are both `root` by default. Most Arch users will likely try to update their system now - don't update just yet. @@ -144,10 +151,12 @@ Run `lsblk` and you'll see that the boot partition is not mounted by default. Updating with `pacman -Syu` at this stage will cause driver problems if you update without your boot partition mounted, likely meaning you cannot connect to the internet with a USB peripheral. To prevent this becoming a problem: + ``` mkdir /boot mount /dev/sdX1 /boot ``` + With that out of the way, yes, you may now update. It's worth creating a basic filesystem table to automate mounting at boot - it's blank by default so here's another template: @@ -162,18 +171,22 @@ UUID=$UUID1 / ext4 rw,relatime 0 1 # /dev/mmcblk1p1 boot UUID=$UUID0 /boot vfat rw,relatime 0 2 ``` + It should go without saying that you'll replace `$UUID0` and `UUID1` with your boot and root filesystem UUID. To get the right information in there: + ``` lsblk -o NAME,UUID,FSTYPE,SIZE ``` + `NAME` and `SIZE` are not necessary, but they will help you tell which partition is which. Final Steps -=========== +----------- At this stage, you now have a fully functional ArchLinuxARM system on an external disk, and are ready to configure your system. If you intend to install onto the eMMC module, you can make your changes permanent with: + ``` dd if=/dev/mmcblk0 of=/dev/mmcblk1 bs=4M status=progress ``` diff --git a/site/docs/uboot/uboot-debian-bookworm.md b/site/docs/uboot/uboot-debian-bookworm.md index 77738c3..5345244 100644 --- a/site/docs/uboot/uboot-debian-bookworm.md +++ b/site/docs/uboot/uboot-debian-bookworm.md @@ -1,12 +1,12 @@ --- -title: Debian Bookworm Install on a Samsung Chromebook Plus +title: Debian Bookworm Install on Librebooted Samsung Chromebook Plus x-toc-enable: true ... System Configuration -==================== +-------------------- -Hardware: Samsung Chromebook Plus XE513C24 (gru_kevin) +Hardware: Samsung Chromebook Plus XE513C24 (gru\_kevin) Libreboot: 2023-04-23 @@ -15,7 +15,7 @@ Operating System: Debian Bookworm RC2 [https://wiki.debian.org/Firmware](https://wiki.debian.org/Firmware) Install Media Preparation -========================= +------------------------- Follow the Debian installation instructions in the link below: @@ -26,16 +26,17 @@ page and I selected the DVD image to have all the packages available when offline (3.7 gigabyte iso). See the notes below about alternately using the netinst version. -[https://cdimage.debian.org/cdimage/bookworm_di_rc2/arm64/iso-dvd/](https://cdimage.debian.org/cdimage/bookworm_di_rc2/arm64/iso-dvd/) +[https://cdimage.debian.org/cdimage/bookworm\_di\_rc2/arm64/iso-dvd/](https://cdimage.debian.org/cdimage/bookworm_di_rc2/arm64/iso-dvd/) -Write the iso file to a micro sdcard. Replace "sdcard_device" below +Write the iso file to a micro sdcard. Replace `sdcard_device` below with the appropriate device path on your system. + ``` # dd if=debian-bookworm-DI-rc2-arm64-DVD-1.img of=/dev/sdcard_device bs=1M status=progress; sync ``` Installation -============ +------------ 1. Insert the micro sdcard into the slot on the Chromebook. 2. Power on the Chromebook. @@ -149,7 +150,7 @@ internal emmc. ![](https://av.libreboot.org/xe513c24/debbook-firefox.jpg) System Functionality -==================== +-------------------- Things that work: diff --git a/site/docs/uboot/uboot-openbsd.md b/site/docs/uboot/uboot-openbsd.md index 75388b4..74dc6e9 100644 --- a/site/docs/uboot/uboot-openbsd.md +++ b/site/docs/uboot/uboot-openbsd.md @@ -1,19 +1,19 @@ --- -title: OpenBSD Install Attempt on a Samsung Chromebook Plus +title: OpenBSD Install Attempt on Librebooted Samsung Chromebook Plus x-toc-enable: true ... System Configuration -==================== +-------------------- -Hardware: Samsung Chromebook Plus XE513C24 (gru_kevin) +Hardware: Samsung Chromebook Plus XE513C24 (gru\_kevin) Libreboot: 2023-04-23 Operating System: OpenBSD 7.3 Install Media Preparation -========================= +------------------------- Follow the OpenBSD arm64 installation instructions in the link below: @@ -26,7 +26,7 @@ with the appropriate device path on your system. ``` Installation Attempt -==================== +-------------------- 1. Insert the micro sdcard into the slot on the Chromebook. 2. Power on the Chromebook. diff --git a/site/docs/uboot/uboot-trisquel-aramo.md b/site/docs/uboot/uboot-trisquel-aramo.md new file mode 100644 index 0000000..44ec104 --- /dev/null +++ b/site/docs/uboot/uboot-trisquel-aramo.md @@ -0,0 +1,59 @@ +--- +title: Trisquel 11 Aramo on Samsung Chromebook Plus XE513C24 +x-toc-enable: true +... + +System Configuration +-------------------- + +Hardware: Samsung Chromebook Plus XE513C24 (gru\_kevin) + +Libreboot: 2024-12-06 + +Operating System: Trisquel 11.0.1 Aramo + +Background +------------------------- + +The current arm64 installer for Trisquel 11 has a so far unresolved problem where the the installer doesn’t start after choosing any of the installation methods offered by the arm64 ISO’s menu [trisquel-netinst_11.0.1_arm64.iso](https://cdimage.trisquel.info/trisquel-images/trisquel-netinst_11.0.1_arm64.iso). The screen simply stays blank without anything ever showing up or happening. The issue has been discussed in the forum of Trisquel [comment-178704](https://trisquel.info/en/trisquel-samsung-chromebook-v1-kevin-support-group#comment-178704). + +Until the problem is resolved, “debootstrap” can be used as a workaround. + +What is debootstrap? +------------------------- + +Most Debian based distributions offer an installer that can be executed from an external media, but what happen if we have an already installed system? would it be possible to install a second system from it into another drive for example? With debootstrap you can. + +Debootstrap installation workaround +------------------------- + +Since there was a precedence that Debian 12 could be easily installed using it’s installation ISO [uboot-debian-bookworm](https://libreboot.org/docs/uboot/uboot-debian-bookworm.html), I figure it could be possible to install Trisquel 11 after it and thankfully it worked. + +The way I did it, is that I installed Debian 12 into a SD card using its installer from a USB A memory. For this purpose I used and adapter/hub since this computer only has USB C inputs. Then after booting Debian from the SD card, I used debootstrap to install Trisquel 11 into the internal MMC. + +Detailed instructions and other useful info +------------------------- + +A step by step guide can be found in the following Trisquel’s documentation page [arm64-chromebooks-trisquel-installation](https://trisquel.info/en/wiki/arm64-chromebooks-trisquel-installation). + +The following page also details many user experiences, some fixes and some tips to improve the usability of Trisquel with this device [samsung-chromebook-v1-kevin-support-group](https://trisquel.info/en/wiki/samsung-chromebook-v1-kevin-support-group). Many of its points might also apply to Debian users as well. + +A review of the device from a Trisquel’s user point of view can be found here: [samsung-chromebook-v1-kevin-review](https://trisquel.info/en/samsung-chromebook-v1-kevin-review) + +System Functionality +------------------------- + +Things that work: + +* Touch screen and stylus +* Touchpad +* Speakers +* Volume buttons on side of laptop. +* Graphics +* Playing videos + +Things that do not work: + +* Wireless internet and Bluetooth (non free software drivers are required) +* The headphone jack does't work +* Some times the computer stops responding with the screen shutoff while trying to hibernate or recovering from it. For this reason I disabled hibernation on my system. diff --git a/site/docs/uboot/uboot-x86.md b/site/docs/uboot/uboot-x86.md index 7e354fd..fcafd4c 100644 --- a/site/docs/uboot/uboot-x86.md +++ b/site/docs/uboot/uboot-x86.md @@ -1,10 +1,12 @@ --- -title: U-Boot payload (x86 specific) +title: U-Boot x86 UEFI payload on Libreboot x-toc-enable: true ... -Introduction -============ +U-Boot UEFI on x86 +------------------ + + U-Boot is available as a coreboot payload, in Libreboot 20241206 and later, on x86 boards; on ARM it has been available since late 2022 Libreboot releases. @@ -23,8 +25,7 @@ payload. It has several boot methods but the most interesting (in an x86 context) is UEFI. U-Boot provides a very sensible UEFI implementation that can reliably boot many Linux and BSD systems. -Availability ------------- +### Availability Do this in lbmk.git (Libreboot's build system) to check whether your board has U-Boot enabled: @@ -48,8 +49,16 @@ Here is an example of what it looks like on the boot menu: -Boot Linux/BSD installer (USB) ---------------------------- +### Errors + +If you see error `-25` in the bootflow menu, it's because there's nothing +installed that i t can use e.g. EFI bootloader such as GRUB. + +If you see error `-2` it's likely that you have tried to boot a USB drive +automatically; sometimes you have to do it manually (see the section below +about using the bootflow command manually, via `bootflow select`). + +### Boot Linux/BSD installer (USB) Just stick your formatted USB stick in. U-Boot should detect it. Sometimes some USB flash drives are broken, because many of them violate specifications and @@ -70,8 +79,7 @@ After selecting the device, you can do: bootflow boot -Booting installed system ------------------------- +### Booting installed system It should just work. If all is well, it'll show the bootflow menu. Simply select your device. If you see error, perhaps try: @@ -79,10 +87,9 @@ select your device. If you see error, perhaps try: bootefi bootmgr Tested operating systems -======================== +------------------------ -Linux/BSD ---------- +### Linux/BSD Arch Linux, Debian Linux and OpenBSD have been tested. @@ -96,15 +103,14 @@ bootloader in the installed system). EFI-based GRUB menus like in the Debian installer seemed to work just fine, that is: setups that use the EFI framebuffer instead of a text console. -Windows -------- +### Windows Windows was tested, and doesn't work yet. Simon Glass maintains the x86 coreboot payload, and has informed me that he still has some work to do there. SecureBoot -========== +---------- Supported by U-Boot, though U-Boot does not currently have a robust way of storing EFI variables, and Libreboot disables SecureBoot by default. However, @@ -118,8 +124,45 @@ UEFI SecureBoot with a Linux UKI could achieve similar results in a security sense to Libreboot's GRUB hardening setup, though the latter is more flexible, albeit not widely used by the mainstream, but it does work (I use it myself!). +ThinkPad X60/T60 +---------------- + +The 32-bit U-Boot payload is only useful for 32-bit setups, and 32-bit UEFI +isn't really that common on x86; the 64-bit U-Boot payload is much more useful, +in this context. + +Most ThinkPad X60/T60 have 32-bit-only CPUs in them, so the 32-bit U-Boot +payload is used. If you have a 64-bit CPU (Core 2 Duo instead of Core Duo), +namely Core 2 Duo L9400, T5600 or T7200, you might be able to use the 64-bit +payload instead, for full 64-bit UEFI, but this is currently not tested and it +is not configured. + +To enable this, on compatible CPUs, make the following modifications to the +build system and compile a custom image: + +Check `config/coreboot/x60/target.cfg` (change `x60` to what you use if it +differs), and you'll find something like this: + + build_depend="seabios/default grub/default u-boot/i386coreboot" + payload_uboot_i386="y" + +In the above example, you would change it to: + + build_depend="seabios/default grub/default u-boot/amd64coreboot" + payload_uboot_amd64="y" + +You can then re-compile the image, using +standard [build instructions](../build/). For example on X60 you would use +the following build target: + + ./mk -b coreboot x60 + +Using a full UEFI setup on such old hardware is quite novel and might be +interesting in the future, as more distros stop supporting BIOS-based methods, +or where the latter may become untested in the future. + Bugs -==== +---- Limited testing, at least as of 6 December 2024, but some issues that appeared included: @@ -139,7 +182,7 @@ but some don't very well; the GM45 machines work well, e.g. a ThinkPad X200 was tested. Mitigating instability -======================= +---------------------- U-Boot is not a primary payload on any board where it's enabled. It's instead chainloaded from SeaBIOS on 64-bit x86, and from GRUB on 32-bit x86. You select diff --git a/site/docs/uboot/uboot-x86.md.description b/site/docs/uboot/uboot-x86.md.description new file mode 100644 index 0000000..2bdf149 --- /dev/null +++ b/site/docs/uboot/uboot-x86.md.description @@ -0,0 +1 @@ +Free/opensource UEFI payload for Libreboot, via U-Boot UEFI coreboot payload. This is provided by the Libreboot project on x86 and amd64 platforms. diff --git a/site/download.md b/site/download.md index e1f42cb..d9f18b6 100644 --- a/site/download.md +++ b/site/download.md @@ -1,5 +1,5 @@ --- -title: Downloads +title: Download Libreboot Free/Opensource BIOS/UEFI firmware x-toc-enable: true ... @@ -25,13 +25,15 @@ operates Minifree Ltd; sales provide funding for the Libreboot project. Safety warning -------------- -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](news/safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](docs/install/ivy_has_common.md), +OR YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](docs/install/ivy_has_common.md).** GPG signing key --------------- -**The latest release is Libreboot 20241206, under the `stable` directory.** +**The latest release is Libreboot 25.06, under the `stable` directory.** ### NEW KEY @@ -83,7 +85,7 @@ there is a Git repository that you can download from. Go here: HTTPS mirrors {#https} ------------- -**The latest release is Libreboot 20241206, under the `stable` directory.** +**The latest release is Libreboot 25.06, under the `stable` directory.** These mirrors are recommended, since they use TLS (https://) encryption. @@ -174,7 +176,7 @@ crontab. This page tells you how to use crontab: HTTP mirrors {#http} ------------ -**The latest release is Libreboot 20241206, under the `stable` directory.** +**The latest release is Libreboot 25.06, under the `stable` directory.** WARNING: these mirrors are non-HTTPS which means that they are unencrypted. Your traffic could be subject to interference by @@ -188,7 +190,7 @@ if using HTTPS. FTP mirrors {#ftp} ----------- -**The latest release is Libreboot 20241206, under the `stable` directory.** +**The latest release is Libreboot 25.06, under the `stable` directory.** WARNING: FTP is also unencrypted, like HTTP. The same risks are present. diff --git a/site/download.md.description b/site/download.md.description new file mode 100644 index 0000000..73dc96d --- /dev/null +++ b/site/download.md.description @@ -0,0 +1 @@ +Download Libreboot free/opensource BIOS/UEFI firmware. Libreboot is a coreboot distro, and provides several payloads such as the GNU boot loader named GRUB. diff --git a/site/download.tr.md b/site/download.tr.md new file mode 100644 index 0000000..3d0c926 --- /dev/null +++ b/site/download.tr.md @@ -0,0 +1,179 @@ +--- +title: Libreboot Özgür/Açık Kaynaklı BIOS/UEFI Yazılımını İndirin +x-toc-enable: true +... + +Yeni sürümler [ana haberler bölümünde](news/) duyurulur. + +Libreboot geliştirmesiyle daha çok ilgileniyorsanız, Git depolarına bağlantılar da içeren [libreboot geliştirme sayfasına](../git.md) gidin. [/docs/maintain/](docs/maintain/) sayfasında Libreboot'un nasıl bir araya getirildiği ve nasıl bakım yapılacağı açıklanmaktadır. Libreboot'u kaynak koddan derlemek istiyorsanız, [bu sayfayı okuyun](docs/build/). + +Libreboot Önyüklenmiş Olarak Satın Alın +-------------------------------------- + +Profesyonel kurulum istiyorsanız, Minifree Ltd seçili donanımlarda [Libreboot önyüklenmiş](https://minifree.org/) cihazlar satmaktadır ve ayrıca makinenizi göndererek Libreboot kurulumu yaptırmak istiyorsanız [Libreboot önyükleme hizmeti](https://minifree.org/product/installation-service/) sunmaktadır. + +Libreboot'un kurucusu ve baş geliştiricisi Leah Rowe aynı zamanda Minifree Ltd'yi de işletmektedir; satışlar Libreboot projesi için finansman sağlamaktadır. + +Güvenlik Uyarısı +--------------- + +**KURULUMDAN ÖNCE LÜTFEN [BU TALİMATLARI OKUYUN](docs/install/ivy_has_common.md), +AKSİ TAKDİRDE CİHAZINIZI BOZMUŞ OLABİLİRSİNİZ!! - Lütfen bağlantıya tıklayın ve oradaki talimatları +takip edin. Hatırlatma olarak, [işte bağlantı tekrar burada](docs/install/ivy_has_common.md).** + +GPG İmza Anahtarı +---------------- + +**En son sürüm, `stable` dizini altındaki Libreboot 25.06'dır.** + +### YENİ ANAHTAR + +Tam anahtar parmak izi: `8BB1 F7D2 8CF7 696D BF4F 7192 5C65 4067 D383 B1FF` + +Bu anahtar, 20240126 sürümünden *sonraki* Libreboot sürümleri içindir. 2024 yılındaki tüm Libreboot sürümleri için geçerlidir ve (erken iptal edilmezse) 26 Aralık 2028'de sona erecektir. + +Anahtarı buradan indirin: [lbkey.asc](lbkey.asc) + +Libreboot sürümleri GPG kullanılarak imzalanır. + +### ESKİ ANAHTAR + +Tam anahtar parmak izi: `98CC DDF8 E560 47F4 75C0 44BD D0C6 2464 FA8B 4856` + +Bu anahtar, 20160907 sürümünden *sonraki* ve Libreboot 20240126 sürümüne kadar olan Libreboot sürümleri içindir. Bu anahtar Aralık 2023'te *sona erdi*, bu nedenle Libreboot 20240126'dan sonraki sürümler için *yeni* anahtarı (yukarıya bakın) kullanmalısınız. + +Anahtarı buradan indirin: [lbkey.asc](lbkeyold.asc) + +Libreboot sürümleri GPG kullanılarak imzalanır. + +### ESKİ ESKİ ANAHTAR: + +Bu anahtar Libreboot 20160907 ve 20160907'den eski sürümler içindir: + +Tam anahtar parmak izi: CDC9 CAE3 2CB4 B7FC 84FD C804 969A 9795 05E8 C5B2 + +GPG anahtarı ayrıca bu dışa aktarılmış pubkey dökümüyle de indirilebilir: [lbkeyold.asc](lbkeyoldold.asc). + + sha512sum -c sha512sum.txt + gpg --verify sha512sum.txt.sig + +Git Deposu +--------- + +Bu sayfada düzenli sürüm arşivlerine bağlantılar listelenmiştir. + +Ancak, Libreboot'un en güncel sürümü için indirebileceğiniz bir Git deposu vardır. Buraya gidin: + +[Libreboot'u Git'ten nasıl indirirsiniz](git.md) + +HTTPS Yansıları {#https} +-------------- + +**En son sürüm, `stable` dizini altındaki Libreboot 25.06'dır.** + +Bu yansılar TLS (https://) şifrelemesi kullandığı için önerilir. + +Libreboot'u bu yansılardan indirebilirsiniz: + +* (Princeton +üniversitesi, ABD) +* (shapovalov.website, Ukrayna) +* (Kent +Üniversitesi, BK) +* (MIT üniversitesi, ABD) +* (koddos.net, Hollanda) +* (koddos.net, Hong Kong) +* (cyberbits.eu, Fransa) + +RSYNC Yansıları {#rsync} +-------------- + +Aşağıdaki rsync yansıları herkese açık olarak kullanılabilir: + +* (Kent Üniversitesi, +BK) +* (Princeton üniversitesi, ABD) +* (shapovalov.website, Ukrayna) +* (linux.ro, Romanya) +* (koddos.net, Hollanda) +* (koddos.net, Hong Kong) + +Bir yansı mı çalıştırıyorsunuz? Libreboot projesiyle iletişime geçin, bağlantı bu sayfaya eklenecektir! + +Rsync yansınızı web sunucunuz üzerinden kullanıma sunabilir ve ayrıca *kendi* yansınızı rsync üzerinden erişilebilir olacak şekilde yapılandırabilirsiniz. İnternette bir rsync sunucusunun nasıl kurulacağını gösteren birçok kaynak vardır. + +Kendi rsync yansınızı nasıl oluşturursunuz: + +Libreboot'un tüm sürüm arşivlerini yansılamak için kullanışlıdır. Bir rsync komutunu crontab'a koyabilir ve dosyaları web sunucunuzdaki bir dizine çekebilirsiniz. + +Tüm seti yansılayacaksanız, en az 25GiB ayırmanız önerilir. Libreboot'un rsync'i şu anda yaklaşık 12GiB'dir, bu nedenle 25GiB ayırmak size gelecek için bol alan sağlayacaktır. Minimum olarak, Libreboot yansınız için en az 15-20GiB alan kullanılabilir olduğundan emin olmalısınız. + +Resmi bir yansı barındırmak istiyorsanız, *libreboot.org yansısını kullanmanız şiddetle önerilir*. Aksi takdirde, sadece kendi yerel yansınızı oluşturmak istiyorsanız, libreboot.org'dan senkronize olan diğer yansılardan birini kullanmalısınız. + +Yansıyı oluşturmadan önce, web sunucunuzda bir dizin oluşturun. Örneğin: + + mkdir /var/www/html/libreboot/ + +Şimdi rsync'i çalıştırabilirsiniz, örneğin: + + rsync -avz --delete-after rsync://rsync.libreboot.org/mirrormirror/ /var/www/html/libreboot/ + +Bunu saatlik bir crontab'a koyabilirsiniz. Örneğin: + + crontab -e + +Ardından crontab'a bu satırı ekleyin ve kaydedin/çıkın (saatlik crontab): + + 0 * * * * rsync -avz --delete-after rsync://rsync.libreboot.org/mirrormirror/ /var/www/html/libreboot/ + +**Yukarıdaki rsync komutunda her yolun sonunda ileri eğik çizginin (/) olması son derece önemlidir. +Aksi takdirde, rsync çok garip davranacaktır.** + +**NOT: `rsync.libreboot.org` doğrudan halka açık değildir, yalnızca +IP'leri beyaz listeye alınanlar erişebilir. Bant genişliği nedeniyle, libreboot.org'da çalışan +güvenlik duvarı, belirli IP'ler dışında gelen rsync isteklerini engeller.** + +**Bir rsync yansısı çalıştırmak istiyorsanız, yukarıdaki üçüncü taraf yansılarından birinden senkronize edin +ve yansınızı kurun. Ardından IP adreslerinizin rsync kullanımı için beyaz listeye alınması için +Leah Rowe ile iletişime geçebilirsiniz - IP adresleri rsync ana bilgisayarınızın DNS A/AAAA +kayıtlarıyla eşleşiyorsa, bu kullanılabilir. libreboot.org'da saatlik bir crontab'da çalışan bir betik, +beyaz listeye alınmış rsync yansılarının A/AAAA kayıtlarını otomatik olarak alır ve güvenlik duvarından +geçmelerine izin veren kurallar ekler.** + +Rsync yansınızı düzenli olarak güncel tutmak istiyorsanız, bir crontab'a ekleyebilirsiniz. Bu sayfa size crontab'ın nasıl kullanılacağını anlatır: + + +HTTP Yansıları {#http} +------------- + +**En son sürüm, `stable` dizini altındaki Libreboot 25.06'dır.** + +UYARI: bu yansılar HTTPS olmadığı için şifrelenmemiştir. Trafiğiniz +kötü niyetli kişiler tarafından müdahaleye uğrayabilir. Doğru anahtara sahip olduğunuzu +varsayarak, özellikle GPG imzalarını kontrol ettiğinizden emin olun. Tabii ki, +HTTPS kullansanız bile bunu yapmalısınız. + +* (linux.ro, Romanya) +* (in-berlin.de, Almanya) + +FTP Yansıları {#ftp} +------------ + +**En son sürüm, `stable` dizini altındaki Libreboot 25.06'dır.** + +UYARI: FTP de HTTP gibi şifrelenmemiştir. Aynı riskler mevcuttur. + +* (Kent +Üniversitesi, BK) +* (linux.ro, Romanya) + +Statik Olarak Bağlanmış +---------------------- + +Libreboot, bazı sürümlerde mevcut kaynak koddan derlenmiş statik olarak bağlanmış yürütülebilir dosyalar içerir. Bu yürütülebilir dosyalar, birçok Linux dağıtımında çalışabilmeleri için belirli kitaplıkları içlerinde barındırır. + +GPL v2'ye uymak için, Libreboot projesi tarafından kaynak ISO'lar sağlanır. Bu kaynak ISO'ları `rsync` yansılarındaki `ccsource` dizininde bulabilirsiniz. + +20160907 sürümünden sonraki Libreboot sürümleri statik olarak bağlanmış ikili dosyalar dağıtmaz. Bunun yerine, bu sürümler normal Libreboot kaynak kodu arşivlerinin yeterli olduğu önceden derlenmiş ROM imajları dışında yalnızca kaynak içerir. Bu yeni sürümler bunun yerine derleme bağımlılıklarının kurulumunu otomatikleştirir ve çeşitli yardımcı programları kaynak koddan derlemek için belgelerde talimatlar sunar. + +Bu yürütülebilir dosyalar `flashprog` gibi yardımcı programlardır. diff --git a/site/download.uk.md b/site/download.uk.md index b001d48..fda54af 100644 --- a/site/download.uk.md +++ b/site/download.uk.md @@ -25,13 +25,15 @@ operates Minifree Ltd; sales provide funding for the Libreboot project. Safety warning -------------- -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](news/safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](docs/install/ivy_has_common.md).** Код підпису GPG --------------- -**Останнім випуском є Libreboot 20241206, в директорії `stable`.** +**Останнім випуском є Libreboot 25.06, в директорії `stable`.** ### НОВИЙ КЛЮЧ @@ -49,10 +51,9 @@ will expire on 26 December 2028. Повний відбиток ключа: `98CC DDF8 E560 47F4 75C0 44BD D0C6 2464 FA8B 4856` -This key is for Libreboot releases *after* the 20160907 release, and up -to the Libreboot 20241206 release. This key *expired* during December 2023, -so you should use the *newer* key (see above) for the releases after -Libreboot 20240126. +This key is for Libreboot releases *after* the 20160907 release. +This key *expired* during December 2023, so you should use the *newer* +key (see above) for the releases after Libreboot 20240126. Завантажте ключ тут: [lbkey.asc](lbkeyold.asc) @@ -83,7 +84,7 @@ Libreboot 20240126. Дзеркала HTTPS {#https} ------------- -**Останнім випуском є Libreboot 20241206, в директорії `stable`.** +**Останнім випуском є Libreboot 25.06, в директорії `stable`.** Дані дзеркала є рекомендованими, оскільки використовують TLS (https://) шифрування. @@ -174,7 +175,7 @@ crontab. Ця сторінка розповідає вам, як викорис Дзеркала HTTP {#http} ------------ -**Останнім випуском є Libreboot 20241206, під директорією `stable`.** +**Останнім випуском є Libreboot 25.06, під директорією `stable`.** УВАГА: ці дзеркала є не-HTTPS, що означає, що вони незашифровані. Ваш трафік може бути об'єктом втручання @@ -188,7 +189,7 @@ crontab. Ця сторінка розповідає вам, як викорис Дзеркала FTP {#ftp} ----------- -**Останнім випуском є Libreboot 20241206, під директорією `stable`.** +**Останнім випуском є Libreboot 25.06, під директорією `stable`.** УВАГА: FTP є також незашифрованим, подібно HTTP. Ті ж самі ризики присутні. diff --git a/site/faq.md b/site/faq.md index 2609e54..cf0ccc0 100644 --- a/site/faq.md +++ b/site/faq.md @@ -1,15 +1,17 @@ --- -title: Frequently Asked Questions +title: Frequently Asked Questions about Libreboot firmware x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** AKA Frequently Questioned Answers Disable security before flashing -================================ +-------------------------------- Before internal flashing, you must first disable `/dev/mem` protections. Make sure to re-enable them after you're finished. @@ -17,7 +19,7 @@ sure to re-enable them after you're finished. See: [Disabling /dev/mem protection](docs/install/devmem.md) Buy Libreboot pre-installed -========== +--------------------------- If you want professional installation, Minifree Ltd sells [Libreboot pre-installed](https://minifree.org/) on select hardware, and it also provides @@ -28,29 +30,25 @@ Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. Important issues -================ +---------------- -How to compile libreboot from source ------------------------------------- +### How to compile libreboot from source Refer to the [lbmk build instructions](docs/build/). -How does the build system work? -------------------------------- +### How does the build system work? Refer to the [lbmk maintenance manual](docs/maintain/). -Do not use CH341A! ------------------- +### Do not use CH341A! -This SPI flasher will damage your chip, and the mainboard that it is connected +This SPI flasher will damage your chip, and the motherboard that it is connected to. Read the notes about CH341A on [docs/install/spi.md](docs/install/spi.md) to learn more. -How Can I Help --------------- +### How Can I Help You do not need to be a skilled developer in order to help the project substantially. @@ -63,8 +61,7 @@ Testing involves minimal effort and really helps out the project. See the [board maintainers documentation](/docs/maintain/testing.md) if you are interested in testing roms before they are released. -Uneven backlight on GM45 ThinkPads ----------------------------------- +### Uneven backlight on GM45 ThinkPads We don't know how to detect the correct PWM value to use in coreboot, so we just use the default one in coreboot which has @@ -73,8 +70,7 @@ this issue on some CCFL panels, but not LED panels. You can work around this in your distribution, by following the notes at [docs: backlight control](../docs/misc/#finetune-backlight-control-on-intel-gpus). -GM45 thinkpad ethernet port doesn't autoconnect ------------------------------------------------ +### GM45 thinkpad ethernet port doesn't autoconnect This was observed on some systems using network-manager. This happens both on the original BIOS and in libreboot. It's a quirk in the @@ -90,8 +86,7 @@ On systemd-based distros, you might try: (the service name might be different for you, depending on your configuration) -PIKE2008 module hangs KGPE-D16 / KCMA-D8 ------------------------------------------ +### PIKE2008 module hangs KGPE-D16 / KCMA-D8 Loading the option ROM from the PIKE2008 module on either ASUS KCMA-D8 or KGPE-D16 causes the system to hang at boot. It's possible to use @@ -100,8 +95,7 @@ or to boot (with SeaGRUB and/or SeaBIOS) from regular SATA and then use it in Linux. The Linux kernel is capable of using the PIKE2008 module without loading the option ROM. -How to save kernel panic logs on thinkpad laptops? --------------------------------------------------- +### How to save kernel panic logs on thinkpad laptops? The easiest method of doing so is by using the kernel's netconsole and reproducing the panic. Netconsole requires two machines, the one that is @@ -166,23 +160,21 @@ the target (`target$`): 7. Try to reproduce the kernel panic. Hardware compatibility -====================== +---------------------- -What systems are compatible with libreboot? ------------------------------------------------------------------------------------ +### What systems are compatible with libreboot? Any system can easily be added, so *compatibility* merely refers to whatever boards are integrated in the `lbmk` build system, which libreboot uses. The [installation page](docs/install/) lists compatible machines. -Freedom pitfalls with modern Intel hardware {#intel} ----------------------------------------------------- +### Freedom pitfalls with modern Intel hardware {#intel} Coreboot is nominally Free Software, but requires certain vendor code on some x86 targets that it supports, on both Intel and AMD. -### Intel Management Engine (ME) {#intelme} +#### Intel Management Engine (ME) {#intelme} NOTE: The information below is slightly out of date. Nowadays, Intel ME does not run on an ARC coprocessor, but instead runs on a modified Intel 486 based @@ -268,8 +260,8 @@ the CPU, and prevent the CPU from executing boot firmware that isn't signed with their private key. This means that ***coreboot and libreboot are impossible to port*** to such PCs, without the OEM's private signing key. Note that systems assembled from separately purchased -mainboard and CPU parts are unaffected, since the vendor of the -mainboard (on which the boot firmware is stored) can't possibly affect +motherboard and CPU parts are unaffected, since the vendor of the +motherboard (on which the boot firmware is stored) can't possibly affect the public key stored on the CPU. ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) @@ -303,7 +295,7 @@ privacy that can't be ignored. Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash -memory space. The libreboot project [does this](docs/install/ich9utils.md) on +memory space. The libreboot project does this on the Intel 4 Series systems that it supports, such as the [ThinkPad X200](../docs/install/x200.md) and [ThinkPad T400](../docs/install/t400.md). ME firmware versions 6.0 and @@ -351,7 +343,7 @@ If you're stuck with the ME (non-libreboot system), you might find this interesting: -### Firmware Support Package (FSP) {#fsp} +#### Firmware Support Package (FSP) {#fsp} On all recent Intel systems, coreboot support has revolved around integrating a vendor file (for each system) called the *FSP* (firmware support @@ -365,7 +357,7 @@ Since the FSP is responsible for the early hardware initialization, that means it also handles SMM (System Management Mode). This is a special mode that operates below the operating system level. -### CPU microcode updates {#microcode} +#### CPU microcode updates {#microcode} The microcode configures logic gates in your CPU, to implement an instruction set architecture. Your CPU will already contain them, but it also supplies a @@ -391,8 +383,7 @@ The git repository for that project is here: Both the video and the repository give some further insight about CPU microcode. The way it works on AMD will be very similar to Intel. -Freedom pitfalls to consider on AMD hardware {#amd} ----------------------------------------------------------------------------- +### Freedom pitfalls to consider on AMD hardware {#amd} NOTE: Nowadays there's openSIL - it's AMD's attempt to provide some source code again, that projects like coreboot @@ -402,7 +393,7 @@ be "neutered" (nothing like `me_cleaner`, or *psp\_cleaner*) exists yet. AMD has more or less the same problem as Intel, when it comes to software freedom. -### AMD Platform Security Processor (PSP) +#### AMD Platform Security Processor (PSP) This is basically AMD's own version of the [Intel Management Engine](#intelme). It has all of the same basic security and freedom @@ -445,13 +436,13 @@ anecdotal reports indicate that AMD's boot guard counterpart will be used on most OEM hardware, disabled only on so-called "enthusiast" CPUs. -### AMD IMC firmware +#### AMD IMC firmware Read . NOTE: This section is oudated, and it is in need of cleanup. -### AMD SMU firmware +#### AMD SMU firmware NOTE: This section may be outdated, and it is in need of cleanup. @@ -469,7 +460,7 @@ and based on this work, Damien Zammit (another coreboot hacker) firmware, but on the relevant system (ASUS F2A85-M) there were still other such files present (Video BIOS, and others). -### AMD AGESA firmware +#### AMD AGESA firmware NOTE: More needs to be written about this, to reflect the current reality. The situation with AMD has evolved in recent years. The information on this FAQ @@ -481,7 +472,7 @@ project, releasing this as source code under a free license. In 2014, they stopped releasing source code and started releasing AGESA as vendor blobs instead. This makes AGESA now equivalent to [Intel FSP](#fsp). -### AMD CPU microcode updates +#### AMD CPU microcode updates Read the Intel section practically the same, though it was found with much later hardware in @@ -491,8 +482,7 @@ the updates are needed on all AMD boards (depends on CPU). The libreboot project does not consider microcode updates a problem, and it enables them by default on all supported hardware. -Hi, I have <insert random system here>, is it supported? --------------------------------------------------------------------------------------------------------- +### Hi, I have <insert random system here>, is it supported? If it's supported by coreboot, you can add it immediately. Read the [porting guide](/docs/maintain/porting.html) for how to port for a new board. @@ -503,15 +493,13 @@ If coreboot lacks support for your hardware, you must add support for it. Please consult the coreboot project for guidance. General questions -================= +----------------- -How do I install libreboot? -------------------------------------------------------- +### How do I install libreboot? See [installation guide](docs/install/) -How do I program an SPI flash chip? ---------------------------------------------------------------------------------- +### How do I program an SPI flash chip? Refer to:\ [Externally rewrite 25xx NOR flash via SPI protocol](docs/install/spi.md) @@ -519,8 +507,7 @@ Refer to:\ It's possible to use a 16-pin SOIC test clip on an 8-pin SOIC chip, if you align the pins properly. The connection is generally more sturdy. -How do I write-protect the flash chip? ----------------------------------------------------------------------------- +### How do I write-protect the flash chip? By default, there is no write-protection on a libreboot system. This is for usability reasons, because most people do not have easy access to an @@ -529,19 +516,13 @@ inconvenient to use an external programmer. On some systems, it is possible to write-protect the firmware, such that it is rendered read-only at the OS level (external flashing is still -possible, using dedicated hardware). For example, on current GM45 -laptops (e.g. ThinkPad X200, T400), you can write-protect (see -[ICH9 gen utility](docs/install/ich9utils.md#ich9gen)). - -It's possible to write-protect on all libreboot systems, but the instructions -need to be written. The documentation is in the main git repository, so you are -welcome to submit patches adding these instructions. +possible, using dedicated hardware). [See instructions +here.](docs/linux/grub_hardening.md#flash-write-protection) TODO: Document PRx based flash protection on Intel platforms, and investigate other methods on AMD systems. -How do I change the BIOS settings? ------------------------------------------------------------------------- +### How do I change the BIOS settings? Most libreboot setups actually use the [GRUB payload](http://www.coreboot.org/GRUB2). More information about payloads @@ -575,11 +556,10 @@ To get a full list of available options, do this: This will change the default inside that ROM image, and then you can re-flash it. -How do I pad a ROM before flashing? --------------------------------------- +### How do I pad a ROM before flashing? It is advisable to simply use a larger ROM image. This section was written -mostly for ASUS KCMA-D8 and KGPE-D16 mainboards, where previously we only +mostly for ASUS KCMA-D8 and KGPE-D16 motherboards, where previously we only provided 2MiB ROM images in libreboot, but we now provide 16MiB ROM images. Other sizes are not provided because in practise, someone upgrading one of these chips will just use a 16MiB one. Larger sizes are available, but 16MiB @@ -615,8 +595,7 @@ padded 16MiB image do the following: With padding removed cbfstool will be able to operate on the image as usual. -Do I need to install a bootloader when installing a distribution? ---------------------------------------------------------------------------------------------------- +### Do I need to install a bootloader when installing a distribution? Most libreboot setups integrate the GRUB bootloader already, as a *[payload](http://www.coreboot.org/Payloads)*. This means that the GRUB @@ -634,8 +613,7 @@ Nowadays, other payloads are also provided. If you're using the SeaBIOS payload, then the normal MBR bootsector is used on your HDD or SSD, like you would expect. So the above paragraphs only apply to the GRUB payload. -Do I need to re-flash when I re-install a distribution? -------------------------------------------------------------------------------------------- +### Do I need to re-flash when I re-install a distribution? Not anymore. Recent versions of libreboot (using the GRUB payload) will automatically switch to a GRUB configuration on the HDD or SSD, if it @@ -647,34 +625,54 @@ more information, see If you're using the SeaBIOS payload, it's even easier. It works just like you would expect. SeaBIOS implements a normal x86 BIOS interface. -What does a flash chip look like? ------------------------------------------------------------------ +### What does a flash chip look like? You can find photos of various chip types on the following page:\ [External 25xx NOR flashing guide](docs/install/spi.md) -Inability to modprobe thinkpad\_acpi on Haswell -=============================================== +Inability to load `thinkpad_acpi` on post-haswell systems {#thinkpad-acpi} +-------------------------------------------------------------------------- -This was reported by a user, running Debian 11 with -kernel `5.19.0-0.deb11.2-amd64`. The `thinkpad_acpi` module was not loading, -with the following message: +Reported by a user on Debian 11 (on a ThinkPad T440p) and a user +on Void Linux (ThinkPad T480), Linux (or modprobe) may fail to load +`thinkpad_acpi`. ``` modprobe: ERROR: could not insert 'thinkpad_acpi': "No such device" ``` -Battery info in `/sys` was absent, because of this. The user reported that -the following workaround was effective (in Debian). +It is suspected that at least these motherboards are affected: -Add this line to `/etc/modprobe.d/thinkpad_acpi.conf`: + * [ThinkPad W541](docs/install/w541_external.md) + * [ThinkPad T440p](docs/install/t440p_external.md) + * [ThinkPad T480/T480s](docs/install/t480.md) + +This may result the following effects, including or not limited to: + + * Temperature reporting not working + * Battery info not working. + * Fan speed reporting not working + * Fan control not working + +**However, enabling it on the ThinkPad T480 may cause the following issues, +as of Libreboot 20241206rev8: it might turn off rfkill making you have to +manually unblock wlan, and the Fn keys through F9 to F12 may stop working.** + +For these systems, add the line ``` options thinkpad_acpi force_load=1 ``` -tlp ---- +to any file in `/etc/modprobe.d`. You can also add + +``` +thinkpad_acpi.force_load=1 +``` + +to your kernel parameters (in GRUB, or your preferred linux-capable bootloader). + +### tlp You can install the `tlp` package and start that service. For example, on Debian: @@ -700,7 +698,7 @@ tlp-stat -b This will provide information about the battery. What other firmware exists outside of libreboot? -================================================== +------------------------------------------------ You can also read information about these in the [libreboot binary blob reduction policy](news/policy.md), where it goes into more detail about some @@ -916,10 +914,9 @@ Use of ethernet or wifi is recommended, as opposed to mobile networks, as these are generally much safer. Operating Systems -================= +----------------- -Can I use Linux? --------------------------------------------------- +### Can I use Linux? Absolutely! It is well-tested in libreboot, and highly recommended. See [installing Linux](../docs/linux/grub_boot_installer.md) and @@ -928,15 +925,13 @@ Absolutely! It is well-tested in libreboot, and highly recommended. See Any recent distribution should work, as long as it uses KMS (kernel mode setting) for the graphics. -Fedora won't boot? (may also be applicable to Redhat/CentOS) ------------------------------------------------------------ +### Fedora won't boot? (may also be applicable to Redhat/CentOS) On Fedora, by default the grub.cfg tries to boot linux in 16-bit mode. You just have to modify Fedora's GRUB configuration. Refer to [the Linux page](docs/linux/). -Can I use BSD? ----------------------------------- +### Can I use BSD? Absolutely! The libreboot firmware has good support for FreeBSD, NetBSD and OpenBSD. Other systems are untested, but should work just fine. @@ -944,8 +939,7 @@ OpenBSD. Other systems are untested, but should work just fine. See: [docs/bsd/](docs/bsd/) -Windows?? ---------- +### Windows?? Yes, you can use Windows 10 and 11. They are not officially supported and the Libreboot project recommends that you *avoid* this choice, because Windows is @@ -982,23 +976,22 @@ SeaBIOS, with the coreboot framebuffer initialised at startup, on an Intel GPU initialised via coreboot's *libgfxinit*, on November 2023 versions of Libreboot. We do not yet support booting with UEFI on x86 machines. -Are other operating systems compatible? -------------------------------------------------------------------- +### Are other operating systems compatible? Unknown. Perhaps so, but it's impossible to say without further testing. What level of software freedom does libreboot give me? -=================================================== +-------------------------------------------------- Please read the [libreboot binary blob minimalisation policy](news/policy.md). Please also read: -[Software and hardware freedom status for each mainboard supported by +[Software and hardware freedom status for each motherboard supported by Libreboot](software-freedom.md) The libreboot firmware provides host hardware initialisation inside ROM files, that can be written to NOR flash, but on many systems there exist -a lot more small computers on the mainboard running blob firmware. +a lot more small computers on the motherboard running blob firmware. Some of them are not practicable to replace due to being located on Mask ROM. Most laptops have EC (Embedded Controller) firmware, for example. @@ -1038,7 +1031,7 @@ exist, for example, the work done by Sam Zeloof and the Libre Silicon project: (Sam literally makes CPUs in his garage) Where can I learn more about electronics -========================================== +---------------------------------------- * Basics of soldering and rework by PACE Both series of videos are mandatory regardless of your soldering skill. diff --git a/site/faq.tr.md b/site/faq.tr.md new file mode 100644 index 0000000..7d3b9da --- /dev/null +++ b/site/faq.tr.md @@ -0,0 +1,234 @@ +--- +title: Libreboot Yazılımı Hakkında Sık Sorulan Sorular +x-toc-enable: true +... + +**NOT: Libreboot, 27 Ocak 2024 itibariyle artık flashrom'un bir çatalı olan [flashprog](https://flashprog.org/wiki/Flashprog)'u standart olarak kullanmaktadır. +Bunun nedeni [Libreboot 20240225 sürümünde](news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom) açıklanmıştır** + +Diğer adıyla Sıkça Sorgulanan Yanıtlar + +Yazılım Yüklemeden Önce Güvenliği Devre Dışı Bırakın +--------------------------------------------------- + +Dahili yazılım yüklemeden önce, `/dev/mem` korumalarını devre dışı bırakmanız gerekir. İşiniz bittiğinde tekrar etkinleştirdiğinizden emin olun. + +Bakınız: [/dev/mem korumasını devre dışı bırakma](docs/install/devmem.md) + +Libreboot Önyüklenmiş Olarak Satın Alın +-------------------------------------- + +Profesyonel kurulum istiyorsanız, Minifree Ltd seçili donanımlarda [Libreboot önyüklenmiş](https://minifree.org/) cihazlar satmaktadır ve ayrıca makinenizi göndererek Libreboot kurulumu yaptırmak istiyorsanız [Libreboot önyükleme hizmeti](https://minifree.org/product/installation-service/) sunmaktadır. + +Libreboot'un kurucusu ve baş geliştiricisi Leah Rowe aynı zamanda Minifree Ltd'yi de işletmektedir; satışlar Libreboot projesi için finansman sağlamaktadır. + +Önemli Konular +------------- + +### Libreboot'u kaynak koddan nasıl derlerim? + +[lbmk derleme talimatlarına](docs/build/) bakın. + +### Derleme sistemi nasıl çalışır? + +[lbmk bakım kılavuzuna](docs/maintain/) bakın. + +### CH341A Kullanmayın! + +Bu SPI programlayıcı çipinize ve bağlı olduğu anakarta zarar verecektir. + +Daha fazla bilgi için [docs/install/spi.md](docs/install/spi.md) sayfasındaki CH341A hakkındaki notları okuyun. + +### Nasıl Yardımcı Olabilirim + +Projeye önemli ölçüde yardımcı olmak için yetenekli bir geliştirici olmanız gerekmez. +Coreboot tarafından desteklenen bir kartınız varsa, onu Libreboot'a [port etmeyi](/docs/maintain/porting.md) düşünün. + +Libreboot'ta desteklenen bir kartınız varsa, lütfen test edici olmayı düşünün. +Test etmek minimal çaba gerektirir ve projeye gerçekten yardımcı olur. +ROM'lar yayınlanmadan önce test etmekle ilgileniyorsanız [kart bakımcıları belgelerine](/docs/maintain/testing.md) bakın. + +### GM45 ThinkPad'lerde Düzensiz Arka Işık + +Coreboot'ta kullanılacak doğru PWM değerini nasıl tespit edeceğimizi bilmiyoruz, bu yüzden coreboot'taki varsayılan değeri kullanıyoruz ve bu bazı CCFL panellerde bu soruna neden oluyor, ancak LED panellerde olmuyor. + +[belgeler: arka ışık kontrolü](../docs/misc/#finetune-backlight-control-on-intel-gpus) sayfasındaki notları takip ederek dağıtımınızda bunu çözebilirsiniz. + +### GM45 ThinkPad Ethernet Portu Otomatik Bağlanmıyor + +Bu, network-manager kullanan bazı sistemlerde gözlemlendi. Bu durum hem orijinal BIOS'ta hem de libreboot'ta oluyor. Bu donanımdaki bir özelliktir. Debian sistemlerinde, ethernet kablosunu bağladığınızda ağ servisini yeniden başlatmak bir çözüm yoludur: + + sudo service network-manager restart + +Systemd tabanlı dağıtımlarda şunu deneyebilirsiniz: + + sudo systemctl restart network-manager + +(servis adı, yapılandırmanıza bağlı olarak sizin için farklı olabilir) + +### PIKE2008 Modülü KGPE-D16 / KCMA-D8'i Donduruyor + +ASUS KCMA-D8 veya KGPE-D16'da PIKE2008 modülünden seçenek ROM'unu yüklemek sistemin önyüklemede donmasına neden olur. Bunu yükte kullanmak mümkündür (linuxboot gibi bir linux çekirdeği yükü kullanıyorsanız) veya normal SATA'dan önyükleme yapmak (SeaGRUB ve/veya SeaBIOS ile) ve sonra Linux'ta kullanmak mümkündür. Linux çekirdeği, seçenek ROM'unu yüklemeden PIKE2008 modülünü kullanabilir. + +### ThinkPad Dizüstü Bilgisayarlarda Çekirdek Panik Günlüklerini Nasıl Kaydederim? + +Bunu yapmanın en kolay yolu, çekirdeğin netconsole'unu kullanmak ve paniği yeniden oluşturmaktır. Netconsole iki makine gerektirir: panik olan (kaynak) ve çökme günlüklerini alacak olan (hedef). Kaynağın ethernet kablosuyla bağlı olması ve hedefin panik anında erişilebilir olması gerekir. Bu sistemi kurmak için, kaynakta root olarak (`source#`) ve hedefte normal kullanıcı olarak (`target$`) aşağıdaki komutları çalıştırın: + +1. Hedef makinede bir dinleyici sunucu başlatın (netcat iyi çalışır): + + `target$ nc -u -l -p 6666` + +2. Configfs'yi bağlayın (önyükleme başına yalnızca bir kez, zaten bağlı olup olmadığını + `mount | grep /sys/kernel/config` ile kontrol edebilirsiniz. Bağlı değilse + çıktı vermeyecektir). + + `source# modprobe configfs` + + `source# mkdir -p /sys/kernel/config` + + `source# mount none -t configfs /sys/kernel/config` + +3. Kaynağın ethernet arayüz adını bulun, `enp*` veya `eth*` şeklinde olmalıdır, + `ip address` veya `ifconfig` çıktısına bakın. + + `source# iface="enp0s29f8u1"` bunu değiştirin + + Hedef makinenin IPv4 adresini buraya girin: + + `source# tgtip="192.168.1.2"` bunu değiştirin + +4. Kaynak makinede netconsole günlükleme hedefi oluşturun: + + `source# modprobe netconsole` + + `source# cd /sys/kernel/config/netconsole` + + `source# mkdir target1; cd target1` + + `source# srcip=$(ip -4 addr show dev "$iface" | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')` + + `source# echo "$srcip" > local_ip` + + `source# echo "$tgtip" > remote_ip` + + `source# echo "$iface" > dev_name` + + `source# arping -I "$iface" "$tgtip" -f | grep -o '..:..:..:..:..:..' > remote_mac` + + `source# echo 1 > enabled` + +5. Konsol günlük seviyesini hata ayıklamaya değiştirin: + + `source# dmesg -n debug` + +6. Günlüklemenin çalışıp çalışmadığını test edin, örneğin kaynakta bir USB + cihazı takıp çıkararak. Hedef makinede netcat'i (nc) başlattığınız + terminalde birkaç satır görünmelidir. + +7. Çekirdek paniğini yeniden oluşturmayı deneyin. + +Donanım Uyumluluğu +----------------- + +### Hangi sistemler libreboot ile uyumludur? + +Herhangi bir sistem kolayca eklenebilir, bu nedenle *uyumluluk* yalnızca libreboot'un kullandığı `lbmk` derleme sistemine entegre edilmiş kartlara atıfta bulunur. + +[Kurulum sayfası](docs/install/) uyumlu makineleri listeler. + +### Modern Intel Donanımlarında Özgürlük Tuzakları {#intel} + +Coreboot nominal olarak Özgür Yazılımdır, ancak desteklediği bazı x86 hedeflerinde hem Intel hem de AMD'de belirli satıcı kodları gerektirir. + +#### Intel Yönetim Motoru (ME) {#intelme} + +NOT: Aşağıdaki bilgiler biraz eskidir. Günümüzde Intel ME bir ARC yardımcı işlemcisinde çalışmamaktadır, bunun yerine ME yazılımı Minix işletim sistemi tabanlı x86 için yazılmış, değiştirilmiş bir Intel 486 tabanlı mimaride çalışır. Ancak, genel tasarım felsefesi ve işleyiş çoğunlukla aynıdır. + +Intel ME'ye sahip *çoğu* güncel Intel platformunda, BringUp'tan sonra Intel ME'yi devre dışı bırakmak artık mümkündür. Bakınız: + + + +İçinde Intel ME bulunan tüm GM45+ICH9M dizüstü bilgisayarlarda (ayrıca bu X4X+ICH10 masaüstü bilgisayarlar anlamına gelir), ME yazılımının önyükleme belleğinde bulunması gerekmez. Ya ME'yi devre dışı bırakan ve önyükleme belleğindeki bölgeyi kaldıran değiştirilmiş bir tanımlayıcı kullanılır ya da tanımlayıcısız bir kurulum kullanılır. Ancak, tüm modern Intel platformları ana önyükleme belleğinde bir Intel ME imajının bulunmasını gerektirir. + +Şimdi ana konuya geçelim: + +Haziran 2006'da Intel'in 965 Express Yonga Seti Ailesi (Grafik ve) Bellek Denetleyici Hub'ları veya (G)MCH'ler ve ICH8 G/Ç Denetleyici Ailesinde tanıtılan Intel Yönetim Motoru (ME), (G)MCH yongasında fiziksel olarak bulunan ayrı bir hesaplama ortamıdır. 2009'un 3. çeyreğinde, ilk nesil Intel Core i3/i5/i7 (Nehalem) CPU'ları ve Platform Denetleyici Hub'larının (PCH) 5 Serisi Yonga Seti ailesi, ICH'nin yerini alan PCH yongasının içinde daha sıkı entegre edilmiş bir ME (şimdi 6.0 sürümünde) getirdi. Böylece ME, ***2006 ortasından bu yana tüm Intel masaüstü, mobil (dizüstü) ve sunucu sistemlerinde mevcuttur***. + +ME, bir ARC işlemci çekirdeğinden (ME'nin sonraki nesillerinde diğer işlemci çekirdekleriyle değiştirilmiştir), kod ve veri önbelleklerinden, bir zamanlayıcıdan ve ek cihazların bağlandığı güvenli bir dahili veri yolundan oluşur. Bu cihazlar arasında bir kriptografi motoru, dahili ROM ve RAM, bellek denetleyicileri ve ana işletim sisteminin belleğine erişmek ve ME'nin sınırlı dahili RAM'ini desteklemek için korumalı bir harici bellek bölgesi ayırmak için bir ***doğrudan bellek erişimi (DMA) motoru*** bulunur. ME ayrıca bir Intel Gigabit Ethernet Denetleyicisi üzerinden kendi MAC adresiyle ***ağ erişimine*** sahiptir. Dahili ROM'da saklanan önyükleme programı, PC'nin SPI flash yongasından bir yazılım "manifestosu" yükler. Bu manifesto ***güçlü bir kriptografik anahtarla*** imzalanmıştır ve ME yazılımının sürümleri arasında farklılık gösterir. Manifesto belirli bir Intel anahtarıyla imzalanmamışsa, önyükleme ROM'u yazılımı yükleyip çalıştırmaz ve ME işlemci çekirdeği durdurulur. + +ME yazılımı sıkıştırılmıştır ve içeriklerinin güvenli kriptografik hash'leriyle birlikte manifestoda listelenen modüllerden oluşur. Bir modül işletim sistemi çekirdeğidir ve "ThreadX" adlı ***özel bir gerçek zamanlı işletim sistemi (RTOS) çekirdeğine*** dayanır. Geliştirici Express Logic, ThreadX için lisanslar ve kaynak kodu satar. Intel gibi müşterilerin ThreadX kaynak kodunu açıklaması veya alt lisans vermesi yasaktır. Başka bir modül, bir ***Java sanal makinesi*** ve kriptografi, güvenli depolama vb. için önceden yüklenmiş Java sınıfları kümesinden oluşan Dinamik Uygulama Yükleyicisidir (DAL). DAL modülü, PC'nin HDD veya SSD'sinden ek ME modülleri yükleyip çalıştırabilir. ME yazılımı ayrıca flash bellek alanında Intel Aktif Yönetim Teknolojisi (AMT), bir Güvenilir Platform Modülü (TPM) uygulaması, Intel Boot Guard ve ses ve video DRM sistemleri dahil olmak üzere bir dizi yerel uygulama modülü içerir. + +Intel "vPro" markasının bir parçası olan Aktif Yönetim Teknolojisi (AMT) uygulaması, uzak kullanıcıların PC'yi açmasını, kapatmasını, bilgi görüntülemesini ve başka şekillerde yönetmesini sağlayan bir Web sunucusu ve uygulama kodudur. PC ***kapalıyken bile uzaktan kullanılabilir*** (Wake-on-Lan aracılığıyla). Trafik SSL/TLS kitaplıkları kullanılarak şifrelenir, ancak tüm büyük SSL/TLS uygulamalarının çok ses getiren güvenlik açıkları olduğunu hatırlayın. AMT uygulamasının kendisinin, rootkit'ler ve keylogger'lar geliştirmek ve bir PC'nin yönetim özelliklerine gizlice şifreli erişim kazanmak için kullanılan ***[bilinen güvenlik açıkları](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits)*** vardır. ME'nin PC'nin RAM'ine tam erişimi olduğunu unutmayın. Bu, ME'nin bilgisayarınızdaki tüm verileri görebileceği anlamına gelir. + +ME yazılımı, bilgisayarınızın donanımını başlatmak için gereken düşük seviyeli kodun yanı sıra, Intel'in sizin bilgisayarınızı kontrol etmesini sağlayan bir arka kapı görevi görür. Bu, Intel'in bilgisayarınızı uzaktan kontrol etmesine, verilerinize erişmesine ve bilgisayarınızı kapatmasına olanak tanır. ME, bilgisayarınızın RAM'ine tam erişime sahiptir ve ağ üzerinden iletişim kurabilir. + +ME'nin varlığı, bilgisayarınızın güvenliğini ve gizliliğini tehlikeye atar. ME'nin varlığı, bilgisayarınızın güvenliğini ve gizliliğini tehlikeye atar. Bu nedenle, ME'yi devre dışı bırakmak veya kaldırmak önemlidir. Libreboot, ME'yi devre dışı bırakır veya kaldırır, böylece bilgisayarınızın kontrolünü size geri verir. + +### AMD Platform Security Processor (PSP) {#amd} + +AMD Platform Security Processor (PSP), AMD'nin Intel ME'ye benzer bir teknolojisidir. PSP, AMD işlemcilerinde bulunan bir ARM işlemci çekirdeğidir. PSP, ME gibi, bilgisayarınızın RAM'ine tam erişime sahiptir ve ağ üzerinden iletişim kurabilir. + +PSP, AMD'nin bilgisayarınızı kontrol etmesini sağlayan bir arka kapı görevi görür. Bu, AMD'nin bilgisayarınızı uzaktan kontrol etmesine, verilerinize erişmesine ve bilgisayarınızı kapatmasına olanak tanır. PSP, bilgisayarınızın RAM'ine tam erişime sahiptir ve ağ üzerinden iletişim kurabilir. + +PSP'nin varlığı, bilgisayarınızın güvenliğini ve gizliliğini tehlikeye atar. Bu nedenle, PSP'yi devre dışı bırakmak veya kaldırmak önemlidir. Libreboot, PSP'yi devre dışı bırakır veya kaldırır, böylece bilgisayarınızın kontrolünü size geri verir. + +### Libreboot'u Nasıl Kurarım? + +Libreboot'u kurmanın birkaç yolu vardır: + +1. Minifree Ltd'den [Libreboot önyüklenmiş](https://minifree.org/) bir bilgisayar satın alabilirsiniz. +2. Uyumlu bir bilgisayarınız varsa, [Libreboot önyükleme hizmeti](https://minifree.org/product/installation-service/) için Minifree Ltd'ye gönderebilirsiniz. +3. [Kurulum talimatlarını](docs/install/) takip ederek kendiniz kurabilirsiniz. + +### Libreboot'u Kaynak Koddan Nasıl Derlerim? + +[lbmk derleme talimatlarına](docs/build/) bakın. + +### Derleme Sistemi Nasıl Çalışır? + +[lbmk bakım kılavuzuna](docs/maintain/) bakın. + +### Libreboot'u Güncellemeli miyim? + +Evet, Libreboot'u güncel tutmanız önerilir. Her yeni sürüm, güvenlik düzeltmeleri ve yeni özellikler içerir. Güncelleme talimatları için [kurulum sayfasına](docs/install/) bakın. + +### Libreboot'u Kaldırabilir miyim? + +Evet, Libreboot'u kaldırabilir ve orijinal BIOS/UEFI yazılımınıza geri dönebilirsiniz. Ancak, bu işlem risklidir ve dikkatli yapılmalıdır. Talimatlar için [kurulum sayfasına](docs/install/) bakın. + +### Libreboot Hangi İşletim Sistemlerini Destekler? + +Libreboot, [Linux](docs/linux/) ve [BSD](docs/bsd/) işletim sistemlerini iyi destekler. Windows gibi özgür olmayan işletim sistemleri de çalışabilir, ancak bu sistemler Libreboot'un özgürlük felsefesiyle çelişir. + +### Libreboot'ta Sorun Yaşıyorum. Ne Yapmalıyım? + +1. [SSS sayfasını](faq.html) kontrol edin - sorununuzun yanıtı burada olabilir. +2. [Belgeleri](docs/) okuyun - sorununuzla ilgili bilgi burada olabilir. +3. [IRC kanalına](https://web.libera.chat/#libreboot) katılın - burada yardım isteyebilirsiniz. +4. [E-posta listesine](https://lists.sr.ht/~libreboot/libreboot) yazın - burada da yardım isteyebilirsiniz. +5. [Hata takipçisinde](https://codeberg.org/libreboot/lbmk/issues) sorununuzu arayın veya yeni bir hata raporu oluşturun. + +### Libreboot'a Nasıl Katkıda Bulunabilirim? + +Libreboot'a birçok şekilde katkıda bulunabilirsiniz: + +1. [Yeni anakartlar ekleyerek](docs/maintain/porting.md) +2. [Test ederek](docs/maintain/testing.md) +3. [Belgeleri geliştirerek](docs/maintain/) +4. [Çeviri yaparak](news/translations.md) +5. [Hataları düzelterek](https://codeberg.org/libreboot/lbmk/issues) +6. [Bağış yaparak](https://www.patreon.com/libreleah) + +### Libreboot'un Geleceği Nedir? + +Libreboot, özgür yazılım topluluğunun bir parçası olarak gelişmeye devam edecektir. Hedeflerimiz: + +1. Daha fazla donanım desteği eklemek +2. Kullanıcı deneyimini iyileştirmek +3. Güvenliği artırmak +4. Belgeleri geliştirmek +5. Topluluk katılımını artırmak + +### Libreboot'u Ticari Olarak Kullanabilir miyim? + +Evet, Libreboot GNU Genel Kamu Lisansı altında lisanslanmıştır. Bu, yazılımı özgürce kullanabileceğiniz, değiştirebileceğiniz ve dağıtabileceğiniz anlamına gelir. Ancak, değişikliklerinizi de aynı lisans altında paylaşmanız gerekir. diff --git a/site/faq.uk.md b/site/faq.uk.md index 83a36ac..5974ae3 100644 --- a/site/faq.uk.md +++ b/site/faq.uk.md @@ -3,13 +3,15 @@ title: Часті питання x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** Також відомо як Відповіді на часті питання Buy Libreboot pre-installed -========== +------------------------- If you want professional installation, Minifree Ltd sells [Libreboot pre-installed](https://minifree.org/) on select hardware, and it also provides @@ -20,20 +22,17 @@ Leah Rowe, the founder and lead developer of Libreboot, also owns and operates Minifree Ltd; sales provide funding for the Libreboot project. Важливі питання -================ +--------------- -Як скомпілювати libreboot з джерельного коду ------------------------------------- +### Як скомпілювати libreboot з джерельного коду Зверніться до [інструкцій зі збірки lbmk](docs/build/index.uk.md). -Як працює система збірки? -------------------------------- +### Як працює система збірки? Зверніться до [посібника з обслуговування lbmk](docs/maintain/). -Не використовуйте CH341A! ------------------- +### Не використовуйте CH341A! Цей програматор SPI пошкодить ваш чіп і материнську плату, до якої він підключений. @@ -41,8 +40,7 @@ operates Minifree Ltd; sales provide funding for the Libreboot project. Прочитайте примітки щодо CH341A на [docs/install/spi.md](docs/install/spi.md), щоб вивчити більше. -Flashrom скаржиться на доступ DEVMEM --------------------------------------- +### Flashprog скаржиться на доступ DEVMEM Якщо запущено `flashprog -p internal` для програмної перепрошивки та ви отримуєте помилку, пов'язану з доступом до /dev/mem, вам слід перезавантажити систему з @@ -62,8 +60,7 @@ Error accessing DMI Table, 0x1000 bytes at 0x000000007fb27000 /dev/mem mmap failed: Operation not permitted ``` -Підсвічування в лівій частині екрана стає темнішим ---------------------------------------------------------------------------------------------------------------- +### Підсвічування в лівій частині екрана стає темнішим Ми не знаємо, як визначити правильне значення ШІМ для використання в coreboot, тому ми просто використовуємо стандартне в coreboot, який має @@ -72,8 +69,7 @@ coreboot, тому ми просто використовуємо стандар Ви можете вирішити цю проблему у своєму дистрибутиві, дотримуючись приміток на [документація: контроль підсвічуванням](../docs/misc/#finetune-backlight-control-on-intel-gpus). -Ethernet не працює на моєму X200/T400/X60/T60, коли я його підключаю -------------------------------------------------------------------- +### Ethernet не працює на моєму X200/T400/X60/T60, коли я його підключаю Це спостерігалося в деяких системах, які використовують network-manager. Таке буває як в оригінальному BIOS, так і в libreboot. Це примха в @@ -89,8 +85,7 @@ Ethernet не працює на моєму X200/T400/X60/T60, коли я йог (назва служби може відрізнятися для вас, залежно від вашої конфігурації) -Мій KCMA-D8 або KGPE-D16 не завантажується з встановленим модулем PIKE2008 ------------------------------------------------------------------------ +### Мій KCMA-D8 або KGPE-D16 не завантажується з встановленим модулем PIKE2008 **Материнські плати KGPE-D16, KCMA-D8 та KFSN4-DRE ASUS було видалено 19 листопада 2022. Ви все ще можете використовувати старіші версії Libreboot, і випуски @@ -103,8 +98,7 @@ Ethernet не працює на моєму X200/T400/X60/T60, коли я йог це в Linux. Ядро Linux здатне використовувати PIKE2008 модуль без завантаження Option ROM. -Як зберегти журнали паніки ядра на ноутбуках Thinkpad? --------------------------------------------------- +### Як зберегти журнали паніки ядра на ноутбуках Thinkpad? Найпростіший спосіб зробити це за допомогою netconsole ядра і відтворення паніки. Netconsole вимагає двох машин, тієї, що є @@ -169,23 +163,21 @@ Ethernet не працює на моєму X200/T400/X60/T60, коли я йог 7. Спробуйте відтворити паніку ядра. Апаратна сумісність -====================== +------------------- -Які системи сумісні з libreboot? ------------------------------------------------------------------------------------ +### Які системи сумісні з libreboot? Будь-яку систему можна легко додати, тому *сумісність* посилається до будь-якої інтегрованої до системи побудови `lbmk` плати, яку libreboot використовує. The [installation page](docs/install/) lists compatible machines. -Пастки свободи з сучасним обладнанням Intel {#intel} ----------------------------------------------------- +### Пастки свободи з сучасним обладнанням Intel {#intel} Coreboot номінально є вільним програмним забезпеченням, але для більшості x86 цілей, які він підтримує, потрібні двійкові блоби, як на Intel, так і на AMD. -### Intel Management Engine (ME) {#intelme} +#### Intel Management Engine (ME) {#intelme} ПРИМІТКА: Інформація нижче трохи застаріла. Зараз Intel ME не працює на співпроцесорі ARC, а працює на архітектурі модифікованого процесора Intel 486, @@ -355,7 +347,7 @@ Revealed (Розкрито вбудовану технологію безпек цікавим: -### Firmware Support Package (FSP) {#fsp} +#### Firmware Support Package (FSP) {#fsp} У всіх останніх системах Intel, підтримка coreboot обертається навколо інтеграції блоба (для кожної системи) під назвою *FSP* (Firmware Support Package, пакет підтримки @@ -374,7 +366,7 @@ Revealed (Розкрито вбудовану технологію безпек руткітів SMM було продемонстровано в природі (використайте пошукову систему, щоб знайти їх). -### Оновлення мікрокода ЦП {#microcode} +#### Оновлення мікрокода ЦП {#microcode} Мікрокод налаштовує логічні вентилі у вашому ЦП, щоб реалізувати архітектуру набору інструкцій. Ваш ЦП уже містить їх, але він також надає спосіб оновлення @@ -398,8 +390,7 @@ Revealed (Розкрито вбудовану технологію безпек І відео, і репозиторій дають деяку додаткову інформацію про мікрокод ЦП. Те, як це працює на AMD, буде дуже схожим на Intel. -Підводні камені свободи, які слід враховувати на апаратному забезпеченні AMD {#amd} ----------------------------------------------------------------------------- +### Підводні камені свободи, які слід враховувати на апаратному забезпеченні AMD {#amd} ПРИМІТКА: В ці дні є openSIL - це спроба AMD надати деякий джерельний код знову, який проекти, подібні coreboot @@ -409,7 +400,7 @@ Revealed (Розкрито вбудовану технологію безпек AMD має більш-менш ту саму проблему, що й Intel, коли справа стосується свободи програмного забезпечення. -### AMD Platform Security Processor (PSP) +#### AMD Platform Security Processor (PSP) По суті, це власна версія [Intel Management Engine](#intelme) від AMD. Він має ті самі базові проблеми безпеки та свободи, @@ -452,13 +443,13 @@ Management Engine), PSP від AMD також може діяти як тира на більшості апаратного забезпечення OEM, відключений лише на так званих процесорах "ентузіастів". -### Прошивка AMD IMC +#### Прошивка AMD IMC Прочитайте . ПРИМІТКА: Ця секція є застарілою, та потребує очищення. -### Прошивка AMD SMU +#### Прошивка AMD SMU ПРИМІТКА: Ця секція є застарілою, та потребує очищення. @@ -476,7 +467,7 @@ Management Engine), PSP від AMD також може діяти як тира прошивкою, але у відповідній системі (ASUS F2A85-M) все ще були присутні інші блоби (Відео BIOS та інші). -### Прошивка AMD AGESA +#### Прошивка AMD AGESA ПРИМІТКА: Більше має бути написано про це, щоб відобразити сучасну реальність. Ситуація з AMD в останні роки змінилась. Інформація на цій сторінці поширених @@ -488,7 +479,7 @@ Management Engine), PSP від AMD також може діяти як тира вони припинили випускати джерельний код і замість цього почали випускати AGESA у вигляді бінарних блобів. Це робить AGESA еквівалентом [Intel FSP](#fsp). -### Оновлення мікрокоду ЦП AMD +#### Оновлення мікрокоду ЦП AMD Прочитайте розділ Intel практично так само, хоча було виявлено, що з набагато пізнішим апаратним забезпеченням @@ -499,7 +490,7 @@ AMD можна працювати без оновлень мікрокоду. Н вмикає їх за замовчуванням на всьому апаратному забезпеченні, яке підтримується. -### AMD не співпрацює +#### AMD не співпрацює Здавалося, що AMD була на правильному шляху в 2011 році, коли вони почала співпрацювати та випускати джерельний код для кількох критичних @@ -526,8 +517,7 @@ Family 15h (на стороні AMD) або будь-яке інше, випущ Це також стосується викривачів або будь-кого, кому потрібна справжня конфіденційність та безпека. -Привіт, у мене <вставте сюди випадкову систему>, чи підтримується вона? --------------------------------------------------------------------------------------------------------- +### Привіт, у мене <вставте сюди випадкову систему>, чи підтримується вона? Якщо вона підтримується coreboot, ви можете додати її негайно. Прочитайте [посібник з перенесення](/docs/maintain/porting.html) про перенесення нової плати. @@ -538,15 +528,13 @@ Family 15h (на стороні AMD) або будь-яке інше, випущ Будь ласка, проконсультуйтесь з проектом coreboot для наставництва. Загальні питання -================= +---------------- -Як встановити libreboot? -------------------------------------------------------- +### Як встановити libreboot? Подивіться [посібник з встановлення](docs/install/) -Як запрограмувати флеш-чіп SPI? ---------------------------------------------------------------------------------- +### Як запрограмувати флеш-чіп SPI? Зверніться до:\ [Зовнішній перезапис 25xx NOR flash через протокол SPI](docs/install/spi.md) @@ -554,8 +542,7 @@ Family 15h (на стороні AMD) або будь-яке інше, випущ Можна використовувати 16-контактний затискач SOIC на 8-контактній мікросхемі SOIC, якщо правильно впорядкувати контакти. Як правило, з'єднання більш міцне. -Як захистити флеш-чіп від запису? ----------------------------------------------------------------------------- +### Як захистити флеш-чіп від запису? За замовчуванням немає захисту від запису на системі libreboot. Це з міркувань зручності використання, оскільки більшість людей не мають легкого доступу до зовнішнього @@ -575,8 +562,7 @@ Family 15h (на стороні AMD) або будь-яке інше, випущ ЗРОБИТИ: Задокументувати захист флеш-пам'яті на основі PRx на платформах Intel і дослідити інші методи на системах AMD. -Як змінити налаштування BIOS? ------------------------------------------------------------------------- +### Як змінити налаштування BIOS? Більшість налаштувань libreboot насправді використовує [корисне навантаження GRUB](http://www.coreboot.org/GRUB2). Більше інформації про корисні навантаження @@ -610,8 +596,7 @@ coreboot вікі для більшої інформації. Це змінить за замовчуванням всередині образа ROM, і потім ви можете перепрошити його. -Як заповнити ROM перед перепрошивкою? --------------------------------------- +### Як заповнити ROM перед перепрошивкою? Бажано просто використовувати більший образ ROM. Цей розділ був написаний здебільшого для материнських плат ASUS KCMA-D8 та KGPE-D16, де раніше ми надавали @@ -650,8 +635,7 @@ ROM та флеш-чіпом. Випадок вище, наприклад: Після видалення заповнення cbfstool зможе працювати із образом як зазвичай. -Чи потрібно встановлювати завантажувач під час встановлення дистрибутива? ---------------------------------------------------------------------------------------------------- +### Чи потрібно встановлювати завантажувач під час встановлення дистрибутива? Більшість налаштувань libreboot уже інтегрують завантажувач GRUB як *[корисне навантаження](http://www.coreboot.org/Payloads)*. Це означає, що завантажувач GRUB @@ -669,8 +653,7 @@ HDD або SSD під час встановлення нового дистри тоді на вашому HDD або SSD використовується звичайний завантажувальний сектор MBR, як і слід було очікувати. Отже, наведені вище параграфи стосуються лише корисного навантаження GRUB. -Чи потрібно мені перепрошивати, коли я перевстановлю дистрибутив? -------------------------------------------------------------------------------------------- +### Чи потрібно мені перепрошивати, коли я перевстановлю дистрибутив? Більше ні. Останні версії libreboot (з використанням корисного навантаження GRUB) автоматично переключатимуться на конфігурацію GRUB на HDD або SSD, якщо @@ -682,14 +665,19 @@ GRUB (наприклад, флеш-накопичувач USB). Для Якщо ви використовуєте корисне навантаження SeaBIOS, це ще простіше. Це працює так, як ви очікували. SeaBIOS реалізує звичайний інтерфейс x86 BIOS. -Як виглядає флеш-чіп? ------------------------------------------------------------------ +### Як виглядає флеш-чіп? Ви можете знайти фотографії різних видів чипів на наступній сторінці:\ [Керівництво зовнішньої прошивки 25xx NOR](docs/install/spi.md) Неможливість виконати modprobe thinkpad\_acpi на Haswell -=============================================== +-------------------------------------------------------- + +This pertains to ThinkPad T480, T440p and W541. + +**However, enabling it on the ThinkPad T480 may cause the following issues, +as of Libreboot 20241206rev8: it might turn off rfkill making you have to +manually unblock wlan, and the Fn keys through F9 to F12 may stop working.** Про це повідомив користувач, який використовує Debian 11 з ядром `5.19.0-0.deb11.2-amd64`. Модуль `thinkpad_acpi` не завантажувався @@ -708,8 +696,7 @@ modprobe: ERROR: could not insert 'thinkpad_acpi': "No such device" options thinkpad_acpi force_load=1 ``` -tlp ---- +### tlp Ви можете встановити пакет `tlp` та розпочати той сервіс. Наприклад, на Debian: @@ -735,13 +722,13 @@ tlp-stat -b Це надасть інформацію про батарею. Яке ще мікропрограмне забезпечення існує за межами libreboot? -================================================== +------------------------------------------------------ Ви можете також прочитати інформацію про цих в [політиці мінімізації бінарних блобів libreboot](news/policy.uk.md), де вона розповідає в більших подробицях про деяких із них. -### Зовнішні графічні карти +#### Зовнішні графічні карти Відео BIOS наявний на більшості графічних карт. Для інтегрованої графіки VBIOS (спеціальний вид OptionROM) зазвичай вбудовано @@ -757,7 +744,7 @@ libreboot буде використовувати цей код, коли він В конфігураціях, де SeaBIOS і власна ініціалізація GPU використовуються разом, додається спеціальна прокладка VBIOS, яка використовує лінійний кадровий буфер coreboot. -### Прошивка EC (вбудований контролер) +#### Прошивка EC (вбудований контролер) Це є у більшості (всіх?) ноутбуків. EC (вбудований контролер) - це невеликий, окремий процесор, який в основному обробляє вхідні/вихідні дані, характерні @@ -777,7 +764,7 @@ libreboot буде використовувати цей код, коли він EC присутній ледь не на всіх ноутбуках. Інші пристрої використовують, залежно від складності, або EC, або варіант із прошивкою в Mask ROM - SuperIO. -### Прошивка HDD/SSD +#### Прошивка HDD/SSD Жорсткі диски та твердотільні накопичувачі містять вбудоване програмне забезпечення, призначене для обробки внутрішньої роботи пристрою, водночас відкриваючи простий, стандартний інтерфейс (наприклад, @@ -877,7 +864,6 @@ SATA через USB, і проект Libreboot здатний завантажу звичайним чином. Проконсультуйтесь з документацією для вашої операційної системи Linux/BSD, щоб знати те, як встановити їх з *повнодисковим шифруванням*: - Поточна теорія (недоведена) полягає в тому, що це принаймні запобіжить зловмисним дискам неправильно маніпулювати даними, які зчитуються з диска або записуються на диск, оскільки він не може отримати доступ до вашого ключа LUKS, @@ -887,7 +873,7 @@ SATA через USB, і проект Libreboot здатний завантажу **Сприймайте сказане в цьому абзаці з дрібкою солі. Це все ще обговорюється і нічого з цього не доведено.** -### NIC (контролер ethernet) +#### NIC (контролер ethernet) Мережеві карти Ethernet зазвичай запускають вбудоване програмне забезпечення, яке відповідає за внутрішню ініціалізацію пристрою. Теоретично його можна налаштувати @@ -896,7 +882,7 @@ SATA через USB, і проект Libreboot здатний завантажу З належним IOMMU можна було би пом'якшити проблеми, пов'язані з DMA. Також можна використовувати мережевий адаптер USB, який не має DMA. -### Мікрокод процесора +#### Мікрокод процесора Мікрокод налаштовує масиви логічних вентилів у мікропроцесорі для реалізації архітектури набору інструкцій. Спеціальні *декодери* в мікропроцесорі налаштують @@ -905,13 +891,13 @@ SATA через USB, і проект Libreboot здатний завантажу [Політика зменшення блобів libreboot](news/policy.uk.md) докладно описує мікрокод. -### Звукова карта +#### Звукова карта Звукове обладнання (інтегроване чи дискретне) зазвичай має вбудоване програмне забезпечення (DSP) для обробки введення/виведення. Знову ж таки, USB DAC є хорошим обхідним шляхом. -### Веб-камера +#### Веб-камера Веб-камери мають вбудоване програмне забезпечення, яке обробляє зображення, що вводиться в камеру; налаштування фокуса, балансу білого тощо. Можна використовувати апаратне забезпечення @@ -919,12 +905,12 @@ SATA через USB, і проект Libreboot здатний завантажу (наприклад, на ноутбуках) не рекомендовані проектом libreboot з міркувань безпеки. -### Хост-контролер USB +#### Хост-контролер USB Хост-контролери USB потребують мікропрограми. Іноді це потрібно надати самому coreboot. -### Прошивка WWAN +#### Прошивка WWAN Деякі ноутбуки можуть мати пристрій для зчитування SIM-карт із карткою для роботи з WWAN, підключення до мережі 3g/4g (наприклад, GSM). Це та @@ -951,10 +937,9 @@ WWAN, підключення до мережі 3g/4g (наприклад, GSM). оскільки вони, як правило, набагато безпечніші. Операційні системи -================= +------------------ -Чи я можу використовувати Linux? --------------------------------------------------- +### Чи я можу використовувати Linux? Абсолютно! Він добре перевірений в libreboot, та дуже рекомендований. Подивіться [встановлення Linux](../docs/linux/grub_boot_installer.md) та @@ -963,15 +948,13 @@ WWAN, підключення до мережі 3g/4g (наприклад, GSM). Будь-який сучасний дистрибутив має працювати, допоки він використовує KMS (kernel mode setting) для графіки. -Fedora не завантажується? (також може бути застосовано до Redhat/CentOS) ------------------------------------------------------------ +### Fedora не завантажується? (також може бути застосовано до Redhat/CentOS) У Fedora типово grub.cfg намагається завантажити linux в 16-розрядному режимі. Вам просто потрібно змінити конфігурацію GRUB Fedora. Зверніться до [сторінки Linux](docs/linux/). -Чи я можу використовувати BSD? ----------------------------------- +### Чи я можу використовувати BSD? Абсолютно! Прошивка libreboot має добру підтримку для FreeBSD, NetBSD та OpenBSD. Інші системи не перевірені, але мають працювати нормально. @@ -979,8 +962,7 @@ OpenBSD. Інші системи не перевірені, але мають п Дивіться: [docs/bsd/](docs/bsd/index.uk.md) -Windows?? ---------- +### Windows?? Yes, you can use Windows 10 and 11. They are not officially supported and the Libreboot project recommends that you *avoid* this choice, because Windows is @@ -1017,13 +999,12 @@ SeaBIOS, with the coreboot framebuffer initialised at startup, on an Intel GPU initialised via coreboot's *libgfxinit*, on November 2023 versions of Libreboot. We do not yet support booting with UEFI on x86 machines. -Чи підтримуються інші операційні системи? -------------------------------------------------------------------- +### Чи підтримуються інші операційні системи? Невідомо. Можливо, але неможливо сказати без подальшого випробовування. Який рівень програмної свободи дає мені libreboot? -=================================================== +-------------------------------------------------- Будь ласка, прочитайте [політику мінімізації бінарних блобів libreboot](news/policy.uk.md). @@ -1069,7 +1050,7 @@ We do not yet support booting with UEFI on x86 machines. (Сем буквально робить процесори в своєму гаражі) Де я можу вивчати більше про електроніку -========================================== +---------------------------------------- * Основи пайки та переробки від PACE Обидві серії відео є обов'язковими незалежно від ваших навичок паяння. diff --git a/site/footer.de.include b/site/footer.de.include index b598527..60d521f 100644 --- a/site/footer.de.include +++ b/site/footer.de.include @@ -3,8 +3,8 @@ * [Binäre Blob Richtlinie](/news/policy.md) * [Freiheits Status](/freedom-status.md) +* [Canoeboot](https://canoeboot.org/) * [Diese Seite bearbeiten](/git.de.md) -* [Wer entwickelt Libreboot?](/who.de.md) * [Lizenz](/license.md) * [Vorlage](/template-license.md) * [Logo](/logo-license.md) diff --git a/site/footer.include b/site/footer.include index 20bc86d..93c4306 100644 --- a/site/footer.include +++ b/site/footer.include @@ -3,8 +3,8 @@ * [Binary Blob Reduction Policy](/news/policy.md) * [Freedom status](/freedom-status.md) +* [Canoeboot](https://canoeboot.org/) * [Edit this page](/git.md) -* [Who develops Libreboot?](/who.md) * [License](/license.md) * [Template](/template-license.md) * [Logo](/logo-license.md) diff --git a/site/footer.it.include b/site/footer.it.include index e17de9e..a32cdcf 100644 --- a/site/footer.it.include +++ b/site/footer.it.include @@ -3,8 +3,8 @@ * [Politica di riduzione di parti binarie proprietarie (blobs)](/news/policy.md) * [Grado di liberta' possibile](/freedom-status.md) +* [Canoeboot](https://canoeboot.org/) * [Modifica questa pagina](/git.de.md) -* [Chi sviluppa Libreboot?](/who.de.md) * [Licenza](/license.md) * [Modelli di licenze](/template-license.md) * [Logo](/logo-license.md) diff --git a/site/footer.uk.include b/site/footer.uk.include index dc16a7b..8520ed7 100644 --- a/site/footer.uk.include +++ b/site/footer.uk.include @@ -3,8 +3,8 @@ * [Політика бінарних блобів](/news/policy.md) * [Статус свободи](/freedom-status.md) +* [Canoeboot](https://canoeboot.org/) * [Редагувати цю сторінку](/git.md) -* [Хто розробляє Libreboot?](/who.uk.md) * [Ліцензія](/license.md) * [Шаблон](/template-license.uk.md) * [Логотип](/logo-license.uk.md) diff --git a/site/footer.zh-cn.include b/site/footer.zh-cn.include index 8a9342c..d6e8fc3 100644 --- a/site/footer.zh-cn.include +++ b/site/footer.zh-cn.include @@ -3,8 +3,8 @@ * [二进制 blob 政策](/news/policy.md) * [自由度现状](/freedom-status.md) +* [Canoeboot](https://canoeboot.org/) * [编辑本页面](/git.md) -* [谁在开发 Libreboot?](/who.md) * [许可证](/license.md) * [模板](/template-license.md) * [图标](/logo-license.md) diff --git a/site/freedom-status.md b/site/freedom-status.md index a1f67d0..341c435 100644 --- a/site/freedom-status.md +++ b/site/freedom-status.md @@ -1,13 +1,13 @@ --- -title: Software and hardware freedom status for each mainboard supported by Libreboot +title: Software and hardware freedom status for Libreboot Open Source BIOS/UEFI x-toc-enable: true ... -Introduction -============ +Free as in freedom +------------------ -This page documents how Libreboot's [binary blob reduction -policy](news/policy.md), adopted in November 2022, is implemented in practise, +This page documents how Libreboot's [Binary Blob Reduction +Policy](news/policy.md), adopted in November 2022, is implemented in practise, especially that line which says: *"if free software can be used, it must be used."* @@ -18,8 +18,8 @@ all) platforms, coreboot *requires* certain [vendor files](https://en.wikipedia.org/wiki/Binary_blob) for things like raminit. *All* boards currently supported by Libreboot can be initialised entirely with *free*, *libre* or *open source* code from *coreboot* -itself, because Libreboot currently only focuses on such mainboards. Libreboot's -goal is to eventually support *all* mainboards from coreboot. +itself, because Libreboot currently only focuses on such motherboards. Libreboot's +goal is to eventually support *all* motherboards from coreboot. A more *pragmatic* [binary blob reduction policy](news/policy.md) was adopted by Libreboot during November 2022, as part of an ongoing campaign to support @@ -38,15 +38,14 @@ possible* for normal, non-technical users who like the idea of coreboot but who are otherwise not competent to configure it from scratch. Such harm was *corrected*, in November 2022. -Coreboot architecture ---------------------- +### Coreboot architecture For context about certain topics, please read: 100% libre init in coreboot -=========================== +--------------------------- The reason this distinction matters (referring specifically to coreboot's side of the initialisation) will become clearer, in the following sections: @@ -62,12 +61,11 @@ are **OK**](news/policy.md#more-detailed-insight-about-microcode) excluded, alongside default ones with microcode included.](news/microcode.md) Intel platforms -=============== +--------------- -Descriptor vs descriptorless setup ----------------------------------- +### Descriptor vs descriptorless setup -Libreboot supports several mainboards using Intel platforms. Of these, there +Libreboot supports several motherboards using Intel platforms. Of these, there are essentially two class of machine (for the purposes of this article): * Descriptorless configuration @@ -97,7 +95,7 @@ In a *descriptor* configuration, the flash is divided into regions such as: the initialisation firmware plus operating system for it is loaded from this dedicated region in the main boot flash. More info is available [in the FAQ](faq.md#intelme) - where ME firmware is otherwise present, Libreboot - either [removes](docs/install/ich9utils.html) it or (with the `me_cleaner` program) [reconfigures](https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) it in such + either removes it or (with the `me_cleaner` program) [reconfigures](https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) it in such a way where it is disabled during machine initialisation. * Platform region: non-program data, usually just a bunch of strings put there by the hardware vendor. @@ -116,8 +114,7 @@ datasheets, but those datasheets often contain *reserved* sections where parts are left undocumented. Reverse engineering efforts over the years have documented some of these blank spots. -Libreboot does *not* distribute Intel ME images ------------------------------------------------ +### Libreboot does *not* distribute Intel ME images Libreboot does *not* distribute the Intel ME firmware in any way, whether in the Git repository or in releases. Where it is needed, Libreboot provides @@ -151,24 +148,18 @@ The ME firmware is *required* on almost all Intel platforms, or the machine will turn *off* after 30 minutes (or it will not boot, if the ME also controls whether the CPU comes out of reset). -More about Intel ME removal/disabling ----------------------------------- +### More about Intel ME removal/disabling *Libreboot* provides a way to fully remove the ME firmware, while retaining full use of the machine, on GM45 platforms with ICH9M southbridge. These are -laptops: ThinkPad X200/T400/T500/W500 and so on of that generation. See: -[docs/install/ich9utils.md](docs/install/ich9utils.md) - -The `ich9utils` software is provided by Libreboot. The `ich9gen` utility was -specifically written by Leah Rowe, in 2014 and improved incrementally since. +laptops: ThinkPad X200/T400/T500/W500 and so on of that generation. On newer platforms as alluded to above, `me_cleaner` is used instead. Notes about specific types of vendor file -=================================== +----------------------------------------- -VGA option ROMs ---------------- +### VGA option ROMs *Native* video initialisation is supported and *enabled*, for all supported Intel platforms that have it. The source code is provided by coreboot, under @@ -188,7 +179,7 @@ documentation for this, but it has been tested. Example: Dual Intel/Nvidia graphics on some ivybridge or haswell thinkpads. For *add-on* GPUs, SeaBIOS (payload) can typically scan a VGA ROM present on -the card and execute it. This has been tested on certain desktop mainboards +the card and execute it. This has been tested on certain desktop motherboards that Libreboot supports, and works just fine; Libreboot does not need to handle these files at all. @@ -200,17 +191,17 @@ of the following paragraph in Libreboot policy: libreboot is to be configurable, allowing the user to do whatever they like."* - configurable, it most certainly is! See: [docs/maintain/](docs/maintain/) -Memory controller initialisation --------------------------------- +### Memory controller initialisation Libreboot has *fully libre* initialisation available for all Intel memory -controllers on supported platforms. This *includes* Haswell (ThinkPad T440p -and W541) as of Libreboot 20230319 or higher. +controllers up to and including Haswell (ThinkPad T440p +and W541) as of Libreboot 20230319 or higher; on Broadwell, Intel MRC is used +and on Skylake/newer, FSP-M is used. ARM platforms (chromebooks) -============= +--------------------------- -Mostly free software, except for the requirement on `daisy` and `peach` mainboards +Mostly free software, except for the requirement on `daisy` and `peach` motherboards to include BL1 bootloader files from the vendor. These are: * HP Chromebook 11 G1 (daisy-spring) **(board removed from Libreboot, due to @@ -222,7 +213,7 @@ to include BL1 bootloader files from the vendor. These are: Libreboot List of vendor files, specifically for each board -================================================= +------------------------------------------------- This article has thoroughly explained, in a detailed overview, the precise nature as to *what* vendor files are accomodated for in Libreboot. Again, @@ -233,21 +224,23 @@ the main flash IC which (in some cases) contains software outside of coreboot. Here is a list, *for each* board, of those files: -Intel/x86 ---------- +### Intel/x86 -### Intel ME: +#### Intel ME: Neutered ME required on these targets: -`dell9020mt_nri_12mb`, `dell9020sff_nri_12mb`, `e5420_6mb`, `e5520_6mb`, `e5530_12mb`, `e6220_10mb`, `e6230_12mb`, `e6320_10mb`, `e6330_12mb`, `e6420_10mb`, `e6430_12mb`, `e6520_10mb`, `e6530_12mb`, `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8200sff_4mb`, `hp8200sff_8mb`, `hp820g2_12mb`, `hp8300cmt_16mb`, `hp8300usdt_16mb`, `hp8460pintel_8mb`, `hp8470pintel_16mb`, `hp8560w_8mb`, `hp9470m_16mb`, `t1650_12mb`, `t420_8mb`, `t420s_8mb`, `t430_12mb`, `t440plibremrc_12mb`, `t520_8mb`, `t530_12mb`, `w530_12mb`, `w541_12mb`, `x220_8mb`, `x230_12mb`, `x230_16mb`, `x230t_12mb`, `x230t_16mb` +`dell9020mt_nri_12mb`, `dell9020sff_nri_12mb`, `e5420_6mb`, `e5520_6mb`, `e5530_12mb`, `e6220_10mb`, `e6230_12mb`, `e6320_10mb`, `e6330_12mb`, `e6420_10mb`, `e6430_12mb`, `e6520_10mb`, `e6530_12mb`, `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8200sff_4mb`, `hp8200sff_8mb`, `hp820g2_12mb`, `hp8300cmt_16mb`, `hp8300usdt_16mb`, `hp8460pintel_8mb`, `hp8470pintel_16mb`, `hp8560w_8mb`, `hp9470m_16mb`, `t1650_12mb`, `t420_8mb`, `t420s_8mb`, `t430_12mb`, `t440plibremrc_12mb`, `t520_8mb`, `t530_12mb`, `w530_12mb`, `w541_12mb`, `x220_8mb`, `x230_12mb`, `x230_16mb`, `x230t_12mb`, `x230t_16mb`, `dell3050micro_vfsp_16mb`, `t480_vfsp_16mb`, `t480s_vfsp_16mb` As stated, Libreboot provides this in a state where the ME is no longer a threat to security. It initialises itself, but then does nothing, so it's disabled. This is done using `me_cleaner`. See: -### KBC1126 EC firmware (HP laptops): +On MEv11-based platforms, such as the ThinkPad T480 and Dell OptiPlex 3050 Micro, +we also use [deguard](docs/install/deguard.md) to disable the Intel Boot Guard. + +#### KBC1126 EC firmware (HP laptops): This applies to the following targets: `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8470pintel_16mb`, `hp9470m_16mb`. @@ -261,11 +254,18 @@ it during the build process. Libreboot 20230423 onwards does scrub EC firmware and provide functionality in a special script, to insert them with `cbfstool` at the correct offset as defined by coreboot config for each board. -### SMSC SCH5545 Environmental Control +#### Intel FSP + +Provides romstage and raminit, used by coreboot on some boards. In Libreboot, +we use it for the following build targets: + +`t480_vfsp_16mb`, `t480s_vfsp_16mb`, `dell3050micro_vfsp_16mb` + +#### SMSC SCH5545 Environmental Control This is a tiny firmware required for fan control, on Dell Precision T1650. -### CPU microcode: +#### CPU microcode: [*Microcode* updates](faq.md#microcode) for CPU provided on *all* x86 platforms, by default. Not @@ -290,13 +290,12 @@ CPU microcode files included by default, on all x86 boards. While not needed in most cases, their use is highly recommended. For reasons why, see: [news/policy.md#more-detailed-insight-about-microcode](news/policy.md#more-detailed-insight-about-microcode) -### Intel Flash Descriptor (IFD): +#### Intel Flash Descriptor (IFD): Intel Flash Descriptors are provided as blobs on some boards, but these are not *software* blobs. They are configurations provided in a binary format, fully readable by libre software. For example: -* Libreboot's `ich9gen` program generates ICH9M flash descriptors from scratch. * Coreboot's `ifdtool` program has extensive features for manipulating Intel flash descriptors. * Corebot's `bincfg` program generates any sort of binary from a `.spec` file @@ -306,14 +305,11 @@ fully readable by libre software. For example: Intel GbE NVM config (configuration data, binary-encoded, for gigabit NIC): -* Libreboot's `ich9gen` program *also* generates GbE NVM images specifically - for Intel NICs used in GM45 thinkpads. * Libreboot's `nvmutil` program can manipulate GbE NVM images -ARM/chromebooks ---------------- +### ARM/chromebooks -### BL1 bootloader (peach/daisy): +#### BL1 bootloader (peach/daisy): BL1 bootloader needed on: `daisy_snow`, `daisy_spring` and `peach_pit`. @@ -322,7 +318,7 @@ because the build system does not yet auto-insert the BL1 files. The boards are otherwise believed to work, using Alper's port of U-Boot in Libreboot. Conclusion -========== +---------- From the above, you can see that Libreboot really *does* implement a *binary blobs reduction policy*, with the emphasis on *reduction* being most critical. @@ -336,8 +332,7 @@ power that proprietary software developers have over users. I hope this article provided food for thought. -An aside: hardware freedom --------------------------- +### An aside: hardware freedom None of the currently supported Libreboot machines have libre *hardware*, in the sense that ICs do not come with publicly available *verilog* files and the @@ -349,7 +344,7 @@ them yourself; one day, the Right To Repair movement will hopefully bring about universal access to such documents by the public. Further reading -=============== +--------------- This article has described code what goes in the *main boot flash*, but any computer you buy will have *tons* of firmware elsewhere in the system. Some diff --git a/site/freedom-status.md.description b/site/freedom-status.md.description new file mode 100644 index 0000000..9e14082 --- /dev/null +++ b/site/freedom-status.md.description @@ -0,0 +1,2 @@ +Libreboot handles certain vendor code on specific motherboards. +Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot. diff --git a/site/freedom-status.tr.md b/site/freedom-status.tr.md new file mode 100644 index 0000000..e4c1e95 --- /dev/null +++ b/site/freedom-status.tr.md @@ -0,0 +1,207 @@ +--- +title: Libreboot Açık Kaynak BIOS/UEFI için Yazılım ve Donanım Özgürlüğü Durumu +x-toc-enable: true +... + +Özgürlük olarak özgür +---------------------- + +Bu sayfa, Kasım 2022'de kabul edilen Libreboot'un [İkili Blob Azaltma Politikası](news/policy.md)'nın nasıl uygulandığını, özellikle de "eğer özgür yazılım kullanılabiliyorsa, kullanılmalıdır" diyen satırı nasıl uygulandığını belgeliyor. + +Libreboot, donanım başlatma için [coreboot](https://coreboot.org/) kullanır. Coreboot nominal olarak [*özgür* veya *açık kaynak* yazılım](https://writefreesoftware.org/) olmasına rağmen, *bazı* (hepsi değil) platformlarda coreboot, raminit gibi şeyler için belirli [satıcı dosyaları](https://en.wikipedia.org/wiki/Binary_blob) gerektirir. Libreboot tarafından şu anda desteklenen tüm kartlar, coreboot'un kendisinden tamamen *özgür*, *libre* veya *açık kaynak* kodla başlatılabilir, çünkü Libreboot şu anda yalnızca bu tür anakartlara odaklanmaktadır. Libreboot'un amacı, coreboot'tan tüm anakartları desteklemektir. + +Libreboot, Kasım 2022'de daha fazla donanımı (coreboot'tan) desteklemek için daha *pragmatik* bir [ikili blob azaltma politikası](news/policy.md) benimsemiştir, böylece çoğu insanın aksi takdirde kullanacağı tamamen tescilli önyükleme yazılımına kıyasla *yazılım özgürlüğünü* artıran coreboot'u daha fazla insanın kullanabilmesini sağlamak için; Libreboot'un modern politikası bu nedenle pragmatiktir ve *yazılım özgürlüğü* davasını daha da ileriye taşır. + +Libreboot'un *önceki* politikası *tüm ikili blobları yasaklamaktı*. Bu, coreboot'u kullanabilecek insan sayısını azaltarak Özgür Yazılım hareketine aktif olarak *zarar verdi*, çünkü bugüne kadar Libreboot gibi bir şey henüz yok. Libreboot'un ana amacı, coreboot'u coreboot fikrini seven ancak sıfırdan yapılandırmak için yeterli olmayan normal, teknik olmayan kullanıcılar için *kullanımı mümkün olduğunca kolay hale getirmektir*. Bu zarar, Kasım 2022'de *düzeltildi*. + +### Coreboot mimarisi + +Belirli konular hakkında bağlam için lütfen okuyun: + + + +Coreboot'ta %100 libre başlatma +------------------------------- + +Bu ayrımın (özellikle coreboot'un başlatma tarafına atıfta bulunarak) neden önemli olduğu, aşağıdaki bölümlerde daha net hale gelecektir: + +Libreboot'ta evrensel bir muafiyet yapılır, CPU mikro kod güncellemelerinin mevcutsa dahil edilmesini (okuyun: proje politikası gereği) zorunlu kılar. Bunun nedenleri hakkında daha fazla bilgi edinmek için şu makaleyi okuyabilirsiniz: + +[CPU mikro kod güncellemeleri **TAMAM**](news/policy.md#more-detailed-insight-about-microcode) + +[Libreboot 20230423'ten sonraki sürümler, mikro kod hariç tutulan ayrı ROM'lar sağlayacak, varsayılan olanlarla birlikte mikro kod dahil edilecektir.](news/microcode.md) + +Intel platformları +------------------ + +### Tanımlayıcı vs tanımlayıcı olmayan yapılandırma + +Libreboot, Intel platformlarını kullanan birkaç anakartı destekler. Bunlardan, bu makale için esasen iki tür makine vardır: + +* Tanımlayıcı olmayan yapılandırma +* Tanımlayıcı tabanlı yapılandırma + +*Tanımlayıcı* ne anlama gelir? Geleneksel olarak, Intel makinelerindeki ana flash IC (önyükleme yazılımını içeren, genellikle *BIOS* olarak adlandırılır), yalnızca *x86* yürütülebilir kod içerir ve CPU, bellek denetleyicisi ve çevre birimleri gibi tüm donanımları başlatmaktan sorumludur. Bu, *tanımlayıcı olmayan* yapılandırma olarak adlandırılacaktır; bu tür yapılandırmalarda, Intel ME yazılımı varsayılan olarak yoktur. + +Bir *tanımlayıcı* yapılandırmasında, flash aşağıdaki gibi bölgelere ayrılmıştır: + +* Intel flash tanımlayıcı: her zaman flash'ın ilk 4KiB'si. Makine için ikili kodlanmış yapılandırma verileri ve bölgeler (bu veya aşağıdaki diğerleri gibi) burada tanımlanır. Bazı açılardan, bunu bir sabit diskteki *Ana Önyükleme Kaydı*na benzetebilirsiniz. +* Intel GbE NVM (gigabit ethernet kalıcı bellek): yerleşik Intel gigabit ethernet cihazı için ikili kodlanmış yapılandırma verileri, eğer varsa. MAC adresi, NIC'nin hangi hızda çalışması gerektiği, PCI kimlikleri, *LED yanıp sönme hızı* ve daha fazlası gibi birçok ayarı içerir. Bir Intel olmayan NIC kullanılıyorsa, bu flash bölgesi mevcut olmayacaktır. +* ME (Intel Yönetim Motoru): varsayılan durumunda *kötü* bir güvenlik açığı olan ME, tam ağ bağlantısı ile uzaktan yönetim gibi birçok özellik sağlar. ME, ana CPU'dan ayrı özel bir yardımcı işlemcidir ve başlatma yazılımı ve işletim sistemi bu özel bölgeden ana önyükleme flash'ına yüklenir. Daha fazla bilgi [SSS'de](faq.md#intelme) mevcuttur - ME yazılımının başka bir yerde mevcut olduğu durumlarda, Libreboot ya onu kaldırır ya da (`me_cleaner` programı ile) [yeniden yapılandırır](https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) ve makine başlatma sırasında devre dışı bırakılır. +* Platform bölgesi: genellikle donanım satıcısı tarafından yerleştirilen bir dizi dize olan program dışı veriler. +* BIOS bölgesi: bu, CPU, bellek denetleyicisi ve çevre birimlerini başlatmaktan sorumlu olan ana önyükleme yazılımını içerir ve makineyi programları çalıştırabilecek bir duruma getirir (muhtemelen bir önyükleyici, ardından bir işletim sistemi). Coreboot kodu (Libreboot tarafından sağlanır) buraya gider. + +*Temel olarak*, bu tür "bölgeleri" bir sabit diskteki *bölümlere* benzetebilirsiniz. Önemli olan, flash IC'nin bu tür bölgelere *bölünmüş* olmasıdır, her bölge belirli bir amaç için tasarlanmıştır. + +*Tanımlayıcı* ve *GbE* bölgelerinin içeriği Intel veri sayfaları tarafından tanımlanmıştır, ancak bu veri sayfaları genellikle *ayrılmış* bölümler içerir ve bu bölümler belgelenmemiş olarak bırakılır. Yıllar boyunca yapılan tersine mühendislik çalışmaları bu boş noktaların bazılarını belgelemiştir. + +### Libreboot Intel ME görüntülerini dağıtmaz + +Libreboot, Git deposunda veya sürümlerde Intel ME yazılımını hiçbir şekilde dağıtmaz. Gerektiğinde, Libreboot, `me_cleaner` programını çalıştırarak otomatik olarak indirip kuran komut dosyaları sağlar. Bu tamamen otomatikleştirilmiştir. Lütfen okuyun: + + + +Libreboot yapılandırmalarında, Intel ME'nin *BringUp* kodu kalır. ME BringUp (BUP), ME'nin başlatılmasını sağlayan coreboot'a benzer; aynı benzetmeyle, Libreboot'un bunu yapılandırma şekli, *coreboot*'u bir yükleyici olmadan çalıştırmaya benzer. ME başlatılır, kod çalıştırabilecek bir duruma getirilir, ancak sonra *kod çalıştırmaz*. Bu nedenle *devre dışı bırakılmıştır*. + +Başka bir deyişle, *nötrleştirilmiş* bir Intel ME kurulumu, hem yazılım özgürlüğü hem de güvenlik açısından tamamen zararsızdır. Kullanılmayan, kullanılmayan bir işlemci haline gelir ve gerçek dünyadaki çoğu insanın kullanmak istemeyeceği bir şeydir. Bu perspektifle, Intel ME'nin ortalama kullanıcı için artık tamamen önemsiz olduğunu görüyoruz. + +*Yayınlanmış* Libreboot ROM görüntüleri, önceden derlenmiş olarak sağlanır, ME yazılımını hiç içermez; bir sürüm hazırlarken otomatik yayın komut dosyaları tarafından temizlenirler. Kaynaktan derliyorsanız, Libreboot yapı sistemi bunu otomatik olarak indirir (satıcıdan), nötrleştirir ve ardından ekler; sürüm ROM'larında, yapı sistemleri tarafından kullanılan aynı komut dosyaları manuel olarak çalıştırılabilir ve aynı sonucu elde eder. Lütfen okuyun: [docs/install/ivy_has_common.md](docs/install/ivy_has_common.md) + +ME yazılımı, neredeyse tüm Intel platformlarında *gereklidir*, aksi takdirde makine 30 dakika sonra *kapanır* (veya ME, CPU'nun sıfırlamadan çıkıp çıkmayacağını kontrol ediyorsa, hiç başlatmaz). + +### Intel ME kaldırma/devre dışı bırakma hakkında daha fazla bilgi + +*Libreboot*, GM45 platformlarında ICH9M güney köprüsü ile ME yazılımını tamamen kaldırmanın bir yolunu sağlar. Bunlar dizüstü bilgisayarlardır: ThinkPad X200/T400/T500/W500 ve bu nesil. + +Yukarıda bahsedildiği gibi, daha yeni platformlarda `me_cleaner` kullanılır. + +Belirli türde satıcı dosyaları hakkında notlar +--------------------------------------------- + +### VGA seçenek ROM'ları + +*Yerel* video başlatma, coreboot tarafından sağlanan kaynak kodu altında tüm desteklenen Intel platformları için desteklenir ve *etkindir*. + +Bazı durumlarda, bir dizüstü bilgisayar coreboot tarafından desteklenmeyen bir grafik yongasına sahip olabilir. Bu durumda, *VGA Seçenek ROM* adı verilen bir satıcı dosyası kullanılmalıdır. Libreboot, Dell Latitude E6400'ün Nvidia GPU modelleri için deneysel bir dalda VGA ROM'unu otomatik olarak indiren deneysel desteğe sahiptir. Bu şu anda sürümlerde veya `lbmk`'nin kararlı dalında mevcut değildir. + +Diğer durumlarda, bir makine *iki* grafik cihazına sahip olabilir, bunlardan biri coreboot tarafından sağlanan yerel (özgür/libre) başlatma ile. Bu durumlarda, diğer cihaz için bir VGA ROM eklemek mümkündür; Libreboot şu anda bunun için belgelerden yoksundur, ancak test edilmiştir. Örnek: bazı ivybridge veya haswell thinkpad'lerde çift Intel/Nvidia grafik. + +*Eklenti* GPU'lar için, SeaBIOS (yükleyici) genellikle kartta bulunan bir VGA ROM'u tarayabilir ve çalıştırabilir. Bu, Libreboot'un desteklediği belirli masaüstü anakartlarda test edilmiştir ve gayet iyi çalışır; Libreboot'un bu dosyaları hiç ele alması gerekmez. + +Libreboot'un varsayılanı, pratikte mümkün olduğunda her zaman özgürlüktür. Bu ek GPU'ları kullanmak isteyen kullanıcılar, Libreboot politikasındaki aşağıdaki paragrafı dikkate almalıdır: + +*"Yukarıdaki ilkeler varsayılan yapılandırmalar için geçerli olmalıdır. Ancak, libreboot kullanıcıların istediklerini yapmalarına izin verecek şekilde yapılandırılabilir olmalıdır."* - yapılandırılabilir, kesinlikle öyledir! Bkz: [docs/maintain/](docs/maintain/) + +### Bellek denetleyici başlatma + +Libreboot, 20230319 veya daha yüksek sürümlerde Haswell'e kadar olan tüm Intel bellek denetleyicileri için *tamamen libre* başlatma sağlar; Broadwell'de Intel MRC kullanılır ve Skylake/yeni platformlarda FSP-M kullanılır. + +ARM platformları (chromebook'lar) +--------------------------------- + +Çoğunlukla özgür yazılım, `daisy` ve `peach` anakartlarında satıcıdan BL1 önyükleyici dosyalarının dahil edilmesi gerekliliği dışında. Bunlar: + +* HP Chromebook 11 G1 (daisy-spring) **(sorunlar nedeniyle Libreboot'tan kaldırıldı (daha sonra yeniden eklenecek))** +* Samsung Chromebook XE303 (daisy-snow) **(aynı şekilde)** +* Samsung Chromebook 2 13" (peach-pi) **(aynı şekilde)** +* Samsung Chromebook 2 11" (peach-pit) **(aynı şekilde)** +* nyan-* chromebook'lar da geçici olarak kaldırıldı, ancak Libreboot'ta %100 özgür yazılım + +Her kart için özel olarak satıcı dosyalarının listesi +----------------------------------------------------- + +Bu makale, Libreboot'ta hangi satıcı dosyalarının yer aldığını ayrıntılı bir genel bakışla açıklamıştır. Yine, coreboot'tan tamamen libre başlatma *tüm şu anda desteklenen kartlarda* mevcuttur. + +*Coreboot'tan* bu kritik bir yönüdür, ancak Libreboot'un tam kapsamı, bazı durumlarda coreboot dışında yazılım içeren ana flash IC'dir. + +İşte her kart için bu dosyaların listesi: + +### Intel/x86 + +#### Intel ME: + +Bu hedeflerde nötrleştirilmiş ME gereklidir: + +`dell9020mt_nri_12mb`, `dell9020sff_nri_12mb`, `e5420_6mb`, `e5520_6mb`, `e5530_12mb`, `e6220_10mb`, `e6230_12mb`, `e6320_10mb`, `e6330_12mb`, `e6420_10mb`, `e6430_12mb`, `e6520_10mb`, `e6530_12mb`, `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8200sff_4mb`, `hp8200sff_8mb`, `hp820g2_12mb`, `hp8300cmt_16mb`, `hp8300usdt_16mb`, `hp8460pintel_8mb`, `hp8470pintel_16mb`, `hp8560w_8mb`, `hp9470m_16mb`, `t1650_12mb`, `t420_8mb`, `t420s_8mb`, `t430_12mb`, `t440plibremrc_12mb`, `t520_8mb`, `t530_12mb`, `w530_12mb`, `w541_12mb`, `x220_8mb`, `x230_12mb`, `x230_16mb`, `x230t_12mb`, `x230t_16mb`, `dell3050micro_vfsp_16mb`, `t480_vfsp_16mb`, `t480s_vfsp_16mb` + +Belirtildiği gibi, Libreboot bunu ME'nin artık bir güvenlik tehdidi olmadığı bir durumda sağlar. Kendini başlatır, ancak sonra hiçbir şey yapmaz, bu nedenle devre dışı bırakılmıştır. Bu, `me_cleaner` kullanılarak yapılır. Bkz: + +MEv11 tabanlı platformlarda, ThinkPad T480 ve Dell OptiPlex 3050 Micro gibi, Intel Boot Guard'ı devre dışı bırakmak için [deguard](docs/install/deguard.md) da kullanıyoruz. + +#### KBC1126 EC yazılımı (HP dizüstü bilgisayarlar): + +Bu, şu hedefler için geçerlidir: `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8470pintel_16mb`, `hp9470m_16mb`. + +[EC yazılımı](faq.md#ec-embedded-controller-firmware) ana önyükleme flash'ına eklenir, ayrı bir IC'de değil. Bu *daha iyidir* çünkü gelecekte libre yedeklerin kurulumu daha kolay olur ve tersine mühendislik çok daha kolay hale gelir. Libreboot'un yapı sistemi, bu tür yazılımları bir komut dosyasında ele alır ve yapı sürecinde otomatik olarak indirir. Libreboot 20230423'ten itibaren EC yazılımını temizler ve coreboot yapılandırması tarafından her kart için tanımlanan doğru ofsete `cbfstool` ile eklemek için özel bir komut dosyasında işlevsellik sağlar. + +#### Intel FSP + +Coreboot tarafından bazı kartlarda kullanılan romstage ve raminit sağlar. Libreboot'ta, aşağıdaki yapı hedefleri için kullanıyoruz: + +`t480_vfsp_16mb`, `t480s_vfsp_16mb`, `dell3050micro_vfsp_16mb` + +#### SMSC SCH5545 Çevresel Kontrol + +Bu, Dell Precision T1650'de fan kontrolü için gereken küçük bir yazılımdır. + +#### CPU mikro kodu: + +[*Mikro kod* güncellemeleri](faq.md#microcode) varsayılan olarak *tüm* x86 platformlarında sağlanır. Teknik olarak gerekli değildir, ancak şiddetle tavsiye edilir. Kaldırmak için şunu yapın: + + cbfstool filename.rom remove -n cpu_microcode_blob.bin + +ASUS KFSN4-DRE, KCMA-D8 ve KGPE-D16 kartlarında bunun yerine şunu yapın: + + cbfstool filename.rom remove -n microcode_amd.bin + cbfstool filename.rom remove -n microcode_amd_fam15h.bin + +[Libreboot 20230423'ten sonraki sürümler, mikro kod hariç tutulan ayrı ROM'lar sağlayacak, varsayılan olanlarla birlikte mikrokod dahil edilecektir.](news/microcode.md) + +Mikro kod güncellemelerinin kaldırılması sistem kararlılığını olumsuz yönde etkileyecek, standart olmayan bozuk davranışlar getirecek ve makinenin düzgün önyükleme yapamamasına neden olabilecektir. Diğer durumlarda, S3 askıya alma/devam ettirme gibi özellikleri bozabilir. + +CPU mikro kod dosyaları varsayılan olarak tüm x86 kartlarında dahil edilir. Çoğu durumda gerekli olmasa da, kullanılmaları şiddetle tavsiye edilir. Nedenleri için bkz: +[news/policy.md#more-detailed-insight-about-microcode](news/policy.md#more-detailed-insight-about-microcode) + +#### Intel Flash Tanımlayıcı (IFD): + +Intel Flash Tanımlayıcıları bazı kartlarda blob olarak sağlanır, ancak bunlar *yazılım* blobu değildir. Bunlar ikili formatta sağlanan yapılandırmalardır ve özgür yazılım tarafından tamamen okunabilir. Örneğin: + +* Coreboot'un `ifdtool` programı, Intel flash tanımlayıcılarını değiştirmek için kapsamlı özelliklere sahiptir. +* Coreboot'un `bincfg` programı, insan tarafından okunabilir bir formatta herhangi bir ikili formatı tanımlayabilen bir `.spec` dosyasından herhangi bir ikili oluşturur. Çeşitli platformlar için birkaç flash tanımlayıcı içerir, ancak Libreboot bunları kullanmaz. + +Intel GbE NVM yapılandırması (gigabit NIC için ikili kodlanmış yapılandırma verileri): + +* Libreboot'un `nvmutil` programı GbE NVM görüntülerini değiştirebilir + +### ARM/chromebook'lar + +#### BL1 önyükleyici (peach/daisy): + +BL1 önyükleyici şunlar için gereklidir: `daisy_snow`, `daisy_spring` ve `peach_pit`. + +Bu kartlar *şu anda* mevcut değil. Yapı sistemi henüz BL1 dosyalarını otomatik olarak eklemediği için Libreboot'tan kaldırıldılar. Kartların, Libreboot'taki Alper'in U-Boot portunu kullanarak çalıştığına inanılıyor. + +Sonuç +---------- + +Yukarıdakilerden görebileceğiniz gibi, Libreboot gerçekten de *ikili blob azaltma politikası*nı uyguluyor ve *azaltma* vurgusu en kritik nokta. Libreboot'un tüm kartlarda makul düzeyde *yazılım özgürlüğü* sağladığı söylenebilir. + +Libreboot, çeşitli ek özellikler sağlamak için birçok platform için daha fazla bu tür dosya *ekleyebilirdi*, ancak Libreboot projesinin *amacı* *özgür* yazılımı teşvik etmek ve tescilli yazılım geliştiricilerinin kullanıcılar üzerindeki gücünü *en aza indirmek* olduğu için bunları eklemeyi tercih etmez. + +Umarım bu makale düşünmek için malzeme sağlamıştır. + +### Bir not: donanım özgürlüğü + +Şu anda desteklenen Libreboot makinelerinin hiçbiri özgür *donanıma* sahip değildir, yani IC'ler kamuya açık *verilog* dosyaları ve benzerleriyle birlikte gelmez. Bu makinelerin kendi yedeklerini üretemezsiniz. + +Her makinenin devre kartlarını açıklayan bazı şematikler ve boardview dosyaları çeşitli kanallar aracılığıyla çevrimiçi olarak mevcuttur. Bunları kendiniz aramanız gerekir; bir gün, Tamir Hakkı hareketi umarız ki bu tür belgelere kamunun evrensel erişimini sağlayacaktır. + +İleri okuma +--------------- + +Bu makale *ana önyükleme flash*'ına giren kodu açıkladı, ancak satın aldığınız herhangi bir bilgisayarda sistemin başka yerlerinde *tonlarca* yazılım bulunur. Bazı içgörüler Libreboot SSS'de mevcuttur. Bkz: + +* [faq.md#what-level-of-software-freedom-does-libreboot-give-me](faq.md#what-level-of-software-freedom-does-libreboot-give-me) +* [faq.md#what-other-firmware-exists-outside-of-libreboot](faq.md#what-other-firmware-exists-outside-of-libreboot) + +Bunlardan en kritik olanları HDD/SSD yazılımı ve EC yazılımıdır. Bu iki bağlantıda açıklanan sorunlar, Libreboot'lular da dahil olmak üzere birçok farklı bilgisayar ve dünyadaki neredeyse diğer tüm bilgisayarlar için geçerlidir. diff --git a/site/freedom-status.uk.md b/site/freedom-status.uk.md index a6ac32a..66d34ba 100644 --- a/site/freedom-status.uk.md +++ b/site/freedom-status.uk.md @@ -4,7 +4,7 @@ x-toc-enable: true ... Вступ -============ +---------- Коротка версія історії: *всі* плати, які наразі підтримуються Libreboot можна ініціалізувати в coreboot з *вільним*, *поважаючим свободу* або *з відкритим джерелом* кодом, який @@ -46,8 +46,7 @@ Libreboot досі має суворі стандарти про те, *які* реалізовує цю *політику зменшення блобів*, особливо в тому рядку в ній, який каже, цитата, "якщо блоб можна уникнути, його необхідно уникнути". -Чому це має значення? ---------------------- +### Чому це має значення? *Практичною метою* проекта Libreboot є підтримка якомога більшої кількості апаратного забезпечення підтримки coreboot, повністю протестованого з попередньо зібраними образами ROM @@ -78,8 +77,7 @@ raminit на даній платі, блоб було би надано Libreboo Будь ласка, прочитайте документ, названий: [Політика зменшення бінарних блобів](news/policy.uk.md).* -Архітектура Coreboot ---------------------- +### Архітектура Coreboot Хоча не *суворо* необхідно для не-розробників, Ви можете знайти корисним набуття розуміння на високому рівні того, *як* працює coreboot, для набуття @@ -88,7 +86,7 @@ raminit на даній платі, блоб було би надано Libreboo 100% вільна ініціалізація coreboot -=========================== +---------------------------- *Всі* плати, які наразі підтримуються Libreboot можуть мати 100% вільну ініціалізацію *зі сторони coreboot*. В цьому контексті, це має на увазі @@ -112,10 +110,9 @@ raminit на даній платі, блоб було би надано Libreboo excluded, alongside default ones with microcode included.](news/microcode.md) Платформи Intel -=============== +-------------- -Дескрипторне проти бездескрипторного налаштування ----------------------------------- +### Дескрипторне проти бездескрипторного налаштування Libreboot підтримує декілька материнських плат, які використовують платформи Intel. Серед них існує суттєво два класи машин (для цілей цієї статті): @@ -173,8 +170,7 @@ Libreboot підтримує декілька материнських плат, частини залишені незадокументованими. Зусилля зворотної розробки протягом років задокументували деякі з цих прогалин. -Libreboot *не* розповсюджує образи Intel ME ------------------------------------------------ +### Libreboot *не* розповсюджує образи Intel ME ME містить багато модулів в собі, і один з цих модулів це код BringUp. Цей код BringUp є *власною* прошивкою ініціалізації ME, @@ -211,15 +207,14 @@ Git, ні в випусках. Де необхідно, Libreboot надає оригінального образа продавця, в регіоні ME інтегральної схеми флеш-пам'яті). Ви можете дізнатись про це більше на наступній сторінці: -[docs/install/ivy_has_common.uk.md](docs/install/ivy_has_common.uk.md) +[docs/install/ivy_has_common.md](docs/install/ivy_has_common.md) Прошивка ME є *обов'язковою* на майже всіх платформах Intel, або машина *вимкнеться* після 30 хвилин. В нейтралізованому налаштуванні, код BringUp Intel ME вимкне той час скидання в 30 хвилин, дозволяючи вам використовувати ваш комп'ютер нормально, навіть незважаючи на те, що ME *не* виконує нічого після цього. -Нейтралізований ME дійсно є вимкненим ------------------------------- +### Нейтралізований ME дійсно є вимкненим Зважайте на це: якщо ME тільки робить свій власний BringUp, але потім не виконує нічого, чи це дійсно щось більше ніж незначний відтік часу життя вашої @@ -245,8 +240,7 @@ Intel ME вимкне той час скидання в 30 хвилин, доз зважає нейтралізовані налаштування ME прийнятними, обидва з перспективи безпеки та перспективи свободи програмного забезпечення. -Більше про видалення/вимкнення Intel ME ----------------------------------- +### Більше про видалення/вимкнення Intel ME *Libreboot* надає шлях повністю видалити прошивку ME, зберігаючи повне використання машини, на платформах GM45 з південним мостом ICH9M. Це @@ -258,7 +252,7 @@ Intel ME вимкне той час скидання в 30 хвилин, доз Option ROM VGA -============ +------------- *Нативна* ініціалізація відео підтримується та *увімкнена*, для всіх платформ Intel, які підтримуються, що мають її. Джерельний код надано coreboot, під @@ -289,15 +283,15 @@ T440p ідуть з обома графічними картками Intel та libreboot є налаштовуваним, дозволяючи користувачу робити все, що заманеться."* - налаштовуваний, напевно! Дивіться: [docs/maintain/](docs/maintain/) -Ініціалізація контролера пам'яті --------------------------------- +### Memory controller initialisation -Libreboot має *повністю вільну* ініціалізацію, доступну для всіх контролерів пам'яті Intel -на платформах, які підтримуються. Це *включає* Haswell (ThinkPad T440p -та W541), станом на Libreboot 20230319 та пізніші. +Libreboot has *fully libre* initialisation available for all Intel memory +controllers up to and including Haswell (ThinkPad T440p +and W541) as of Libreboot 20230319 or higher; on Broadwell, Intel MRC is used +and on Skylake/newer, FSP-M is used. Платформи ARM (chromebook) -============= +----------------------- В більшості без блобів, за вийнятком вимоги на материнських платах `daisy` та `peach` включати блоби завантажувача BL1. Це: @@ -313,7 +307,7 @@ Libreboot *наразі* не розміщує ці блоби взагалі, наразі бракує на веб-сайті Libreboot. Список необхідних блобів, конкретно для кожної плати -================================================= +-------------------------------------------------- Ця стаття ретельно пояснила, в деталізованому огляді, точний характер того, *які* бінарні блоби розміщуються в Libreboot. Знову, @@ -324,21 +318,23 @@ Libreboot *наразі* не розміщує ці блоби взагалі, Ось список, *для кожної* плати, цих блобів: -Intel/x86 ---------- +### Intel/x86 -### Intel ME: +#### Intel ME: Нейтралізований ME потрібен на цих цілях: -`dell9020mt_nri_12mb`, `dell9020sff_nri_12mb`, `e5420_6mb`, `e5520_6mb`, `e5530_12mb`, `e6220_10mb`, `e6230_12mb`, `e6320_10mb`, `e6330_12mb`, `e6420_10mb`, `e6430_12mb`, `e6520_10mb`, `e6530_12mb`, `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8200sff_4mb`, `hp8200sff_8mb`, `hp820g2_12mb`, `hp8300cmt_16mb`, `hp8300usdt_16mb`, `hp8460pintel_8mb`, `hp8470pintel_16mb`, `hp8560w_8mb`, `hp9470m_16mb`, `t1650_12mb`, `t420_8mb`, `t420s_8mb`, `t430_12mb`, `t440plibremrc_12mb`, `t520_8mb`, `t530_12mb`, `w530_12mb`, `w541_12mb`, `x220_8mb`, `x230_12mb`, `x230_16mb`, `x230t_12mb`, `x230t_16mb` +`dell9020mt_nri_12mb`, `dell9020sff_nri_12mb`, `e5420_6mb`, `e5520_6mb`, `e5530_12mb`, `e6220_10mb`, `e6230_12mb`, `e6320_10mb`, `e6330_12mb`, `e6420_10mb`, `e6430_12mb`, `e6520_10mb`, `e6530_12mb`, `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8200sff_4mb`, `hp8200sff_8mb`, `hp820g2_12mb`, `hp8300cmt_16mb`, `hp8300usdt_16mb`, `hp8460pintel_8mb`, `hp8470pintel_16mb`, `hp8560w_8mb`, `hp9470m_16mb`, `t1650_12mb`, `t420_8mb`, `t420s_8mb`, `t430_12mb`, `t440plibremrc_12mb`, `t520_8mb`, `t530_12mb`, `w530_12mb`, `w541_12mb`, `x220_8mb`, `x230_12mb`, `x230_16mb`, `x230t_12mb`, `x230t_16mb`, `dell3050micro_vfsp_16mb`, `t480_vfsp_16mb`, `t480s_vfsp_16mb` Як заявлено, Libreboot надає це в стані, де ME більше не є загрозою для безпеки. Він ініціалізує себе, але потім нічого не робить, тому його вимкнено. Це зроблено використовуючи `me_cleaner`. Дивіться: -### KBC1126 EC firmware (HP laptops): +On MEv11-based platforms, such as the ThinkPad T480 and Dell OptiPlex 3050 Micro, +we also use [deguard](docs/install/deguard.md) to disable the Intel Boot Guard. + +#### KBC1126 EC firmware (HP laptops): This applies to the following targets: `hp2170p_16mb`, `hp2560p_8mb`, `hp2570p_16mb`, `hp8470pintel_16mb`, `hp9470m_16mb`. @@ -352,11 +348,18 @@ it during the build process. Libreboot 20230423 onwards does scrub EC firmware and provide functionality in a special script, to insert them with `cbfstool` at the correct offset as defined by coreboot config for each board. -### SMSC SCH5545 Environmental Control +#### Intel FSP + +Provides romstage and raminit, used by coreboot on some boards. In Libreboot, +we use it for the following build targets: + +`t480_vfsp_16mb`, `t480s_vfsp_16mb`, `dell3050micro_vfsp_16mb` + +#### SMSC SCH5545 Environmental Control This is a tiny firmware required for fan control, on Dell Precision T1650. -### CPU microcode: +#### CPU microcode: Оновлення [*мікрокоду*](faq.uk.md#microcode) для ЦП надано на *всіх* платформах x86, за замовчуванням. Не @@ -376,7 +379,7 @@ excluded, alongside default ones with microcode included.](news/microcode.md) в більшості випадків, їх використання надзвичайно рекомендовано. Дивіться для причин чому: [news/policy.uk.md#більш-детальна-інформація-про-мікрокод](news/policy.uk.md#більш-детальна-інформація-про-мікрокод) -### Intel Flash Descriptor (IFD): +#### Intel Flash Descriptor (IFD): Intel Flash Descriptor надано в якості блобів на деяких платах, але це не є блобами *програмного забезпечення*. Це конфігурації, які надано в двійковому форматі, @@ -396,15 +399,14 @@ Intel Flash Descriptor надано в якості блобів на деяки для мережевих карток Intel, які використані в Thinkpad GM45. * Програма Libreboot `nvmutil` може маніпулювати образами GbE NVM -ARM/chromebook ---------------- +### ARM/chromebook -### BL1 bootloader (peach/daisy): +#### BL1 bootloader (peach/daisy): BL1 завантажувач потрібен на: `daisy_snow`, `daisy_spring` та `peach_pit`. Висновки -========== +--------- З вищезазначеного, ви можете бачити, що Libreboot в дійсності *надає* *політику зменшення бінарних блобів*, з наголошенням на *зменшенні*, що є найбільш критичним. @@ -416,8 +418,7 @@ Libreboot *міг би* додати багато блобів для різни Я сподіваюсь, що ця стаття надала їжу для роздумів. -Відступ: свобода обладнання --------------------------- +### Відступ: свобода обладнання Жодна з машин, які наразі підтримуються Libreboot не має вільного *апаратного забезпечення*, в тому сенсі, що інтегральні схеми не ідуть з публічно доступними файлами *verilog* та @@ -429,7 +430,7 @@ Libreboot *міг би* додати багато блобів для різни універсальний доступ до таких документів спільноті. Для подальшого читання -=============== +------------------- В цій статті описано код, який міститься в *основній завантажувальній флеш-пам'яті*, але будь-який комп'ютер, який ви придбаєте, матиме *тони* мікропрограм в інших частинах системи. Деякі diff --git a/site/freedom-status.uk.md.description b/site/freedom-status.uk.md.description new file mode 100644 index 0000000..9e14082 --- /dev/null +++ b/site/freedom-status.uk.md.description @@ -0,0 +1,2 @@ +Libreboot handles certain vendor code on specific motherboards. +Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot. diff --git a/site/git.de.md b/site/git.de.md index 94dd4cd..7d75b7d 100644 --- a/site/git.de.md +++ b/site/git.de.md @@ -1,13 +1,10 @@ --- -title: Code review +title: Use Git and/or send patches to Libreboot x-toc-enable: true ... Libreboot Repositories -=================== - -Informationen darüber wer an Libreboot arbeitet und wer das Projekt betreibt -sind unter [who.de.md](who.de.md) zu finden. +--------------------- Das `libreboot` Projekt hat hauptsächlich 3 Git Repositories: @@ -15,11 +12,17 @@ Das `libreboot` Projekt hat hauptsächlich 3 Git Repositories: * Webseite (+Anleitungen): * Bilder (für die Webseite): * Pico-serprog: +* Libreboot Static Site Generator: + +Also see: [Libreboot Static Site Generator](docs/sitegen/). Du kannst dir lbmk auch auf Libreboot's eigener cgit Instanz *ansehen*, allerdings ist dies nicht für die Entwicklung gedacht (benutze hierfür bitte codeberg):\ +The [tasks](tasks/) page lists some (not all) of the things we wish to +implement, if not already implemented. Patches welcome! + Weiter unten auf dieser Seite sind Mirror von `lbmk` und `lbwww` aufgelistet, sofern die Haupt Git Repositories nicht erreichbar sein sollten. @@ -70,8 +73,7 @@ welche dieselbe Platform bzw. denselben Chipsatz verwenden. Dokumentation für `ich9utils` ist hier verfügbar:\ [ich9utils Dokumentation](docs/install/ich9utils.md) -lbmk (libreboot-make) ---------------------- +### lbmk (libreboot-make) Dies ist das zentrale build system in Libreboot. Man könnte auch sagen `lbmk` *ist* Libreboot! Das Git repository herunterladen: @@ -90,8 +92,7 @@ Für Anleitungen bzgl. `lbmk` build, siehe [build Anleitungen](docs/build/). Informationen über das build system selbst und wie es funktioniert, sind verfügbar unter dem [lbmk maintenance guide](docs/maintain/). -lbwww and lbwww-img -------------------- +### lbwww and lbwww-img Die *gesamte* Libreboot Website sowie Dokumentation befindet sich in einem Git Repository. @@ -108,8 +109,8 @@ Du kannst alles nach deinen Vorstellungen ändern. Beachte die nachfolgenden Informationen wie Du deine Änderungen zur Verfügung stellen kannst. Die gesamte Website ist in Markdown geschrieben, insbesondere die Pandoc Version. -Die statischen HTML Seiten werden mit [Untitled](https://untitled.vimuser.org/) -generiert. Leah Rowe, die Gründerin von Libreboot, ist auch die Gründerin des Untitled static +Die statischen HTML Seiten werden mit [lbssg](docs/sitegen/) +generiert. Leah Rowe, die Gründerin von Libreboot, ist auch die Gründerin des Libreboot static site generator Projekts. Wenn Du möchtest, kannst Du einen lokalen HTTP Server einrichten und eine @@ -153,15 +154,14 @@ Zu Entwicklungszwecken, könntest Du deine Bilder auch lokal verknüpfen, und anschliesend die URLs anpassen sobald Du deine Patches für die Dokumentation/Webseite schickst. Eine Anleitung wie Du eine lokale Version der Webseite herstellen kannst, -befinden sich auf der Untitled Webseite. Lade untitled +befinden sich auf der lbssg dokumentation. Lade untitled herunter, und erstelle in dem `untitled` Verzeichnis ein Verzeichnis mit dem Namen `www/` dann wechsle in dieses Verzeichnis und klone das `lbwww` Repository dorthin. Konfiguriere deinen lokalen HTTP Server entsprechend. -Nochmal, Anleitungen hierfür findest Du auf der Untitled Webseite. +Nochmal, Anleitungen hierfür findest Du auf der lbssg dokumentation. -Name nicht erforderlich ------------------ +### Name nicht erforderlich Beiträge die Du hinzufügst, werden in einem für jeden zugänglichen Git Repository öffentlich aufgezeichnet. Dies betrifft ebenso den Namen sowie @@ -189,8 +189,7 @@ Commits/Patches verwendest dann solltest Du anonym sein. Verwende und [git show](https://git-scm.com/docs/git-show) um dies zu überprüfen bevor Du einem öffentlichen Git Repository Änderungen hinzufügst. -Lizenzen (für Mitwirkende) --------- +### Lizenzen (für Mitwirkende) Stelle sicher, dass deine Beiträge mit einer libre Lizenz frei lizensiert sind. Libreboot schreibt nicht mehr vor, welche Lizenzen akzeptiert werden, @@ -202,12 +201,7 @@ das deine Arbeit unter die Standard Urheberrechte fällt, was deine Arbeit proprietär macht und somit von denselben Einschränkungen betroffen ist. Die MIT Lizenz ist ein guter Start, und sie ist die bevorzugte Lizenz -für sämtliche Arbeit an Libreboot, aber wir sind nicht pingelig. Libreboot -hat in der Vergangenheit GNU Lizenzen so wie GPL verwendet; vieles davon -besteht nach wie vor und wird auch weiterhin bestehen. -Es ist deine Arbeit; sofern deine Arbeit auf der Arbeit eines anderen basiert, -ist es aufgrund der Lizenz-Kompatibilität ggfs. naheliegend diesselbe Lizenz zu -verwenden. +für sämtliche Arbeit an Libreboot, aber wir sind nicht pingelig. [Hier](https://opensource.org/licenses) findest Du übliche Beispiele für Lizenzen. @@ -220,8 +214,7 @@ Lizenzen nicht der Fall ist: -Patches senden ------------- +### Patches senden Erstelle einen Account unter und navigiere (während Du eingeloggt bist) zu dem Repository das Du bearbeiten möchtest. Klicke @@ -252,8 +245,7 @@ Ein weiterer Weg Patches zu senden ist Leah Rowe direkt eine email zu senden: Um den Prozess der Quelltext Überprüfung transparent zu gestalten, wird jedoch empfohlen künftig Codeberg zu verwenden. -Mailing list ------------- +### Mailing list Libreboot has this mailing list: @@ -261,7 +253,7 @@ Libreboot has this mailing list: The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Mirrors für lbmk.git -=================== +-------------------- Das `lbmk` Repository enthält Libreboot's automatischess build system, welches Libreboot Veröffentlichungen herstellt (inklusive kompilierter ROM Images). @@ -280,15 +272,14 @@ angeklickt werden, um Änderungen in deinem Web Browser anzusehen): * Mirrors fur pico-serprog.git -========================= +---------------------------- * -lbwww.git Mirror ----------------- +### lbwww.git Mirror Das `lbwww` Repository enthält Markdown Dateien (Pandoc Variant), für die -Verwendung mit dem [Untitled Static Site Generator](https://untitled.vimuser.org/); +Verwendung mit dem [Libreboot Static Site Generator](docs/sitegen/); dies wird von Libreboot verwendet um HTML Web Seiten bereitzustellen, *inklusive* der Seite die Du gerade liest! @@ -311,7 +302,7 @@ des Libreboot Projektes *Mirror* mit zusätzlichen Datenverkehr durch Bilder zu belasten. Notabug Repositories -==================== +-------------------- Commits die zu codeberg gepusht werden, werden ebenso zu notabug gepusht, zusätzlich zu den anderen Mirrors. diff --git a/site/git.de.md.description b/site/git.de.md.description new file mode 100644 index 0000000..ac07f2d --- /dev/null +++ b/site/git.de.md.description @@ -0,0 +1 @@ +Send patches to the Libreboot project via Git. Libreboot is a free/opensource BIOS/UEFI boot firmware project, with payloads like GNU GRUB. diff --git a/site/git.md b/site/git.md index b2e6289..3eb12cc 100644 --- a/site/git.md +++ b/site/git.md @@ -1,13 +1,10 @@ --- -title: Code review +title: How to use Git and/or send patches to Libreboot x-toc-enable: true ... -libreboot repositories -=================== - -Information about who works on libreboot and who runs the project can be -found on [who.md](who.md) +Libreboot repositories +---------------------- The `libreboot` project has 3 main Git repositories: @@ -15,11 +12,17 @@ The `libreboot` project has 3 main Git repositories: * Website (+docs): * Images (for website): * Pico-serprog: +* Libreboot Static Site Generator: + +Also see: [Libreboot Static Site Generator](docs/sitegen/). You can also *browse* lbmk on Libreboot's own cgit instance, though it is not intended for development (use codeberg for that):\ +The [tasks](tasks/) page lists some (not all) of the things we wish to +implement, if not already implemented. Patches welcome! + If the main Git repositories are down, mirrors of `lbmk` and `lbwww` are listed further down in this page @@ -32,9 +35,7 @@ needed something more stable, so now Libreboot is hosted on codeberg. See: There are also these programs, hosted by the Libreboot project, and libreboot either recommends them or makes use of them: -The `ich9utils` project is now available under `util/ich9utils` in lbmk, and -lbmk uses *that*, but the old standalone repository is still available on -notabug (bucts is also there): +The old `ich9utils` and `bucts` repositories are available on notabug: * Bucts (utility): * ich9utils (utility): @@ -57,15 +58,7 @@ internally an libreboot ROM onto a ThinkPad X60 or T60 that is currently running the original Lenovo BIOS. Instructions for that are available here:\ [libreboot installation guides](docs/install/) -The `ich9utils` repository is used heavily, by the `lbmk` build system. However, -you can also download `ich9utils` on its own and use it. It generates ICH9M -descriptor+GbE images for GM45 ThinkPads that use the ICH9M southbridge. It may -also work for other systems using the same platform/chipset. -Documentation for `ich9utils` is available here:\ -[ich9utils documentation](docs/install/ich9utils.md) - -lbmk (libreboot-make) ---------------------- +### lbmk (libreboot-make) This is the core build system in libreboot. You could say that `lbmk` *is* libreboot! Download the Git repository: @@ -83,8 +76,7 @@ build `lbmk`, refer to the [build instructions](docs/build/). Information about the build system itself, and how it works, is available in the [lbmk maintenance guide](docs/maintain/). -lbwww and lbwww-img -------------------- +### lbwww and lbwww-img The *entire* libreboot website and documentation is hosted in a Git repository. Download it like so: @@ -99,8 +91,8 @@ repository: Make whatever changes you like. See notes below about how to send patches. The entire website is written in Markdown, specifically the Pandoc version of -it. The static HTML pages are generated with [Untitled](https://untitled.vimuser.org/). -Leah Rowe, the founder of libreboot, is also the founder of the Untitled static +it. The static HTML pages are generated with [lbssg](docs/sitegen/). +Leah Rowe, the founder of libreboot, is also the founder of the Libreboot static site generator project. If you like, you can set up a local HTTP server and build your own local @@ -142,15 +134,14 @@ For example, this reduced the Libreboot boot logo from around 11k to 3k: For development purposes, you might make your images local links first, and then adjust the URLs when you submit your documentation/website patches. -Instructions are on the Untitled website, for how to set up your local version +Instructions are on the lbssg manual, for how to set up your local version of the website. Download untitled, and inside your `untitled` directory, create a directory named `www/` then go inside the www directory, and clone the `lbwww` repository there. Configure your local HTTP server accordingly. -Again, instructions are available on the Untitled website for this purpose. +Again, instructions are available on the lbssg manual for this purpose. -Name not required ------------------ +### Name not required Contributions that you make are publicly recorded, in a Git repository which everyone can access. This includes the name and email address of the @@ -175,8 +166,7 @@ should be fairly anonymous. Use and [git show](https://git-scm.com/docs/git-show) to confirm that before you push changes to a public Git repository. -Licenses (for contributors) --------- +### Licenses (for contributors) Make sure to freely license your work, under a libre license. Libreboot no longer sets arbitrary restrictions on what licenses are accepted, and many @@ -189,7 +179,7 @@ proprietary, subject to all of the same restrictions. The MIT license is a good one to start with, and it is the preferred license for all new works in Libreboot, but we're not picky. Libreboot has historically -used GNU licensing such as GPL; much of that remains, and is likely to remain. +used mostly GPL licensing; much of that remains, and is likely to remain. It's your work; obviously, if you're deriving from an existing work, it may make sense to use the same license on your contribution, for license compatibility. @@ -205,8 +195,7 @@ sublicense) that other licenses do not: -Send patches ------------- +### Send patches Make an account on and navigate (while logged in) to the repository that you wish to work on. Click *Fork* and in your account, @@ -232,8 +221,7 @@ Another way to submit patches is to email Leah Rowe directly: However, for transparency of the code review process, it's recommended that you use Codeberg, for the time being. -Mailing list ------------- +### Mailing list Libreboot has this mailing list: @@ -241,7 +229,7 @@ Libreboot has this mailing list: The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Mirrors of lbmk.git -=================== +------------------- The `lbmk` repository contains Libreboot's automated build system, which produces Libreboot releases (including compiled ROM images). @@ -260,15 +248,14 @@ to view changes in your Web browser): * Mirrors of pico-serprog.git -========================= +-------------------------- * -lbwww.git mirror ----------------- +### lbwww.git mirror The `lbwww` repository contains Markdown files (pandoc variant), for use -with the [Untitled Static Site Generator](https://untitled.vimuser.org/); this +with the [Libreboot Static Site Generator](docs/sitegen/); this is what Libreboot uses to provide HTML web pages, *including* the page that you are reading right now! @@ -290,7 +277,7 @@ and it is not the intention of the Libreboot project to bog down *mirrors* with additional traffic by hosting images. Notabug repositories -==================== +-------------------- Commits that go to codeberg are also still pushed to notabug, in addition to the other mirrors. Notabug is considered a *mirror* since 8 April 2023, when diff --git a/site/git.md.description b/site/git.md.description new file mode 100644 index 0000000..ac07f2d --- /dev/null +++ b/site/git.md.description @@ -0,0 +1 @@ +Send patches to the Libreboot project via Git. Libreboot is a free/opensource BIOS/UEFI boot firmware project, with payloads like GNU GRUB. diff --git a/site/git.tr.md b/site/git.tr.md new file mode 100644 index 0000000..338fae2 --- /dev/null +++ b/site/git.tr.md @@ -0,0 +1,161 @@ +--- +title: Git'i Nasıl Kullanırsınız ve/veya Libreboot'a Yama Gönderirsiniz +x-toc-enable: true +... + +Libreboot Depoları +----------------- + +`libreboot` projesinin 3 ana Git deposu vardır: + +* Derleme sistemi: +* Web sitesi (+belgeler): +* Görseller (web sitesi için): +* Pico-serprog: +* Libreboot Statik Site Oluşturucu: + +Ayrıca bakınız: [Libreboot Statik Site Oluşturucu](docs/sitegen/). + +Ayrıca lbmk'yi Libreboot'un kendi cgit örneğinde *gezinebilirsiniz*, ancak bu geliştirme için tasarlanmamıştır (bunun için codeberg'i kullanın):\ + + +[Görevler](tasks/) sayfası, uygulamak istediğimiz (hepsi değil) bazı şeyleri listeler, henüz uygulanmamışsa. Yamalar hoş karşılanır! + +Ana Git depoları çalışmıyorsa, `lbmk` ve `lbwww`'nin yansıları bu sayfada aşağıda listelenmiştir. + +Libreboot daha önce NotABug'ı kullanıyordu, ancak muhtemelen çok fazla kişi kullandığı için genellikle akşamları HTTP 500 hataları döndürmesi nedeniyle sürekli güvenilirlik sorunları yaşandı; Libreboot'un daha kararlı bir şeye ihtiyacı olduğuna karar verildi, bu yüzden şimdi Libreboot codeberg'de barındırılıyor. Bakınız: [8 Nisan 2023'te codeberg'e taşınma duyurusu](news/codeberg.md) + +Ayrıca Libreboot projesi tarafından barındırılan ve libreboot'un ya önerdiği ya da kullandığı şu programlar da var: + +Eski `ich9utils` ve `bucts` depoları notabug'da mevcuttur: + +* Bucts (yardımcı program): +* ich9utils (yardımcı program): + +Bu depolardan herhangi birini indirebilir, istediğiniz değişiklikleri yapabilir ve ardından aşağıdaki talimatları kullanarak değişikliklerinizi gönderebilirsiniz. + +Libreboot'u (tüm parçalarını) bir Linux dağıtımında derlemeniz önerilir. Örneğin, derleme sistemi (lbmk) BSD sistemlerinde test edilmemiştir. Linux sisteminize `git`'i kurun ve depolardan birini indirin. + +Libreboot'un geliştirilmesi Git sürüm kontrol sistemi kullanılarak yapılır. Git'i nasıl kullanacağınızı bilmiyorsanız [resmi Git belgelerine](https://git-scm.com/doc) bakın. + +`bucts` deposu, son kontrol ettiğimizde `stuge.se`'deki orijinal depo artık mevcut olmadığı için libreboot projesi tarafından barındırılmaktadır. `bucts` programı Peter Stuge tarafından yazılmıştır. Şu anda orijinal Lenovo BIOS'unu çalıştıran bir ThinkPad X60 veya T60'a dahili olarak bir libreboot ROM'u yüklüyorsanız `bucts`'ye ihtiyacınız var. Bunun için talimatlar burada mevcuttur:\ +[libreboot kurulum kılavuzları](docs/install/) + +### lbmk (libreboot-make) + +Bu, libreboot'taki çekirdek derleme sistemidir. `lbmk`'nin libreboot *olduğunu* söyleyebilirsiniz! Git deposunu indirin: + + git clone https://codeberg.org/libreboot/lbmk + +Yukarıda görülen `git` komutu, libreboot derleme sistemi `lbmk`'yi indirecektir. Ardından şu şekilde içine girebilirsiniz: + + cd lbmk + +İstediğiniz değişiklikleri yapın veya sadece derleyin. `lbmk`'yi nasıl derleyeceğinize dair talimatlar için [derleme talimatlarına](docs/build/) bakın. + +Derleme sisteminin kendisi ve nasıl çalıştığı hakkında bilgi [lbmk bakım kılavuzunda](docs/maintain/) mevcuttur. + +### lbwww ve lbwww-img + +Libreboot web sitesi ve belgelerin *tamamı* bir Git deposunda barındırılmaktadır. Şu şekilde indirin: + + git clone https://codeberg.org/libreboot/lbwww + +Görseller adresinde barındırılır ve ayrı bir depoda mevcuttur: + + git clone https://codeberg.org/libreboot/lbwww-img + +İstediğiniz değişiklikleri yapın. Yama gönderme hakkında aşağıdaki notlara bakın. + +Web sitesinin tamamı Markdown'da, özellikle Pandoc versiyonunda yazılmıştır. Statik HTML sayfaları [lbssg](docs/sitegen/) ile oluşturulur. Libreboot'un kurucusu Leah Rowe, aynı zamanda Libreboot statik site oluşturucu projesinin de kurucusudur. + +İsterseniz yerel bir HTTP sunucusu kurabilir ve web sitesinin kendi yerel sürümünüzü oluşturabilirsiniz. Lütfen görsellerin hala adresinde barındırılanlarla bağlantılı olacağını unutmayın, bu nedenle `lbwww-img`'ye eklediğiniz görseller (eklediğiniz görseller için) görsel bağlantılarını `av.libreboot.org`'a bağlarsanız yerel `lbwww` sitenizde görünmeyecektir. Ancak, bu tür görsellerin av.libreboot.org'da barındırılması gereklidir. + +Bu nedenle, web sitesine görsel eklemek istiyorsanız, lütfen her biri için bağlantıları olacak şekilde `lbwww-img` deposuna da gönderin. Libreboot web sitesinde birleştirildiğinde, görselleriniz canlı olarak görünecektir. + +Bir fotoğraf ekliyorsanız, web dağıtımı için sıkıştırın. Görseller genellikle 800px genişliğinde ve genellikle 100KiB'den küçük boyutta olmalıdır: + +İlk olarak, favori görsel işleme programınızı kullanarak görselinizi yaklaşık 800px genişliğe ölçeklendirin. Örneğin, `imagemagick` ile şunu yapabilirsiniz (görüntünün zaten tercih edilenden daha küçük veya eşit olmadığından emin olun). + + convert original.jpg -resize 600000@ -quality 70% web.jpg + +Göndermeden önce jpg görseller üzerinde her zaman `jpegoptim` çalıştırmalısınız. Gereksiz meta verileri kaldırır ve içlerinde kullanılan huffman tablolarını akıllıca yeniden düzenleyerek *kayıpsız* olarak daha da optimize eder. + + jpegoptim -s --all-progressive web.jpg + +Görsel bir (çizgi) çizimse, bitmap'lere göre vektör grafikleri tercih edilir. Bu nedenle, mümkünse bunları SVG olarak kaydedin. Bunlar değiştirilmesi kolaydır ve çevirmenlerin işini de kesinlikle kolaylaştıracaktır. + +PNG görseller `zopfli` ile optimize edilmelidir (bu da kayıpsızdır). Örneğin, bu Libreboot önyükleme logosunu yaklaşık 11k'dan 3k'ya düşürdü: + + zopflipng -ym image.png image.png + +Geliştirme amaçları için, önce görsellerinizi yerel bağlantılar yapabilir ve ardından belge/web sitesi yamalarınızı gönderirken URL'leri ayarlayabilirsiniz. + +Web sitesinin yerel sürümünüzü nasıl kuracağınıza dair talimatlar lbssg kılavuzunda mevcuttur. Untitled'ı indirin ve untitled dizininizin içinde `www/` adlı bir dizin oluşturun, ardından www dizininin içine girin ve `lbwww` deposunu oraya klonlayın. Yerel HTTP sunucunuzu buna göre yapılandırın. + +Yine, bu amaç için talimatlar lbssg kılavuzunda mevcuttur. + +### İsim Gerekli Değil + +Yaptığınız katkılar, herkesin erişebileceği bir Git deposunda kamuya açık olarak kaydedilir. Bu, katkıda bulunanın adını ve e-posta adresini içerir. + +Git'te, yazar adı ve e-posta adresi için tanımlayıcı veriler kullanmanız gerekmez. `libreboot Contributor` kullanabilir ve e-posta adresiniz contributor@libreboot.org olarak belirtilebilir. Gizliliğinizi korumak istiyorsanız bunu yapmanıza izin verilir. Gizliliğe inanıyoruz. Anonim kalmayı seçerseniz, buna saygı duyacağız. + +Tabii ki, istediğiniz adı ve/veya e-posta adresini kullanabilirsiniz. + +Yasal olarak konuşursak, uluslararası telif hakkı yasasının Bern Sözleşmesi kapsamında tüm telif hakları otomatiktir. Hangi adı kullandığınız, hatta telif hakkı beyan edip etmediğiniz önemli değildir (ancak belirli telif hakkı lisanslarının kullanılmasını gerektiriyoruz - bu sayfada bunun hakkında daha fazla bilgi okuyun). + +Commit'lerinizde/yamalarınızda farklı bir ad ve e-posta adresi kullanırsanız, oldukça anonim olmalısınız. Değişiklikleri genel bir Git deposuna göndermeden önce onaylamak için [git log](https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History) ve [git show](https://git-scm.com/docs/git-show) kullanın. + +### Lisanslar (katkıda bulunanlar için) + +Çalışmanızı özgür bir lisans altında özgürce lisansladığınızdan emin olun. Libreboot artık hangi lisansların kabul edildiğine dair keyfi kısıtlamalar koymamaktadır ve halihazırda birçok lisans mevcuttur. Katkınızı denetleyeceğiz ve sorun varsa size bildireceğiz (örn. lisans yok). + +Çalışmanızda *her zaman* bir lisans beyan edin! Bir lisans beyan etmemek, varsayılan, kısıtlayıcı telif hakkı yasalarının geçerli olduğu anlamına gelir, bu da çalışmanızı özel mülk yapar ve aynı kısıtlamalara tabi olur. + +MIT lisansı başlamak için iyi bir lisanstır ve Libreboot'taki tüm yeni çalışmalar için tercih edilen lisanstır, ancak seçici değiliz. Libreboot tarihsel olarak çoğunlukla GPL lisanslaması kullanmıştır; bunların çoğu kalmıştır ve muhtemelen kalacaktır. Bu sizin çalışmanız; açıkçası, mevcut bir çalışmadan türetiyorsanız, lisans uyumluluğu için katkınızda aynı lisansı kullanmak mantıklı olabilir. + +[Burada](https://opensource.org/licenses) yaygın lisans örnekleri bulabilirsiniz. + +Mevcut bir çalışmadan *türetiyorsanız*, katkınızın lisansının türetildiği çalışmanın lisanslamasıyla uyumlu olması önemlidir. MIT lisansı iyidir çünkü birçok diğer lisansla geniş çapta uyumludur ve diğer lisansların vermediği birçok özgürlüğe (alt lisanslama özgürlüğü gibi) izin verir: + + + +### Yama Gönderme + + adresinde bir hesap oluşturun ve üzerinde çalışmak istediğiniz depoya (giriş yapmış olarak) gidin. *Fork*'a tıklayın ve hesabınızda kendi libreboot deponuz olacak. Deponuzu klonlayın, istediğiniz değişiklikleri yapın ve ardından Codeberg'deki hesabınızdaki deponuza gönderin. İsterseniz bunu yeni bir dalda da yapabilirsiniz. + +Codeberg hesabınızda, resmi libreboot deposuna gidebilir ve bir Çekme İsteği gönderebilirsiniz. Çalışma şekli, insanların bu günlerde kullandığı diğer popüler web tabanlı Git platformlarına benzer. + +Yamalarınızı oraya gönderebilirsiniz. Alternatif olarak, libreboot IRC kanalına giriş yapabilir ve yamalarla kendi Git deponuz varsa, hangi yamaların incelenmesini istediğinizi kanala bildirebilirsiniz. + +Bir Çekme İsteği gönderdikten sonra, libreboot bakımcıları e-posta yoluyla bilgilendirilecektir. Projeden yeterince hızlı yanıt alamazsanız, Libera Chat'teki `#libreboot` kanalı aracılığıyla projeyi bilgilendirebilirsiniz. + +Yama göndermenin başka bir yolu da doğrudan Leah Rowe'a e-posta göndermektir: +[info@minifree.org](mailto:info@minifree.org) Leah'nın proje e-posta adresidir. + +Ancak, kod inceleme sürecinin şeffaflığı için, şimdilik Codeberg'i kullanmanız önerilir. + +### E-posta Listesi + +Libreboot'un şu e-posta listesi vardır: + + +E-posta adresi: [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) + +lbmk.git'in Yansıları +-------------------- + +`lbmk` deposu, Libreboot sürümlerini (derlenmiş ROM imajları dahil) üreten Libreboot'un otomatik derleme sistemini içerir. + +Bu bağlantılardan herhangi biri üzerinde `git clone` çalıştırabilirsiniz (bağlantılar ayrıca Web tarayıcınızda değişiklikleri görüntülemek için tıklanabilir): + +* +* +* +* +* +* +* +* +* \ No newline at end of file diff --git a/site/git.uk.md b/site/git.uk.md index 0cb32df..f840b9f 100644 --- a/site/git.uk.md +++ b/site/git.uk.md @@ -4,10 +4,7 @@ x-toc-enable: true ... репозиторії libreboot -=================== - -Інформацію про те, хто працює над libreboot і хто керує проектом, можна -знайти на [who.uk.md](who.uk.md) +--------------------- Проект `libreboot` має 3 основні сховища Git: @@ -15,11 +12,17 @@ x-toc-enable: true * Веб-сайт (+документація): * Зображення (для веб-сайта): * Pico-serprog: +* Libreboot Static Site Generator: + +Also see: [Libreboot Static Site Generator](docs/sitegen/). Ви також можете *переглядати* lbmk на власному екземплярі Libreboot cgit, хоча це не призначено для розробки (використовуйте codeberg для цього):\ +The [tasks](tasks/) page lists some (not all) of the things we wish to +implement, if not already implemented. Patches welcome! + Якщо основні репозиторії Git лежать, дзеркала `lbmk` та `lbwww` є зазначеними далі знизу на цій сторінці @@ -64,8 +67,7 @@ Linux. Наприклад, система збірки (lbmk) не переві Документація для `ich9utils` доступна тут:\ [документація ich9utils](docs/install/ich9utils.md) -lbmk (libreboot-make) ---------------------- +### lbmk (libreboot-make) Це основна система збирання в libreboot. Можна сказати, що `lbmk` *це* libreboot! Завантажте репозиторій Git: @@ -83,8 +85,7 @@ libreboot! Завантажте репозиторій Git: Інформація про саму систему збірки та про те, як вона працює, доступна в [посібнику обслуговування lbmk](docs/maintain/). -lbwww та lbwww-img -------------------- +### lbwww та lbwww-img *Весь* веб-сайт і документація libreboot розміщені в репозиторії Git. Завантажте так: @@ -99,9 +100,9 @@ lbwww та lbwww-img Вносьте будь-які зміни, які забажаєте. Дивіться нотатки нижче про те, як надсилати виправлення. Весь веб-сайт написаний у Markdown, зокрема його версія Pandoc. -Статичні сторінки HTML створюються за допомогою [Untitled](https://untitled.vimuser.org/). +Статичні сторінки HTML створюються за допомогою [lbssg](docs/sitegen/). Лія Роу, засновниця libreboot, також є засновницею проекту генератор статичних сайтів -Untitled. +lbssg. Якщо хочете, ви можете налаштувати локальний HTTP-сервер і створити власну локальну версію веб-сайту. Зауважте, що зображення все одно будуть посилатися на ті, що @@ -142,15 +143,14 @@ Untitled. Для цілей розробки ви можете спочатку створити локальні посилання на зображення, а потім налаштувати URL-адреси, коли надсилатимете документацію/патчі веб-сайту. -На веб-сайті Untitled є інструкції щодо налаштування локальної версії +На веб-сайті lbssg є інструкції щодо налаштування локальної версії веб-сайту. Завантажте untitled, і в своєму каталозі `untitled` створіть каталог під назвою `www/`, потім увійдіть у каталог www і клонуйте сховище `lbwww` там. Налаштуйте локальний HTTP-сервер відповідним чином. -Знову ж таки, інструкції для цього доступні на веб-сайті Untitled. +Знову ж таки, інструкції для цього доступні на веб-сайті lbssg. -Ім'я не вимагається ------------------ +### Ім'я не вимагається Внески, які ви робите, реєструються публічно в репозиторії Git, доступ до якого мають всі. Це включає ім'я та електронну адресу @@ -175,8 +175,7 @@ Untitled. та [git show](https://git-scm.com/docs/git-show), щоб підтвердити це перед тим, як ви надсилаєте зміни до загальнодоступного сховища Git. -Ліцензії (для учасників) --------- +### Ліцензії (для учасників) Обов'язково вільно ліцензуйте свою роботу, за вільною ліцензією. Libreboot більше не встановлює довільні обмеження на те, які ліцензії приймаються, і багато @@ -205,8 +204,7 @@ Untitled. -Надсилайте виправлення ------------- +### Надсилайте виправлення Створіть обліковий запис на і перейдіть (увійшовши в систему) до репозиторію, над яким ви хочете працювати. Натисніть *Fork*, і у вашому обліковому записі, @@ -232,8 +230,7 @@ IRC-канал libreboot і повідомити канал, які виправ Однак, для прозорості процесу перевірки коду, ми рекомендуємо на даний момент використовувати Codeberg. -Mailing list ------------- +### Mailing list Libreboot has this mailing list: @@ -241,7 +238,7 @@ Libreboot has this mailing list: The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreboot@lists.sr.ht) Дзеркала lbmk.git -=================== +----------------- Репозиторій `lbmk` містить автоматизовану систему побудови Libreboot, що створює випуски Libreboot (включаючи зібрані образи ROM). @@ -260,15 +257,14 @@ The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreb * Дзеркала pico-serprog.git -========================= +------------------------- * -дзеркало lbwww.git ----------------- +### дзеркало lbwww.git Репозиторій `lbwww` містить файли Markdown (варіант pandoc), для використання -з [генератором статичних сайтів Untitled](https://untitled.vimuser.org/); це те, +з [генератором статичних сайтів Libreboot](docs/sitegen/); це те, що Libreboot використовує для надання веб-сторінок HTML, *включаючи* сторінку, яку ви читаєте прямо зараз! @@ -290,7 +286,7 @@ The email address is [~libreboot/libreboot@lists.sr.ht](mailto:~libreboot/libreb в додатковий трафік шляхом розміщення зображень. Репозиторії Notabug -==================== +------------------- Коміти, які ідуть до codeberg досі push'аться до notabug, в додаток до інших дзеркал. Notabug розцінюється *дзеркалом* з 8 квітня 2023 року, коли diff --git a/site/git.uk.md.description b/site/git.uk.md.description new file mode 100644 index 0000000..ac07f2d --- /dev/null +++ b/site/git.uk.md.description @@ -0,0 +1 @@ +Send patches to the Libreboot project via Git. Libreboot is a free/opensource BIOS/UEFI boot firmware project, with payloads like GNU GRUB. diff --git a/site/global.css b/site/global.css index e80c1af..3688ae5 100644 --- a/site/global.css +++ b/site/global.css @@ -2,6 +2,9 @@ * This CSS is released under Creative Commons Zero 1.0 Universal license: * https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt */ + +h1,h2,h3,h4{font-weight:normal; font-size:2em} + .specs { float: right; @@ -14,34 +17,45 @@ } -@media (max-width:89em) -{ - html - { - font-size: 0.95em; - } -} -@media (min-width:90em) +@media (max-width:90em) { html { font-size: 1.05em; } } +@media (min-width:90em) +{ + html + { + font-size: 1.10em; + } +} +@media (min-width:110em) +{ + html + { + font-size: 1.15em; + } +} html { + /* color: #280b22; */ + color: #ede; background: #280b22; - color: #ccc; font-family: sans-serif; line-height: 1.4; text-shadow: 1px 1px #000; } +hr { + color: #666; +} -code,pre, #TOC, a:hover +code,pre, #TOC, a:hover, img { - border-radius:0.25em; background: #4e324e; + border-radius:0.25em; } header img { @@ -57,7 +71,6 @@ img,video,iframe,pre { max-width: 100%; overflow: auto; - border-radius:0.25em; } .title>*, header ul>li, .nav ul>li, @@ -83,16 +96,20 @@ html, ul, #TOC display: none; } +div.title:hover { + cursor: pointer; +} + @media (min-width:60em) { - .title-logo{display:none} + .title-logo{display:none; background:none;} div.title,h1.title { background:url("/favicon.ico") no-repeat; background-size:auto 99%; min-height:2em } div.title {background-position:right} - h1.title {padding:0 4em} + h1.title {padding:0 4em; font-size:2.5em; font-weight:normal;} #TOC { float: left; @@ -101,6 +118,19 @@ html, ul, #TOC } } +h2 +{ + font-size: 2em; +} +h3 +{ + font-size: 1.6em; +} +h4 +{ + font-size:1.2em; +} + .f, .f * { position: fixed; @@ -125,6 +155,11 @@ html, ul, #TOC background: rgba(0, 0, 0, 0.8); } +.f img { + max-width: 80%; + max-height: 80%; +} + *:focus + .f { display: block; diff --git a/site/index.de.md b/site/index.de.md index cbda7ee..3378e8a 100644 --- a/site/index.de.md +++ b/site/index.de.md @@ -1,11 +1,12 @@ --- -title: Libreboot projekt +title: Freie und Open Source BIOS/UEFI Firmware x-toc-enable: true ... -Das *Libreboot* Projekt bietet +*Libreboot* ist ein [Coreboot-Distribution](docs/maintain/) (coreboot distro), +so wie Debian eine Linux-Distribution ist. Das *Libreboot* Projekt bietet eine [freie](https://writefreesoftware.org/) *Boot -Firmware* welche auf [bestimmten Intel/AMD x86 und ARM Geräten](docs/install/) +Firmware* welche auf [bestimmten Intel/AMD x86 und ARM Geräten](docs/install/#which-systems-are-supported-by-libreboot) die Hardware initialisiert (z.b. Speicher-Controller, CPU, Peripherie), und dann einen Bootloader für dein Betriebssystem startet. [Linux](docs/linux/) sowie [BSD](docs/bsd/) werden gut unterstützt. Es ersetzt proprietäre BIOS/UEFI @@ -13,21 +14,37 @@ Firmware. Hilfe ist verfügbar via [\#libreboot](https://web.libera.chat/#libreboot) und [Libera](https://libera.chat/) IRC. - + + +Libreboot provides GNU boot loader "[GRUB](docs/linux/)" and SeaBIOS payloads on +x86/x86\_64 Intel/AMD motherboards, and +a [U-Boot UEFI payload](docs/uboot/) *for coreboot* on ARM64(Aarch64) motherboards. +An [x86/x86\_64 U-Boot UEFI payload](docs/uboot/uboot-x86.md) is also available +on some boards. The x86, x86\_64 and arm64 U-Boot payloads provide a lightweight +UEFI boot implementation, which can boot many Linux distros and BSD systems. +The SeaBIOS and GRUB payloads also boot Linux/BSD systems. Which one you use +depends on your preferences. Libreboot's design incorporates all of these boot +methods in a single image, so you can choose which one you use at boot time, +and more payloads (e.g. Linux kexec payload) are planned for future releases. + +**NEUESTE VERSION: Die neueste Version von Libreboot ist 25.06, veröffentlicht +am 30 June 2025. +Siehe auch: [Libreboot 25.06 release announcement](news/libreboot2506.md).** You can also [buy Libreboot preinstalled](https://minifree.org/) from Minifree Ltd, -on select hardware, aswell as send your compatible hardware +on select hardware, as well as send your compatible hardware for [Libreboot preinstallation](https://minifree.org/product/installation-service/). The founder and lead developer of Libreboot, Leah Rowe, also owns and operates Minifree; sales provide funding for Libreboot. -**NEUESTE VERSION: Die neueste Version von Libreboot ist 20241206, veröffentlicht -am 6 December 2024. -Siehe auch: [Libreboot 20241206 release announcement](news/libreboot20241206.md).** +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). Warum solltest Du *Libreboot* verwenden? ---------------------------- + + Libreboot gibt dir [Freiheit](https://writefreesoftware.org/) welche Du mit den meisten Boot Firmwares nicht hast, und zusätzlich schnellere Boot Geschwindigkeiten sowie [höhere Sicherheit](docs/linux/grub_hardening.md). @@ -49,7 +66,7 @@ Das Libreboot Projekt verwendet [Coreboot](https://www.coreboot.org/) für Die Coreboot Installation ist für unerfahrene Benutzer überaus schwierig; sie übernimmt lediglich die Basis Initialisierung und springt dann zu einem separaten [payload](https://doc.coreboot.org/payloads.html) Programm (z.B. -[GRUB](https://www.gnu.org/software/grub/), +GRUB, [Tianocore](https://www.tianocore.org/)), welche zusätzlich konfiguriert werden muss. *Libreboot löst dieses Problem*; es ist eine *Coreboot Distribution* mit einem [automatisierten Build System](docs/build/) welches vollständige *ROM images* @@ -59,7 +76,7 @@ Dokumentation ist verfügbar. Libreboot ist kein Coreboot Fork ----------------------------------- - + Tatsächlich versucht Libreboot so nah am regulären Coreboot zu bleiben wie möglich, für jedes Board, aber mit vielen automatisch durch das Libreboot Build System zur @@ -88,15 +105,15 @@ Kenntnisse oder Fertigkeiten abgesehen von der Fähigkeit einer Wie kann ich helfen ----------- - + -Der beste Weg wie Du helfen kannst, ist das *hinzufügen* neuer Mainboards in +Der beste Weg wie Du helfen kannst, ist das *hinzufügen* neuer Motherboards in Libreboot, indem Du eine Konfiguration zur Verfügung stellst. Alles was von Coreboot unterstützt wird kann auch in Libreboot integriert werden, mithilfe von ROM Images in den Veröffentlichungen. Siehe auch: * [Bewerbe dich um Boards zu testen oder zu pflegen](docs/maintain/testing.md) -* [Anleitung um neue Mainboards hinzuzufügen](docs/maintain/porting.md) +* [Anleitung um neue Motherboards hinzuzufügen](docs/maintain/porting.md) * [Libreboot Build System Dokumentation](docs/maintain/) Zudem ist da noch Pflege des Build Systems (siehe oben), sowie *Dokumentation* @@ -107,6 +124,8 @@ kompetent genug bist jemandem bei seinem Problem zu helfen (oder bereit mit der Person gemeinsam zu lernen), dann ist dies ein wichtiger Beitrag zum Projekt. Viele Leute fragen zudem unter dem Subreddit `r/libreboot` nach Hilfe. + + Eine Liste mit Bugs gibt es unter [Bug Tracker](https://codeberg.org/libreboot/lbmk/issues). diff --git a/site/index.de.md.description b/site/index.de.md.description new file mode 100644 index 0000000..3db20b3 --- /dev/null +++ b/site/index.de.md.description @@ -0,0 +1 @@ +Das Libreboot Projekt bietet eine freie/Open Source Boot Firmware mit GNU boot loader GRUB, SeaBIOS und U-Boot. diff --git a/site/index.fr.md b/site/index.fr.md index 6cd3944..06d40ea 100644 --- a/site/index.fr.md +++ b/site/index.fr.md @@ -1,128 +1,100 @@ --- -title: Projet Libreboot +title: Libre et Open Source BIOS/UEFI firmware x-toc-enable: true -... +--- -Libreboot est un micrologiciel de démarrage [libéré](https://writefreesoftware.org/) -qui initialise le matériel (càd le contrôleur mémoire, CPU, -périphériques) sur [des ordinateurs x86/ARM spécifiques](docs/install/) -et lance un chargeur d'amorçage pour votre système d'exploitation. [Linux](docs/linux/) et [BSD](docs/bsd/) sont bien supportés. C'est un -remplacement pour le micrologiciel UEFI/BIOS propriétaire. -Des canaux d'aide sont disponibles -dans le canal [\#libreboot](https://web.libera.chat/#libreboot) sur le serveur IRC [Libera](https://libera.chat/). +Le projet Libreboot fournit un firmware [libre et Open-Source](https://writefreesoftware.org/) basé sur Coreboot, remplaçant le BIOS/UEFI propriétaire sur des [cartes mères Intel/AMD x86 et ARM](docs/install/#which-systems-are-supported-by-libreboot), pour des ordinateurs de bureau et des ordinateurs portables. +Il initialise le matériel (le contrôleur de mémoire, le CPU, les périphériques) et lance un bootloader pour votre système d’exploitation. Les systèmes [Linux](docs/linux/) et [BSD](docs/bsd/) sont bien pris en charge. De l’aide est disponible sur [\#Libreboot](https://web.libera.chat/#Libreboot) via [Libera](https://libera.chat/). La page des tâches répertorie les projets en cours (les contributions sont les bienvenues si vous souhaitez y travailler vous-même). - + -You can also [buy Libreboot preinstalled](https://minifree.org/) from Minifree Ltd, -on select hardware, aswell as send your compatible hardware -for [Libreboot preinstallation](https://minifree.org/product/installation-service/). -The founder and lead developer of Libreboot, Leah Rowe, also owns and operates -Minifree; sales provide funding for Libreboot. +Libreboot provides GNU boot loader "[GRUB](docs/linux/)" and SeaBIOS payloads +on x86/x86\_64 +Intel/AMD motherboards, and a [U-Boot UEFI payload](docs/uboot/) *for coreboot* +on ARM64(Aarch64) motherboards. +An [x86/x86\_64 U-Boot UEFI payload](docs/uboot/uboot-x86.md) is also available +on some boards. The x86, x86\_64 and arm64 U-Boot payloads provide a lightweight +UEFI boot implementation, which can boot many Linux distros and BSD systems. +The SeaBIOS and GRUB payloads also boot Linux/BSD systems. Which one you use +depends on your preferences. Libreboot's design incorporates all of these boot +methods in a single image, so you can choose which one you use at boot time, +and more payloads (e.g. Linux kexec payload) are planned for future releases. -**NOUVELLE VERSION: La dernière version est [Libreboot 20241206](news/libreboot20241206.md), sortie -le 6 December 2024.** +**NOUVELLE VERSION: La dernière version est [Libreboot 25.06](news/libreboot2506.md), sortie +le 30 June 2025.** + +Vous pouvez également acheter du matériel avec [Libreboot pré-installé](https://minifree.org/) via l'entreprise Minifree Ltd, +ou envoyer votre propre ordinateur [pour y installer Libreboot](https://minifree.org/product/installation-service/). + +Leah Rowe, fondateur et principal développeur du projet Libreboot, est également propriétaire de Minifree Ltd. Les ventes contribuent à financer le développement du projet Libreboot. + +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). Pourquoi devriez-vous utiliser *Libreboot*? ----------------------------------- -Libreboot vous donne des [libertés](https://writefreesoftware.org/) -que nous n'auriez pas autrement avec d'autre micrologiciel de démarrage. Il est -extremement [puissant](docs/linux/grub_hardening.md) -et [configurable](docs/maintain) pour plein de cas d'utilisations. + -Vous avez des droits. Un droit à la vie privée, liberté de pensée, liberté d'espression et le droit de lire. Dans ce contexte là, Libreboot vous permet d'avoir ces droits. -Votre liberté compte. -Le [Droit à la réparation](https://en.wikipedia.org/wiki/Right_to_repair) est important. -Beaucoup de personnes utilisent un micrologiciel de -démarrage propriétare (non libre), même -si ils utilisent [un système d'exploitation libre](https://www.openbsd.org/). -Les micrologiciels propriétaires [contiennent](faq.html#intel) souvent -des [portes dérobées](faq.html#amd) et peuvent être instable. Libreboot -a été fondé en Décembre 2013 avec le but de rendre le libre -au niveau du micrologiciel accessible pour les utilisateurs non-techniques. +Libreboot vous offre des [libertés](https://writefreesoftware.org/) que vous n’auriez pas avec d’autres micrologiciels de démarrage. [Puissant](docs/linux/grub_hardening.md) et hautement [configurable](docs/maintain), il répond à de nombreux cas d’utilisation. -Libreboot utilise [coreboot](https://www.coreboot.org) pour -[l'initialisation matérielle](https://doc.coreboot.org/getting_started/architecture.html) -Coreboot est renommé comme être difficilement installable par des utilisateurs -non technique; il se charge seulement de l'initialisation basique -puis bascule sur un programme de [charge utile](https://doc.coreboot.org/payloads.html) -(par ex. [GRUB](https://www.gnu.org/software/grub/), -[Tianocore](https://www.tianocore.org/)), qui doit lui aussi être configuré. -*Libreboot règle ce problème*; c'est une *distribution de coreboot* avec -un [système de compilation automatisé](docs/builds/), crééant des -*images ROM* complètes pour une installation plus robuste. De la documentation est disponible. +Vous avez des droits : droit à la vie privée, liberté de pensée, liberté d’expression et droit à l’information. Dans ce cadre, Libreboot vous permet de préserver ces droits. Votre liberté est essentielle. Le [droit à la réparation](https://fr.wikipedia.org/wiki/Droit_%C3%A0_la_r%C3%A9paration) est également crucial. Beaucoup de personnes utilisent des micrologiciels propriétaires (non libres), même lorsqu’elles utilisent [un système d'exploitation libre](https://www.openbsd.org/). Ces micrologiciels sont souvent instables et [contiennent](faq.html#intel) parfois des [portes dérobées](faq.html#amd). -De quelle façon Libreboot diffère de Coreboot? + +Libreboot, fondé en décembre 2013, a pour objectif de rendre le micrologiciel libre accessible même aux utilisateurs non techniques. + +Libreboot s’appuie sur [Coreboot](https://www.Coreboot.org) pour +[l'initialisation matérielle](https://doc.Coreboot.org/getting_started/architecture.html). Coreboot est réputé complexe à installer, en particulier pour les utilisateurs non techniques ; il se limite à l’initialisation matérielle de base avant de transmettre le contrôle à une [charge utile](https://doc.Coreboot.org/payloads.html) (comme GRUB ou [Tianocore](https://www.tianocore.org/)), qui nécessite également une configuration. Libreboot simplifie ce processus : il s’agit d’une distribution de Coreboot dotée d’un [système de compilation automatisé](docs/builds/), capable de créer des images ROM complètes pour une installation plus simple et fiable. + +Une documentation détaillée est disponible. + +Quelles sont les différences entre Libreboot et Coreboot? ------------------------------------------------ - + -Contrairement à l'opinion populaire, le but principal de Libreboot n'est -pas de fournir un Coreboot déblobbé; ceci n'est simplement qu'une -des politiques de Libreboot, une importante certes, mais qui n'est qu'un -aspect mineur de Libreboot. +Contrairement à l'opinion populaire, le but principal de Libreboot n'est pas de fournir un Coreboot sans blobs propriétaires ; ceci n'est qu'une des politiques de Libreboot, certes importante, mais qui reste un aspect mineur de son projet. -De la même façon que *Alpine Linux* est une distribution Linux, Libreboot -est une *distribution coreboot*. Si vous voulez compilé une image ROM -en partant des bases, vous devez alors effectuer une configuration experte -de Coreboot, GRUB et n'importe quel autre logiciel dont vous avez besoin -afin de préparer la ROM. Avec *Libreboot*, -vous pouvez télécharger la source depuis Git ou une archive, exécuter -and a script etça compilera une image ROM entières. Le système de compilation -automatisé de Libreboot nommé `lbmk` (Libreboot MaKe), compile ces images -ROM automatiquement, sans besoin d'entrées utilisateur or intervention -requise. La configuration est faite à l'avance. +De la même façon qu’Alpine Linux est une distribution Linux, Libreboot est une distribution Coreboot. Si vous voulez compiler une image ROM à partir de zéro, vous devrez effectuer une configuration experte de Coreboot, GRUB et de tout autre logiciel nécessaire pour préparer la ROM. Avec Libreboot, vous pouvez télécharger le code source depuis Git ou une archive, exécuter un script, et cela générera une image ROM complète. Le système de compilation automatisé de Libreboot, nommé `lbmk` (Libreboot MaKe), compile ces images ROM automatiquement. Aucune intervention n'est requise, car la configuration est préparée à l'avance. -Si vous devriez compiler du coreboot classique sans utiliser le système -de build automatisé de Libreboot, ça demanderait bien plus d'effort et -de connaissances techniques décente pour écrire une configuration qui marche. +Si vous deviez compiler Coreboot classique sans utiliser le système de compilation automatisé de Libreboot, cela nécessiterait bien plus d'efforts et de connaissances techniques pour créer une configuration fonctionnelle. -Les versions de Libreboot fournissent ces images ROM pré-compilés et vous -pouvez les installez simplement, sans connaissance ou compétence particulière -à savoir, sauf [suivre des instructions simplifiés écrite pour des utilisateurs non techniques](docs/install/). +Les versions de Libreboot fournissent des images ROM pré-compilées que vous pouvez installer facilement, [sans connaissances ou compétences particulières](docs/install/). Comment aider ----------- + + +La meilleure façon d'aider le projet est d’ajouter de nouvelles cartes mères au projet Libreboot en soumettant une configuration. Tout ce qui est pris en charge par Coreboot peut être intégré à Libreboot, avec des images ROM fournies dans les versions publiées. Voir : + +* [Postuler pour devenir mainteneur/testeur de cartes mères](docs/maintain/testing.md) +* [Guide de portage pour nouvelles cartes mèress](docs/maintain/porting.md) +* [Documentation du système de compilation Libreboot](docs/maintain/) + +Ensuite, il y a la maintenance du système de compilation (voir ci-dessus) ainsi que la **documentation**, que nous prenons très au sérieux. La documentation est essentielle dans tout projet. + +Le support utilisateur est également crucial. Restez actif sur IRC et, si vous êtes dans la capacité d'aider quelqu'un avec son problème, cela rendra un grand service au projet. De nombreuses personnes demandent également du support utilisateur sur le subreddit r/Libreboot. + +Vous pouvez allez voir les bugs listés sur le [traqueur de bugs](https://codeberg.org/Libreboot/lbmk/issues). + -The *single* biggest way you can help it to *add* new mainboards to Libreboot, -by submitting a config. Anything coreboot supports can be integrated in -Libreboot, with ROM images provided in releases. See: - -* [Apply to become a board maintainer/tester](docs/maintain/testing.md) -* [Porting guide for new mainboards](docs/maintain/porting.md) -* [Libreboot build system documentation](docs/maintain/) - -After that, there is build system maintenance (see above), and *documentation* -which we take seriously. Documentation is critical, in any project. - -*User support* is also critical. Stick around on IRC, and if you're competent -to help someone with their issue (or wily enough to learn with them), that is -a great service to the project. A lot of people also ask for user support -on the `r/libreboot` subreddit. - -Vous pouvez allez voir les bugs listés sur le [traqueur de bugs](https://codeberg.org/libreboot/lbmk/issues). - -Si vous trouvez un bug et avez un correctif, [voici les instructions pour envoyer des patchs](git.md), et vous pouvez aussi nous les signaler. -Par ailleurs, ce site est écrit en Markdown et hébergé dans un [dépôt séparé](https://codeberg.org/libreboot/lbwww) où +Vous pouvez nous signaler les bugs que vous trouverez. Vous pouvez également proposer un correctif en [suivant ces instructions pour envoyer des patchs](git.md), +Par ailleurs, ce site est écrit en Markdown et hébergé dans un [dépôt séparé](https://codeberg.org/Libreboot/lbwww) où vous pouvez envoyer vos patchs. La discussion sur le dévéloppement de Libreboot et le support utilisateur -se font toutes sur le canal IRC. Plus d'information est disponible sur +se font toutes sur le canal IRC. Plus d'informations sont disponibles sur la [page de contact](contact.md). -Translations needed, for libreboot.org +Aide pour la traduction -------------------------------------- -Libreboot currently has translated Web pages in Ukrainian and French (but not -for all pages, yet, on either language). +Libreboot dispose actuellement de pages Web traduites en ukrainien et en français. -If you want to help with translations, you can translate pages, update existing -translations and submit your translated versions. For instructions, please -read: +Si vous souhaitez participer à le traduction, vous pouvez traduire des pages, mettre à jour les traductions existantes et soumettre vos versions traduites. Pour les instructions, veuillez lire : -[How to submit translations for libreboot.org](news/translations.md) +[Comment proposer une traduction pour Libreboot.org](news/translations.md) -Even if someone is already working on translations in a given language, we can -always use multiple people. The more the merrier! +Et même si quelqu'un travaille déjà sur des traductions dans une langue donnée, nous pouvons travailler à plusieurs. Plus on est de fous, plus on rit ! diff --git a/site/index.it.md b/site/index.it.md index 1e96919..8354bf6 100644 --- a/site/index.it.md +++ b/site/index.it.md @@ -1,31 +1,48 @@ --- -title: Progetto Libreboot +title: Libero e Open Source BIOS/UEFI firmware x-toc-enable: true ... Il progetto *Libreboot* fornisce avvio [libero e open source](https://writefreesoftware.org/) grazie al firmware basato su coreboot, sostituendo cosi', firmware BIOS/UEFI proprietario -su [alcune schede madri basate su Intel/AMD x86 o ARM](docs/install/), +su [alcune schede madri basate su Intel/AMD x86 o ARM](docs/install/#which-systems-are-supported-by-libreboot), in computer fissi e portatili. Inizializza l'hardware (controller di memoria, CPU, periferiche) e avvia un bootloader per il tuo sistema operativo. [Linux](docs/linux/) e [BSD](docs/bsd/) sono ben supportati. L'aiuto e' disponibile sul canale IRC [\#libreboot](https://web.libera.chat/#libreboot) su [Libera](https://libera.chat/). - + + +Libreboot provides GNU boot loader "[GRUB](docs/linux/)" and SeaBIOS payloads +on x86/x86\_64 +Intel/AMD motherboards, and a [U-Boot UEFI payload](docs/uboot/) *for coreboot* +on ARM64(Aarch64) motherboards. +An [x86/x86\_64 U-Boot UEFI payload](docs/uboot/uboot-x86.md) is also available +on some boards. The x86, x86\_64 and arm64 U-Boot payloads provide a lightweight +UEFI boot implementation, which can boot many Linux distros and BSD systems. +The SeaBIOS and GRUB payloads also boot Linux/BSD systems. Which one you use +depends on your preferences. Libreboot's design incorporates all of these boot +methods in a single image, so you can choose which one you use at boot time, +and more payloads (e.g. Linux kexec payload) are planned for future releases. + +**ULTIMO RILASCIO: L'ultimo rilascio e' Libreboot 25.06, rilasciato il 30 June 2025. +Vedi: [Libreboot 25.06 annuncio di rilascio](news/libreboot2506.md).** You can also [buy Libreboot preinstalled](https://minifree.org/) from Minifree Ltd, -on select hardware, aswell as send your compatible hardware +on select hardware, as well as send your compatible hardware for [Libreboot preinstallation](https://minifree.org/product/installation-service/). The founder and lead developer of Libreboot, Leah Rowe, also owns and operates Minifree; sales provide funding for Libreboot. -**ULTIMO RILASCIO: L'ultimo rilascio e' Libreboot 20241206, rilasciato il 6 December 2024. -Vedi: [Libreboot 20241206 annuncio di rilascio](news/libreboot20241206.md).** +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). Per quale ragione utilizzare *Libreboot*? ----------------------------------------- + + Libreboot ti permette [liberta'](https://writefreesoftware.org/) che non potresti ottenere con altri firmware di boot, velocita' di avvio maggiori e [migliore sicurezza](docs/linux/grub_hardening.md). @@ -48,7 +65,7 @@ Il progetto Libreboot fa uso di [coreboot](https://www.coreboot.org/) per Coreboot e' notoriamente difficile da installare per utenti che hanno una scarsa formazione tecnica; gestisce solo l'inizializzazione di base e successivamente carica un programma come [payload](https://doc.coreboot.org/payloads.html) (ad esempio. -[GRUB](https://www.gnu.org/software/grub/), +GRUB, [Tianocore](https://www.tianocore.org/)), i quali possono essere configurati a piacere. *Libreboot risolve questo problema*; e' una *distribuzione di coreboot* con un [sistema di compilazione automatizzato](docs/build/) che produce *immagini ROM* complete, per una @@ -57,7 +74,7 @@ installazione piu' robusta. Viene fornito con apposita documentazione. Libreboot non deriva da coreboot -------------------------------- - + In effetti, Libreboot tenta di essere il piu' possibile simile alla versione *ufficiale* di coreboot, per ogni scheda, ma con diversi tipi di configurazione forniti automaticamente dal sistema di @@ -82,7 +99,7 @@ particolari ad eccezione del seguire [semplici istruzioni scritte per chiunque]( Come essere d'aiuto ------------------- - + Il *modo migliore* col quale puoi aiutarci e' quello di *aggiungere* nuove schede condividendone la configurazione. Qualunque cosa sia supportata da coreboot puo' essere integrata in Libreboot, @@ -100,6 +117,8 @@ esperienza puoi aiutare qualcuno in difficolta' (o anche imparare insieme a loro sarai di grande aiuto al progetto. Un sacco di persone chiedono inoltre aiuto nel subreddit `r/libreboot`. + + Puoi controllare l'elenco dei bugs sul [bug tracker](https://codeberg.org/libreboot/lbmk/issues). diff --git a/site/index.it.md.description b/site/index.it.md.description new file mode 100644 index 0000000..185b450 --- /dev/null +++ b/site/index.it.md.description @@ -0,0 +1 @@ +Il progetto Libreboot fornisce avvio libero e open source grazie al firmware basato su coreboot. Il progetto Libreboot fornisce avvio GNU boot loader GRUB. diff --git a/site/index.md b/site/index.md index 1ad313b..a8b2d39 100644 --- a/site/index.md +++ b/site/index.md @@ -1,32 +1,40 @@ --- -title: Libreboot project +title: Free and Open Source BIOS/UEFI boot firmware x-toc-enable: true ... -The *Libreboot* project provides +*Libreboot* is a *[coreboot distribution](docs/maintain)* (coreboot distro), +in the same way that Debian is a *Linux distribution*. Libreboot provides [free, open source](https://writefreesoftware.org/) (*libre*) boot firmware based on coreboot, replacing proprietary BIOS/UEFI firmware -on [specific Intel/AMD x86 and ARM based motherboards](docs/install/), +on [specific Intel/AMD x86 and ARM based motherboards](docs/install/#which-systems-are-supported-by-libreboot), including laptop and desktop computers. It initialises the hardware (e.g. memory controller, CPU, peripherals) and starts a bootloader for your operating -system. [Linux](docs/linux/) and [BSD](docs/bsd/) are well-supported. Help is +system (OS). [Linux](docs/linux/) and [BSD](docs/bsd/) are well-supported. Help is available via [\#libreboot](https://web.libera.chat/#libreboot) -on [Libera](https://libera.chat/) IRC. The [tasks page](tasks/) lists what -we are working on (contributions are welcome, if you want to work on some of -them yourself). +on [Libera](https://libera.chat/) IRC. - +ThinkPad T480 running LibrebootThinkPad T480 running Libreboot + +Libreboot provides GNU boot loader "[GRUB](docs/linux/)" and SeaBIOS payloads +on x86/x86\_64 +Intel/AMD motherboards, and a [U-Boot UEFI payload](docs/uboot/) *for coreboot* +on ARM64(Aarch64) motherboards. +An [x86/x86\_64 U-Boot UEFI payload](docs/uboot/uboot-x86.md) is also available +on some boards. The x86, x86\_64 and arm64 U-Boot payloads provide a lightweight +UEFI boot implementation. Libreboot's [design](docs/maintain/) incorporates all +of these payloads in a single image, and you choose one at boot time. + +**NEW RELEASE: The latest release is Libreboot 25.06, released on +30 June 2025. +See: [Libreboot 25.06 release announcement](news/libreboot2506.md).** You can also [buy Libreboot preinstalled](https://minifree.org/) from Minifree Ltd, -on select hardware, aswell as send your compatible hardware +on select hardware, as well as send your compatible hardware for [Libreboot preinstallation](https://minifree.org/product/installation-service/). The founder and lead developer of Libreboot, Leah Rowe, also owns and operates Minifree; sales provide funding for Libreboot. -**NEW RELEASE: The latest release is Libreboot 20241206, released on -6 December 2024. -See: [Libreboot 20241206 release announcement](news/libreboot20241206.md).** - *We* believe the freedom to [study, share, modify and use software](https://writefreesoftware.org/), without any restriction, is one of the fundamental human rights that everyone must have. @@ -36,35 +44,33 @@ matters. you continue to use your hardware, with continued firmware updates. All of this is *why* Libreboot exists. -Overview of Libreboot design -============================ +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). - +Overview of Libreboot design +---------------------------- + +HP EliteBook 2560p and Folio 9470m running Libreboot Libreboot provides [coreboot](https://coreboot.org/) for [machine initialisation](https://doc.coreboot.org/getting_started/architecture.html), which then jumps to a [payload](https://doc.coreboot.org/payloads.html) in -the boot flash; coreboot works with many programs, but Libreboot specifically -provides SeaBIOS, GNU GRUB and U-Boot as options. Memtest86+ is also provided -in flash, on some mainboards. The payload is the program in flash that provides -the early user interface, for booting an operating system. This *payload* -infrastructure means you can run whatever you want (even Linux!) from the -boot flash. +the boot flash; coreboot works with many payloads, which boot your operating +system e.g. Linux/BSD. -Libreboot is specifically a *coreboot distribution*, in the same way that -Debian is a *Linux distribution*. Libreboot makes coreboot easy to use for +Libreboot makes coreboot easy to use for non-technical users, by providing a [fully automated build system](docs/maintain/), [automated build process](docs/build/) and [user-friendly installation instructions](docs/install/), in addition to -regular binary releases that provide pre-compiled ROM images for installation -on supported hardware. Without automation such as that provided by Libreboot, -coreboot would be inaccessible for most users; you can also +regular [binary releases](download.md) that provide pre-compiled ROM images for +installation on supported hardware. Without automation such as that provided by +Libreboot, coreboot would be inaccessible for most users; you can also still [reconfigure](docs/maintain/) Libreboot however you wish. Why use Libreboot? -================== +------------------ - +Various Lenovo ThinkPads running Libreboot If you're already inclined towards free software, maybe already a coreboot user, Libreboot makes it easier to either get started or otherwise maintain coreboot @@ -76,7 +82,7 @@ whereas Libreboot is specifically crafted for end users. In other words, the purpose of Libreboot is to *Just Work*. Direct configuration and installation of coreboot is also possible, but Libreboot makes it *much* easier. -Libreboot gives you [freedoms](https://writefreesoftware.org/) that +Libreboot gives you [Free Software](https://writefreesoftware.org/) that you otherwise can't get with most other boot firmware, plus faster boot speeds and [better security](docs/linux/grub_hardening.md). It's extremely powerful and [configurable](docs/maintain/) for many use cases. If you're unhappy with @@ -92,7 +98,7 @@ Proprietary firmware often [contains](faq.html#intel) [backdoors](faq.html#amd), and can be buggy. The Libreboot project was founded in December 2013, with the express purpose of making coreboot firmware accessible for non-technical users. -Libreboot is a community-oriented project, with a focus on helping users escape +Libreboot is a *free software* project, with a focus on helping users escape proprietary boot firmware; we ourselves want to live in a world where all software is [free](https://writefreesoftware.org/), and so, Libreboot is an effort to help get closer to that world. Unlike the big vendors, we don't try to stifle @@ -106,12 +112,13 @@ restrictions, and you hear them talk about "security", they are only talking about *their* security, not yours. In the Libreboot project, it is reversed; we see Intel Boot Guard and similar such technologies as an attack on your freedom over your own property (your computer), and so, we make it our mission to help -you [wrest](https://trmm.net/TOCTOU/) back such control. +you [wrest](docs/install/deguard.html) [back](https://trmm.net/TOCTOU/) such +control. Libreboot is not a fork of coreboot -=================================== +----------------------------------- - + In fact, Libreboot tries to stay as close to *stock* coreboot as possible, for each board, but with many different types of configuration provided @@ -136,21 +143,20 @@ knowledge or skill except the ability to follow [simplified instructions, written for non-technical users](docs/install/). -How to help ------------ +### How to help The [tasks page](tasks/) lists tasks that could (will) be worked on. It will -be updated over time as more tasks are added/completede. If you want to help, +be updated over time as more tasks are added/completed. If you want to help, you could pick one of these tasks and work on it. - +GRUB boot loader in Libreboot -The *single* biggest way you can help is to *add* new mainboards in Libreboot, +The *single* biggest way you can help is to *add* new motherboards in Libreboot, by submitting a config. Anything coreboot supports can be integrated in Libreboot, with ROM images provided in releases. See: * [Apply to become a board maintainer/tester](docs/maintain/testing.md) -* [Porting guide for new mainboards](docs/maintain/porting.md) +* [Porting guide for new motherboards](docs/maintain/porting.md) * [Libreboot build system documentation](docs/maintain/) After that, there is build system maintenance (see above), and *documentation* @@ -172,8 +178,7 @@ repository](https://codeberg.org/libreboot/lbwww) where you can send patches. Any and all development discussion and user support are all done on the IRC channel. More information is on the [contact page](contact.md). -Translations needed, for libreboot.org --------------------------------------- +### Translations needed, for libreboot.org Libreboot currently has translated Web pages in Ukrainian and French (but not for all pages, yet, on either language). diff --git a/site/index.md.description b/site/index.md.description new file mode 100644 index 0000000..d6be7fe --- /dev/null +++ b/site/index.md.description @@ -0,0 +1 @@ +Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with GNU boot loader GRUB, SeaBIOS and U-Boot, for booting Linux/BSD. diff --git a/site/index.ru.md b/site/index.ru.md index fd3ed59..c8b4c22 100644 --- a/site/index.ru.md +++ b/site/index.ru.md @@ -1,31 +1,46 @@ --- -title: Проект Libreboot +title: свободную, с открытым исходным кодом BIOS/UEFI прошивка x-toc-enable: true ... -Проект *Libreboot* предоставляет [свободную, с открытым исходным кодом](https://writefreesoftware.org/) загрузочную прошивку, основанную на coreboot, заменяющую проприетарные BIOS/UEFI на [некоторых Intel/AMD x86 и ARM материнских платах](docs/install/), включая ноутбуки и десктопы. Она инициализирует аппаратное обеспечение компьютера (например, контроллер памяти, процессор, переферию) и запускает загрузчик для вашей операционный системы. [Linux](docs/linux/) и [BSD](docs/bsd/) хорошо поддерживаются. Можно попросить помощь через [\#libreboot](https://web.libera.chat/#libreboot) на [Libera](https://libera.chat/) IRC. [Страница с заданиями](tasks/) показывают, над чем мы работаем (мы приветствуем ваши предложения, если вы хотите поработать над некоторыми задачами самостоятельно). +Проект *Libreboot* предоставляет [свободную, с открытым исходным кодом](https://writefreesoftware.org/) загрузочную прошивку, основанную на coreboot, заменяющую проприетарные BIOS/UEFI на [некоторых Intel/AMD x86 и ARM материнских платах](docs/install/#which-systems-are-supported-by-libreboot), включая ноутбуки и десктопы. Она инициализирует аппаратное обеспечение компьютера (например, контроллер памяти, процессор, переферию) и запускает загрузчик для вашей операционный системы. [Linux](docs/linux/) и [BSD](docs/bsd/) хорошо поддерживаются. Можно попросить помощь через [\#libreboot](https://web.libera.chat/#libreboot) на [Libera](https://libera.chat/) IRC. - + + +Libreboot provides GNU boot loader "[GRUB](docs/linux/)" and SeaBIOS payloads +on x86/x86\_64 +Intel/AMD motherboards, and a [U-Boot UEFI payload](docs/uboot/) *for coreboot* +on ARM64(Aarch64) motherboards. +An [x86/x86\_64 U-Boot UEFI payload](docs/uboot/uboot-x86.md) is also available +on some boards. The x86, x86\_64 and arm64 U-Boot payloads provide a lightweight +UEFI boot implementation, which can boot many Linux distros and BSD systems. +The SeaBIOS and GRUB payloads also boot Linux/BSD systems. Which one you use +depends on your preferences. Libreboot's design incorporates all of these boot +methods in a single image, so you can choose which one you use at boot time, +and more payloads (e.g. Linux kexec payload) are planned for future releases. + +**НОВЫЙ РЕЛИЗ: Последний релиз Libreboot - 25.06, опубликован 30 June 2025 года. Смотрите: [Libreboot 25.06 release announcment](news/libreboot2506.md).** Вы также можете купить [Libreboot предустановленным](https://minifree.org) от Minifree Ltd, а также присылать нам свои совместимые устройства для [установки Libreboot](https://minifree.org/product/installation-service/). Основатель и ведущий разработчик Libreboot, Лия Роу, также владеет и управляет Minifree; продажи обеспечивают финансирование для Libreboot. -**НОВЫЙ РЕЛИЗ: Последний релиз Libreboot - 20241206, опубликован 6 December 2024 года. Смотрите: [Libreboot 20241206 release announcment](news/libreboot20241206.md).** - *Мы* верим, что свобода [изучать, делиться, модифицировать и использовать программное обеспечение](https://writefreesoftware.org/) без каких-либо ограничений, является одним из основных человеческих прав, который должен иметь каждый. В этом контексте, *свобода программного обеспечения* важна. Ваша свобода важна. Образование важно. [Право на ремонт](https://en.wikipedia.org/wiki/Right_to_repair) важно; Libreboot позволяет вам продолжить использовать ваше оборудование. Вот *почему* Libreboot существует. +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). + Обзор устройства Libreboot -============================ +-------------------------- - + -Libreboot предоставляет [coreboot](https://coreboot.org/) для [инициализации машины](https://doc.coreboot.org/getting_started/architecture.html), которая затем переходит к [полезной нагрузке](https://doc.coreboot.org/payloads.html) в загрузочной флэш-памяти; coreboot работает со многими программами, но Libreboot предоставляет только SeaBIOS, GNU GRUB и U-Boot. Memtest86+ также предоставляется, но только на некоторых материнских платах. Полезная нагрузка - программа во флэш-памяти, которая предоставляет "ранний" пользовательский интерфейс для загрузки операционной системы. Это значит, что вы можете запустить все что угодно из загрузочной флэш-памяти (даже Linux!). +Libreboot предоставляет [coreboot](https://coreboot.org/) для [инициализации машины](https://doc.coreboot.org/getting_started/architecture.html), которая затем переходит к [полезной нагрузке](https://doc.coreboot.org/payloads.html) в загрузочной флэш-памяти; coreboot работает со многими программами, но Libreboot предоставляет только SeaBIOS, GRUB и U-Boot. Memtest86+ также предоставляется, но только на некоторых материнских платах. Полезная нагрузка - программа во флэш-памяти, которая предоставляет "ранний" пользовательский интерфейс для загрузки операционной системы. Это значит, что вы можете запустить все что угодно из загрузочной флэш-памяти (даже Linux!). Libreboot - это *дистрибутив coreboot* также, как и Debian - *диструбутив Linux*. Libreboot делает coreboot простым к использованию для обычных пользователей, предоставляя [полностью автоматизированную систему сборки](docs/build/) и [дружелюбные к пользователю инструкции к установке](docs/install/), в дополении к регулярному бинарному релизу, дающему скомпилированные ROM образы для установки на поддерживаемом оборудовании. Без автоматизации, предоставляемой Libreboot, coreboot был бы недоступен для большинства пользователей; однако вы также можете [сконфигурировать](docs/mantain) Libreboot как вы желаете. Почему стоит использовать Libreboot? -================== +------------------------------------ - + Если вы уже склоняетесь к свободному программному обеспечению, возможно, вы уже пользователь coreboot, Libreboot помогает проще начать использовать или поддерживать coreboot на вашей машине, с помощью автоматизированной сборки. Мы предоставляем регулярные протестированные релизы, предварительно собранные, часто с некоторыми патчами coreboot (и другим кодом) для того, чтобы гарантировать стабильность. Для сравнения, coreboot использует модель плавающих релизов, со снимками кода каждые несколько месяцев, он скорее всего ориентирован на разработчиков, когда как Libreboot специально сделан для конечных пользователей. По-другому, цель Libreboot - *просто работать*. Конфигурация и установка coreboot также возможна, но Libreboot делает процесс *намного* проще. @@ -36,9 +51,9 @@ Libreboot надежнее многих проприетарных прошив Libreboot ориентирован на сообщество, с фокусом на помощь людям перестать пользоваться проприетарными загрузочными прошивками; мы сами хотим жить в таком мире, где все программное обеспечение [свободное](https://writefreesoftware.org/), и поэтому, Libreboot - это попытка приблизиться к этому миру. В отличие от больших поставщиков, мы не пытаемся задушить вас любыми способами, мы тажке не видим в вас никакой угрозы; мы уважаем возможность использовать, изучать, модифицировать и распространять программное обеспечение без ограничения и считаем, что все должны иметь это право. Что касается компьютеров, это вещи, которые вы купили, и у вас есть право изменять их как вам угодно. Когда вы слышите, что Intel разговаривает о *Boot Guard* (который мешает coreboot, разрешая запускать только прошивку, имеющую их подпись) или других крупных производителей, налагающих похожие ограничения, и вы слышите о "безопасности", они только говорят о *своей* безопасности, но не вашей. В Libreboot все наоборот: мы видим Intel Boot Guard и похожие технологии как покушение на ваши свободы и собственность (ваш компьютер), и поэтому наша миссия - помочь вам [вырвать](https://trmm.net/TOCTOU/) контроль обратно. Libreboot это не форк coreboot -=================================== +------------------------------ - + По факту, Libreboot пытается быть как можно более похожей на *стоковый* coreboot для каждой материнской платы, но с множетсвом доступных опций для конфигурации, предоставляемых автоматической системой сборки. @@ -48,8 +63,7 @@ Libreboot это не форк coreboot Регулярные бинарные релизы Libreboot предоставляет эти ROM образы уже собранными, и вы просто можете их установить, без каких-либо дополнительных знаний или навыков, исключая способность следовать [упрощенной инструкции, написанной для пользователей, не обладающими техническими знаниями](docs/install/). -Как помочь? ------------ +### Как помочь? [Страница задач](tasks/) показывает задачи, над которыми нужно работать. Она будет обновляться по мере того, как задания будут выполнены/добавлены. Если вы хотите помочь, выбирайте одно из заданий и работайте над ним. @@ -67,8 +81,7 @@ Libreboot это не форк coreboot Вся дискуссии насчет разработки и поддержка пользователей осуществляется через IRC. Больше информации можно найти на [странице контактов](contact.ru.md) -Требуется помощь с переводом libreboot.org --------------------------------------- +### Требуется помощь с переводом libreboot.org Сейчас Libreboot перевел веб страницы на украинский и французский (но не все страницы). diff --git a/site/index.ru.md.description b/site/index.ru.md.description new file mode 100644 index 0000000..429c622 --- /dev/null +++ b/site/index.ru.md.description @@ -0,0 +1 @@ +Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with GNU boot loader GRUB, SeaBIOS and U-Boot. diff --git a/site/index.tr.md b/site/index.tr.md new file mode 100644 index 0000000..301f4f9 --- /dev/null +++ b/site/index.tr.md @@ -0,0 +1,87 @@ +--- +title: Özgür ve Açık Kaynaklı BIOS/UEFI Önyükleme Yazılımı +x-toc-enable: true +... + +*Libreboot*, Debian'ın bir *Linux dağıtımı* olması gibi, bir *[coreboot dağıtımıdır](docs/maintain)*. Libreboot, [belirli Intel/AMD x86 ve ARM tabanlı anakartlarda](docs/install/#which-systems-are-supported-by-libreboot) özel mülk BIOS/UEFI yazılımının yerini alan, coreboot tabanlı [özgür, açık kaynaklı](https://writefreesoftware.org/) (*libre*) önyükleme yazılımı sağlar. Bu anakartlar dizüstü ve masaüstü bilgisayarları içerir. Donanımı başlatır (örn. bellek denetleyicisi, CPU, çevre birimleri) ve işletim sisteminiz için bir önyükleyici başlatır. [Linux](docs/linux/) ve [BSD](docs/bsd/) iyi desteklenmektedir. [Libera](https://libera.chat/) IRC'deki [\#libreboot](https://web.libera.chat/#libreboot) kanalından yardım alabilirsiniz. + +Libreboot çalıştıran ThinkPad T480Libreboot çalıştıran ThinkPad T480 + +Libreboot, x86/x86_64 Intel/AMD anakartlarda GNU önyükleyici "[GRUB](docs/linux/)" ve SeaBIOS yüklerini, ARM64(Aarch64) anakartlarda ise *coreboot için* [U-Boot UEFI yükünü](docs/uboot/) sağlar. Bazı kartlarda [x86/x86_64 U-Boot UEFI yükü](docs/uboot/uboot-x86.md) de mevcuttur. x86, x86_64 ve arm64 U-Boot yükleri hafif bir UEFI önyükleme uygulaması sağlar. Libreboot'un [tasarımı](docs/maintain/) tüm bu yükleri tek bir imajda birleştirir ve önyükleme sırasında birini seçersiniz. + +**YENİ SÜRÜM: En son sürüm 30 June 2025'te yayınlanan Libreboot 25.06'dır. +Bakınız: [Libreboot 25.06 sürüm duyurusu](news/libreboot2506.md) + +Ayrıca Minifree Ltd'den seçili donanımlarda [Libreboot önyüklenmiş cihazlar satın alabilir](https://minifree.org/) veya uyumlu donanımınızı [Libreboot önyükleme hizmeti](https://minifree.org/product/installation-service/) için gönderebilirsiniz. Libreboot'un kurucusu ve baş geliştiricisi Leah Rowe aynı zamanda Minifree'yi de işletmektedir; satışlar Libreboot için finansman sağlamaktadır. + +*Biz*, yazılımı [inceleme, paylaşma, değiştirme ve kullanma özgürlüğünün](https://writefreesoftware.org/), herhangi bir kısıtlama olmaksızın, herkesin sahip olması gereken temel insan haklarından biri olduğuna inanıyoruz. Bu bağlamda, *yazılım özgürlüğü* önemlidir. Özgürlüğünüz önemlidir. Eğitim önemlidir. [Onarım hakkı](https://en.wikipedia.org/wiki/Right_to_repair) önemlidir; Libreboot, donanımınızı sürekli yazılım güncellemeleriyle kullanmaya devam etmenizi sağlar. Tüm bunlar Libreboot'un *var olma nedenidir*. + +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). + +Libreboot Tasarımına Genel Bakış +-------------------------------- + +Libreboot çalıştıran HP EliteBook 2560p ve Folio 9470m + +Libreboot, [makine başlatma](https://doc.coreboot.org/getting_started/architecture.html) için [coreboot](https://coreboot.org/) sağlar, bu da önyükleme belleğindeki bir [yüke](https://doc.coreboot.org/payloads.html) atlar; coreboot, Linux/BSD gibi işletim sisteminizi önyükleyen birçok yükle çalışır. + +Libreboot, [tam otomatik bir derleme sistemi](docs/maintain/), [otomatik derleme süreci](docs/build/) ve [kullanıcı dostu kurulum talimatları](docs/install/) sağlayarak, ayrıca desteklenen donanımlara kurulum için önceden derlenmiş ROM imajları sağlayan düzenli [ikili sürümler](download.md) sunarak, coreboot'u teknik olmayan kullanıcılar için kullanımı kolay hale getirir. Libreboot'un sağladığı gibi bir otomasyon olmadan, coreboot çoğu kullanıcı için erişilemez olurdu; yine de Libreboot'u istediğiniz gibi [yeniden yapılandırabilirsiniz](docs/maintain/). + +Neden Libreboot Kullanmalı? +--------------------------- + +Libreboot çalıştıran çeşitli Lenovo ThinkPad'ler + +Halihazırda özgür yazılıma eğilimliyseniz, belki de zaten bir coreboot kullanıcısıysanız, Libreboot, derleme otomasyonu aracılığıyla ya başlamanızı ya da coreboot'u makinenizde sürdürmenizi kolaylaştırır. Düzenli test edilmiş sürümler sağlar, önceden derlenmiş, genellikle kararlılığı sağlamak için coreboot (ve diğer kodlar) üzerinde belirli yamalarla birlikte gelir. Karşılaştırma olarak, coreboot her birkaç ayda bir kod tabanının bir anlık görüntüsüyle sürekli sürüm modelini kullanır; çok geliştirici odaklıdır, oysa Libreboot özellikle son kullanıcılar için tasarlanmıştır. Başka bir deyişle, Libreboot'un amacı *Sadece Çalışmaktır*. Coreboot'un doğrudan yapılandırılması ve kurulumu da mümkündür, ancak Libreboot bunu *çok* daha kolay hale getirir. + +Libreboot size çoğu diğer önyükleme yazılımıyla alamayacağınız [Özgür Yazılım](https://writefreesoftware.org/) sağlar, ayrıca daha hızlı önyükleme hızları ve [daha iyi güvenlik](docs/linux/grub_hardening.md) sunar. Birçok kullanım senaryosu için son derece güçlü ve [yapılandırılabilirdir](docs/maintain/). Özel mülk BIOS satıcıları tarafından size dayatılan kısıtlamalardan (güvenlik sorunlarından bahsetmiyorum bile) memnun değilseniz, Libreboot sizin için olası bir seçenektir. Coreboot'tan miras aldığı için, kodda bilinen arka kapılar içermez ve 1980'lerden kalma eski öğeler içermez. Libreboot, düzenli olarak denetlenen ve geliştirilen coreboot'a dayalı Linux/BSD sistemleri için şık, hızlı bir önyükleme deneyimi sağlar. + +Libreboot özel mülk yazılımlardan daha güvenilirdir. Birçok kişi [özgür bir işletim sistemi](https://www.openbsd.org/) kullansa bile özel mülk (özgür olmayan) önyükleme yazılımı kullanır. Özel mülk yazılımlar genellikle [arka kapılar](faq.html#intel) [içerir](faq.html#amd) ve hatalı olabilir. Libreboot projesi, Aralık 2013'te, coreboot yazılımını teknik olmayan kullanıcılar için erişilebilir kılma açık amacıyla kuruldu. + +Libreboot, kullanıcıların özel mülk önyükleme yazılımından kaçmasına yardımcı olmaya odaklanan topluluk odaklı bir projedir; biz kendimiz tüm yazılımların [özgür](https://writefreesoftware.org/) olduğu bir dünyada yaşamak istiyoruz ve bu nedenle Libreboot, o dünyaya yaklaşmaya yardımcı olma çabasıdır. Büyük satıcıların aksine, sizi herhangi bir şekilde kısıtlamaya çalışmıyoruz veya sizi bir güvenlik tehdidi olarak görmüyoruz; yazılımı özgürce kullanma, inceleme, değiştirme ve yeniden dağıtma yeteneğinin herkesin sahip olması gereken bir insan hakkı olduğunu düşünüyoruz. Bilgisayarlara uyarlandığında, bunlar satın aldığınız ürünlerdir ve bu nedenle onları istediğiniz gibi değiştirme özgürlüğüne sahip olmalısınız. Intel'in *Boot Guard*'ından (yalnızca kendileri tarafından imzalanmış yazılımın çalıştırılmasına izin vererek coreboot'u engelleyen) veya diğer satıcıların benzer kısıtlamalar getirmesinden bahsederken "güvenlik"ten bahsettiklerini duyduğunuzda, yalnızca *kendi* güvenliklerinden bahsediyorlar, sizinkinden değil. Libreboot projesinde, bu tersine çevrilmiştir; biz Intel Boot Guard ve benzeri teknolojileri kendi mülkünüz (bilgisayarınız) üzerindeki özgürlüğünüze bir saldırı olarak görüyoruz ve bu nedenle, bu tür kontrolü [geri almanıza](docs/install/deguard.html) [yardımcı olmayı](https://trmm.net/TOCTOU/) misyonumuz haline getiriyoruz. + +Libreboot Coreboot'un Bir Çatalı Değildir +---------------------------------------- + + + +Aslında, Libreboot her kart için mümkün olduğunca *stok* coreboot'a yakın kalmaya çalışır, ancak Libreboot derleme sistemi tarafından otomatik olarak sağlanan birçok farklı yapılandırma türüyle birlikte. + +*Alpine Linux*'un bir *Linux dağıtımı* olması gibi, Libreboot bir *coreboot dağıtımıdır*. ROM imajını sıfırdan oluşturmak istiyorsanız, aksi takdirde ROM imajını hazırlamak için coreboot, GRUB ve ihtiyacınız olan diğer yazılımların uzman düzeyinde yapılandırmasını gerçekleştirmeniz gerekir. *Libreboot* ile, Git'ten veya bir kaynak arşivinden indirebilir ve basit bir betik çalıştırabilirsiniz, ve tüm ROM imajlarını oluşturacaktır. `lbmk` (Libreboot MaKe) adlı otomatik bir derleme sistemi, bu ROM imajlarını herhangi bir kullanıcı girişi veya müdahalesi gerekmeden otomatik olarak oluşturur. Yapılandırma önceden gerçekleştirilmiştir. + +Libreboot'un otomatik derleme sistemini kullanmadan normal coreboot'u derleseydiniz, çalışan bir yapılandırma üretmek için çok daha fazla müdahale ve iyi teknik bilgi gerektirirdi. + +Libreboot'un düzenli ikili sürümleri bu ROM imajlarını önceden derlenmiş olarak sağlar ve [teknik olmayan kullanıcılar için yazılmış basitleştirilmiş talimatları](docs/install/) takip etme yeteneği dışında özel bir bilgi veya beceri gerektirmeden bunları kurabilirsiniz. + +### Nasıl Yardımcı Olabilirsiniz + +[Görevler sayfası](tasks/) üzerinde çalışılabilecek (çalışılacak) görevleri listeler. Daha fazla görev eklendikçe/tamamlandıkça güncellenecektir. Yardımcı olmak istiyorsanız, bu görevlerden birini seçip üzerinde çalışabilirsiniz. + +Libreboot'ta GRUB önyükleyici + +Yardımcı olabileceğiniz *en büyük* yol, bir yapılandırma göndererek Libreboot'a *yeni* anakartlar eklemektir. Coreboot'un desteklediği her şey, sürümlerde sağlanan ROM imajlarıyla Libreboot'a entegre edilebilir. Bakınız: + +* [Kart bakımcısı/test edicisi olmak için başvurun](docs/maintain/testing.md) +* [Yeni anakartlar için port kılavuzu](docs/maintain/porting.md) +* [Libreboot derleme sistemi belgeleri](docs/maintain/) + +Bunun ardından, derleme sistemi bakımı (yukarıya bakın) ve ciddiye aldığımız *belgelendirme* var. Belgelendirme, herhangi bir projede kritik öneme sahiptir. + +*Kullanıcı desteği* de kritik öneme sahiptir. IRC'de kalın ve eğer birine sorunuyla yardımcı olabilecek yetkinliğe sahipseniz (veya onlarla birlikte öğrenecek kadar kurnazysanız), bu projeye büyük bir hizmettir. Birçok kişi ayrıca `r/libreboot` subreddit'inde kullanıcı desteği istemektedir. + +[Hata takipçisinde](https://codeberg.org/libreboot/lbmk/issues) listelenen hataları kontrol edebilirsiniz. + +Bir hata fark eder ve düzeltmeniz varsa, [yamaları nasıl göndereceğinize dair talimatlar burada](git.md), ve ayrıca rapor edebilirsiniz. Ayrıca, bu web sitesinin tamamı Markdown ile yazılmıştır ve yamalar gönderebileceğiniz [ayrı bir depoda](https://codeberg.org/libreboot/lbwww) barındırılmaktadır. + +Tüm geliştirme tartışmaları ve kullanıcı desteği IRC kanalında yapılmaktadır. Daha fazla bilgi [iletişim sayfasında](contact.md) bulunmaktadır. + +### libreboot.org için Çeviriler Gerekli + +Libreboot şu anda Ukraynaca ve Fransızca çevrilmiş web sayfalarına sahiptir (ancak her iki dilde de henüz tüm sayfalar için değil). + +Çevirilere yardımcı olmak istiyorsanız, sayfaları çevirebilir, mevcut çevirileri güncelleyebilir ve çevrilmiş versiyonlarınızı gönderebilirsiniz. Talimatlar için lütfen okuyun: + +[libreboot.org için çeviri nasıl gönderilir](news/translations.md) + +Belirli bir dilde biri zaten çalışıyor olsa bile, her zaman birden fazla kişi kullanabiliriz. Ne kadar çok o kadar iyi! diff --git a/site/index.uk.md b/site/index.uk.md index 9b67f17..ac2d055 100644 --- a/site/index.uk.md +++ b/site/index.uk.md @@ -1,32 +1,49 @@ --- -title: Проект Libreboot +title: завантажувальну прошивку BIOS/UEFI прошивку x-toc-enable: true ... Проект *Libreboot* надає [вільну](https://writefreesoftware.org/) *завантажувальну прошивку*, яка ініціалізує апаратне забезпечення (наприклад, контролер пам'яті, ЦП, -периферію) на [конкретних цілях Intel/AMD x86 та ARM](docs/install/), що +периферію) на [конкретних цілях Intel/AMD x86 та ARM](docs/install/#which-systems-are-supported-by-libreboot), що потім розпочинає завантажувач для вашої операційної системи. [Linux](docs/linux/) та [BSD](docs/bsd/) добре підтримуються. Це заміняє пропрієтарну BIOS/UEFI прошивку. Допомога доступна через [\#libreboot](https://web.libera.chat/#libreboot) на [Libera](https://libera.chat/) IRC. - + + +Libreboot provides GNU boot loader "[GRUB](docs/linux/)" and SeaBIOS payloads +on x86/x86\_64 +Intel/AMD motherboards, and a [U-Boot UEFI payload](docs/uboot/) *for coreboot* +on ARM64(Aarch64) motherboards. +An [x86/x86\_64 U-Boot UEFI payload](docs/uboot/uboot-x86.md) is also available +on some boards. The x86, x86\_64 and arm64 U-Boot payloads provide a lightweight +UEFI boot implementation, which can boot many Linux distros and BSD systems. +The SeaBIOS and GRUB payloads also boot Linux/BSD systems. Which one you use +depends on your preferences. Libreboot's design incorporates all of these boot +methods in a single image, so you can choose which one you use at boot time, +and more payloads (e.g. Linux kexec payload) are planned for future releases. + +**НОВИЙ ВИПУСК: Останній випуск Libreboot 25.06, випущено 30 June 2024. +Дивіться: [Оголошення про випуск Libreboot 25.06](news/libreboot2506.md).** You can also [buy Libreboot preinstalled](https://minifree.org/) from Minifree Ltd, -on select hardware, aswell as send your compatible hardware +on select hardware, as well as send your compatible hardware for [Libreboot preinstallation](https://minifree.org/product/installation-service/). The founder and lead developer of Libreboot, Leah Rowe, also owns and operates Minifree; sales provide funding for Libreboot. -**НОВИЙ ВИПУСК: Останній випуск Libreboot 20241206, випущено 6 December 2024. -Дивіться: [Оголошення про випуск Libreboot 20241206](news/libreboot20241206.md).** +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). Чому вам варто використовувати *Libreboot*? ---------------------------- + + Libreboot надає вам [свободи](https://writefreesoftware.org/), які в іншому випадку ви не можете отримати з більшістю інших завантажувальних прошивок. Він надзвичайно [потужний](docs/linux/grub_hardening.md) @@ -46,7 +63,7 @@ Libreboot надає вам [свободи](https://writefreesoftware.org/), я Coreboot помітно складний для встановлення для більшості нетехнічних користувачів; він виконує тільки базову ініціалізацію та перестрибує до окремої програми [корисного навантаження](https://doc.coreboot.org/payloads.html) (наприклад, -[GRUB](https://www.gnu.org/software/grub/), +GRUB, [Tianocore](https://www.tianocore.org/)), які також мають бути налаштованими. *Програмне забезпечення Libreboot вирішує цю проблему*; це *дистрибутив coreboot* з [автоматизованою системою побудови](docs/build/index.uk.md), яка збирає завершені *образи ROM*, для @@ -55,7 +72,7 @@ Coreboot помітно складний для встановлення для Чим Libreboot відрізняється від звичайного coreboot? --------------------------------------------- - + Таким же самим чином, як *Debian* це дистрибутив Linux, Libreboot це *дистрибутив coreboot*. Якщо ви хочете зібрати образ ROM з нуля, вам @@ -79,7 +96,7 @@ Coreboot помітно складний для встановлення для Як допомогти ----------- - + *Єдиний* найбільший шлях, яким ви можете допомогти є *додавання* нових материнських плат до Libreboot, за допомогою відправки конфігурації. Що завгодно, що підтримує coreboot може бути інтегровано в @@ -100,6 +117,8 @@ Libreboot, з образами ROM наданими в випусках. Див Ви можете перевірити помилки, перелічені в [системі відстеження помилок](https://codeberg.org/libreboot/lbmk/issues). + + Якщо ви помітили помилку і маєте виправлення, [ось інструкції щодо надсилання виправлень](git.uk.md), а також ви можете повідомити про це. Також, весь цей веб-сайт написаний Markdown та розміщений в [окремому сховищі](https://codeberg.org/libreboot/lbwww), де ви можете надсилати виправлення. diff --git a/site/index.zh-cn.md b/site/index.zh-cn.md index 43b3fa1..706f3d3 100644 --- a/site/index.zh-cn.md +++ b/site/index.zh-cn.md @@ -1,18 +1,33 @@ --- -title: Libreboot 项目 +title: 自由且开源 BIOS/UEFI 固件 x-toc-enable: true ... *Libreboot* 项目提供基于 coreboot 的[自由且开源](https://writefreesoftware.org/zh-cn/)的引导固件,以替代基于 Intel/AMD x86 和 ARM 的特定主板(包括笔记本和台式电脑)上的专有 BIOS/UEFI 固件。它首先初始化硬件(如内存控制器、CPU、外设),然后为操作系统启动引导加载程序(bootloader)。本项目对 [Linux](docs/linux/) 和 [BSD](docs/bsd/) 支持良好。如果需要寻求帮助,可以前往 [Libera](https://libera.chat/) IRC 上的 [\#libreboot](https://web.libera.chat/#libreboot) 频道。 - + + +Libreboot provides GNU boot loader "[GRUB](docs/linux/)" and SeaBIOS payload +on x86/x86\_64 +Intel/AMD motherboards, and a [U-Boot UEFI payload](docs/uboot/) *for coreboot* +on ARM64(Aarch64) motherboards. +An [x86/x86\_64 U-Boot UEFI payload](docs/uboot/uboot-x86.md) is also available +on some boards. The x86, x86\_64 and arm64 U-Boot payloads provide a lightweight +UEFI boot implementation, which can boot many Linux distros and BSD systems. +The SeaBIOS and GRUB payloads also boot Linux/BSD systems. Which one you use +depends on your preferences. Libreboot's design incorporates all of these boot +methods in a single image, so you can choose which one you use at boot time, +and more payloads (e.g. Linux kexec payload) are planned for future releases. + +**新版发布: 最新版本 Libreboot 25.06 已在 2025 年 06 月 30 日发布。详见: [Libreboot 25.06 发布公告](news/libreboot2506.md).** 你也可以从 Minifree Ltd [购买特定硬件的 Libreboot 电脑](https://minifree.org/), 或者将兼容硬件寄来预装 Libreboot。 Libreboot 的创始人和主要开发者,Leah Rowe,也是 Minifree 的所有者和经营者; 销售电脑为 Libreboot 提供资金。 -**新版发布: 最新版本 Libreboot 20241206 已在 2024 年 12 月 06 日发布。详见: [Libreboot 20241206 发布公告](news/libreboot20241206.md).** +A parallel [Libreboot fork, Canoeboot](https://canoeboot.org), also exists. +Both Canoeboot and Libreboot are maintained by the same developer (Leah Rowe). 为什么要使用 *Libreboot*? ---------------------------- @@ -21,12 +36,12 @@ Libreboot 赋予了你从其他大多数引导固件得不到的[自由](https:/ *我们*相信,不受限制地[研究、分享、修改及使用软件](https://writefreesoftware.org/)的自由,是每个人都必须享有的基本人权的一部分。这时,*软件自由*至关重要。你的自由至关重要。教育至关重要。[修理权](https://en.wikipedia.org/wiki/Right_to_repair)至关重要。尽管许多人在用[自由的操作系统](https://www.openbsd.org/),但他们用的引导固件却是专有(非自由)的。专有固件常常[包含](faq.html#intel)了[后门](faq.html#amd),而且可能有很多缺陷。为了让不懂技术的用户也能使用 coreboot 固件,我们于 2013 年 12 月成立了 Libreboot 项目, -Libreboot 项目使用 [coreboot](https://www.coreboot.org/) 来[初始化硬件](https://doc.coreboot.org/getting_started/architecture.html)。对大部分不懂技术的用户来说,coreboot 是出了名地难安装;它只处理了基础的初始化,然后跳转进入单独的 [payload](https://doc.coreboot.org/payloads.html) 程序(例如 [GRUB](https://www.gnu.org/software/grub/)、[Tianocore](https://www.tianocore.org/)),而后者也需要进行配置。*Libreboot 解决了上述问题*;作为 *coreboot 发行版*,配有[自动构建系统](docs/build/),能构建完整的 *ROM 映像*,从而让安装更加稳定。另有文档可参考。 +Libreboot 项目使用 [coreboot](https://www.coreboot.org/) 来[初始化硬件](https://doc.coreboot.org/getting_started/architecture.html)。对大部分不懂技术的用户来说,coreboot 是出了名地难安装;它只处理了基础的初始化,然后跳转进入单独的 [payload](https://doc.coreboot.org/payloads.html) 程序(例如 GRUB、[Tianocore](https://www.tianocore.org/)),而后者也需要进行配置。*Libreboot 解决了上述问题*;作为 *coreboot 发行版*,配有[自动构建系统](docs/build/),能构建完整的 *ROM 映像*,从而让安装更加稳定。另有文档可参考。 Libreboot 不是 coreboot 的分支 ----------------------------------- - + 事实上,Libreboot 对每一块主板,都尽可能保持与*原版*的 coreboot 接近,但 Libreboot 构建系统也自动提供了许多不同类型的配置。 @@ -39,7 +54,7 @@ Libreboot 的常规二进制版本提供了这些预编译的 ROM 映像。按 如何帮助 ----------- - + 要帮助的话,*最*最好的方式,就是通过提交配置文件,来为 Libreboot *添加*新的主板。coreboot 支持的任何主板都能收录到 Libreboot,并在发布版本中附带 ROM 映像。见: @@ -51,6 +66,8 @@ Libreboot 的常规二进制版本提供了这些预编译的 ROM 映像。按 *用户支持*也十分重要。多瞧一瞧 IRC,如果你有能力帮别人解决问题(或者愿意跟他们一起学习),那对本项目的贡献会很大。许多人也在 reddit 版块 `r/libreboot` 寻求用户支持。 + + 可以检查[缺陷追踪系统](https://codeberg.org/libreboot/lbmk/issues)列出的缺陷。 如果发现了一个缺陷,并且有解决方案,[这里说明了发布补丁的方法](git.md),也可以提交报告。同时,本站完全使用 Markdown 编写,并托管在了一个[单独的仓库](https://codeberg.org/libreboot/lbwww),可以在那里发送补丁。 diff --git a/site/index.zh-cn.md.description b/site/index.zh-cn.md.description new file mode 100644 index 0000000..b2861be --- /dev/null +++ b/site/index.zh-cn.md.description @@ -0,0 +1 @@ +Libreboot 项目提供基于 coreboot 的自由且开源的引导固件. GNU GRUB, SeaBIOS, U-Boot. diff --git a/site/license.md b/site/license.md index a91e93d..6dd5422 100644 --- a/site/license.md +++ b/site/license.md @@ -1,5 +1,5 @@ --- -title: License +title: Copyright license for the Libreboot website x-toc-enable: true ... @@ -23,16 +23,9 @@ You can download the logo files from `lbwww-img.git`. See: These pages are static HTML, generated from Markdown files, which you can find a link to at the bottom of each HTML page, for the corresponding Markdown file. -The terms of this license are written below, unmodified, except to change the -formatting so that the text would integrate nicely on this website. - -You can also find the license here: - - -The markdown version, hosted by the GNU project, can be found here: - - -The *unmodified* license text is as follows: +The terms of this license are written below, unmodified from the original +reference, except to change the formatting so that the text would integrate +nicely on this website: GNU Free Documentation License ============================== @@ -40,7 +33,7 @@ GNU Free Documentation License Version 1.3, 3 November 2008 Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, -Inc. +Inc. *https://fsf.org/* Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -421,7 +414,7 @@ The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See -. +*https://www.gnu.org/licenses/* Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this @@ -499,3 +492,11 @@ permit their use in free software. The license text ended in the previous paragraph. Now you see the generic footer generated for every page on this website: +Please also see [logo license](logo-license.md) + +The GFDL license copied above, was copied from the documented hosted +here: *https://www.gnu.org/licenses/fdl-1.3.en.html* + +The markdown version can be found here: *https://www.gnu.org/licenses/fdl-1.3.md* + +The *markdown* version was adapted, to display on this page. diff --git a/site/logo-license.tr.md b/site/logo-license.tr.md new file mode 100644 index 0000000..ad5221c --- /dev/null +++ b/site/logo-license.tr.md @@ -0,0 +1,14 @@ +--- +title: Libreboot logo lisansı +... + +Libreboot logosu, 2014 yılında Marcus Moeller tarafından oluşturulmuş olup telif hakkı da kendisine aittir. Logo, Creative Commons Zero lisansı, versiyon 1.0 şartları altında yayınlanmıştır. + +Bu logoya dayalı çıkartma dosyaları 2015 yılında Patrick McDermott tarafından oluşturulmuş ve aynı lisans altında yayınlanmıştır. + +Bu lisansın (CC-0 1.0) bir kopyasını şu adreste bulabilirsiniz: + + +Çıkartma tasarımlarındaki yazı tipi `lato`'dur. Vektörlerdeki metinlerin doğru görünmesi için bu yazı tipini yüklemeniz gerekir. + +Logo dosyalarını burada görebilirsiniz: \ No newline at end of file diff --git a/site/news/10.md b/site/news/10.md index edc68e6..3d704da 100644 --- a/site/news/10.md +++ b/site/news/10.md @@ -1,19 +1,7 @@ -% Libreboot 10-year anniversary +% Libreboot 10-year anniversary and history % Leah Rowe % 12 December 2023 -**This page was restored during August 2024, having been deleted earlier on -in 2024 - it was deleted as part of Libreboot's attempt to reconcile -differences with FSF/GNU, and much of this page is hostile to it (and has to be, -because it's focusing on the history of the Libreboot project, which has -historically been at odds with the FSF both socially, technically and -politically. The restored version is essentially identical, but has been -edited without altering any of the substance, and further information going -up to the month of August 2024 has been added at the end, which was not -available earlier on because... Libreboot has not yet invented time travel.** - -Anyway, article time: - I'm very proud of the work done in Libreboot, both by myself and by others who I work with. Many people make Libreboot possible, be it direct contributors to the project, or the countless individuals and companies that work on all @@ -26,8 +14,8 @@ history. This article complements the pre-existing [contrib](../contrib.md) page, which attempts to list the numerous contributions made by people to Libreboot, over the years. -Introduction -============ +Ten years of Free Software +----------------------- The *Libreboot* project provides [free, open source](https://writefreesoftware.org/) (*libre*) boot @@ -61,10 +49,9 @@ since I've been here all this time. Let's get started! How did Libreboot start? -======================== +------------------ -*Why* did it start? -------------------- +### *Why* did it start? I'm a free software activist. First and foremost, my focus is on using as much Free Software *myself*, and I want to help other people achieve a level of @@ -73,10 +60,11 @@ that Libreboot no longer strictly aligns to FSF policy, but I still very much believe in the ideology behind it. I merely apply it in different, more [pragmatic](policy.md) ways - but this page is about the history of the project, so I have to put myself in the headspace I was in, during each development year -relative to when Libreboot started. +relative to when Libreboot started. Libreboot originally started very much as +an FSF-endorsed project, created specifically for the purpose of adhering to +their standards. -Early history -------------- +### Early history The name *Libreboot* actually existed from about February 2014 onward. The *libreboot.org* domain name was registered on 26 January 2014. I initially @@ -118,8 +106,7 @@ and professional, with clear documentation. Coreboot documentation today is much better, but it was very poor quality in 2013 (MediaWiki site with lots of errant pages, poorly organised). -It came with a twist: Libreboot initially complied with the FSF's own RYF -criteria, and the GNU FSDG (Free System Distribution Guidelines). Under this +It came with a twist: Libreboot initially only permitted libre code. Under this policy, no binary blobs are allowed. I believed in it then, because in practise it seemed like a good idea and didn't do any harm. It would later become a liability, for reasons laid out in Libreboot's modern [Binary Blob Reduction @@ -139,7 +126,7 @@ talking about my company, which is where you could download my source tarballs at the time. 2013-2014: early days -===================== +-------------------- When Libreboot first started, it *only* provided very basic releases: pre compiled ROM images, with source code, but there was no automated build system. @@ -150,10 +137,11 @@ support and MacBook 2,1 support were added. This first year of the project was spent on building solid infrastructure, specifically documentation and an automated build system. The design of Libreboot revolves around scripts that automatically download, patch, configure and then compile various codebases, -so you can think of it like a *coreboot distribution*; Libreboot's build +so you can think of it like a *[coreboot distribution](../docs/maintain/)*; +Libreboot's build system is essentially a source-based package manager, for coreboot components. -The very first Libreboot releases only provided a *GNU GRUB* payload. The +The very first Libreboot releases only provided a *GRUB* bootloader payload. The GRUB bootloader had been adapted for coreboot many years before then, but there weren't any ready-made coreboot images available that used it, and it wasn't very well-developed for end users. GRUB is a lot more complex than many people @@ -171,19 +159,12 @@ directly boot Linux kernels. GRUB has many advanced features, such as GPG and LUKS support, and it has support for virtually all of the major file systems in use today. -Libreboot logo --------------- +### Libreboot logo -Of note, though it doesn't fit anywhere else in the article, so I'll just say -it now: +Marcus Moeller designed the Libreboot logo in 2014, after I publicly requested +that samples be prepared for my review. Marcus's logo was the one I chose. -I went on the GNU mailing lists during 2014, asking people to make a logo for -the project. Several people then emailed me their submissions. I finally picked -the logo design that Libreboot now uses, and has used since then. That design -was created by a person named Marcus Moeller, for use in the Libreboot project. - -Why GRUB? ---------- +### Why GRUB? Libreboot has always, at least on x86, preferred *GRUB* as a coreboot payload. @@ -278,8 +259,7 @@ you no longer need to install anything bootloader-related on your HDD/SSD. Although excluding this usually requires re-configuring `grub.cfg` in flash, Libreboot does provide this capability. -Automatic build system ----------------------- +### Automatic build system One of Libreboot's other main innovations, in addition to providing binary releases, was to provide an automated *build system* interface. With it, the @@ -294,7 +274,7 @@ does not provide. Especially for more modern systems, there are *many* moving parts that the user otherwise has to deal with, whereas Libreboot automates all of it. Such automation *did not exist* anywhere, prior to Libreboot. The only noteworthy exception would have been the Chromebook products, where Google -did(does) provide updates, but without so much community focus as Libreboot and +did(does) provide updates, but without so much great focus as Libreboot and without quite the same user-accessible build system automation; their infrastructure is designed so that vendors can sell more Chromebooks. @@ -326,7 +306,7 @@ provide such automation. It's the same concept as a *Linux distribution*, but in the context of boot firmware. A project like *Debian* automatically builds many codebases from all over the internet, putting it all together to provide an operating system that users can simply install. Libreboot applies that same -concept to *coreboot*, so it is a *coreboot distribution*. +concept to *coreboot*, so it is a *[coreboot distribution](../docs/maintain/)*. Libreboot was the *first* coreboot distro ever, and today is still the most popular one. Several similar projects now exist, inspired by the example that @@ -336,7 +316,7 @@ You can learn more about the build system by reading [lbmk documentation](../docs/maintain/). late 2014-2016: expansion -======================== +------------------------- Libreboot up until late 2014 was mainly a proof of concept. It *worked*, but not well. The precursor of what became Libreboot's automated build system, @@ -346,8 +326,7 @@ Almost all of 2014 was spent entirely on the build system, and on documentation, without much additional focus on hardware support; I always knew then that it would later expand, so I focused solely on the infrastructure. -GM45 hardware (e.g. ThinkPad X200) ---------------------------------- +### GM45 hardware (e.g. ThinkPad X200) I was approached by another developer, named Steve Shenton, around October of 2014. I'd expressed interest in the ThinkPad X200, as an upgrade to the X60 @@ -398,8 +377,7 @@ Based on this, and extensive amounts of documentation was written during the same period, I then provided the Libreboot 20150124 release on 24 January 2015. It added ThinkPad X200, X200S and X200 Tablet support. -2015: T400, T500, W500... R400 ------------------------- +### 2015: T400, T500, W500... R400 Coreboot lacked supported for other GM45 thinkpads at this time, when X200 support was first added to Libreboot. Testing was later done on these other @@ -414,8 +392,7 @@ So, during 2015, Libreboot added support for many newer laptops. ASUS KCMA-D8 and KGPE-D16 support was also first added to Libreboot during this year, worked on by Timothy Pearson and integrated into Libreboot. -2015-2016: Major build system improvements ------------------------------------------- +### 2015-2016: Major build system improvements The build system was heavily improved during this period, improving the automation and greatly expanding the supported features. @@ -440,16 +417,16 @@ so I try to keep everything very simple. Several other desktop boards were also added during this period, such as the Gigabyte GA-G41M-ES2L board that was ported to coreboot by Damien Zammit. He was compensated for his work; I paid him 4000 AUD for the trouble. Arthur -Heymans contributed several ports aswell, and today still does extensive work -on coreboot - both Damien and Arthur left the Libreboot project, after its -departure from GNU (more on this next). +Heymans contributed several ports as well, and today still does extensive work +on coreboot - both Damien and Arthur left the Libreboot project, after Libreboot +became independent again. This period was a watershed moment in general, for the Libreboot project. Many people contributed to the project, during this period. You can check the [contrib](../contrib.md) page for a list of people, and check git logs. 2016: GNU Libreboot -=================== +-------------------- Yes. *That* is also covered here. Naturally, Libreboot was becoming very popular and I looked for ways to extend that. Back in 2015 and most of 2016, @@ -457,8 +434,7 @@ I saw GNU membership as a natural step for the project to take. Libreboot had a mailing list at that time, hosted on the GNU Savannah infrastructure, so it seemed only logical to give it a go. -Evaluation and accession ---------------------------- +### Evaluation and accession Libreboot was briefly a GNU project, between 14 April 2016 to 15 September 2016. I had proposed this during the summer of 2015, and worked with the GNU Eval @@ -474,35 +450,24 @@ generator of any kind. On the coding side of things, many GNU programs use things like GNU Autoconf for configuration, in build systems, and GNU has a certain *coding style* that is preferred. To speed up entry into GNU, many of the requirements were -overlooked since, ideologically speaking, Libreboot aligned with the GNU -Free System Distribution Guidelines (FSDG) at that time, so Libreboot officially -joined GNU on 14 April 2016, under the assumption that it would gradually +overlooked since, ideologically speaking, Libreboot was otherwise entirely free. +We joined GNU on 14 April 2016, under the assumption that it would gradually start integrating with the GNU infrastructure. *Three* Libreboot releases were released, during its GNU membership, namely: Libreboot 20160818, 20160902 and 20160907. -Initial outcomes -------------- +### Initial outcomes Libreboot's popularity reached great heights during this time, greatly expanding and attracting many new developers. Joining GNU accelerated this further, though it came with certain drawbacks. -At that time, I believed in the GNU FSDG policy, and I saw GNU membership as -beneficial to the Libreboot project, not because I was interested in GNU for -any technical merit; Libreboot is boot firmware, whereas GNU has always been -about providing an operating system with the libc and many useful applications. -Libreboot did not really fit into the GNU infrastructure, but it aligned with -the ideology both in theory and in practise, and the prestige of it at that time -would attract more help. - I later realised otherwise, regarding the ideology; more on this later, in the sections about osboot, and the osboot/libreboot merge, and events after that. -Regret ------- +### Regret Anyway: during Libreboot's membership, I started to realise that many of the technical requirements imposed on Libreboot were unworkable, especially the @@ -600,8 +565,7 @@ accept Libreboot early; yet another example of the power that he held. Needless to say, I was stunned. And now, I will write about Libreboot's subsequent exit from the GNU project: -Exit ----- +### Exit Later, a member of the FSF staff got fired, who happened to be transgender, and I had been friends with that person. I myself had only recently come out @@ -631,8 +595,7 @@ have a tendency to list projects as *unmaintained* or *decommissioned* if no longer developed within GNU, but they do not have language pertaining to *active* projects that leave, that stay active. -GNU's response --------------- +### GNU's response Libreboot's decision to leave was not without precedent. GnuTLS also left, as did Nano (Nano later re-joined), though GnuTLS's departure was never officially @@ -680,10 +643,9 @@ and Libreboot's newer [Binary Blob Reduction Policy](policy.md), later in the article. 2017-2021: Post-GNU years -========================= +--------------------- -GNU cuts Libreboot loose --------------------------- +### GNU cuts Libreboot loose Libreboot's departure from GNU came about 1 week after a big stable release, the Libreboot 20160907 release. I pretty much burned out after that release, @@ -703,8 +665,7 @@ back at these years now with pride; I did the right thing, even if I caused a lot of trouble while doing it, trouble that I had to later correct, and atone for. It's a bittersweet realisation, but it is what it is. -Apology to GNU --------------- +### Apology to GNU Alyssa Rosenzweig, who later founded the Panfrost project and nowadays works on free graphics drivers for Asahi Linux, briefly joined the Libreboot project @@ -748,10 +709,9 @@ and user support to other people - I later took over the project again in 2021, a topic which I will also cover, later in this article. 2017-2021: the great rewrite -============================ +----------------------- -Initial work, and why ---------------------- +### Initial work, and why While Libreboot was a member of the GNU project, I did a thought experiment: what if Libreboot's build system and general infrastructure *did* adhere to @@ -765,8 +725,7 @@ This was later scrapped, when I decided to accept Alyssa's work instead; she converted the website to use Markdown instead, with a custom static site generator. -Paper build system ------------------- +### Paper build system I simultaneously commissioned a re-write of the build system. There wasn't anything seriously wrong with the one I wrote, but I wanted to see if it could @@ -802,8 +761,7 @@ I keep that repository there for archival, but it is no longer developed. I took over the project again in 2021, and scrapped the rewrite. More on this later in the article! -Andrew Robbins and Sebastian Grzywna ------------------------------------- +### Andrew Robbins and Sebastian Grzywna Sebastian had joined the project during early 2016, advising about hardware and he made quite a few useful code contributions at first. For example, he @@ -826,8 +784,7 @@ component could work independently of the other. If I had to make an analogy, it was sort of like the monolith vs microkernel argument, paper being the same sort of mentality for the latter. -I was AWOL for years --------------------- +### I was AWOL for years I wasn't active in the project during these years, at all. I first was prepping mentally and financially for gender reassignment surgery scheduled for late @@ -878,8 +835,7 @@ But that's how it all was, for many years. I regard Libreboot as having been a *dead project*, during this period. All (*all*) of the work put into it at that time, was a complete waste of energy and effort. -Paper never worked ------------------- +### Paper never worked The rewrite largely failed. During 2017-2021, Libreboot no longer had any releases. The Paper build system *never* reliably built any ROM images, due @@ -972,7 +928,7 @@ in the next sections. Paul stopped working on Libreboot after around late 2017, leaving the work solely in the hands of Andrew and Sebastian. late 2020: osboot -================ +---------------- I started the [osboot project](https://notabug.org/osboot) in December 2020. Check *osboot.org* on the Wayback Machine. Osboot was initially called @@ -1028,15 +984,15 @@ project. Osboot greatly improved the configurability of everything. For example, it enabled you to more easily mix and match different payload combinations per -mainboard, whereas the Libreboot 20160907 design only allowed *one* payload +motherboard, whereas the Libreboot 20160907 design only allowed *one* payload type, per target, and it contained a lot of target-specific logic that was hardcoded, baked into the build system's design - even in December 2020 when osboot started, I envisioned that it would one day support many more boards, -whereas Libreboot only supported like 15 mainboards in 2016. +whereas Libreboot only supported like 15 motherboards in 2016. The osboot redesign, relative to Libreboot 20160907, made handling of source tree revisions and patches much cleaner, especially for multi-tree projects -like coreboot, where multiple revisions could be used depending on mainboard. +like coreboot, where multiple revisions could be used depending on motherboard. Of course, the first osboot revision also updated to a modern coreboot revision at that time, which (in that month, December 2020) was @@ -1050,8 +1006,7 @@ fun again, and I found that I once again had the energy. In short, I had my mojo back. My then 4-year hiatus was over. -December 2020 Libreboot takeover --------------------------------- +### December 2020 Libreboot takeover Perhaps getting too carried away too soon, I actually took over the Libreboot project again in late December 2020. I was rapidly working on adding all the @@ -1064,8 +1019,7 @@ a Libreboot takeover yet. I needed more time to polish everything. Doing a tiny release for 1 customer, on 1 machine (the X230) was all well and good, but I decided that I had time to polish it more. -March 2021 Libreboot takeover ------------------------------ +### March 2021 Libreboot takeover I wanted to get rid of Sebastian and Andrew for some time, at that point. Too many years had gone by, without any releases in Libreboot, and the Paper build @@ -1110,10 +1064,9 @@ However, I only had osboot then. I started actually working on a new Libreboot release *after* I took over. 2021 (lib)reboot -=============== +--------------- -New Libreboot repositories --------------------------- +### New Libreboot repositories The original Libreboot git repository can be found here: @@ -1134,8 +1087,7 @@ In mid-2021, Libreboot was split into smaller repositories: * `untitled`: the static site generator, which creates the website, by creating HTML files from the Markdown files in `lbwww` -Untitled Static Site Generator ------------------------------- +### Untitled Static Site Generator Untitled Static Site Generator was going to be part of Libreboot officially, but by that time, I had forked the Libreboot static site generator many times, for @@ -1152,16 +1104,14 @@ The osboot project greatly expanded, during this time. It never made any releases officially, but it provided an excellent proof of concept, and it became the basis for modern day Libreboot. -May 2021 Libreboot release --------------------------- +### May 2021 Libreboot release Somewhat annoyingly, it coincided with the Freenode/Libera drama at that time, when the latter forked from Freenode after a hostile takeover. Thankfully, that drama ended quickly and we ended up with Libera being the clear winner. Anyway: I finally did get a new Libreboot release out, based on the work that -I had started in osboot, but at that time still complying with the GNU Free -System Distribution Guidelines, like 2016 Libreboot did. +I had started in osboot, but at that time Libreboot had the blob-free policy. I did not use any of the work in the *Paper* re-write. I used precisely zero lines of code from Sebastian and Andrew's work. I did it all myself. My decision @@ -1181,23 +1131,22 @@ in about 5 years, at that point, and it added many new boards. It inherited all of the massive build system design improvements from osboot. Osboot from 2021-2022 -==================== +---------------------- The *osboot* project continued, since December 2020 when it started. I started adding many new boards to it. The purpose of Osboot was the same as Libreboot, -except that it had the [Binary Blob Reduction Policy](policy.md) that Libreboot -now uses, but back then, Libreboot adhered to GNU FSDG. +except that it had the [Binary Blob Reduction Policy](policy.md) instead. +This is the policy that *modern* Libreboot uses, since merging with osboot. -Goals of osboot ---------------- +### Goals of osboot I *wanted* to start a project like osboot much earlier, in 2017. In fact, I was going to, but real life got in the way and I went on hiatus for a few years. -I concluded as early as 2017 that the FSDG policy was a liability, especially +I concluded as early as 2017 that the no-blob policy was a liability, especially after `me_cleaner` became available. I realised that there were many more machines out there, that I then considered acceptable from a software freedom -perspective, even if they did not comply with FSF RYF or GNU FSDG; I regard -the FSF policy as overly dogmatic, and I've always thought so, but in practise +perspective, even if they did require an additional blob or two; I regard +the no-blob policy as overly dogmatic, and I've always thought so, but in practise it didn't hurt anything because Intel ME was always a problem. I didn't know ME neutering was possible, until I found out about `me_cleaner` - I would never provide anyone with a setup that uses a non-neutered ME, because of the networking @@ -1212,7 +1161,7 @@ and opened up a lot more machines for me. But to do that, I had to abandon Libreboot policy. Hence, osboot was born. Libreboot policy was a liability to the free software movement, because it limited the amount of free software that people could easily use. Remember, nothing else as easy to use as Libreboot -existed, within the coreboot community. I saw that many people have machines +existed, among coreboot-based projects. I saw that many people have machines which *can* have most of the proprietary firmware replaced with free software, namely coreboot, but Libreboot set very arbitrary limits on what boards I could add. These restrictions *became* a liability to the project. @@ -1240,7 +1189,7 @@ Nowadays, that is completely [automated](../docs/install/ivy_has_common.md), based on initial work done in osboot by Caleb La Grange. Caleb adapted logic from Heads that extracts Intel ME images from Lenovo UEFI firmware updates, thus eliminating the need for vendor firmware dumps prior to flashing; though, -backing up the factory firmware is still recommended, on any mainboard. +backing up the factory firmware is still recommended, on any motherboard. I later expanded Caleb's work, making the logic much more generic, expandable more easily to other boards/vendors and platforms. I also added support for @@ -1248,8 +1197,7 @@ other files such as Intel MRC firmware and SMSC KBC1126 EC firmware (KBC1126 EC firmware extraction was only done in Libreboot, after it merged with osboot - more on this later) -November 2022: osboot/libreboot merger -------------- +### November 2022: osboot/libreboot merger I *shut* down the osboot project, formerly hosted on *osboot.org*, during November 2022. The website was redirected to Libreboot. I then added all @@ -1268,16 +1216,26 @@ everyone supported this move. Sure enough, I saw a relative lack of opposition to it; though, some of the more dogmatic members of the FSF were quite upset. This level of upset later caused.... well, that's what I'm going to cover next. -GNU Boot -======== +Cold Boot War +------- + +This period of Libreboot's history involved a massive amount of extreme and +hostile competition between the Libreboot project and a *hostile fork* of +Libreboot started by the FSF (now a GNU project). Libreboot fought hard to ensure +that it, the *real* Libreboot project, the one on libreboot.org, survived, +because the FSF literally tried to destroy it. They made no secret of it, and +even publicly announced such intentions at their LibrePlanet 2023 conference. + +Much of the remainder of this article will cover this period, and its aftermath. +This period of Libreboot's history is called the *Cold Boot War*. SPOILER ALERT: +Libreboot won. The purpose of today's article has been to write a rigorous history section for the Libreboot project, because a lot of earlier history for the project wasn't available. Many of Libreboot's early years were turbulent, and I never expected then that the project would last 5 years, let alone 10. -Initial hostile fork --------------------- +### FSF's hostile fork During Libreplanet 2023, which is the FSF's annual conference, the FSF, through Denis Carikli who is part of their inner circle, announced a *hostile fork* of @@ -1322,22 +1280,21 @@ in 2017. I don't feel bad about what I did. What they did is widely considered to be a *dick move* in the free software movement; it is widely considered impolite to fork an active project and use the same name. The unwritten rule is always -that you use a new name. It's more than that though: in their initial fork, and -also in GNU Boot, they didn't just say: this is what we are, what we do and why -you should use our product. No. They put a paragraph in their documentation, +that you use a new name. It's more than that though: in the FSF's fork, they +didn't just say: this is what we are, what we do and why you should use our +product. No. They put a paragraph in their documentation, urging people to *delete* links to libreboot.org, and link to them. *They were out for blood*. -Fork attempt 2: GNU Boot ------------------------- +### FSF's 2nd fork attempt So I've responded in kind, ever since. Regardless of whether they succeed or whether they are competent, a thought exists in their head. A dream, you could say. Their dream is a world in which Leah Rowe and Libreboot no longer exist. They wanted to destroy me. It's evident in Denis's LP2023 talk, where he said he wanted to "continue" the Libreboot project. In his mind, there is no room for -disagreement over policy; it's FSDG or nothing. I had to play by their rules, -or go home. +disagreement over policy; it's their way or nothing. I had to play by their +rules, or go home. During that time, and subsequently, I and others had repeatedly put pressure on them to rename. I personally came up with the name *GNU Boot* - and suggested @@ -1345,18 +1302,20 @@ that they use it. It's a name that I myself came up with several years prior, when I was considering whether to work for GNU again *myself*, but as an actual fork of coreboot. The name just works. -They did rename, to GNU Boot, but only after I forced them to do so. I forced +GNU did rename their project, but only after I forced them to do so. I forced them to do so, by exposing the moral bankrupcy on their part, in their initial -effort to steal the Libreboot name. +effort to steal the Libreboot name. Their initial plan was to create a newly +established *GNU Libreboot* project. The name that they *now* use was created +by me, and I made them use it. -On this day, GNU Boot 0.1 RC3 was imminent for release, on this day, and it +By 2023-12-12, GNU's fork had a new RC imminent for release, on this day, and it was still based largely on Libreboot 20220710, with only superficial changes on top of it. it still has all the old, obsolete revisions for all projects, including coreboot. It still has all of the same bugs, that Libreboot has since fixed, especially during 2023. Libreboot is *vastly* superior, in every way. -Unlike with their first attempt, GNU Boot is fully hosted on the GNU Savannah -infrastructure, as any proper GNU project should be. I *respect* the GNU Boot +Unlike with their first attempt, GNU's new project is hosted on the GNU Savannah +infrastructure, as any proper GNU project should be. I *respect* the latter GNU project more, because it is its own thing, that doesn't try to ride off of my coattails. However, my perception of them is permanently coloured by their initial hostile actions; and the only reason they ceased such actions was @@ -1368,8 +1327,7 @@ So, my strategy has been to constantly develop Libreboot from now on, much more aggressively, and generally stay on top of my game. And I made no secret of this strategy; I've been pretty open about everything, throughout 2023. -Countercoup ------------ +### Countercoup My countercoup has essentially consisted of a single strategy: be the best, on a technical level. During all of 2023, roughly 5x as much work has gone into @@ -1424,18 +1382,18 @@ I also previously wrote about each of the three audits during 2023: and now: -Canoeboot ---------- +### Canoeboot -Purely for my own entertainment, I decided to re-create FSDG Libreboot *myself*. -FSDG is the policy that GNU Boot uses, that Libreboot previously used, before -it adopted the modern [Binary Blob Reduction Policy](policy.md) - GNU Boot -started, specifically because it opposed the new policy in Libreboot. +Purely for my own entertainment, I decided to re-create blob-free +Libreboot *myself*, exactly the same one that Libreboot used in the past, before +it adopted the modern [Binary Blob Reduction Policy](policy.md) - GNU started +their new project, specifically because it opposed the new policy in Libreboot. -Well, GNU Boot seemed to be going nowhere fast. I monitor their Git activity +Well, GNU's fork seemed to be going nowhere fast. I monitor their Git activity daily, and their development pace is much slower than mine; slower than mine, even when I'm going slow. I thought to myself: what if a *competently* -engineered solution existed, like GNU Boot but not? +engineered solution existed? One maintained by someone who's been doing this +for over a decade? And thus, [Canoeboot](https://canoeboot.org/) was born. I still mainly develop Libreboot, but I spend a few hours after each release, bringing Canoeboot up @@ -1447,11 +1405,11 @@ Canoeboot is even listed on the FSF's Topham approved it, he's the FSF's current licensing and compliance manager, at least on 12 December 2023. -The purpose of Canoeboot is to simply exist, complying with GNU Boot policy -while being superior to it in every way, outcompeting it so fast that the -GNU Boot project is constantly behind - it's done, specifically to demonstrate +The purpose of Canoeboot is to simply exist, adhering to the no-blob policy +while being superior to GNU in every way, outcompeting it so fast that GNU's +own project is constantly behind - it's done, specifically to demonstrate the superiority of Libreboot policy, by showing what Libreboot *would have -been*, if it didn't adopt the new policy. +been*, if it didn't adopt the [Binary Blob Reduction Policy](policy.md) policy. The FSF failed in its coup. My countercoup was a success. I madly beat them at their own game. The FSF's strategy *might* have worked, if I hadn't been so @@ -1469,38 +1427,43 @@ new Libreboot release. I actually *describe* how this syncing is done, in great detail, on Canoeboot's [about page](https://canoeboot.org/about.html) - and the first Canoeboot release was done, based on the latest Libreboot release at that time, in only 2 days, with all of Libreboot's vast improvements in it -compared to GNU Boot. As of this day, 12 December 2023, Canoeboot is about 1 -year ahead of GNU Boot in terms of code development, and 2 years ahead on the -writing of documentation. Conversely, GNU Boot is 1 year and 2 years out of +compared to GNU's work, or lack thereof. As of this day, 12 December 2023, +Canoeboot is about 1 year ahead of GNU in terms of code, and 2 years ahead on +the writing of documentation. Conversely, GNU is *1 year* and *2 years* out of date, in terms of code and documentation respectively. 2024 reconciliation intentions -============================== +------------------------------ -The *FSF* started the coldboot war. Libreboot merely won it. +### End of the Cold Boot War + +The *FSF* started the coldboot war. Libreboot merely won it, decisively. From 2024 onward, unless more hostilities develop from FSF/GNU's side, I intend -to adopt a more conciliatory approach toward GNU Boot. I won the battle of 2023. +to adopt a more conciliatory approach toward GNU/FSF. I won the battle of 2023. I won the *cold boot war*, but the real battle is this: how do we get free boot firmware to non-technical end users, efficiently and reliably? The answer to -that question is projects such as Libreboot, or indeed others like GNU Boot, -Heads, Skulls, MrChromebox... you name it. Distros, designed similarly to -Linux distros, but for building boot firmware instead. +that question is projects such as Libreboot, or indeed others like, Heads, +Skulls, MrChromebox... you name it. Distros, designed similarly to Linux +distros, but for building boot firmware instead. + +The *first* coldbootwar occured between 19 March 2023 and 31 December 2023, +described in the article above. Much of 2023 was spent counteracting the FSF's coup, because they were hostile to the Libreboot project, but I decided that I will avoid any such counter action from now on. I will stil develop Canoeboot, but my main focus is Libreboot. My conclusion is that, so long as my own efforts exist, and I keep -working on everything, the GNU Boot project is no threat to Libreboot whatsoever. +working on everything, the GNU project is no threat to Libreboot whatsoever. -Towards the end of 2023, there *was* in fact cooperation, between the GNU Boot +Towards the end of 2023, there *was* in fact cooperation, between the GNU project and Libreboot projects, in the form of small patches; Denis Carikli sent a few patches and reports to Canoeboot and the Untitled Static Site Generator, and I did similar for the GNU boot project. The FSF themselves even decided to accept Canoeboot, on their Free Software Directory. See: -My only issue with GNU Boot at the start of 2023 was that they wanted +My only issue with GNU and FSF at the start of 2023 was that they wanted to *replace* the Libreboot project, by using the same name. They *did* try to destroy the Libreboot project, and take it for themselves. Things pretty much calmed towards the end of 2023, and now the two projects/communities operate @@ -1515,17 +1478,34 @@ anymore; to do so was necessary, when they themselves did the same, because the FSF is a well-funded organisation with much bigger reach and would walk all over me if I allowed it, so it was necessary to show strength. -However, throughout 2024, GNU Boot has essentially been a dead project; they -haven't done any work on their build system of any consequence, and haven't -even updated their documentation that heavily. Their main focus was on -integrating the Untitled Static Site Generator into their infrastructure, -which otherwise relies heavily on TexInfo documents and CVS (Untitled relies on -Markdown and Git heavily - the FSF actually made a special rsync server for -GNU Boot to manually upload HTML files to, generated by Untitled, which they -wrapped around directly, within the GNU Boot build system). +I don't start fights; I only finish them, decisively and without fear or +prejudice. Aside from minor acts on GNU's part, they have largely left me well +alone since the end of 2023, and my intention is to leave them alone. I have +at times perhaps been guilty of overthinking, but I basically don't care about +the FSF or GNU at this point. + +My intention is that the FSF promote *Canoeboot*, much like they did with the +old Libreboot, prior to policy change. GNU Boot can do whatever it wants, I +don't really care; so long as they're not taking potshots at Libreboot. FSF can +also promote their own project (GNU Boot), as they have; there's room for both. +It'd be nice if GNU Boot criticised coreboot instead of Libreboot; coreboot is +the project that includes binary blobs, Libreboot merely tries to make the best +of a situation that is not ideal, while not being dogmatic; Canoeboot and GNU +Boot are dogmatic answers to the same issue, namely that hardware vendors suck. +Prior to Libreboot's policy change, Libreboot was not a fork of something; it +was its own original distribution, and it criticized the hardware vendors and +coreboot for not being firm enough with them - and this is a criticism that +I still have, today, and always will have. What more is there to say? GNU chose +to see me as its enemy, even though I'm ideologically very much in line with it +and wish to see its goals advanced to the fullest; the only difference with +Libreboot is the exact method by which this is strived for, a methodology that +they (the GNU project) vehemently disagree with. Libreboot's instrument is +the [Binary Blob Reduction Policy](policy.md), while Canoeboot's is +the [Binary Blob Extermination Policy](https://canoeboot.org/news/policy.html), +and Canoeboot's policy is very much identical to GNU's own policy document. Last remarks -============ +----------- I've pretty much gone through the entire history, to the best of my ability. I probably did forget a few things, but these are the broad strokes. If you @@ -1542,7 +1522,7 @@ your patience and your courage with a cool easter egg: The `minifree.org` domain name initially hosted a website that was teaching people how to use VPNs and Tor, and it contained information about how to -be private on the internet. I later planned on making it into an FSDG-compliant +be private on the internet. I later planned on making it into a blob-free fork of *Puppy Linux* - because Puppy is small, lightweight, and mini is another word for *small*, and it was to be a fully free distribution, containing no blobs, not even firmware. Minifree GNU/Linux. I later scrapped the plan, and @@ -1552,3 +1532,19 @@ the erstwhile *gluglug* domain then redirecting to it, and I registered Minifree Ltd in the UK. Minifree is how I fund the Libreboot project, by selling computers with Libreboot pre-installed. You can find it on [minifree.org](https://minifree.org/). + +*January 2025 update removed; hostilities briefly resumed, resulting from +accusations made by the GNU project against Libreboot and against me personally, +in a talk that they made at 38c3, but I've since decided to disregard it as being +that Adrien Bourmault simply doesn't know his place and spoke out of turn - I've +since begun discussions with the FSF and its executive director is remarkably +intelligent and decent, something I did not expect given my prior history - +more will be said about this, possibly, in future news updates, but not as +further updates to this 2023 article that you are currently reading. Good day!* + +*Some language on this page has been toned down, while not altering the substance +of this article in any way, and without removing any of the history or otherwise +any other information presented here. I remain wary of course, but my focus is +simply on Libreboot and Canoeboot - those people in GNU Boot such as Adrien +simply do not think the way I do and would likely never work with me. That is +why they have their project, and I have mine!!* diff --git a/site/news/10.md.description b/site/news/10.md.description new file mode 100644 index 0000000..8e81f36 --- /dev/null +++ b/site/news/10.md.description @@ -0,0 +1 @@ +Tenth year anniversary and history of the Libreboot project, as of December 2023. Libreboot development has often been turbulent, and full of twists. diff --git a/site/news/MANIFEST b/site/news/MANIFEST index a407bdf..441e34e 100644 --- a/site/news/MANIFEST +++ b/site/news/MANIFEST @@ -1,3 +1,10 @@ +libreboot2506.md +revisions.md +libreboot2504.md +libreboot20241206rev11.md +libreboot20241206rev10.md +schedule.md +libreboot20241206rev8.md libreboot20241206.md libreboot20241008.md audit6.md diff --git a/site/news/argon2.md b/site/news/argon2.md index 1703ddc..0ad2d60 100644 --- a/site/news/argon2.md +++ b/site/news/argon2.md @@ -4,8 +4,8 @@ -Introduction -============ +Free as in... PHC +------------------------ The GRUB payload has supported LUKSv2 for a long time, but only with the old-school PBKDF2 key derivation method; most Linux dm-crypt setups on LUKSv2 @@ -25,8 +25,10 @@ had been done, and I then merged Nicholas's work into Libreboot. Thank you, Nicholas! Thanks also go to [Axel](https://axelen.xyz/) who is the author of the original work that Nicholas imported from Archlinux AUR. -Why does this matter? ---------------------- +The work on AUR, and Nicholas's update based on it, was ultimately based on +the work done by Patrick Steinhardt for the GRUB project, importing PHC Argon2. + +### Why does this matter? Libreboot previously documented how to boot distros from encrypted `/boot`, which is a boon for security because it's harder to compromise a machine that @@ -46,8 +48,7 @@ Argon2 is the newer key derivation preferred on modern LUKSv2 setups. It is strongly recommended that you *upgrade* to argon2id, specifically, for your setup. -How to get it -------------- +### How to get it This is unavailable in the Libreboot 20230625 release, but will be available in the next Libreboot release. @@ -59,18 +60,16 @@ you may still compile a ROM image yourself from the Libreboot build system. See: **[How to build Libreboot ROM images from source](../docs/build/)** Further reading -=============== +---------------- -PHC argon2 implementation -------------------------- +### PHC argon2 implementation This is the reference argon2 implementation, now used by Libreboot, and the upstream project for that is hosted here: -Article by Matthew Garrett --------------------------- +### Article by Matthew Garrett [PSA: upgrade your LUKS key derivation function](https://mjg59.dreamwidth.org/66429.html) by Matthew Garrett, talks diff --git a/site/news/argon2.md.description b/site/news/argon2.md.description new file mode 100644 index 0000000..a980685 --- /dev/null +++ b/site/news/argon2.md.description @@ -0,0 +1 @@ +Argon2 KDF allows greater memory hardness, thus reducing vulnerability to bruteforce attacks. Argon2 KDF added to the GNU boot loader named GRUB. diff --git a/site/news/argon2.uk.md b/site/news/argon2.uk.md index aa639e7..a931992 100644 --- a/site/news/argon2.uk.md +++ b/site/news/argon2.uk.md @@ -5,7 +5,7 @@ Вступ -============ +------ Корисне навантаження GRUB підтримувало LUKSv2 протягом довгого часу, але тільки з старосвітовським методом формування ключа PBKDF2; більшість Linux dm-crypt встановлень на LUKSv2 @@ -25,8 +25,10 @@ AUR](https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git&id=1 Ніколас! Подяка також іде до [Аксель](https://axelen.xyz/), хто є автором оригінальної роботи, яку Ніколас імпортував з Archlinux AUR. -Чому це має значення? ---------------------- +The work on AUR, and Nicholas's update based on it, was ultimately based on +the work done by Patrick Steinhardt for the GRUB project, importing PHC Argon2. + +### Чому це має значення? Libreboot раніше документував, як завантажувати дистрибутиви з зашифрованого `/boot`, що є добрим для безпеки, тому що складніше скомпрометувати машину, яка має @@ -46,8 +48,7 @@ Argon2 є новішим формуванням ключа, якому нада ви *оновились* на argon2id, в точності, для вашого встановлення. -Як отримати це -------------- +### Як отримати це Це є недоступним для поточного випуску Libreboot 20230625, але буде доступним в наступному випуску Libreboot. Наразі, ви можете зібрати образ ROM @@ -56,18 +57,16 @@ Argon2 є новішим формуванням ключа, якому нада [Як побудувати образи ROM Libreboot з джерела](../docs/build/index.uk.md) Наступне читання -=============== +---------------- -Реалізація PHC argon2 -------------------------- +### Реалізація PHC argon2 Це реалізація argon2 для посилання, що тепер використовується Libreboot, і апстрім проект для цього розміщено тут: -Стаття Метью Гарретт --------------------------- +### Стаття Метью Гарретт [PSA: оновіть ваш LUKS метод формування ключа](https://mjg59.dreamwidth.org/66429.html) від Метью Гарретт, розповідає diff --git a/site/news/audit.md b/site/news/audit.md index e3b5176..06bd871 100644 --- a/site/news/audit.md +++ b/site/news/audit.md @@ -3,7 +3,7 @@ % 13 June 2023 Introduction -============ +------------ Literally about 200+ changes have been made to the Libreboot build system, since the last release of Libreboot. This has been the primary focus, thus far. @@ -24,8 +24,7 @@ and compiles everything from scratch, but in a way that is simplified from the perspective of the end user (almost everything is just a single command, where users are typically not required to edit any files unless they want to). -Brief summary of changes ------------------------- +### Brief summary of changes In short, the following work has been performed: @@ -50,8 +49,7 @@ is usually *why* (or *when*). Libreboot's build system tries to avoid bloat and *feature creep* when possible, intentionally refusing to implement certain features that are considered superfluous. -Example of BSD coding style on shell scripts --------------------------------------------- +### Example of BSD coding style on shell scripts One of the most common practises in BSD style in *top-down* logic, which makes programs much easier to read (in my opinion). Here is an example @@ -79,7 +77,7 @@ in the Libreboot build system, with existing scripts modified accordingly. This and other work is ongoing. Auditing of utilities -===================== +--------------------- This process has *also* been applied to some of the utilities (written in C) that Libreboot includes as part of lbmk. The following utilities have been @@ -89,8 +87,7 @@ audited: * `e6400-flash-unlock` (minor cleanup, basically removing one unused function) * `nvmutil` (massive code size reduction, minor fixes here and there) -Pledge ------- +### Pledge The `nvmutil` program was already pledged, when compiled on OpenBSD, but it was not handled well. It is now handled correctly (correct ifdef rule), and it @@ -102,19 +99,18 @@ The code has also been unveiled. See manpages: -spkmodem-recv -------------- +### spkmodem-recv This utility was *added* after the last release. It was imported from coreboot, -which in turn previously forked it from GNU GRUB. It is a receiving client for +which in turn previously forked it from GRUB. It is a receiving client for spkmodem, to provide a serial console via pulses on the standard *PC speaker*. -Libreboot's version is *heavily* re-factored, doing away with the GNU coding +Libreboot's version is *heavily* re-factored, doing away with the messy GNU coding style and replacing it with a BSD coding style (the licensing is unchanged). For reference, here is the original version from GRUB: - +https://git.savannah.gnu.org/cgit/grub.git/plain/util/spkmodem-recv.c?id=822b726b33b8dc07dd01b257a2dfcc7b07d12e2f And here is the version coreboot had, which Libreboot forked: @@ -130,7 +126,7 @@ code is conditionally *pledged* if you compile it on OpenBSD (for OpenBSD), see: Other plans for next release -============================ +---------------------------- I have a bunch of Dell/HP boards that I plan to add, which I would have added already but I've focused on the audit (which is more or less complete, now). @@ -153,7 +149,7 @@ Besides this, I also wish to: with Libreboots u-boot payload, at present). FULL list of changes so far since last release -============================================== +---------------------------------------------- Not all patches are listed below, if they are patches not relevant, or patches not currently pushed to upstream Libreboot git mirrors. The following patches diff --git a/site/news/audit.md.description b/site/news/audit.md.description new file mode 100644 index 0000000..94c24c0 --- /dev/null +++ b/site/news/audit.md.description @@ -0,0 +1 @@ +Libreboot build system audit. Libreboot's build system is constantly audited to fix bugs, improve stability and overall code efficiency. diff --git a/site/news/audit2.md b/site/news/audit2.md index 7768d23..d97ee15 100644 --- a/site/news/audit2.md +++ b/site/news/audit2.md @@ -2,8 +2,8 @@ % Leah Rowe % 11 September 2023 -Introduction -============ +Free as in freedom! +-------------------- This article pertains to the current Libreboot (lbmk) revision at this time of writing, which is `c400916e33b8870384c30b83a9ecb9cdf7121917` from 11 @@ -17,12 +17,12 @@ Great care is always taken when writing for [lbmk](../docs/maintain/), which is Libreboot's build system, but in the past, auditing was always done ad-hoc. Since the start of 2023, auditing is now a main aspect of Libreboot development, and the result has been that the *quality* of Libreboot's build system has -improved greatly. The same care has been given to documentation aswell. +improved greatly. The same care has been given to documentation as well. Many bugs have been fixed, and the Libreboot build system (lbmk) is generally much more efficient now, compared to the Libreboot 20230625 release. The main focus has been this audit, now concluded, and the next focus shall once again -be adding more mainboards to Libreboot, with a view to making a full new release +be adding more motherboards to Libreboot, with a view to making a full new release some time during September 2023. Before diving into details, here is a brief summary of the recent audit, and @@ -96,7 +96,7 @@ exhaustive: * A lot of scripts have been removed entirely, and their logic not replaced; in many cases, Libreboot's build system contained logic that had gone unused for many years. -* More reliable configs now used on desktop mainboards: SeaBIOS-only for start, +* More reliable configs now used on desktop motherboards: SeaBIOS-only for start, but GRUB still available where feasible (in the SeaBIOS menu). This makes it more fool proof for a user who might use integrated graphics and then switch to a graphics card; the very same images will work. @@ -115,7 +115,7 @@ FULL list of changes (from lbmk git log) Almost all of the changes are post-20230625 release, and almost all of them are audit-related, so I've simply pasted every commit between the last release -and now. A few of them, e.g. the new mainboard ports, are not audited-related. +and now. A few of them, e.g. the new motherboard ports, are not audited-related. Entries that give time frames such as *"14 hours ago"* are relative to today, 11 September 2023, at some time around 3PM UK time. Changes on top are @@ -135,7 +135,7 @@ newer, and changes further down are older: * d28ad6aa - build/release/roms: use -T0 on serprog tarballs (23 hours ago) * 308c21dd - build/boot/roms stragglers: properly handle errors (23 hours ago) * c16b28ef - build/release/src: re-create symlinks, don't copy (2 days ago) -* 32dcf9e5 - coreboot/qemu_x86_12mb: re-add this mainboard (2 days ago) +* 32dcf9e5 - coreboot/qemu_x86_12mb: re-add this motherboard (2 days ago) * 5aef8156 - scripts: use printf, not echo, where appropriate (2 days ago) * 76e12cd4 - update/blobs printf statements: use double quotes (2 days ago) * 84bf47b5 - scripts: better handling of printf: stdout/stderr (2 days ago) @@ -184,8 +184,8 @@ newer, and changes further down are older: * da3c9bb3 - merge config/ and resources/ (8 days ago) * a0501050 - blobs/download: don't handle ifd/gbe files (8 days ago) * 03788d14 - move ifd/gbe configs into config/ifd/ (8 days ago) -* 6ddb0e09 - run make oldconfig on coreboot/default mainboards (8 days ago) -* 19efdf9e - ich9m mainboards: use pre-assembled ifd/gbe files (8 days ago) +* 6ddb0e09 - run make oldconfig on coreboot/default motherboards (8 days ago) +* 19efdf9e - ich9m motherboards: use pre-assembled ifd/gbe files (8 days ago) * af8d8cda - add ich9m ifd/gbe files (8 days ago) * d554efae - build/release/src: copy e6430 ifd/gbe (8 days ago) * 09aae7be - build/rpi-pico-serprog: better error handling (8 days ago) diff --git a/site/news/audit2.md.description b/site/news/audit2.md.description new file mode 100644 index 0000000..28933bd --- /dev/null +++ b/site/news/audit2.md.description @@ -0,0 +1 @@ +Libreboot build system audit 2. Libreboot's build system is constantly audited to fix bugs, improve stability and overall code efficiency. diff --git a/site/news/audit3.md b/site/news/audit3.md index 865c1b0..83d4949 100644 --- a/site/news/audit3.md +++ b/site/news/audit3.md @@ -2,11 +2,13 @@ % Leah Rowe % 20 October 2023 -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** -Introduction -============ +Free software BIOS/UEFI +------------------------ This article pertains to the current Libreboot (lbmk) revision at this time of writing, which is `c7e764a3f088e2dbcacb507995476ce3082451ef` from 20 @@ -22,8 +24,7 @@ decided that I would perform *another* audit immediately, so there have been two audits (this audit, dubbed audit 3, and the previous audit 2) between now and the Libreboot 20230625 release. -Massive code size reduction ---------------------------- +### Massive code size reduction The focus has been improved error handling, general bug fixing and improving the efficiency of lbmk (in terms of speed). Reduced complexity. The focus has @@ -120,7 +121,7 @@ are also repeated below but in more detail: * All helper scripts are now under `include/`, and main scripts in `script/`, called by the main `build` script * Intel ME extraction is now provided in one function, instead of two, when - downloading vendor files per mainboard, before running it + downloading vendor files per motherboard, before running it through `me_cleaner` * Unified checking of the destination file, when downloading vendor updates. This results in more reliable checking of whether a vendor file has already @@ -156,14 +157,14 @@ are also repeated below but in more detail: * Don't use the `-B` option in make commands. * Where no-microcode ROM images are provided, ensure that the ROM hashes still match when running the vendor inject script. This is only useful on the - Dell Latitude E6400, which is otherwise blob-free but (in Libreboot) + Dell Latitude E6400, which is otherwise entirely free software but (in Libreboot) comes with or without microcode updates, and with or without the Nvidia VGA ROM (handled by vendor inject/download scripts) for dGPU variants. Verification previously failed, under certain conditions, when inserting that VGA ROM. * SECURITY: Use sha512sum (not sha1sum) when verifying certain downloads. This reduces the chance for collisions, during checksum verification. * Set GRUB timout to 5s by default, but allow override and set to 10s or 15s - on some mainboards. + on some motherboards. * Vendor scripts: don't use `/tmp` for ROM images when inserting vendor files. In case `/tmp` is a tmpfs and not much RAM is available, it is paramount that the user's file system is used instead, where there is likely greater capacity; @@ -634,7 +635,7 @@ The commits are, thus: * d28ad6aa build/release/roms: use -T0 on serprog tarballs * 308c21dd build/boot/roms stragglers: properly handle errors * c16b28ef build/release/src: re-create symlinks, don't copy -* 32dcf9e5 coreboot/qemu_x86_12mb: re-add this mainboard +* 32dcf9e5 coreboot/qemu_x86_12mb: re-add this motherboard * 5aef8156 scripts: use printf, not echo, where appropriate * 76e12cd4 update/blobs printf statements: use double quotes * 84bf47b5 scripts: better handling of printf: stdout/stderr @@ -683,8 +684,8 @@ The commits are, thus: * da3c9bb3 merge config/ and resources/ * a0501050 blobs/download: don't handle ifd/gbe files * 03788d14 move ifd/gbe configs into config/ifd/ -* 6ddb0e09 run make oldconfig on coreboot/default mainboards -* 19efdf9e ich9m mainboards: use pre-assembled ifd/gbe files +* 6ddb0e09 run make oldconfig on coreboot/default motherboards +* 19efdf9e ich9m motherboards: use pre-assembled ifd/gbe files * af8d8cda add ich9m ifd/gbe files * d554efae build/release/src: copy e6430 ifd/gbe * 09aae7be build/rpi-pico-serprog: better error handling diff --git a/site/news/audit3.md.description b/site/news/audit3.md.description new file mode 100644 index 0000000..3666712 --- /dev/null +++ b/site/news/audit3.md.description @@ -0,0 +1 @@ +Libreboot build system audit 3. Libreboot's build system is constantly audited to fix bugs, improve stability and overall code efficiency. diff --git a/site/news/audit4.md b/site/news/audit4.md index bb205a8..f554e5d 100644 --- a/site/news/audit4.md +++ b/site/news/audit4.md @@ -2,11 +2,13 @@ % Leah Rowe % 31 December 2023 -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** -Introduction -============ +Free/open source BIOS +-------------------- This article pertains to the current Libreboot (lbmk) revision at this time of writing, which is `11a821637d8a36f4a72001ef8d8c41952f066cc3` from 31 @@ -20,8 +22,7 @@ Audit 3](audit3.md), which coincided with the [Libreboot 20231021](libreboot20231021.md) release, right up to [Libreboot 20231106](libreboot20231106). -Modest code size reduction --------------------------- +### Modest code size reduction The main purpose of audit 4 has been to *finish* audit 3. More logic has been generalised, and *another* sloccount reduction has been observed: 1618 SLOC in @@ -80,7 +81,7 @@ And now, specific changes: * `script/build/serprog`: Return error status (exit) if basename fails, when processing various board targets available on stm32/rp2040 projects. Patch courtesy of Leah Rowe. -* **NEW BOARD:** HP 8300 CMT mainboard, added by Riku Viitanen, who worked +* **NEW BOARD:** HP 8300 CMT motherboard, added by Riku Viitanen, who worked on it with a tester in the IRC channel. * Fixed implicit typecasting bug on flashprog 1.2 source code, thus preventing a build issue (tested on Debian 12.2). Patch courtesy of Leah Rowe. @@ -284,7 +285,7 @@ And now, specific changes: re-used by other planned ports for Dell latitudes in lbmk. Patch courtesy of Nicholas Chin. -Exact git log, relative to 20231106: +### Exact git log, relative to 20231106: ``` * 11a82163 Bump GRUB to 2.12 release diff --git a/site/news/audit4.md.description b/site/news/audit4.md.description new file mode 100644 index 0000000..3012987 --- /dev/null +++ b/site/news/audit4.md.description @@ -0,0 +1 @@ +Libreboot build system audit 4. Libreboot's build system is constantly audited to fix bugs, improve stability and overall code efficiency. diff --git a/site/news/audit5.md b/site/news/audit5.md index 8de0178..f25ccee 100644 --- a/site/news/audit5.md +++ b/site/news/audit5.md @@ -6,7 +6,7 @@ about the [Libreboot 20240612 release](libreboot20240612.md).** Introduction -============ +------------ Libreboot is a free/opensource boot firmware project. It replaces your proprietary BIOS/UEFI firmware, on supported x86 and ARM computers. It does @@ -17,7 +17,8 @@ controller all way to peripherals, readying the hardware so that it can run software, e.g. Linux/BSD operating systems. You can essentially think of *lbmk*, which is Libreboot's build system, as a *source-based package manager*. It is what the Libreboot releases are built with. The *lbmk* build system essentially -implements a *coreboot distro*, the same way you might think of a Linux +implements a *[coreboot distro](../docs/maintain/)*, +the same way you might think of a Linux distribution. Extensive auditing has been performed on lbmk, since the Libreboot 20240504 @@ -31,8 +32,7 @@ revision `2ee186aee3aa3ab9619ed9549bd3b82909dcfbd0` from 9 June 2024. You can read about the *previous* audit in the article for [Libreboot Build System Audit 4](audit4.md). -Modest code size reduction --------------------------- +### Modest code size reduction There are 1482 lines of shell script in the build system, versus 1680 in the Libreboot 20240504 release. Libreboot's build system is written purely in @@ -42,12 +42,11 @@ This is a difference of 198 lines, or a 12% reduction. Despite the reduction, numerous features have been added and a large number of bugs were fixed. Summarised list of changes -========================== +-------------------------- Changes are in order per category, from newest to oldest: -Feature changes ---------------- +### Feature changes * **Download crossgcc tarballs as dependencies, when cloning coreboot.** We previously relied on the coreboot build system, which automatically fetches @@ -102,10 +101,10 @@ Feature changes * **GRUB is now a multi-tree project.** Each given coreboot target can specify which GRUB tree it wants to use, each containing its own revision and patches, with its own GRUB configuration file. This can be used later on - to provide specific optimisations on each given mainboard, but it is used + to provide specific optimisations on each given motherboard, but it is used at present to exclude xHCI patches on boards that don't need it; please also read the bugfix section (of this audit report) pertaining to this same topic, - for more context. Before this change was implemented, all mainboards used + for more context. Before this change was implemented, all motherboards used the exact same GRUB revision, with the same patches and the same config. * grub.cfg: scan `grub2/` last, on each given device/partition; this speeds up the boot time in most tests, because most setups use `grub/`, @@ -139,7 +138,7 @@ Feature changes * script/roms: Allow to override `grub_scan_disk` via `-s`, for example: `./build roms -s nvme t1650_12mb` * **grub.cfg: Use `grub_scan_disk` to set boot order (rather, boot order by - device type).** It is possible now to configure each mainboard with this + device type).** It is possible now to configure each motherboard with this variable, so that certain types of devices are scanned in a precise order; for example, scan NVMe SSDs first. * **include/git.sh: Allow manual override of `git submodule` handling**, instead @@ -154,7 +153,7 @@ Feature changes later changed so as to be the ONLY method for downloading submodules, skipping the actual git-submodule-update command entirely, on all projects.* * **Native NVMe driver added to the GRUB payload**, allowing users to boot from - NVMe SSDs where present on a given mainboard. The patch is courtesy of + NVMe SSDs where present on a given motherboard. The patch is courtesy of Mate Kukri, who ported SeaBIOS's own NVMe driver, converting all of the code to run properly within GRUB's own kernel. NVMe SSDs are now fully bootable on all machines that can have them, offering vastly superior @@ -182,8 +181,7 @@ Feature changes * Removed all status checks from script/roms (formerly script/build/roms), because it's better to document this instead, and rely on testing regardless. -Bug fixes ---------- +### Bug fixes Some of these changes fix actual issues that were found in testing, while others were fixed *before* being triggered/reported and are thus *preventative @@ -299,12 +297,12 @@ The changes are, from newest to earliest: one you're reading about now so that they can be fixed, like this one was!) * **Re-configured GRUB so that only the Haswell and Broadwell machines contain xHCI support**, where it doesn't cause any issues (and is required), while - other mainboards use a version of GRUB that lacks support for xHCI. This is a + other motherboards use a version of GRUB that lacks support for xHCI. This is a mitigations against the bug reported in [lbmk issue 216](https://codeberg.org/libreboot/lbmk/issues/216). This is done, by using the new *multi-tree* GRUB handling, which is mentioned above in in the section (of this audit report) pertaining to *feature changes*, whereby - each mainboard can have its own GRUB revisions and patches, with its own + each motherboard can have its own GRUB revisions and patches, with its own GRUB configuration file (that could be uniquely optimised for it). * **Fix vboot build issue when running lbmk in i686 (32-bit) host machines**. The patch, courtesy of *Luke T. Schumaker*, adapts vboot's vmlinuz extract @@ -348,12 +346,12 @@ The changes are, from newest to earliest: supported a configuration whereby SeaBIOS reads a `bootorder` file in CBFS, making it try to run the GRUB payload first, while still allowing you to interrupt by pressing ESC to bring up an alternative boot select menu. This - is now the *default*, on all x86 mainboards. This is a mitigation against + is now the *default*, on all x86 motherboards. This is a mitigation against future instability in GRUB because, if such issues happen again, it will not cause a brick since you can just use SeaBIOS instead, and skip booting to the GRUB payload (on the affected machines, BIOS GRUB still worked, which your distro provides and SeaBIOS executes it). *NOTE: GRUB was later made - into a multi-tree project, with certain mainboards using a version that + into a multi-tree project, with certain motherboards using a version that has the xHCI patches, if required, because the machines that actually need xHCI support were not affected by the bug referenced in issue 216.* * Main build script: Check SUID before checking Git name/email, otherwise the @@ -417,8 +415,7 @@ The changes are, from newest to earliest: * Main build script: exit (with error status) if not running directly from the root of the lbmk work directory. -General code cleanup --------------------- +### General code cleanup In addition to *general* very sweeping code cleanup, condensing code lines where possible and so on: @@ -544,13 +541,12 @@ where possible and so on: * script/build/roms: split up `main()` into multiple smaller functions Revision updates -================ +---------------- Some revisions were updated as part of standard routine, but happened to be done during this audit. Those updates are as follows: -SeaBIOS -------- +### SeaBIOS Bump SeaBIOS to revision `e5f2e4c69643bc3cd385306a9e5d29e11578148c`, which has these changes relative to the old one: @@ -580,8 +576,7 @@ these changes relative to the old one: * a6ed6b70 limit address space used for pci devices. ``` -Flashprog ---------- +### Flashprog Updated to revision 5b4fdd1 from 2 May 2024, rebasing the MX workaround patch. @@ -652,7 +647,7 @@ Flashrom, lead by Nico Huber after a dispute with the new leadership of Flashrom, and it was felt that Flashprog is a better choice for Libreboot. Git log -======= +------- This entire set of changelogs is based on the precise Git history in lbmk, relative to Libreboot 20240504 which is from where the audit began. @@ -678,7 +673,6 @@ The latest changes are listed first, going all the way down to earlier changes: * 9cdf4192 git.sh: further simplify nuke() * 1cede024 git.sh: simplify link_crossgcc() * 77e482aa git.sh: simplify nuke() -* 42e97950 Merge pull request 'Add dependency scripts for Fedora 40 and Ubuntu 24.04' (#220) from fuel-pcbox/lbmk:master into master |\ | * 046007b4 Add dependency scripts for Fedora 40 and Ubuntu 24.04 * | a0eb79df add crossgcc tarballs to config/submodules/ diff --git a/site/news/audit5.md.description b/site/news/audit5.md.description new file mode 100644 index 0000000..be1c3c1 --- /dev/null +++ b/site/news/audit5.md.description @@ -0,0 +1 @@ +Libreboot build system audit 5. Libreboot's build system is constantly audited to fix bugs, improve stability and overall code efficiency. diff --git a/site/news/audit6.md b/site/news/audit6.md index eaa6b89..75544c6 100644 --- a/site/news/audit6.md +++ b/site/news/audit6.md @@ -5,8 +5,8 @@ Heavy amount of code reduction in this audit, and general cleanup. A new Libreboot release is planned, for the early days of August 2024. -Introduction -============ +Efficient software freedom +-------------------------- Libreboot is a free/opensource boot firmware project. It replaces your proprietary BIOS/UEFI firmware, on supported x86 and ARM computers. It does @@ -17,7 +17,8 @@ controller all way to peripherals, readying the hardware so that it can run software, e.g. Linux/BSD operating systems. You can essentially think of *lbmk*, which is Libreboot's build system, as a *source-based package manager*. It is what the Libreboot releases are built with. The *lbmk* build system essentially -implements a *coreboot distro*, the same way you might think of a Linux +implements a *[coreboot distro](../docs/maintain/)*, +the same way you might think of a Linux distribution; it systematically downloads, resets (to specific revisions) and patches various upstream project sources such as coreboot, U-Boot and GRUB, automatically building entire coreboot images. This build system is what creates @@ -37,8 +38,7 @@ revision `31f1e4dadfcc1ceecacec50dd2a14e63a44364bd` from 19 July 2024. You can read about the *previous* audit in the article for [Libreboot Build System Audit 5](audit5.md). -Notable code size reduction --------------------------- +### Notable code size reduction There are 1109 lines of shell script in the build system, versus 1482 in the Libreboot 20240612 release. Libreboot's build system is written *entirely* in @@ -62,11 +62,11 @@ will be new payloads and boards, in addition to testing newer upstream revisions of projects such as coreboot, on every machine supported by Libreboot. A release is planned for early August 2024. -A *lot* of work on new ports is planned. There are a number of new mainboards +A *lot* of work on new ports is planned. There are a number of new motherboards that will be available, in the next Libreboot release. Summarised list of changes -========================== +-------------------------- The most interesting changes are marked in **bold**. "Interesting" means that the change greatly improves the usefulness/reliability of Libreboot, or that it @@ -74,8 +74,7 @@ affects the user in a profound and noticeable way. Changes are in order per category, from newest to oldest: -Feature changes ---------------- +### Feature changes Some unused features have been removed, and yet more added. The overall focus of Audit 6 has been to remove legacy cruft from lbmk, and in general to simplify @@ -98,7 +97,7 @@ The changes are as follows: enabling `CONFIG_PAYLOAD_NONE` exclusively. However, advanced users may wish to use something else such as Tianocore, which Libreboot may/will not provide (with Tianocore it's **will not**). Simply set `build_depend=""` - in the `target.cfg` file for a given mainboard, and then enable a payload + in the `target.cfg` file for a given motherboard, and then enable a payload under coreboot's menuconfig interface, or by direct modification of the defconfig file. When `CONFIG_PAYLOAD_NONE` is not set, lbmk will skip adding a payload, because it's a given that then coreboot's own build system @@ -147,7 +146,7 @@ The changes are as follows: downloading of vendor files, without needing specific hacks to be hardcoded in `script/trees`. The `./update trees -b coreboot TREE utils` command is no longer available; instead, do `./update trees -d coreboot TREE`; if - the TREE argument is instead an actual mainboard target, it also does the + the TREE argument is instead an actual motherboard target, it also does the vendor file download, if required. The `./vendor download` command is still available, and multiple board names can now be provided as argument, because for example, `./build roms x220_8mb x230_12mb` would @@ -204,12 +203,12 @@ The changes are as follows: single-tree projects, defined *by argument*, but it was quite error prone and there's no clean way to otherwise do it. We don't use the script this way, anywhere in lbmk, and users are advised the same. -* **`script/roms`: *Only* Support SeaBIOS and Sea*GRUB*, on x86 mainboards**. +* **`script/roms`: *Only* Support SeaBIOS and Sea*GRUB*, on x86 motherboards**. SeaGRUB is a configuration whereby SeaBIOS starts first, but immediately tries to load GRUB from the flash. This complements the other change, listed below. We will no longer provide configurations where GRUB is the primary payload, precisely to mitigate the same issue as described below (lbmk issue 216). - If *GRUB* is enabled, on a given mainboard, SeaBIOS-only setups are not + If *GRUB* is enabled, on a given motherboard, SeaBIOS-only setups are not provided; only SeaGRUB is provided. You can press ESC in the SeaGRUB menu, to access other boot methods besides *GRUB from flash*, so you can use it in the same way; additionally, you can remove the `bootorder` file from CBFS @@ -256,8 +255,7 @@ The changes are as follows: possible to create such a broken setup. Libreboot mitigates this fact, by avoiding such configurations. -Configuration changes ---------------------- +### Configuration changes This pertains to anything under `config/`, for any changes that are of note, but it does not pertain to *revisions* for specific projects, nor does it @@ -271,7 +269,7 @@ The changes are as follows: This mkhelper config also integrates `include/rom.sh`, containing these functions. This replicates the functionality originally provided by `script/roms`. -* coreboot: Set `build_depend` on `target.cfg` files for specific mainboards. +* coreboot: Set `build_depend` on `target.cfg` files for specific motherboards. This is used to manually specify which GRUB and SeaBIOS trees should be compiled, required when compiling for a specific target, for the next stage where a payload is added to the coreboot image, because lbmk does @@ -300,8 +298,7 @@ The changes are as follows: which is loaded per-project on multi-tree projects, before each target file. It allows easier configuration tree-wide on multi-tree projects. -Bug fixes ---------- +### Bug fixes There are fewer *acute* bug fixes in Audit 6, because bugfixes was the primary focus of *Audit 5*. The word *acute* is used, referring to triggered bugs, because @@ -463,8 +460,7 @@ The changes are as follows: could create situations where the user can longer run lbmk without intervention such as changing permission on certain files. Avoid the issue entirely. -General code cleanup --------------------- +### General code cleanup Extensive code cleanup has been performed, as was the main purpose of Audit 6. @@ -819,10 +815,9 @@ The changes are as follows: * `script/roms`: shorter variable names, condensed several functions. Revision updates -================ +---------------- -U-Boot ------- +### U-Boot Alper Nebi Yasak is the maintainer of U-Boot, within Libreboot, and submitted a patch updating U-Boot to v2024.07, on the `gru_bob` and `gru_kevin` @@ -836,7 +831,7 @@ is announced, as a priority for further work that is to be completed for the next Libreboot release, ETA August 2024. Git log -======= +-------- This git log covers all changes in this audit, relative to Libreboot 20240612. diff --git a/site/news/audit6.md.description b/site/news/audit6.md.description new file mode 100644 index 0000000..07f5fe4 --- /dev/null +++ b/site/news/audit6.md.description @@ -0,0 +1 @@ +Libreboot build system audit 6. Libreboot's build system is constantly audited to fix bugs, improve stability and overall code efficiency. diff --git a/site/news/codeberg.md b/site/news/codeberg.md index 9eb08e1..4e12b7e 100644 --- a/site/news/codeberg.md +++ b/site/news/codeberg.md @@ -3,7 +3,7 @@ % 8 April 2023 RIP Notabug -=========== +------------- Git repositories provided by Libreboot are still available via Notabug, but the Notabug site has been quite unreliable for some time now. I notice it @@ -18,8 +18,7 @@ admin (single) would fix issues, but I can't keep waiting. Libreboot was originally a member of the Peers Community, which hosts Notabug. So I had an affinity for Notabug. -Libreboot repos now hosted by Codeberg --------------------------------------- +### Libreboot repos now hosted by Codeberg I've decided to set up an account on Codeberg. You can find it here: @@ -37,8 +36,7 @@ under `util/ich9utils`, so the ich9utils repository was not needed on Codeberg (it still exists on Notabug). I'll add bucts to Libreboot's lbmk repo too (under `util/bucts/`). -Codeberg has nicer features ---------------------------- +### Codeberg has nicer features Codeberg runs on forgejo, itself a fork of Gitea, which *itself* is a fork of Gogs. *Notabug* runs on an older, modified version of Gogs, which lacks a @@ -54,8 +52,7 @@ You can send issue reports and pull requests in much the same way as before, but you will need to make a new account on codeberg.org if you don't already have one. -Notabug still available ------------------------ +### Notabug still available The notabug repositories are *still* available, and I'll still push new code to them. I push to several repositories, not just codeberg/notabug, but those @@ -66,7 +63,7 @@ so it's no longer viable for production use, but it's still viable as a backup. If codeberg is ever down, at least you'd be able to download from Notabug. Why not self-host? -================== +------------------ Forgejo, based on Gitea, is what runs on Codeberg. They host the project, on behalf of the developers. Forgejo is working on federating the git forge, so @@ -86,8 +83,7 @@ When federation becomes available, I assume Codeberg's forgejo instance will become part of that, so it just makes practical sense for Libreboot to use Codeberg. -Why not sourcehut? ------------------- +### Why not sourcehut? I considered sourcehut. I like the concept of it (mailing lists made easier, email-based collaboration) but I don't think most people will want to use that. diff --git a/site/news/codeberg.md.description b/site/news/codeberg.md.description new file mode 100644 index 0000000..0f6eb1b --- /dev/null +++ b/site/news/codeberg.md.description @@ -0,0 +1,2 @@ +Libreboot's main Git repositories were moved to Codeberg, whereas +they were previously hosted on Notabug. diff --git a/site/news/e6400.md b/site/news/e6400.md index b53dd6c..0c54300 100644 --- a/site/news/e6400.md +++ b/site/news/e6400.md @@ -1,12 +1,12 @@ -% Dell Latitude E6400 added (blob-free, no disassembly) +% Dell Latitude E6400 added to Libreboot (blob-free, no disassembly) % Leah Rowe % 19 April 2023 **UPDATE (9 May 2023): Libreboot confirmed working on variants such as [E6400 XFR, and the Nvidia GPU variant is now supported](e6400nvidia.md).** -Introduction -============ +Free as in freedom! +------------------ Today, Libreboot gained the Dell Latitude E6400 laptop port. This is a blob-less port, courtesy of Nicholas Chin (`nic3-14159` on Libreboot IRC). @@ -18,8 +18,7 @@ Libreboot already supports. You can learn more on the [Latitude flashing guide](../docs/install/latitude.md) -100% libre, blob-free ---------------------- +### 100% libre, blob-free This is a *blob-free* board in the boot flash. No Intel ME firmware needed, and [microcode can be removed if you wish](gm45microcode.md) (you should still @@ -28,8 +27,7 @@ we give them - see: [Binary Blobs Reduction Policy](policy.md)). *But wait.* There's more. A lot more of *them*, that is. -Readily available on eBay etc, and cheap ------------------------------ +### Readily available on eBay etc, and cheap Dells were much more popular than those ThinkPads, and more commonly used, so there are still *several* of these available on sites like eBay. Enough to @@ -42,8 +40,7 @@ this a very nice machine indeed. But wait.... It gets better: -Software flashing possible! (no disassembly) ---------------------------- +### Software flashing possible! (no disassembly) **NOTE (15 October 2023): The util is now called `dell-flash-unlock`, but it was previously called `e6400-flash-unlock`. Links have been updated. And diff --git a/site/news/e6400.md.description b/site/news/e6400.md.description new file mode 100644 index 0000000..db7367d --- /dev/null +++ b/site/news/e6400.md.description @@ -0,0 +1 @@ +Dell Latitude E6400 added. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/news/e6400.uk.md b/site/news/e6400.uk.md index eb79c5a..64cc732 100644 --- a/site/news/e6400.uk.md +++ b/site/news/e6400.uk.md @@ -2,11 +2,13 @@ % Лія Роу % 19 квітня 2023 року -**Please make sure to insert vendor files if using the Nvidia GPU model of -E6400. See: [flash safety](safety.md)** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** Вступ -============ +------ Сьогодні, Libreboot отримав порт ноутбука Dell Latitude E6400. Цей порт є вільним від блобів, увічливість Ніколаса Чін (`nic3-14159` на Libreboot IRC). @@ -18,8 +20,7 @@ E6400. See: [flash safety](safety.md)** Ви можете вивчити більше на [сторінці встановлення](../docs/install/latitude.md) -вільна від блобів конфігурація ------------------------------- +### вільна від блобів конфігурація Це є *вільною від блобів* платою в завантажувальній флеш-пам'яті. Прошивка Intel ME не потрібна, та [мікрокод може бути видалено, якщо ви бажаєте](gm45microcode.md) @@ -29,8 +30,7 @@ E6400. See: [flash safety](safety.md)** *Але почекайте.* Є більше. Набагато більше *цього*, так ось. -Доступно на eBay і так далі, а також дешево ------------------------------ +### Доступно на eBay і так далі, а також дешево Dell були набагато більш популярні, ніж ті ThinkPad, та більш звичайно використовувались, тому існує досі *багато* цих в доступності на сайтах, подібних @@ -43,8 +43,7 @@ eBay. Достатньо, щоб тримати людей з симпатією Але почекайте.... Стає ще краще: -Прошивка програмним забезпеченням можлива! (без розбору) ---------------------------- +### Прошивка програмним забезпеченням можлива! (без розбору) **NOTE (15 October 2023): The util is now called `dell-flash-unlock`, but it was previously called `e6400-flash-unlock`. Links have been updated.** diff --git a/site/news/e6400nvidia.md b/site/news/e6400nvidia.md index 348e076..c52c170 100644 --- a/site/news/e6400nvidia.md +++ b/site/news/e6400nvidia.md @@ -11,12 +11,12 @@ build lbmk from source, and it gets inserted automatically via download. The same ROM, if it contains the Nvidia VGA ROM, supports both variants; if the VGA ROM is missing, then only the Intel GPU variant is supported. The same ROM will work on both variants, provided for by Libreboot patching the devicetree -in coreboot, on this mainboard.** +in coreboot, on this motherboard.** Introduction -============ +------------ [Dell Latitude E6400 *with Intel GMA 4500MHD* graphics](e6400.md) was added, and included in Libreboot release 20230423 or newer. *Today*, support is now @@ -31,8 +31,20 @@ than Libreboot 20231021 only support the Intel GPU variant.** The 6400 XFR testing+photo was provided, courtesy Mark Cornick (`mcornick` on Libreboot IRC). +### Preparing a release Rom + +NOTE: Not strictly required on Intel graphics models, but still useful for +changing the MAC address. + +**Please follow this prior to flashing, or you may brick your machine.** + +Please [inject vendor files](ivy_has_common.md) prior to flashing. You can also +use this guide to change the built-in MAC address for your Intel Gigabit +Ethernet device; doing so is advisable, because otherwise you will have a +default, generic MAC address. + Dell Latitude E6400 with Nvidia GPU -=================================== +----------------------------------- This section *also* applies to E6400 XFS and ATG models. [Testers are needed!](../docs/maintain/testing.md). @@ -57,8 +69,7 @@ following pages (which have been updated, while publishing this news article): * [Dell Latitude E6400 information](../docs/install/latitude.md) -Nouveau(in Linux) currently broken ----------------------------------- +### Nouveau(in Linux) currently broken Nouveau is the libre driver in Linux, for Nvidia graphics. Nvidia themselves do not provide binary drivers anymore, for these GPUs. It crashes in Linux, @@ -72,8 +83,7 @@ Development discussion, for Nvidia variants of E6400, is available here: -OpenBSD's Nvidia driver works perfectly ---------------------------------------- +### OpenBSD's Nvidia driver works perfectly OpenBSD 7.3 was tested, on my Nvidia-model E6400, and Xorg works OK with the `nv` driver. @@ -90,8 +100,7 @@ main guide: * [BSD Operating Systems](../docs/bsd/) -FreeBSD and newer Linux (e.g. Archlinux) untested! --------------------------------------------------- +### FreeBSD and newer Linux (e.g. Archlinux) untested! [Testers needed! Please get in touch!](../docs/maintain/testing.html) @@ -100,8 +109,7 @@ and newer Linux have not yet been tested** (I plan to test *Arch Linux*), but the older Linux/Mesa version in Debian 11.6 works just fine in the Dell BIOS, and I've confirmed that it uses the exact same Video BIOS Option ROM. -Dell Latitude E6400 ATG model ------------------------------ +### Dell Latitude E6400 ATG model [Testers needed! Please get in touch!](../docs/maintain/testing.html) diff --git a/site/news/e6400nvidia.md.description b/site/news/e6400nvidia.md.description new file mode 100644 index 0000000..cbb06bb --- /dev/null +++ b/site/news/e6400nvidia.md.description @@ -0,0 +1 @@ +Advice regarding Nvidia GPUs on Dell Latitude E6400, when installing Libreboot free/opensource BIOS/UEFI boot firmware. diff --git a/site/news/fam15h.md b/site/news/fam15h.md index 6705cc5..4dad591 100644 --- a/site/news/fam15h.md +++ b/site/news/fam15h.md @@ -2,8 +2,8 @@ % Leah Rowe % 16 July 2023 -Introduction -============ +Freedom as in... again +------------------------- [Libreboot 20211122](libreboot20211122.md) was the last release to officially support these boards: ASUS KFSN4-DRE, KCMA-D8 and KGPE-D16; they were removed @@ -20,8 +20,7 @@ release of Libreboot. It was implemented with this patch: -Differences now, versus Libreboot 20211122 ------------------------------------------- +### Differences now, versus Libreboot 20211122 The following changes have been made, relative to Libreboot 20211122: @@ -43,15 +42,14 @@ The following changes have been made, relative to Libreboot 20211122: implements video initialisation in *Ada* on many platforms, but these AMD boards use AST (Aspeed) framebuffer chips, where coreboot video initialisation is written in normal C. This avoids having to deal with build issues, when - [building older Gnat with newer host - Gnat](https://gcc.gnu.org/install/prerequisites.html) + building older Gnat with newer host + Gnat: https://gcc.gnu.org/install/prerequisites.html The PIKE2008 fix from Libreboot 20211122 was retained, and it is included in today's change. This inserts an empty option ROM in CBFS, without which SeaBIOS would hang; the empty option ROM prevents SeaBIOS from loading the real one. -Dasharo firmware ----------------- +### Dasharo firmware **Libreboot does not yet integrate Dasharo.** diff --git a/site/news/fam15h.md.description b/site/news/fam15h.md.description new file mode 100644 index 0000000..c92f882 --- /dev/null +++ b/site/news/fam15h.md.description @@ -0,0 +1 @@ +Request for hardware donation of ASUS KGPE-D16. diff --git a/site/news/fedfree.md.description b/site/news/fedfree.md.description new file mode 100644 index 0000000..a1e31a0 --- /dev/null +++ b/site/news/fedfree.md.description @@ -0,0 +1 @@ +Federation of Freedom is a blog maintained by Leah Rowe, which describes some of the infrastructure of the Libreboot project, and tells you how to configure your own servers, for your own free and open source software project. diff --git a/site/news/freedom.md b/site/news/freedom.md index 361f140..8b1a549 100644 --- a/site/news/freedom.md +++ b/site/news/freedom.md @@ -14,12 +14,12 @@ Now, *ideology* is all well and good, but it must be translated into something concrete that exists in the real world. You can't get there with thought! Today, I published a follow-up article that defines how the policy -is *implemented* in practise. There has been some confusion among some members -of the community, about what the policy means in practise. +is *implemented* in practise. There has been some confusion among some fans of +the Libreboot project, about what the policy means in practise. Refer here to the new article, thus: -[Software and hardware freedom status for each mainboard supported by +[Software and hardware freedom status for each motherboard supported by Libreboot](../freedom-status.md) The article describes, in great detail, the current status of licensing for @@ -47,12 +47,12 @@ Also, a new version of Libreboot was *released* yesterday. See: It made several major fixes, and massively updated the revisions for each part used in ROM images (containing coreboot, GRUB and SeaBIOS). -I have a bunch of mainboards that I'm working on, and I hope to make another +I have a bunch of motherboards that I'm working on, and I hope to make another release available as soon as possible. My priority for the next Libreboot release is to add as many new boards as possible from coreboot, with minimal changes to the build system itself; another focus this time is on improvements to the documentation. Several installation guides are missing, for example, on -specific mainboards. +specific motherboards. Specifically, I have focus on some AMD platforms, Intel sandybridge/ivybridge, Intel Haswell and (more) GM45 platforms. Several boards exist in coreboot that diff --git a/site/news/freedom.md.description b/site/news/freedom.md.description new file mode 100644 index 0000000..3c7dae6 --- /dev/null +++ b/site/news/freedom.md.description @@ -0,0 +1,2 @@ +How does Libreboot handle vendor firmware, on boards that otherwise require it? +Libreboot's strict Binary Blob Reduction Policy is observed at all times. diff --git a/site/news/gm45microcode.md b/site/news/gm45microcode.md index 1c6d587..a9dd1dd 100644 --- a/site/news/gm45microcode.md +++ b/site/news/gm45microcode.md @@ -18,8 +18,8 @@ updates using the instructions on this page, *or* if you need pre-built ROM images, Libreboot 20220710 had no-microcode ROMs by default and it has the mitigation patches described by this article. -Introduction -============ +Free as in freedom +------------ Microcode updates provide stability and security fixes, using the files provided by coreboot, which are assembled at boot time. CPUs have microcode @@ -70,8 +70,7 @@ The patch re-adding these mitigations can be seen here: -Why? ----- +### Why? Free choice, that's why. We don't lecture anyone. We just help people. @@ -94,8 +93,7 @@ This change, today, fixes a practical violation of Libreboot policy by once again restoring such practical choice to the user. It is already said how to do so elsewhere, but I'll repeat it here in this news article for posterity: -How to add/remove microcode updates from ROM --------------------------------------------- +### How to add/remove microcode updates from ROM Extract to file on disk: diff --git a/site/news/gm45microcode.md.description b/site/news/gm45microcode.md.description new file mode 100644 index 0000000..c6a431f --- /dev/null +++ b/site/news/gm45microcode.md.description @@ -0,0 +1 @@ +Notice regarding the handling of CPU microcode updates in Libreboot, on laptops that use the Intel GM45 northbridge and ICH9m southbridge designs. diff --git a/site/news/hp2170p.md b/site/news/hp2170p.md index ebce09a..101d7d5 100644 --- a/site/news/hp2170p.md +++ b/site/news/hp2170p.md @@ -7,8 +7,8 @@ -Introduction -============ +Free software BIOS/UEFI +----------------------- HP EliteBook 2170p support was added to coreboot, in the [coreboot 4.20.1 release](https://doc.coreboot.org/releases/coreboot-4.20.1-relnotes.html) @@ -22,19 +22,10 @@ It was added in this patch: Information about the board can be found on the coreboot documentation: -This will be available in the next Libreboot release. For now, you -can [download Libreboot from Git](../git.md) and [build from -source](../docs/build/) if you wish to use this board. Read those instructions -first; with build dependencies then installed, you can build the board like -so: - - ./build roms hp2170p_16mb - Installation instructions are being written for Libreboot, but you can refer to the coreboot instructions for now. -Socketed flash IC! ------------------- +### Socketed flash IC! I love HP EliteBooks. Truly. This is the only 11 inch laptop I've ever seen that has socketed SOIC8 flash: @@ -61,10 +52,9 @@ this is no longer true. GRUB has fixed this, courtesy of a patch that Riku Viitanen sent them. Other works currently in progress -================================= +--------------------------- -More boards coming soon ------------------------ +### More boards coming soon I'm on a spree, adding more boards to Libreboot, especially HP EliteBooks. @@ -82,8 +72,7 @@ in future revisions of Libreboot: * Dell OptiPlex 9010 * Dell Precision T1650 -Another build system audit --------------------------- +### Another build system audit I've also started another audit of the Libreboot build system; the [last one](audit.md) was quite intense and a lot more work is going in for the diff --git a/site/news/hp2170p.md.description b/site/news/hp2170p.md.description new file mode 100644 index 0000000..76f64b4 --- /dev/null +++ b/site/news/hp2170p.md.description @@ -0,0 +1 @@ +HP EliteBook 2170p added. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/news/hp8200sff.md b/site/news/hp8200sff.md index b7fe26e..e566d0e 100644 --- a/site/news/hp8200sff.md +++ b/site/news/hp8200sff.md @@ -2,8 +2,8 @@ % Leah Rowe % 15 April 2023 -Introduction -============ +Free software BIOS/UEFI +---------------------------- Today, Libreboot gains its *first* desktop machine for nearly 2 years. The last one added was Acer G43T-AM3. @@ -21,8 +21,7 @@ readily available on merchant sites such as eBay. Desktop support has traditionally been much weaker in Libreboot, and this is something that should (can, and will) change. -HP EliteBook 2560p (laptop) ------------------- +### HP EliteBook 2560p (laptop) Riku is also interested in adding HP EliteBook 2560p support in Libreboot. Coreboot has support for that board. For *that* board, I committed this @@ -42,8 +41,7 @@ in the Libreboot [blobs reduction policy](policy.md), because it makes the EC firmware easier to replace with libre code (based on reverse engineering, perhaps). -Dell Optiplex 7020/9020 probably soon (testing needed) -------------------------------------- +### Dell Optiplex 7020/9020 probably soon (testing needed) I've purchased Dell Optiplex 7020 and 9020 workstations (Haswell gen), which is available for coreboot with this gerrit patch: @@ -52,8 +50,7 @@ available for coreboot with this gerrit patch: Libreboot will eventually support *all* coreboot targets. -Want to help add boards yourself? ---------------------------------- +### Want to help add boards yourself? Libreboot has the following documentation available: diff --git a/site/news/hp8200sff.md.description b/site/news/hp8200sff.md.description new file mode 100644 index 0000000..97292b9 --- /dev/null +++ b/site/news/hp8200sff.md.description @@ -0,0 +1 @@ +HP Elite 8200 SFF added. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/news/hp8200sff.uk.md b/site/news/hp8200sff.uk.md index f9e2521..1dcf1e7 100644 --- a/site/news/hp8200sff.uk.md +++ b/site/news/hp8200sff.uk.md @@ -3,7 +3,7 @@ % 15 квітня 2023 року Вступ -============ +------ Сьогодні, Libreboot отримує його *першу* настільну машину за майже 2 роки. Останнім доданим був Acer G43T-AM3. @@ -21,8 +21,7 @@ традиційно набагато слабішою в Libreboot, і це щось, що має (може, і буде) змінюватися. -HP EliteBook 2560p (ноутбук) ------------------- +### HP EliteBook 2560p (ноутбук) Ріку також зацікавлений в додаванні підтримки HP EliteBook 2560p в Libreboot. Coreboot має підтримку для тієї плати. Для *тієї* плати, я зробила commit цього @@ -42,8 +41,7 @@ Coreboot має підтримку для тієї плати. Для *тієї* це робить прошивку EC легшою для заміни на вільний код (заснований на зворотній розробці, мабуть). -Dell Optiplex 7020/9020 можливо скоро (потребує випробування) -------------------------------------- +### Dell Optiplex 7020/9020 можливо скоро (потребує випробування) Я купила робочі станції Dell Optiplex 7020 та 9020 (покоління Haswell), що доступно для coreboot з цим виправленням gerrit: @@ -52,8 +50,7 @@ Dell Optiplex 7020/9020 можливо скоро (потребує випроб Libreboot в певний момент буде підтримувати *всі* цілі coreboot. -Хочете допомогти додати плати самостійно? ---------------------------------- +### Хочете допомогти додати плати самостійно? Libreboot має наступну документацію в наявності: diff --git a/site/news/hp8200sff.uk.md.description b/site/news/hp8200sff.uk.md.description new file mode 100644 index 0000000..97292b9 --- /dev/null +++ b/site/news/hp8200sff.uk.md.description @@ -0,0 +1 @@ +HP Elite 8200 SFF added. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/news/hp820g2.md b/site/news/hp820g2.md index 7115f42..6eda589 100644 --- a/site/news/hp820g2.md +++ b/site/news/hp820g2.md @@ -23,8 +23,8 @@ Full hardware specifications can be found on HP's own website: -Introduction -============ +Free software BIOS +------------------ This is a beastly 12.5" Broadwell machine from HP, the main benefit of which is greater power efficiency (compared to Ivybridge and Haswell platforms), while @@ -43,11 +43,11 @@ This is a nice portable machine, with very reasonable performance. Most people should be very satisfied with it, in daily use. It is widely available in online market places. This page will tell you how to flash it! -All variants of this mainboard will come with Intel HD 5500 graphics, which has +All variants of this motherboard will come with Intel HD 5500 graphics, which has completely free software initialisation in coreboot, provided by *libgfxinit*. How to install Libreboot -======================== +-------------------- Refer to the [HP 820 G2 install guide](../docs/install/hp820g2.md) for more information about how to flash this board. This machine is widely diff --git a/site/news/hp820g2.md.description b/site/news/hp820g2.md.description new file mode 100644 index 0000000..bbffe53 --- /dev/null +++ b/site/news/hp820g2.md.description @@ -0,0 +1 @@ +HP EliteBook 820 G2 added. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/news/hp8470p_and_dell_t1650.md b/site/news/hp8470p_and_dell_t1650.md index 25b8a30..a871743 100644 --- a/site/news/hp8470p_and_dell_t1650.md +++ b/site/news/hp8470p_and_dell_t1650.md @@ -7,16 +7,15 @@ HP EliteBook 8470p](../docs/install/hp8470p.md) and also [Dell Precision T1650](../docs/install/t1650.md).** -Introduction -============ +Free your BIOS today! +------------------- I've ported and tested two new boards, and merged them into the `lbmk` master branch. They will be available in the next regular release: -HP EliteBook 8470p ------------------- +### HP EliteBook 8470p HP EliteBook 8470p is another IvyBridge platform, similar to other EliteBooks that Libreboot already supports, such as the HP EliteBook 9470m that Riku @@ -32,19 +31,10 @@ these AMD variants, please [contact Leah Rowe](../docs/maintain/testing.html). Another quirk: SOIC16 flash IC, but it's 16MB in size (Winbond W25Q128). -This will be available in the next Libreboot release. For now, you -can [download Libreboot from Git](../git.md) and [build from -source](../docs/build/) if you wish to use this board. Read those instructions -first; with build dependencies then installed, you can build the board like -so: - - ./build roms hp8470pintel_16mb - There is currently no documentation on the coreboot website, but installation instructions will be written for the Libreboot website. -Dell Precision T1650 --------------------- +### Dell Precision T1650 This machine is truly unique, among most desktop boards in coreboot. It's yet another IvyBridge desktop, same platform as [HP 8300 @@ -73,11 +63,6 @@ is relied upon to execute the VGA Option ROM on an add-on graphics card (the one I had was Nvidia Quadro K420, tested with the `nouveau` driver under Debian Linux). -Here's how to build ROM images for this board (make sure you have performed -the [prerequisite steps](../docs/build/) first: - - ./build roms t1650_12mb - If you want GRUB-only setup, you could configure SeaBIOS bootorder to only load the GRUB payload, and disable the SeaBIOS menu. This can be done by only booting `img/grub2` from CBFS. More info available here: @@ -96,14 +81,13 @@ would be a boon. Stick 32GB of ECC RAM with RAID10 HDDs on FreeBSD and run OpenBSD virtual servers in bhyve! Other works currently in progress -================================= +------------------------------- A similar report was made in the [HP EliteBook 2170p news page](hp2170p.md). Some of that is now done, so the list is updated (and more work is also being done): -More boards coming soon ------------------------ +### More boards coming soon I'm *still* on a spree, adding more boards to Libreboot, especially HP EliteBooks. These boards are of interest, to the Libreboot project, at this diff --git a/site/news/hp8470p_and_dell_t1650.md.description b/site/news/hp8470p_and_dell_t1650.md.description new file mode 100644 index 0000000..df4e11b --- /dev/null +++ b/site/news/hp8470p_and_dell_t1650.md.description @@ -0,0 +1 @@ +HP Elite 8470p and Dell Precision T1650 added. Libreboot is a free/opensource BIOS/UEFI firmware distro based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/news/hp_elitebooks.md b/site/news/hp_elitebooks.md index ff401c5..5807e8a 100644 --- a/site/news/hp_elitebooks.md +++ b/site/news/hp_elitebooks.md @@ -2,8 +2,8 @@ % Riku Viitanen % 23 April 2023 -Introduction -============ +Free software BIOS +------------------ ![Two HP EliteBooks side by side, both running Libreboot](https://av.libreboot.org/hp9470m/9470m+2560p.jpg) @@ -19,8 +19,7 @@ Additionally, a [long-standing bug](https://browse.libreboot.org/lbmk.git/plain/ with GRUB on coreboot now has a functional workaround which is applied automatically by Libreboot. -More to come ------------- +### More to come! Leah Rowe has recently been on a buying spree, so more Sandy/Ivy Bridge and Haswell EliteBooks are making their way to Libreboot soon. Libreboot's goal diff --git a/site/news/hp_elitebooks.md.description b/site/news/hp_elitebooks.md.description new file mode 100644 index 0000000..937ac26 --- /dev/null +++ b/site/news/hp_elitebooks.md.description @@ -0,0 +1 @@ +More HP EliteBooks added. Libreboot is a free/opensource BIOS/UEFI boot firmware distribution based on coreboot with payloads like GNU GRUB boot loader. diff --git a/site/news/kgpe-d16.md b/site/news/kgpe-d16.md index ee82e1d..839ac0c 100644 --- a/site/news/kgpe-d16.md +++ b/site/news/kgpe-d16.md @@ -5,7 +5,7 @@ **UPDATE: I have this board now. I do not require donation anymore.** Please donate a D16 machine if you can -====================================== +----------------------------------- If someone can donate one to me, that would be a great service to the Libreboot project. Preferably assembled, with CPU, cooler, working RAM (in coreboot), in @@ -23,15 +23,14 @@ and (especially) the coolers is a challenge, to say the least. If you would like to help, and have a machine to spare, please can you contact me at my email address: [info@minifree.org](mailto:info@minifree.org) -KCMA-D8 also needed -------------------- +### KCMA-D8 also needed I'm also arranging for an assembled machine with KCMA-D8 in it to be sent to me - though I'm not yet sure if that will go through, so if you have one of -those aswell, I'd be interested too. +those as well, I'd be interested too. How I plan to re-add -==================== +-------------------- Dasharo produces updated coreboot images for KGPE-D16, with source code. They took coreboot from release 4.11 and updated the code. I plan to add support in diff --git a/site/news/kgpe-d16.md.description b/site/news/kgpe-d16.md.description new file mode 100644 index 0000000..4acadfa --- /dev/null +++ b/site/news/kgpe-d16.md.description @@ -0,0 +1 @@ +Notice regarding ASUS KGPE-D16 in the Libreboot project. diff --git a/site/news/libreboot20131212.md b/site/news/libreboot20131212.md index e27ac54..e469d72 100644 --- a/site/news/libreboot20131212.md +++ b/site/news/libreboot20131212.md @@ -3,18 +3,16 @@ % 12 December 2013 r20131212 (1st release) {#release20131212} -======================= +---------------------------- - 12th December 2013 -Supported: ----------- +### Supported: - ThinkPad X60 - ThinkPad X60s -Development notes ------------------ +### Development notes - initial release - source code deblobbed diff --git a/site/news/libreboot20131212.md.description b/site/news/libreboot20131212.md.description new file mode 100644 index 0000000..6410e91 --- /dev/null +++ b/site/news/libreboot20131212.md.description @@ -0,0 +1 @@ +Libreboot 20131212 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20131213.md b/site/news/libreboot20131213.md index 6cfa6d3..436ce69 100644 --- a/site/news/libreboot20131213.md +++ b/site/news/libreboot20131213.md @@ -3,18 +3,16 @@ % 13 December 2013 r20131213 (2nd release) {#release20131213} -======================= +----------------------------------------- - 13th December 2013 -Supported: ----------- +### Supported: - ThinkPad X60 - ThinkPad X60s -Development notes ------------------ +### Development notes - added background image to GRUB2 - added memtest86+ payload to grub2 diff --git a/site/news/libreboot20131213.md.description b/site/news/libreboot20131213.md.description new file mode 100644 index 0000000..fa45d9c --- /dev/null +++ b/site/news/libreboot20131213.md.description @@ -0,0 +1 @@ +Libreboot 20131213 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20131214.md b/site/news/libreboot20131214.md index 826ff4e..9b8395f 100644 --- a/site/news/libreboot20131214.md +++ b/site/news/libreboot20131214.md @@ -3,18 +3,16 @@ % 14 December 2013 r20131214 (3rd release) {#release20131214} -======================= +----------------------------- - 14th December 2013 -Supported: ----------- +### Supported: - ThinkPad X60 - ThinkPad X60s -Development notes ------------------ +### Development notes - Added SeaBIOS payload to GRUB2 (for booting USB drives) - new grub.cfg diff --git a/site/news/libreboot20131214.md.description b/site/news/libreboot20131214.md.description new file mode 100644 index 0000000..08e7ece --- /dev/null +++ b/site/news/libreboot20131214.md.description @@ -0,0 +1 @@ +Libreboot 20131214 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140221.md.description b/site/news/libreboot20140221.md.description new file mode 100644 index 0000000..21b7c35 --- /dev/null +++ b/site/news/libreboot20140221.md.description @@ -0,0 +1 @@ +Libreboot 20140221 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140309.md.description b/site/news/libreboot20140309.md.description new file mode 100644 index 0000000..fa836b9 --- /dev/null +++ b/site/news/libreboot20140309.md.description @@ -0,0 +1 @@ +Libreboot 20140309 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140605.md.description b/site/news/libreboot20140605.md.description new file mode 100644 index 0000000..ae18e6c --- /dev/null +++ b/site/news/libreboot20140605.md.description @@ -0,0 +1 @@ +Libreboot 20140605 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140611.md.description b/site/news/libreboot20140611.md.description new file mode 100644 index 0000000..3933d7d --- /dev/null +++ b/site/news/libreboot20140611.md.description @@ -0,0 +1 @@ +Libreboot 20140611 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140622.md b/site/news/libreboot20140622.md index daa41f6..0a0bab7 100644 --- a/site/news/libreboot20140622.md +++ b/site/news/libreboot20140622.md @@ -3,34 +3,30 @@ % 22 June 2014 Release 20140622 (5th release) -============================== +-------------------------- - 7th March 2014 - revised 22nd June 2014 -Officially supported --------------------- +### Officially supported - ThinkPad X60 - ThinkPad X60s -Revision (22nd June 2014 - extra) ---------------------------------- +### Revision (22nd June 2014 - extra) - Documentation: added X60 Unbricking tutorial - Documentation: added info about enabling or disabling wifi - Documentation: added info about enabling or disabling trackpoint -Revision (22nd June 2014 - extra) ---------------------------------- +### Revision (22nd June 2014 - extra) - Documentation: Improved the instructions for using flashprog - Documentation: Improved the instructions for using cbfstool (to change the default GRUB menu) - Documentation: Numerous small fixes. -Revision notes (22nd June 2014) -------------------------------- +### Revision notes (22nd June 2014) - updated GRUB (git 4b8b9135f1676924a8458da528d264bbc7bbb301, 20th April 2014) diff --git a/site/news/libreboot20140622.md.description b/site/news/libreboot20140622.md.description new file mode 100644 index 0000000..88fb3ed --- /dev/null +++ b/site/news/libreboot20140622.md.description @@ -0,0 +1 @@ +Libreboot 20140622 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140711.md.description b/site/news/libreboot20140711.md.description new file mode 100644 index 0000000..ad0873f --- /dev/null +++ b/site/news/libreboot20140711.md.description @@ -0,0 +1 @@ +Libreboot 20140711 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140716.md.description b/site/news/libreboot20140716.md.description new file mode 100644 index 0000000..bd9c869 --- /dev/null +++ b/site/news/libreboot20140716.md.description @@ -0,0 +1 @@ +Libreboot 20140716 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140720.md b/site/news/libreboot20140720.md index 7f603e8..1b68c12 100644 --- a/site/news/libreboot20140720.md +++ b/site/news/libreboot20140720.md @@ -38,7 +38,7 @@ Revisions for r20140720 (3rd beta) (20th July 2014) (resources/grub/background/) - Updated buildrom-withgrub to use background.jpg instead of background.png -- Updated buildrom-withgrub to use gnulove.jpg aswell +- Updated buildrom-withgrub to use gnulove.jpg as well - Updated resources/grub/config/macbook21/grub\*cfg to use gnulove.jpg background. - Updated resources/grub/config/{x60,t60,x60t}/grub\*cfg to use diff --git a/site/news/libreboot20140720.md.description b/site/news/libreboot20140720.md.description new file mode 100644 index 0000000..472bbb4 --- /dev/null +++ b/site/news/libreboot20140720.md.description @@ -0,0 +1 @@ +Libreboot 20140720 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140729.md.description b/site/news/libreboot20140729.md.description new file mode 100644 index 0000000..d21f5f3 --- /dev/null +++ b/site/news/libreboot20140729.md.description @@ -0,0 +1 @@ +Libreboot 20140729 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140811.md.description b/site/news/libreboot20140811.md.description new file mode 100644 index 0000000..de35822 --- /dev/null +++ b/site/news/libreboot20140811.md.description @@ -0,0 +1 @@ +Libreboot 20140811 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140903.md.description b/site/news/libreboot20140903.md.description new file mode 100644 index 0000000..429a583 --- /dev/null +++ b/site/news/libreboot20140903.md.description @@ -0,0 +1 @@ +Libreboot 20140903 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20140911.md b/site/news/libreboot20140911.md index e8be283..566f5d8 100644 --- a/site/news/libreboot20140911.md +++ b/site/news/libreboot20140911.md @@ -3,7 +3,7 @@ % 11 September 2014 6th release (pre-release, 7th beta) -=================================== +---------------------------- - Released 11th July 2014 (pre-release) 1st beta - Revised (pre-release, 2nd beta) 16th July 2014 @@ -14,26 +14,24 @@ - Revised (pre-release, 6th beta) 3rd September 2014 - Revised (pre-release, 7th beta) 11th September 2014 -Machines still supported (compared to previous release): --------------------------------------------------------- +### Machines still supported (compared to previous release): - **Lenovo ThinkPad X60/X60s** - You can also remove the motherboard from an X61/X61s and replace it with an X60/X60s motherboard. -New systems supported in this release: --------------------------------------- +### New systems supported in this release: - **Lenovo ThinkPad X60 Tablet** (1024x768 and 1400x1050) with digitizer support - See **hardware/\#supported\_x60t\_list** for list of supported LCD panels - - It is unknown whether an X61 Tablet can have its mainboard + - It is unknown whether an X61 Tablet can have its motherboard replaced with an X60 Tablet motherboard. - **Lenovo ThinkPad T60** (Intel GPU) (there are issues; see below) - See notes below for exceptions, and **hardware/\#supported\_t60\_list** for known working LCD panels. - - It is unknown whether a T61 can have its mainboard replaced with + - It is unknown whether a T61 can have its motherboard replaced with a T60 motherboard. - T60p (and T60 variants with ATI GPU) will likely never be supported: **hardware/\#t60\_ati\_intel** @@ -43,13 +41,11 @@ New systems supported in this release: MB063LL/A, MB062LL/A) - See **hardware/\#macbook21**. -Machines no longer supported (compared to previous release): ------------------------------------------------------------- +### Machines no longer supported (compared to previous release): - **All previous systems still supported!** -Revisions for r20140911 (7th beta) (11th September 2014) --------------------------------------------------------- +### Revisions for r20140911 (7th beta) (11th September 2014) - The changes below were made in a git repository, unlike in previous releases. Descriptions below are copied from 'git log'. diff --git a/site/news/libreboot20140911.md.description b/site/news/libreboot20140911.md.description new file mode 100644 index 0000000..51a5cde --- /dev/null +++ b/site/news/libreboot20140911.md.description @@ -0,0 +1 @@ +Libreboot 20140911 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20141015.md b/site/news/libreboot20141015.md index 499081b..06e2f27 100644 --- a/site/news/libreboot20141015.md +++ b/site/news/libreboot20141015.md @@ -3,7 +3,7 @@ % 15 October 2014 Machines supported in this release: -=================================== +--------------------------------- - **Lenovo ThinkPad X60/X60s** - You can also remove the motherboard from an X61/X61s and replace @@ -13,12 +13,12 @@ Machines supported in this release: digitizer support - See **hardware/\#supported\_x60t\_list** for list of supported LCD panels - - It is unknown whether an X61 Tablet can have its mainboard + - It is unknown whether an X61 Tablet can have its motherboard replaced with an X60 Tablet motherboard. - **Lenovo ThinkPad T60** (Intel GPU) (there are issues; see below): - See notes below for exceptions, and **hardware/\#supported\_t60\_list** for known working LCD panels. - - It is unknown whether a T61 can have its mainboard replaced with + - It is unknown whether a T61 can have its motherboard replaced with a T60 motherboard. - See **future/\#t60\_cpu\_microcode**. - T60p (and T60 variants with ATI GPU) will likely never be supported: @@ -29,8 +29,7 @@ Machines supported in this release: MB063LL/A, MB062LL/A) - See **hardware/\#macbook21**. -Changes for this release (latest changes first, earliest changes last) ----------------------------------------------------------------------- +### Changes for this release (latest changes first, earliest changes last) - Updated coreboot (git commit 8ffc085e1affaabbe3dca8ac6a89346b71dfc02e), the latest at the time of diff --git a/site/news/libreboot20141015.md.description b/site/news/libreboot20141015.md.description new file mode 100644 index 0000000..4fdb700 --- /dev/null +++ b/site/news/libreboot20141015.md.description @@ -0,0 +1 @@ +Libreboot 20141015 release. diff --git a/site/news/libreboot20150124.md b/site/news/libreboot20150124.md index 23f3cc4..a2d3814 100644 --- a/site/news/libreboot20150124.md +++ b/site/news/libreboot20150124.md @@ -3,7 +3,7 @@ % 24 January 2015 Machines supported in this release: -=================================== +--------------------------------- - **Lenovo ThinkPad X60/X60s** - You can also remove the motherboard from an X61/X61s and replace @@ -13,13 +13,13 @@ Machines supported in this release: digitizer support - See **hardware/\#supported\_x60t\_list** for list of supported LCD panels - - It is unknown whether an X61 Tablet can have it's mainboard + - It is unknown whether an X61 Tablet can have it's motherboard replaced with an X60 Tablet motherboard. - **Lenovo ThinkPad T60** (Intel GPU) (there are issuesinstall/x200\_external.html; see below): - See notes below for exceptions, and **hardware/\#supported\_t60\_list** for known working LCD panels. - - It is unknown whether a T61 can have it's mainboard replaced + - It is unknown whether a T61 can have it's motherboard replaced with a T60 motherboard. - See **future/\#t60\_cpu\_microcode**. - T60p (and T60 laptops with ATI GPU) will likely never be @@ -38,8 +38,7 @@ Machines supported in this release: MB063LL/A, MB062LL/A) - See **hardware/\#macbook21**. -Changes for this release (latest changes first, earliest changes last) ----------------------------------------------------------------------- +### Changes for this release (latest changes first, earliest changes last) - grub.cfg: Added (ahci1) to list of devices for ISOLINUX parser (CD/DVD) (this is needed for the X200 docking station). diff --git a/site/news/libreboot20150124.md.description b/site/news/libreboot20150124.md.description new file mode 100644 index 0000000..a0a53a2 --- /dev/null +++ b/site/news/libreboot20150124.md.description @@ -0,0 +1 @@ +Libreboot 20150124 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20150126.md b/site/news/libreboot20150126.md index 3729125..25a0f0e 100644 --- a/site/news/libreboot20150126.md +++ b/site/news/libreboot20150126.md @@ -3,7 +3,7 @@ % 26 January 2015 Machines supported in this release: -=================================== +---------------------------------- - **Lenovo ThinkPad X60/X60s** - You can also remove the motherboard from an X61/X61s and replace @@ -13,13 +13,13 @@ Machines supported in this release: digitizer support - See **hardware/\#supported\_x60t\_list** for list of supported LCD panels - - It is unknown whether an X61 Tablet can have it's mainboard + - It is unknown whether an X61 Tablet can have it's motherboard replaced with an X60 Tablet motherboard. - **Lenovo ThinkPad T60** (Intel GPU) (there are issuesinstall/x200\_external.html; see below): - See notes below for exceptions, and **hardware/\#supported\_t60\_list** for known working LCD panels. - - It is unknown whether a T61 can have it's mainboard replaced + - It is unknown whether a T61 can have it's motherboard replaced with a T60 motherboard. - See **future/\#t60\_cpu\_microcode**. - T60p (and T60 laptops with ATI GPU) will likely never be @@ -38,8 +38,7 @@ Machines supported in this release: MB063LL/A, MB062LL/A) - See **hardware/\#macbook21**. -Revisions for r20150126 (relative to r20150124) ------------------------------------------------ +### Revisions for r20150126 (relative to r20150124) This is a bug fix release based on r20150124. It contains a few small changes: diff --git a/site/news/libreboot20150126.md.description b/site/news/libreboot20150126.md.description new file mode 100644 index 0000000..6c1a180 --- /dev/null +++ b/site/news/libreboot20150126.md.description @@ -0,0 +1 @@ +Libreboot 20150126 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20150208.md b/site/news/libreboot20150208.md index a65fa37..a0f8345 100644 --- a/site/news/libreboot20150208.md +++ b/site/news/libreboot20150208.md @@ -3,7 +3,7 @@ % 8 February 2015 Machines supported in this release: -=================================== +------------------------------------- - **Lenovo ThinkPad X60/X60s** - You can also remove the motherboard from an X61/X61s and replace @@ -13,13 +13,13 @@ Machines supported in this release: digitizer support - See **hardware/\#supported\_x60t\_list** for list of supported LCD panels - - It is unknown whether an X61 Tablet can have it's mainboard + - It is unknown whether an X61 Tablet can have it's motherboard replaced with an X60 Tablet motherboard. - **Lenovo ThinkPad T60** (Intel GPU) (there are issuesinstall/x200\_external.html; see below): - See notes below for exceptions, and **hardware/\#supported\_t60\_list** for known working LCD panels. - - It is unknown whether a T61 can have it's mainboard replaced + - It is unknown whether a T61 can have it's motherboard replaced with a T60 motherboard. - See **future/\#t60\_cpu\_microcode**. - T60p (and T60 laptops with ATI GPU) will likely never be @@ -38,8 +38,7 @@ Machines supported in this release: MB063LL/A, MB062LL/A) - See **hardware/\#macbook21**. -Revisions for r20150208 (relative to r20150126) ------------------------------------------------ +### Revisions for r20150208 (relative to r20150126) This is a maintenance release (polishing) based on r20150126. Users who installed r20150126 don't really need to update to this release. diff --git a/site/news/libreboot20150208.md.description b/site/news/libreboot20150208.md.description new file mode 100644 index 0000000..135102b --- /dev/null +++ b/site/news/libreboot20150208.md.description @@ -0,0 +1 @@ +Libreboot 20150208 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20150518.md b/site/news/libreboot20150518.md index 34e9ba1..69db4a9 100644 --- a/site/news/libreboot20150518.md +++ b/site/news/libreboot20150518.md @@ -16,13 +16,13 @@ Machines supported in this release: support - See ***docs/hardware/\#supported\_x60t\_list*** for list of supported LCD panels - - It is unknown whether an X61 Tablet can have it's mainboard + - It is unknown whether an X61 Tablet can have it's motherboard replaced with an X60 Tablet motherboard. - **ThinkPad T60** (Intel GPU) (there are issues; see below): - See notes below for exceptions, and ***docs/hardware/\#supported\_t60\_list*** for known working LCD panels. - - It is unknown whether a T61 can have it's mainboard replaced + - It is unknown whether a T61 can have it's motherboard replaced with a T60 motherboard. - See ***docs/future/\#t60\_cpu\_microcode***. - T60p (and T60 laptops with ATI GPU) will likely never be diff --git a/site/news/libreboot20150518.md.description b/site/news/libreboot20150518.md.description new file mode 100644 index 0000000..5b0d818 --- /dev/null +++ b/site/news/libreboot20150518.md.description @@ -0,0 +1 @@ +Libreboot 20150518 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20160818.md b/site/news/libreboot20160818.md index a41175b..cd11112 100644 --- a/site/news/libreboot20160818.md +++ b/site/news/libreboot20160818.md @@ -35,13 +35,13 @@ Machines supported in this release: support - See ***docs/hardware/\#supported\_x60t\_list*** for list of supported LCD panels - - It is unknown whether an X61 Tablet can have it's mainboard + - It is unknown whether an X61 Tablet can have it's motherboard replaced with an X60 Tablet motherboard. - **ThinkPad T60** (Intel GPU) (there are issues; see below): - See notes below for exceptions, and ***docs/hardware/\#supported\_t60\_list*** for known working LCD panels. - - It is unknown whether a T61 can have it's mainboard replaced + - It is unknown whether a T61 can have it's motherboard replaced with a T60 motherboard. - See ***docs/future/\#t60\_cpu\_microcode***. - T60p (and T60 laptops with ATI GPU) will likely never be diff --git a/site/news/libreboot20160818.md.description b/site/news/libreboot20160818.md.description new file mode 100644 index 0000000..90c5776 --- /dev/null +++ b/site/news/libreboot20160818.md.description @@ -0,0 +1 @@ +Libreboot 20160818 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20160902.md.description b/site/news/libreboot20160902.md.description new file mode 100644 index 0000000..739ed7f --- /dev/null +++ b/site/news/libreboot20160902.md.description @@ -0,0 +1 @@ +Libreboot 20160902 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20160907.md b/site/news/libreboot20160907.md index fa3ba03..a2efc71 100644 --- a/site/news/libreboot20160907.md +++ b/site/news/libreboot20160907.md @@ -6,7 +6,7 @@ In comparison to Libreboot 20160902: For existing boards, there are no new board specific changes. -This release adds one new mainboard to libreboot: +This release adds one new motherboard to libreboot: - Intel D945GCLF desktop motherboard (thanks to Arthur Heymans) diff --git a/site/news/libreboot20160907.md.description b/site/news/libreboot20160907.md.description new file mode 100644 index 0000000..32b05cc --- /dev/null +++ b/site/news/libreboot20160907.md.description @@ -0,0 +1 @@ +Libreboot 20160907 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20210522.md b/site/news/libreboot20210522.md index 6539cbe..bf4078b 100644 --- a/site/news/libreboot20210522.md +++ b/site/news/libreboot20210522.md @@ -3,10 +3,9 @@ % 22 May 2021 Join us now and flash the firmware! -=================================== +---------------------------------- -You'll be free! ---------------- +### You'll be free! Libreboot is [free](https://writefreesoftware.org/) (as in freedom) boot firmware, which initializes the hardware @@ -26,8 +25,7 @@ mirrors. If you check in the `stable` directory, you'll still only find the 20160907 release in there, so please ensure that you check the `testing` directory! -Tested boards -------------- +### Tested boards More testing is needed, for this release. Frequent update releases are planned after this release, fixing any issues that people may come across. @@ -40,31 +38,28 @@ as ThinkPad X60/T60 and Macbook2,1 have been tested, and should work fine. Intel D510MO and D945GCLF boards are untested! Acer G43T-AM3 is untested! New boards -========== +--------- -Desktops --------- +### Desktops -### Acer G43T-AM3 +#### Acer G43T-AM3 -This is a desktop mainboard, with similar hardware to the already supported +This is a desktop motherboard, with similar hardware to the already supported Gigabyte GA-G41M-ES2L -Laptops -------- +### Laptops -### Lenovo ThinkPad R500 +#### Lenovo ThinkPad R500 This is another Intel GM45 target, similar to the ThinkPad T500 that Libreboot already supports. -### Lenovo ThinkPad X301 +#### Lenovo ThinkPad X301 This is another Intel GM45 target, similar to the ThinkPad X200 that Libreboot already supports. -List of supported boards ------------------------- +### List of supported boards This release has focused on the build system, and updating to the latest coreboot release. This Libreboot release uses coreboot 4.14. Only a few boards @@ -73,7 +68,7 @@ release is planned soon, specifically an update release with ROM images in it for more boards, while being built from the Libreboot 20210522 source code. Visit the [tasks page](/tasks/) to know which machines are on the TODO list. -### Desktops (AMD, Intel, x86) +#### Desktops (AMD, Intel, x86) - Gigabyte GA-G41M-ES2L motherboard - Intel D510MO and D410PT motherboards @@ -81,13 +76,13 @@ Visit the [tasks page](/tasks/) to know which machines are on the TODO list. - Apple iMac 5,2 - Acer G43T-AM3 -### Servers/workstations (AMD, x86) +#### Servers/workstations (AMD, x86) - ASUS KCMA-D8 motherboard - ASUS KGPE-D16 motherboard - ASUS KFSN4-DRE motherboard -### Laptops (Intel, x86) +#### Laptops (Intel, x86) - ThinkPad X60 / X60S / X60 Tablet - ThinkPad T60 (with Intel GPU) @@ -100,14 +95,12 @@ Visit the [tasks page](/tasks/) to know which machines are on the TODO list. - Lenovo ThinkPad X301 - Apple MacBook1,1 and MacBook2,1 -Dropped boards --------------- +### Dropped boards ASUS Chromebook C201 was dropped. It will be re-added at a later date, when the build system in Libreboot has better integration for ARM hardware. -More boards coming soon! ------------------------- +### More boards coming soon! I had planned to add a lot more boards before doing a new release, but the existing boards are greatly improved already (lots of new fixes and features @@ -118,7 +111,7 @@ referencing this release (Libreboot 20210522) for the source code. See the tasks page on libreboot.org for a list of the boards I plan to add. lbmk -==== +---- The build system in libreboot is called `lbmk`, short for Libreboot Make. In the previous Libreboot release, this build system had no name. It was simply @@ -224,7 +217,7 @@ compared to the Libreboot 20160907 build system: It's better documented, and easier for the average person to maintain. Documentation -============= +---------------- Generally, the documentation is much improved. In particular, the "maintain" page has been reintroduced, which describes every aspect of the build system @@ -252,7 +245,7 @@ support, rather than build system changes. As such, the installation guides are greatly improved and there are *more* systems documented now. GRUB -==== +---- In GRUB payloads, a much more recent version is used. The difference is literally: the GRUB version that Libreboot 20160907 uses was released 5 years @@ -296,7 +289,7 @@ Download GRUB from the upstream repository and check every commit since then. GM45/X4X now set 352MiB VRAM by default -======================================= +-------------------------------------- In the previous Libreboot release, PCI MMIO size was set to 1GiB. It is now set to 2GiB, allowing for 352MiB VRAM to be allocated when using the onboard @@ -309,7 +302,7 @@ The following patch in coreboot allowed that (shortly after the Libreboot Quad-core CPU mod on ThinkPad T500 etc -======================================= +----------------------------------- NOTE: The actual modification (to the hardware) is only documented for T500, but it should be possible to adapt those instructions for similar GM45 laptops @@ -334,7 +327,7 @@ This is necessary, for a special mod that is possible on these machines, to enable quad-core CPUs (core2quad). libgfxinit -========== +---------- In Libreboot 20160907, *native graphics initialization* was C code implemented on each platform, and it was very messy, but it *worked*. @@ -614,7 +607,7 @@ running `git submodule update --init` in a coreboot git clone: ```` coreboot release logs -===================== +--------------------- The following is a page linking to release logs for coreboot, upstream:\ @@ -624,8 +617,7 @@ are most relevant to Libreboot. Roughly speaking, Libreboot 20160907 (the previous release, 4 years and 8 months ago) used revisions of coreboot near or around coreboot version 4.4 and 4.5, depending on the board. -coreboot 4.14 -------------- +### coreboot 4.14 Lots of random fixes, too many to list. Instead, see git logs on this page for specific boards/platforms. @@ -639,32 +631,29 @@ However, the following fixes were made for Lenovo X200 recently: * * -coreboot 4.13 -------------- +### coreboot 4.13 * Mostly re-factoring and minor bug fixes, but it has some interesting fixes that benefit libreboot -* Acer G43T-AM3 mainboard added. This is also in the Libreboot release. This +* Acer G43T-AM3 motherboard added. This is also in the Libreboot release. This board was also present in Libreboot, prior to it updating to use coreboot 4.14, but now it is in the latest coreboot stable release * Initial support for x86\_64. Not yet used by Libreboot, but it might be interesting in the future on x86 targets * New resource allocator: enables more efficient use of memory during bootup -coreboot 4.12 -------------- +### coreboot 4.12 * SMMSTORE is now a thing. See: . This is relevant for Tianocore, a UEFI payload, which libreboot currently does not integrate for any boards, but Tianocore integration is planned in the future. Tianocore provides the option to use any UEFI-compliant operating - system, and this benefits Linux distributions aswell (it Just Works). + system, and this benefits Linux distributions as well (it Just Works). SMMSTORE is basically UEFI's answer to CMOS "NVRAM". it is a way to store configurations, in SPI flash. it's handled via SMM interrupts (SMIs). NOTE: SMMSTOREv2 is also becoming a thing now -coreboot 4.11 -------------- +### coreboot 4.11 * C\_ENVIRONMENTAL\_BOOTBLOCK is now preferred, instead of the old romcc bootblocks. i945, x4x and gm45 platforms have been adapted to use this (this @@ -673,14 +662,12 @@ coreboot 4.11 * Generally, this was another "code cleanup release" of coreboot. A lot of code in coreboot was re-factored -coreboot 4.10 -------------- +### coreboot 4.10 * nothing noteworthy to libreboot, this was mainly a "code cleanup" release in coreboot -coreboot 4.9 ------------- +### coreboot 4.9 * Less repetition in the codebase, for similar boards. For example, X200 thinkpad is its own codebase, and similar boards are "variants" where only @@ -689,8 +676,7 @@ coreboot 4.9 * Intel X4X platform: Add DDR3 support (raminit) * -coreboot 4.8 ------------- +### coreboot 4.8 * Improved VBT implementations in libgfxinit * i945 (X60/T60/macbook21 etc): native video initialization is now skipped @@ -699,8 +685,7 @@ coreboot 4.8 of this coreboot release, the framebuffer driver couldn't. this will need to be tested! -coreboot 4.7 ------------- +### coreboot 4.7 * GM45 laptops: set display backlight PWM correctly * Add romstage timings @@ -710,10 +695,9 @@ coreboot 4.7 * Intel X4X: Rework and fixSPD reading and decoding * Intel X4X: Allow external GPU to take VGA cycles -coreboot 4.6 ------------- +### coreboot 4.6 -* fix buggy S3 suspend/resume on Gigabyte GA-G41M-ES2L mainboard, and fix bugs +* fix buggy S3 suspend/resume on Gigabyte GA-G41M-ES2L motherboard, and fix bugs in raminit * intel x4x/gm45/i945 boards: improvements/fixes to raminit and native video initialization @@ -724,14 +708,14 @@ coreboot 4.6 Detailed coreboot git logs -========================== +-------------------------- The following are lists of changes in coreboot 4.14, versus coreboot revisions -used in various platforms/mainboards from Libreboot 20160907. These lists are +used in various platforms/motherboards from Libreboot 20160907. These lists are mostly pulled directly from the coreboot git log. These logs are made by copying the coreboot git log, on specific directories -such as directories for mainboards, or entire platforms, in the git log of +such as directories for motherboards, or entire platforms, in the git log of coreboot. These changes will be split into distinct categories: @@ -744,8 +728,7 @@ There are many other aspects of coreboot that can be shown here, but it's not useful to list all of them. Listing just the platform/board changes gives an excellent picture overall. -Northbridge changes -------------------- +### Northbridge changes For all intents and purposes, the northbridge and southbridge code *is* the platform for a given board, and then you have board specific code. @@ -820,7 +803,7 @@ i945 hardware that Libreboot supports. * fd054bc7d4 nb/intel/i945: Simplify GMA SSDT generator * 68680dd7cd Trim `.acpi_fill_ssdt_generator` and `.acpi_inject_dsdt_generator` * 95cdd9f21b nb/intel/i945: Make some cosmetic changes -* f3f36faf35 src (minus soc and mainboard): Remove copyright notices +* f3f36faf35 src (minus soc and motherboard): Remove copyright notices * b4d9f229d4 nb/intel/i945/raminit: Simplify if condition * d789b658f7 nb/intel/i945/raminit: Use boolean type for helper variables * 842dd3328d nb/intel/i945/raminit: Remove space for correct alignment @@ -1039,7 +1022,7 @@ i945 hardware that Libreboot supports. ### git log src/northbridge/intel/pineview/ -This benefits the Intel D510MO / D410PT mainboards, and any other pineview +This benefits the Intel D510MO / D410PT motherboards, and any other pineview board that Libreboot has added or will add. ```` @@ -1107,7 +1090,7 @@ board that Libreboot has added or will add. * deeccbf4e9 Drop explicit NULL initializations from `device_operations` * affd771ba3 nb/intel/pineview: drop intel_gma_get_controller_info() * 68680dd7cd Trim `.acpi_fill_ssdt_generator` and `.acpi_inject_dsdt_generator` -* f3f36faf35 src (minus soc and mainboard): Remove copyright notices +* f3f36faf35 src (minus soc and motherboard): Remove copyright notices * 39ff703aa9 nb/intel/pineview: Clean up code and comments * 8247cc3328 northbridge: Remove unused include * 2119d0ba43 treewide: Capitalize 'CMOS' @@ -1178,7 +1161,7 @@ board that Libreboot has added or will add. * 20f71369d9 nb/intel/pineview: Put stage cache in TSEG * 84fdda3812 nb/intel/pineview: Use parallel MP init * da44e34743 nb/intel/pineview: Select 1M TSEG -* c6ff1ac29e nb/intel/pineview: Move the boilerplate mainboard_romstage_entry +* c6ff1ac29e nb/intel/pineview: Move the boilerplate motherboard_romstage_entry * b31aee9973 nb/intel/{i945,pineview}: Remove unused function * c70eed1e62 device: Use pcidev_on_root() * 66b462dd4f nb/intel/pineview/raminit.c: Remove unused variable @@ -1303,7 +1286,7 @@ This benefits GM45 ThinkPads in Libreboot e.g. X200, T400, T500, R500, W500 etc * 68680dd7cd Trim `.acpi_fill_ssdt_generator` and `.acpi_inject_dsdt_generator` * 6343cd846a drivers/intel/gma: fold gma.asl into default_brightness_levels.asl * 612a867677 drivers/intel/gma/acpi: Add Kconfigs for backlight registers -* f3f36faf35 src (minus soc and mainboard): Remove copyright notices +* f3f36faf35 src (minus soc and motherboard): Remove copyright notices * 8247cc3328 northbridge: Remove unused include * 2119d0ba43 treewide: Capitalize 'CMOS' * ef90609cbb src: capitalize 'RAM' @@ -1465,7 +1448,7 @@ This benefits GM45 ThinkPads in Libreboot e.g. X200, T400, T500, R500, W500 etc ### git log src/northbridge/intel/x4x/ -This benefits mainly the Gigabyte GA-G41M-ES2L mainboard in Libreboot, and other +This benefits mainly the Gigabyte GA-G41M-ES2L motherboard in Libreboot, and other x4x boards that have now been added. In Libreboot 20160907, the only x4x board was the Gigabyte GA-G41M-ES2L @@ -1566,7 +1549,7 @@ was the Gigabyte GA-G41M-ES2L * 68680dd7cd Trim `.acpi_fill_ssdt_generator` and `.acpi_inject_dsdt_generator` * 6343cd846a drivers/intel/gma: fold gma.asl into default_brightness_levels.asl * 612a867677 drivers/intel/gma/acpi: Add Kconfigs for backlight registers -* f3f36faf35 src (minus soc and mainboard): Remove copyright notices +* f3f36faf35 src (minus soc and motherboard): Remove copyright notices * 8247cc3328 northbridge: Remove unused include * 2119d0ba43 treewide: Capitalize 'CMOS' * ef90609cbb src: capitalize 'RAM' @@ -1827,7 +1810,7 @@ Running `git log src/northbridge/amd/amdfam10/` we get these commits: * 1f4cb326fa northbridge: Remove useless include * 586f24dab4 northbridge: Remove unneeded include * 134da98a51 amd/{nb/amdfam10,cpu/pi}/Kconfig: Remove unused symbols -* 414779db10 src/mainboard: Remove unused "HW_MEM_HOLE_SIZE_AUTO_INC" +* 414779db10 src/motherboard: Remove unused "HW_MEM_HOLE_SIZE_AUTO_INC" * f765d4f275 src: Remove unneeded include * e9a0130879 src: Remove unneeded include * d2b9ec1362 src: Remove unneeded include "{arch,cpu}/cpu.h" @@ -1969,7 +1952,7 @@ Running `git log src/mainboard/asus/kgpe-d16/` we get: * cb3e16f287 AMD fam10: Remove HAVE_ACPI_RESUME support * 04d025cf50 amdfam10: Declare get_sysinfo() * 8560db6116 amdfam10: Declare empty activate_spd_rom() stub -* e39db681df src/mainboard: Add missing 'include ' +* e39db681df src/motherboard: Add missing 'include ' * a1e22b8192 src: Use 'include ' when appropriate * cd49cce7b7 coreboot: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX) * 13f66507af device/mmio.h: Add include file for MMIO ops @@ -1996,7 +1979,7 @@ Running `git log src/mainboard/asus/kgpe-d16/` we get: * 1db4e3a358 amdfam10 boards: Declare get_pci1234() just once * a79b3f1c63 amdfam10 boards: Drop unused mb_sysconf.h * a26b02466e drivers/aspeed/ast: Select `MAINBOARD_HAS_NATIVE_VGA_INIT` -* 21c8f9cab3 mainboard: Remove useless include +* 21c8f9cab3 motherboard: Remove useless include * 472d68b066 mb/asus/kgpe-d16: Set ASpeed GPIO SPD mux lines during boot * f0c5be2a4f mb/*/*/Kconfig: Remove useless comment * 6d19a20f5f mb: Set coreboot as DSDT's manufacturer model ID @@ -2004,7 +1987,7 @@ Running `git log src/mainboard/asus/kgpe-d16/` we get: * f765d4f275 src: Remove unneeded include * ead574ed02 src: Get rid of duplicated includes * d2b9ec1362 src: Remove unneeded include "{arch,cpu}/cpu.h" -* 1156b35a23 mainboard: Remove unneeded include +* 1156b35a23 motherboard: Remove unneeded include * 718c6faff4 reset: Finalize move to new API * e20dd19dde amdfam10: Convert to `board_reset()` * 2c5652d72b mb: Fix non-local header treated as local @@ -2013,7 +1996,7 @@ Running `git log src/mainboard/asus/kgpe-d16/` we get: * 068253c369 mb/*/*/cmos.default: Harmonise CMOS files syntax * f716f2ac1a mb/*/*/cmos.default: Decrease debug_level to 'Debug' * 65bb5434f6 src: Get rid of non-local header treated as local -* 08fc8fff25 src/mainboard: Fix typo +* 08fc8fff25 src/motherboard: Fix typo * db70f3bb4d drivers/tpm: Add TPM ramstage driver for devices without vboot. * 95bca33efa src/mb: Use "foo *bar" instead of "foo* bar" * c07f8fbe6f security/tpm: Unify the coreboot TPM software stack @@ -2023,7 +2006,7 @@ Running `git log src/mainboard/asus/kgpe-d16/` we get: * 02b05d1f6b mb/asus: Get rid of device_t * d88fb36e61 security/tpm: Change TPM naming for different layers. * 64e2d19082 security/tpm: Move tpm TSS and TSPI layer to security section -* 482d16fb0a src/mainboard: Fix various typos +* 482d16fb0a src/motherboard: Fix various typos * ec48c749c2 AMD boards: Fix function name (soft_reset) in message * 74bd2b0e4c mb/asus/kcma-d8,kgde-d16: Don't select SPI_FLASH_WINBOND * b29078e401 mb/*/*: Remove rtc nvram configurable baud rate @@ -2039,7 +2022,7 @@ Running `git log src/mainboard/asus/kgpe-d16/` we get: * eca093ecfe mainboard/asus/kgpe-d16: Remove obsolete reference to TPM ASL file * 06a629e4b1 arch/x86: do not define type of SPIN_LOCK_UNLOCKED * 75a3d1fb7c amdfam10: Perform major include ".c" cleanup -* a8025db49f amd-based mainboards: Fix whitespace in _PTS comments +* a8025db49f amd-based motherboards: Fix whitespace in _PTS comments * 3a0cb458dc cpu/amd/mtrr.h: Drop excessive includes * 4607cacf30 cpu/x86/msr.h: Drop excessive includes * 425890e59a AMD fam10h-15h: MMCONF_SUPPORT_DEFAULT is already set @@ -2049,10 +2032,10 @@ Running `git log src/mainboard/asus/kgpe-d16/` we get: * 6350a2e43f src/mainboard/a-trend - emulation: Add space around operators * 7931c6a81d mb/asus/kgpe-d16: Add TPM support * 64444268e2 mb/asus/[kgpe-d16|kcma-d8]: Fix whitespace errors in devicetree.cb -* d23ee5de22 mainboard: Clean up boot_option/reboot_bits in cmos.layout -* 8ab989e315 src/mainboard: Capitalize ROM, RAM, CPU and APIC +* d23ee5de22 motherboard: Clean up boot_option/reboot_bits in cmos.layout +* 8ab989e315 src/motherboard: Capitalize ROM, RAM, CPU and APIC * bb9722bd77 Add newlines at the end of all coreboot files -* 95fe8fb1e0 mainboard: Format irq_tables.c +* 95fe8fb1e0 motherboard: Format irq_tables.c * 150f476c96 timestamp: Drop duplicate TS_END_ROMSTAGE entries * ca543396a7 mainboard/asus/[kgpe-d16|kcma-d8]: Enable secondary serial port header * 99894127ab mainboard/asus/[kgpe-di6|kcma-d8]: Fix board ROM information @@ -2066,7 +2049,7 @@ Running `git log src/mainboard/asus/kcma-d8/` we get: * cb3e16f287 AMD fam10: Remove HAVE_ACPI_RESUME support * 04d025cf50 amdfam10: Declare get_sysinfo() * 8560db6116 amdfam10: Declare empty activate_spd_rom() stub -* e39db681df src/mainboard: Add missing 'include ' +* e39db681df src/motherboard: Add missing 'include ' * a1e22b8192 src: Use 'include ' when appropriate * cd49cce7b7 coreboot: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX) * 13f66507af device/mmio.h: Add include file for MMIO ops @@ -2091,14 +2074,14 @@ Running `git log src/mainboard/asus/kcma-d8/` we get: * 1db4e3a358 amdfam10 boards: Declare get_pci1234() just once * a79b3f1c63 amdfam10 boards: Drop unused mb_sysconf.h * a26b02466e drivers/aspeed/ast: Select `MAINBOARD_HAS_NATIVE_VGA_INIT` -* 21c8f9cab3 mainboard: Remove useless include +* 21c8f9cab3 motherboard: Remove useless include * f0c5be2a4f mb/*/*/Kconfig: Remove useless comment * 6d19a20f5f mb: Set coreboot as DSDT's manufacturer model ID * 0cca6e24b7 ACPI: Fix DSDT's revision field * f765d4f275 src: Remove unneeded include * ead574ed02 src: Get rid of duplicated includes * d2b9ec1362 src: Remove unneeded include "{arch,cpu}/cpu.h" -* 1156b35a23 mainboard: Remove unneeded include +* 1156b35a23 motherboard: Remove unneeded include * 718c6faff4 reset: Finalize move to new API * e20dd19dde amdfam10: Convert to `board_reset()` * 2c5652d72b mb: Fix non-local header treated as local @@ -2107,13 +2090,13 @@ Running `git log src/mainboard/asus/kcma-d8/` we get: * 068253c369 mb/*/*/cmos.default: Harmonise CMOS files syntax * f716f2ac1a mb/*/*/cmos.default: Decrease debug_level to 'Debug' * 65bb5434f6 src: Get rid of non-local header treated as local -* 08fc8fff25 src/mainboard: Fix typo +* 08fc8fff25 src/motherboard: Fix typo * 95bca33efa src/mb: Use "foo *bar" instead of "foo* bar" * e0e1e64855 amdfam10: Drop tests for LATE_CBMEM_INIT * d54e859ace mb/asus: Get rid of whitespace before tab * 1bad4ce421 sb/amd/sr5650: Fix invalid function declarations * 02b05d1f6b mb/asus: Get rid of device_t -* 482d16fb0a src/mainboard: Fix various typos +* 482d16fb0a src/motherboard: Fix various typos * ec48c749c2 AMD boards: Fix function name (soft_reset) in message * 74bd2b0e4c mb/asus/kcma-d8,kgde-d16: Don't select SPI_FLASH_WINBOND * b29078e401 mb/*/*: Remove rtc nvram configurable baud rate @@ -2126,7 +2109,7 @@ Running `git log src/mainboard/asus/kcma-d8/` we get: * 00b9f4c4b1 mb/*/*/cmos.layout: Make multibyte options byte aligned * 06a629e4b1 arch/x86: do not define type of SPIN_LOCK_UNLOCKED * 75a3d1fb7c amdfam10: Perform major include ".c" cleanup -* a8025db49f amd-based mainboards: Fix whitespace in _PTS comments +* a8025db49f amd-based motherboards: Fix whitespace in _PTS comments * 3a0cb458dc cpu/amd/mtrr.h: Drop excessive includes * 4607cacf30 cpu/x86/msr.h: Drop excessive includes * 425890e59a AMD fam10h-15h: MMCONF_SUPPORT_DEFAULT is already set @@ -2135,10 +2118,10 @@ Running `git log src/mainboard/asus/kcma-d8/` we get: * b87a734771 mainboard/*/*/dsdt.asl: Use tabs for indents * 6350a2e43f src/mainboard/a-trend - emulation: Add space around operators * 64444268e2 mb/asus/[kgpe-d16|kcma-d8]: Fix whitespace errors in devicetree.cb -* d23ee5de22 mainboard: Clean up boot_option/reboot_bits in cmos.layout -* 8ab989e315 src/mainboard: Capitalize ROM, RAM, CPU and APIC +* d23ee5de22 motherboard: Clean up boot_option/reboot_bits in cmos.layout +* 8ab989e315 src/motherboard: Capitalize ROM, RAM, CPU and APIC * bb9722bd77 Add newlines at the end of all coreboot files -* 95fe8fb1e0 mainboard: Format irq_tables.c +* 95fe8fb1e0 motherboard: Format irq_tables.c * 150f476c96 timestamp: Drop duplicate TS_END_ROMSTAGE entries * ca543396a7 mainboard/asus/[kgpe-d16|kcma-d8]: Enable secondary serial port header * 99894127ab mainboard/asus/[kgpe-di6|kcma-d8]: Fix board ROM information @@ -2149,7 +2132,7 @@ Running `git log src/mainboard/asus/kcma-d8/` we get: Running `git log src/mainboard/asus/kfsn4-dre/` we get: ```` -* ad0f485361 src/mainboard: change "unsigned" to "unsigned int" +* ad0f485361 src/motherboard: change "unsigned" to "unsigned int" * 12ef4f2d71 mb/asus/kfsn4-dre: Return early if CK804 not found * 04d025cf50 amdfam10: Declare get_sysinfo() * 8560db6116 amdfam10: Declare empty activate_spd_rom() stub @@ -2173,13 +2156,13 @@ Running `git log src/mainboard/asus/kfsn4-dre/` we get: * a2cfe9e900 amdfam10 boards: Add Makefiles and fix resourcemap.c * d482c7dace amdfam10 boards: Drop global bus_isa variable * 1db4e3a358 amdfam10 boards: Declare get_pci1234() just once -* 21c8f9cab3 mainboard: Remove useless include +* 21c8f9cab3 motherboard: Remove useless include * f0c5be2a4f mb/*/*/Kconfig: Remove useless comment * 6d19a20f5f mb: Set coreboot as DSDT's manufacturer model ID * f765d4f275 src: Remove unneeded include * ead574ed02 src: Get rid of duplicated includes * d2b9ec1362 src: Remove unneeded include "{arch,cpu}/cpu.h" -* 1156b35a23 mainboard: Remove unneeded include +* 1156b35a23 motherboard: Remove unneeded include * 718c6faff4 reset: Finalize move to new API * e20dd19dde amdfam10: Convert to `board_reset()` * 400ce55566 cpu/amd: Use common AMD's MSR @@ -2188,7 +2171,7 @@ Running `git log src/mainboard/asus/kfsn4-dre/` we get: * 068253c369 mb/*/*/cmos.default: Harmonise CMOS files syntax * f716f2ac1a mb/*/*/cmos.default: Decrease debug_level to 'Debug' * 65bb5434f6 src: Get rid of non-local header treated as local -* 08fc8fff25 src/mainboard: Fix typo +* 08fc8fff25 src/motherboard: Fix typo * b0f1988f89 src: Get rid of unneeded whitespace * 448d9fb431 src: Use "foo *bar" instead of "foo* bar" * 7f268eab78 mainboard/asus: Add license headers @@ -2202,7 +2185,7 @@ Running `git log src/mainboard/asus/kfsn4-dre/` we get: * 00b9f4c4b1 mb/*/*/cmos.layout: Make multibyte options byte aligned * ce642f08b9 Kconfig: Rework MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG * 75a3d1fb7c amdfam10: Perform major include ".c" cleanup -* a8025db49f amd-based mainboards: Fix whitespace in _PTS comments +* a8025db49f amd-based motherboards: Fix whitespace in _PTS comments * 3a0cb458dc cpu/amd/mtrr.h: Drop excessive includes * 4607cacf30 cpu/x86/msr.h: Drop excessive includes * 425890e59a AMD fam10h-15h: MMCONF_SUPPORT_DEFAULT is already set @@ -2210,8 +2193,8 @@ Running `git log src/mainboard/asus/kfsn4-dre/` we get: * b87a734771 mainboard/*/*/dsdt.asl: Use tabs for indents * 6350a2e43f src/mainboard/a-trend - emulation: Add space around operators * 837618bf20 mainboard/asus/*: transition away from device_t -* d23ee5de22 mainboard: Clean up boot_option/reboot_bits in cmos.layout -* 8ab989e315 src/mainboard: Capitalize ROM, RAM, CPU and APIC +* d23ee5de22 motherboard: Clean up boot_option/reboot_bits in cmos.layout +* 8ab989e315 src/motherboard: Capitalize ROM, RAM, CPU and APIC * bb9722bd77 Add newlines at the end of all coreboot files ```` diff --git a/site/news/libreboot20210522.md.description b/site/news/libreboot20210522.md.description new file mode 100644 index 0000000..a583f37 --- /dev/null +++ b/site/news/libreboot20210522.md.description @@ -0,0 +1 @@ +Libreboot 20210522 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20211122.md b/site/news/libreboot20211122.md index a0d6c67..5cd0797 100644 --- a/site/news/libreboot20211122.md +++ b/site/news/libreboot20211122.md @@ -3,7 +3,7 @@ % 22 November 2021 Free your BIOS today! -===================== +-------------------- Libreboot is [free](https://writefreesoftware.org/) (as in freedom) boot firmware, which initializes the hardware @@ -27,8 +27,7 @@ This is a *bug fix* release, relative to 20210522. No new boards or major features have been added, but several problems that existed in the previous release have now been fixed. -Work done since the 20210522 release: -------------------------------------- +### Work done since the 20210522 release: * Updated to newer coreboot, SeaBIOS and GRUB versions. The 20210522 release was using coreboot 4.14, on most boards, from May 2021. This release @@ -75,7 +74,7 @@ Work done since the 20210522 release: * Turkish keyboard layout added on GRUB payloads New release schedule under consideration -======================================== +------------------------------------- The 20210522 release happened to coincide with coreboot 4.14's release, more or less. diff --git a/site/news/libreboot20211122.md.description b/site/news/libreboot20211122.md.description new file mode 100644 index 0000000..ed76f87 --- /dev/null +++ b/site/news/libreboot20211122.md.description @@ -0,0 +1 @@ +Libreboot 20211122 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20220710.md b/site/news/libreboot20220710.md index 75a290a..ea54c27 100644 --- a/site/news/libreboot20220710.md +++ b/site/news/libreboot20220710.md @@ -3,7 +3,7 @@ % 10 July 2022 Free your BIOS today! -===================== +--------------------- Libreboot is [free](https://writefreesoftware.org/) (as in freedom) boot firmware, which initializes the hardware @@ -21,14 +21,12 @@ This is a *bug fix* release, relative to 20211122. No new boards or major features have been added, but several problems that existed in the previous release have now been fixed. -Build from source ------------------ +### Build from source *This* release was build-tested on Debian 11. Your mileage may vary, with other distros. -Work done since the 20211122 release: -------------------------------------- +### Work done since the 20211122 release: * Lots and lots of improvements to the documentation. Previous 2021 testing releases did not include snapshots of the documentation (which is actually @@ -68,8 +66,7 @@ Work done since the 20211122 release: * lbmk: Preliminary fix for git credentials check. Set a placeholder name/email if one is not set. -Caveats -------- +### Caveats Due to reported issues by users, these boards do not have ROM images available in the Libreboot 20220710 release: @@ -90,19 +87,17 @@ All other boards are reasonably stable, and shouldn't provide any issues (no major issues reported, and/or non-blocking issues only). Planned future work -=================== +------------------- In general, you should also check the issue tracker to find other notes. There is always more work to do, to improve Libreboot. -Support for non-x86 platforms ------------------------------ +### Support for non-x86 platforms This is still on hold, but will be done as part of a future release. The coreboot firmware does support other platforms. -Linux distro in flash ---------------------- +### Linux distro in flash This is another project that has been on hold for a while. The issue has been that I need a decent userland project. I've looked at many @@ -116,8 +111,7 @@ so as to allow any number of packages to be downloaded. It could also provide lots of utils in general, to be a live *rescue system* of sorts. Linux system in flash, that can bootstrap other systems. -Re-factor and optimize GRUB ---------------------------- +### Re-factor and optimize GRUB GRUB is full of unused bloat that almost nobody uses, yet is in the current Libreboot builds. It's been on TODO for some time, but work has not yet diff --git a/site/news/libreboot20220710.md.description b/site/news/libreboot20220710.md.description new file mode 100644 index 0000000..03268ca --- /dev/null +++ b/site/news/libreboot20220710.md.description @@ -0,0 +1 @@ +Libreboot 20220710 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20221214.md b/site/news/libreboot20221214.md index 16bb360..49984b5 100644 --- a/site/news/libreboot20221214.md +++ b/site/news/libreboot20221214.md @@ -2,6 +2,9 @@ % Leah Rowe % 14 December 2022 +Free as in freedom! +-------------------- + The last Libreboot release, version 20220710, was released on 10 July in 2022. *This* new release, Libreboot 20221214, is released today on December 14th, 2022. This is intended to be a *testing* release. @@ -9,29 +12,26 @@ in 2022. *This* new release, Libreboot 20221214, is released today on December This is marked as a *testing* release, but most/all boards should be fairly stable. -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** -Build from source ------------------ +### Build from source *This* release was build-tested on Debian 11. Your mileage may vary, with other distros. Work done since last release -============================ +-------------------- For more detailed change logs, look at the Git repository. This is a summary of changes. -New boards, x86 ----------- +### New boards, x86 This list *may not be complete*, but it is as follows: -* ASUS p2b\_ls/p3b\_f added, for testing with [PCBox](https://pcbox-emu.xyz) - - these ROM images achieve perfect raminit and jump to payload in the emulator, - but VGA ROM initialisation does not yet work. * QEMU (arm64 and x86\_64) images added, for testing payloads and so on. * lenovo/t430 (thinkpad) * lenovo/x230 (thinkpad) @@ -42,8 +42,7 @@ This list *may not be complete*, but it is as follows: * lenovo/t420 (thinkpad) * lenovo/x230 tablet (thinkpad) -GA-G41M-ES2L ROMs ------------- +### GA-G41M-ES2L ROMs GA-G41M-ES2L ROM images are back, but your mileage may vary. Only the SeaBIOS payload is enabled, on this board. @@ -56,8 +55,7 @@ well. GA-G41M-ES2L support is therefore stable, for all intents and purposes. This section of the release announcement previously alluding to issues, but those speculations were premature, based on limited prior testing.** -New boards, ARM ----------- +### New boards, ARM NOTE: These boards use u-boot payload, instead of depthcharge. @@ -81,364 +79,17 @@ of Alper Nebi Yasak (`alpernebbi` on libreboot IRC). In these configurations, u-boot is a *payload of coreboot*. -Removed boards --------------- +### Removed boards ASUS KGPE-D16, KCMA-D8 and KFSN4-DRE are removed, because raminit never worked reliably on these boards to begin with and they were barely maintained anymore. Use an older release of Libreboot, if you still want to use these boards. -lbmk Git changes +Known issues ------------ -These are takes from the git log of `lbmk.git`: - -``` -* c6bb4d25 (HEAD -> master, tag: 20221214, srht/master, origin/master, notabug/master) build/release/src: don't delete .gitcheck -* 0fbf3325 correct a faulty if statement in build/release/src -* ab2cfb86 util/nvmutil: only mask random unicast/local macs -* fea3e51c update the readme -* 664cdcfb fix ./build boot roms all -* 48c73186 p2b_ls/p3b_f boards: Disable memtest payload -* 31111c64 build/boot roms: add exits for failing commands -* 4eba525b p2b_ls/p3b_f boards: no payload and no vga init -* c931b40e Merge branch 'master' of qeeg/lbmk into master -|\ -| * 6351a4a4 Add P2B-LS and P3B-F configs -* | 34a56281 Merge branch 'cros-postmerge-fixes' of alpernebbi/lbmk into master -|\ \ -| * | f079b83d build/release/src: Include U-Boot sources in source archive -| * | 70435784 build/clean: Add helper script to clean U-Boot builds -| * | 0bd4fdbe dependencies/debian: Install dependencies for U-Boot -| * | 3d5bd034 coreboot: Add qemu_arm64_12mb board -| * | d14731be u-boot: Add qemu_arm64_12mb board -| * | b5a5801f coreboot: qemu_x86_12mb: Enable DRIVERS_UART_8250IO -| * | 737573ce u-boot: Add qemu_x86_12mb build -| * | 1c62b003 build/roms: Support using "u-boot" ELF file as U-Boot payload -| * | 6cabcec5 u-boot: Add video damage tracking patch series -| * | 38328b93 u-boot: Set default revision to v2022.10 -| * | c798975d u-boot: Use a common tree -| * | 5b6bf2a8 build/roms: Don't rebuild crossgcc if it was already built -| * | bee50540 build/roms: Make coreboot crossgcc usable for payloads and modules -| * | a5863561 build/roms: Build 32-bit crossgcc for AArch64 as well -| * | 9fb4ecec build/roms: Don't build Memtest86+ when not specified by cmdline -| * | 4e3097b5 build/roms: Disable U-Boot when not in payloads specified by cmdline -| * | 584210bd download/u-boot: Change to download target before running extra.sh -| * | 2b761f2f download/u-boot: Re-add usage text for no-argument form -| * | 71cf7f9d download/u-boot: Remove support for deleting git folders -| |/ -* | b495aa09 util/nvmutil: consistent parentheses on comparison -* | 17fa25e5 util/nvmutil file reads: skip reading if errno!=0 -* | 27876c64 util/nvmutil: return error when fstat() is -1 -|/ -* 960af2d6 util/nvmutil: rhex(): fail if errno not zero -* 3d01cf28 util/nvmutil: minor code formatting cleanup -* a7ea70c7 build/release/roms: delete ME/MRC firmware in ROMs -* 0c334380 build/boot/roms: remove errant code -* 33bbb36d remove errant detail from comment -* 55869474 delete build/release/u-boot-libre -* 137b5434 remove logic for avoiding nonredistributable blobs -* 7679c8e0 coreboot/default: add --nuke flag to ifdtool -* a5e4416a util/nvmutil: remove errant line break -* c100dd1f util/nvmutil: missing paretheses on if statement -* 036d7107 util/nvmutil: don't initialise rbuf unless needed -* 851892b4 util/nvmutil: rename variable in hextonum -* 0bf3f1ed util/nvmutil: don't reallocate memory in hextonum -* e5a46b46 util/nvmutil: dont report bad size if /dev/urandom -* ededa5dd util/nvmutil: rename variables in hextonum -* e2e321fc util/nvmutil: use BUFSIZ for rmac size in hextonum -* a6d0112d util/nvtutil: fix out of bounds error -* 04ced693 update the README -* 85937f3f util/nvmutil: reset errno on cmd_swap -* ec082429 scripts: avoid relying on spaces from sha1sum output -* 7c5334ca Merge branch 'hide-mei' of XRevan86/lbmk into master -|\ -| * 69eaca2c coreboot: hide MEI on neutered-ME targets -|/ -* cf052220 Merge branch 'master' of Arsen/lbmk into master -|\ -| * a40ba4ad t430_12mb: Add, based on x230_12mb -* | 0c5dfddd Merge branch 'x230edp' of XRevan86/lbmk into master -|\ \ -| |/ -|/| -| * a33e8429 coreboot: add x230edp_12mb, remove x230fhd_12mb -|/ -* e8eee6dd util/nvmutil: mild refactoring -* 342e5abe util/nvmutil: improved errno handling in main -* d7465efb util/nvmutil: put hextonum in its own function -* 9e5ff5e4 util/nvmutil: move ENOTDIR check to function -* ff88cb1a util/nvmutil: further improved errno handling -* b81b51f9 util/nvmutil: remove errant code -* a94bac81 util/nvmutil: improved error handling -* 55a951a7 util/nvmutil: fix off by one bug -* 0108615f nvmutil copy/swap: actually set nvmPartModified -* 82300f4f util/nvmutil: move cmd copy to own function -* ddf3b76c util/nvmutil: move cmd swap to own function -* c2ed251c util/nvmutil: move cmd brick to own function -* eaad16ed util/nvmutil: cmd setchecksum in own function -* cea1beea util/nvmutil: split "dump" into smaller functions -* 59e4f560 Merge branch 'dev' of shmalebx9/lbmk into master -|\ -| * 99652baa fix injection script -| * 175b48a4 added more checks and optimised extraction script -| * b2c71747 make gitcheck verify coreboot subdir -| * 1246c3ad add smort failures to blob download script -* | 0ae00e88 util/nvmutil: re-factor to reduce code indentation -* | 0bbd4f1f util/nvmutil: write gbe files in a function -* | b0f9f47e util/nvmutil: human-friendly exit messages, part 2 -* | e35a33d5 Merge branch 'qemu' of shmalebx9/lbmk into master -|\ \ -| * | da155b3d added x86 qemu board based on x230 coreboot config -* | | e1bbdadc build/roms: remove seabios_grubfirst logic -| |/ -|/| -* | 7629dfb8 remove duplicate patch causing build error -|/ -* ca45a60f bump grub revision to latest upstream -* c1c76a05 dependencies/arch: notice about unifont dependency -* 43196abc also fix crossgcc on cros/fhd coreboot trees -* f0631908 cros devices: use a common coreboot tree -* 24a866ba remove kfsn4-dre, kcma-d8 and kgpe-d16 -* f5b4eb3f update gitignore -* 60793c55 fix gnat build issue on coreboot repositories -* 6114c349 add innoextract to federa dependency script -* 5ec5d0ea ditto others -* 551e845e ditto debian script -* f896bb84 remove stupid flags from arch dependency script -* 5a01e98d build/dependencies/*: remove python2 -* 6c12afa9 util/nvmutil: more human-friendly exit messages -* 50174563 fix part 1 checksum in t440p gbe.bin -* a7b8d0cf update .gitignore -* b3b3642f assimilate nvmutil -* 8740404e make background splash screen purple -* 3f12ef85 bonerfix -* cf945dda blobs/inject: use nvmutil, not nvmutils -* 2589d367 update the README -* 7af99534 (tag: psdg) pragmatic system distribution guideline compliance -* b5c25efe Merge branch 'u-boot-chromebooks' of alpernebbi/lbmk into master -|\ -| * 61ac6c3f u-boot: Add peach pi chromebook configs -| * f848eb81 coreboot: Add peach pit chromebook configs -| * e08e3da2 u-boot: Add peach pit chromebook configs -| * 8584fcc1 coreboot: Add spring chromebook configs -| * f9f5d5fc u-boot: Add spring chromebook configs -| * 2dcb7cab coreboot: Add snow chromebook configs -| * be8bebaa u-boot: Add snow chromebook configs -| * c97f8e5c coreboot: Add nyan blaze chromebook configs -| * 330f985d u-boot: Add nyan blaze chromebook configs -| * ddc695a2 coreboot: Add nyan big chromebook configs -| * 0d696ee3 u-boot: Add nyan big chromebook configs -| * 2e0f13d9 coreboot: Add veyron mickey chromebit configs -| * 330c62ae u-boot: Add veyron mickey chromebit configs -| * f84209ce coreboot: Add veyron jerry chromebook configs -| * fc7794a1 u-boot: Add veyron jerry chromebook configs -| * bbba94ed coreboot: Add veyron minnie chromebook configs -| * bc47f8cc u-boot: Add veyron minnie chromebook configs -| * 2ed1111d coreboot: Add veyron speedy chromebook configs -| * fa553566 u-boot: Add veyron speedy chromebook configs -| * 0ae23980 coreboot: Add bob chromebook configs -| * ff39bba2 u-boot: Add bob chromebook configs -| * af46cbff coreboot: Add kevin chromebook configs -| * 38655635 u-boot: Add kevin chromebook configs -| * 6d6bd5ee build/roms: Rebuild cbutils module before starting coreboot build -| * 61ede998 build/roms: Support using U-Boot as a coreboot payload -| * a69855f7 build/roms: Build 32-bit crossgcc for AArch64 as well -| * 769f18f2 build/roms: Fix building for ARMv7 and AArch64 boards -| * 9bfbdb59 scripts: Add helpers to modify and update U-Boot configs -| * 1dc05e40 build/payload: Add helper script to build U-Boot as payload -| * cf295741 download: Use shallow clones for big projects -| * ef39e05b download: Allow keeping .git dirs with NODELETE=git -| * 764a439a u-boot-libre: Add support for deblobbing U-Boot v2022.07 -| * 270272eb download/u-boot: Remove .git folders as well -| * 820b8e70 download/u-boot: Support running extra commands from board dirs -| * eae6b35d download/u-boot: Support applying patches from board dirs -| * 454364cc download/u-boot: Try to update submodules as in coreboot script -| * 0aeb69b5 download/u-boot: Use GitHub mirror as fallback -| * 7b552bd2 download/u-boot: Support reading tree and revision from board.cfg -| * 8dd1a245 download/u-boot: Prepare files per board instead of per revision -| * d8da9b51 .gitignore: Ignore u-boot directory -| * 22b1db69 u-boot-libre: Set tar mtime to SOURCE_DATE_EPOCH or @0 -| * 01f61263 u-boot-libre: Fix releasing blob list as deblob script -| * 89a4c2c6 u-boot-libre: remove nonfree firmware in drivers/dma/MCD_tasks.c -| * f679fbd3 u-boot-libre: Fix reproducability issue due to timezone -``` - -osbmk Git changes -------------- - -It's important to show the osboot changes aswell. Osboot only became part of -Libreboot last month, but the "reboot" of the osboot project happened around -the start of 2022, when it was put back in sync with Libreboot at the time, -so changes from then to now will be showed. The *last* change in osboot as -shown below is the revision that got merged with lbmk: - -To be more clear: on 19 December 2021, osboot got nuked and re-forked from -scratch, relative to Libreboot, so the earliest revisions in the log below -are Libreboot from that time (forked from lbmk -revision `c3a66c32750fa4a9a90ddb6383b09fdfb6ff77f5`), so this is actually -a full list of all osboot-related changes that became part of Libreboot -in the osboot/libreboot merge last month: - -(some of them are identical changes to lbmk, because efforts *were* made at -the time to keep osboot/libreboot in sync, before it was decided that they -would simply merge) - -``` -* c8c030b (HEAD -> master, origin/master, origin/HEAD) fork lbmk 61ac6c3f0b26deadc2fb8355a8dd0d25b29baacd -* eef6b71 clean up the download script -* 1d2f9e8 Merge branch 'finetune' of shmalebx9/osbmk into master -|\ -| * bd4f1b4 added fine-tuned control for building roms -* | 55e5d92 Merge branch 'gitframework' of shmalebx9/osbmk into master -|\ \ -| * | a6e5c87 added internal git package management -* | | 4b424a8 Merge branch 'master' of anjan/osbmk into master -|\ \ \ -| * | | 7a444dc debian dependencies: add python-is-python3 -| |/ / -* | | 7728a98 lenovo/w541: new board added -* | | d05ab33 re-do x220 configs -* | | ad68c8c add lenovo/t520 -* | | 7979263 add lenovo/t420s -* | | 3e20a41 build/roms: remove unnecessary bloat -* | | a18e962 build/roms: fix missing cbfstool bug -* | | 74ef993 re-do x230 fhd configs -* | | b1b481d fix build issues with x230 fhd -* | | 3472940 actually add the x230 fhd patch -* | | 3106501 script/blobs: check to download *default* coreboot -* | | 81b4ff7 Re-add X230 FHD patches -| |/ -|/| -* | 83c230b add t440p config with 4mb cbfs -|/ -* 31fbee4 make only the logo darker, in grub backgrounds -* 5e2da8f update build/release/src based on osbmk changes -* 00707ea say the name osboot, in the grub menu -* 56bb8a8 add bootsplash with new logo -* 675db3d Merge branch 'dev' of shmalebx9/osbmk into master -|\ -| * 2098cfa initialize git if it isn't already -| * d4690d0 updated gitignore for new dependencies and blobs -* | e43a28c Merge branch 'dev' of shmalebx9/osbmk into master -|\| -| * 5139ad4 added myself as a license holder to changes in last commit -| * 327a39e added workaround for git credentials -|/ -* b079a19 patch me_cleaner to specifically use python3 -* 5cc10a7 specifically call python3, in scripts -* 91b6542 fixed b0rked descriptor -* ca8d824 added myself as a license holder to various scripts -* aaeba81 removed obselete entries from blob sources -* 2a11133 hardcoded paths to redistributable blobs -* 4e2bd46 updated blobutil scripts to deal with hardcoded paths -* 4ca4801 Perform the silentoldconfig step of seabios before full make -* 1c921b5 new board: lenovo/x230t_16mb -* 335f95c add missing board.cfg for x230_16mb -* c4a705e set regions read-write on xx30/ifd.bin -* cafb408 Merge branch 'dev' of shmalebx9/osbmk into master -|\ -| * 7c7d96e Download script can tell whether to pull 16mb ifd -| * 999331d added x230_16mb -* | c437778 x230/x220: don't set CONFIG_HAVE_EM100_SUPPORT=y -* | dfeb26c fix txtmode configs: me/ifd/gbe insertion not enabled -|/ -* 6390a90 nuke boards/x230_truncated_16mb for now -* 174f6c2 disable CONFIG_HAVE_EM100_SUPPORT on boards -* 8b698a4 new board: lenovo/x230t -* ac790ee update nvmutils -* 79e94d7 Merge branch 'dev' of shmalebx9/osbmk into master -|\ -| * 55d44bc added licenses just in case -|/ -* 3171b91 Merge branch 'dev' of shmalebx9/osbmk into master -|\ -| * cba24e8 fix txtmode config for t440p -| * 55d6503 changed build system for new blobutil -| * 1462a3c move all blobs scripts to one directory -* | 84a9d53 update flashprog -* | cda2d70 reset nvmutils to known good revision -* | 65b62c0 exit if can't download nvmutils -* | 12c9fd2 coreboot: set me_state=Disabled on all boards -* | 7ef3b88 Merge branch 'dev' of shmalebx9/osbmk into master -|\| -| * d78c65e added t440p blobs -* | 8e7b3c3 Merge branch 'dev' of shmalebx9/osbmk into master -|\| -| * bc91ff2 fixed breaking bug in blobs downloader -|/ -* 95ae701 enable CONFIG_PCIEXP_HOTPLUG on all boards that support it -* 75a9f00 Merge branch 'dev' of shmalebx9/osbmk into master -|\ -| * ae0b95a added t420 -* | 8971e0d Merge branch 'dev' of shmalebx9/osbmk into master -|\| -| * b3081fc better error handling -| * e59a546 updated blob injector to give option to change mac -| * 563d0de made blob downloader save blobs under board_short no matter what -|/ -* 5d5746f Merge branch 'dev' of shmalebx9/osbmk into master -|\ -| * 68533c6 removed hardcoded tmp files -| * 7fc071b added blob injector for binary releases -| * 3457579 added release infrastructure -|/ -* 71f6936 Merge branch 'master' of shmalebx9/osbmk into master -|\ -| * 938bd04 switch x230 config back to 12mb cbfs size -| * b69d4fa Added dependencies for automatic blob extraction -| * 0829f5b added x220 support -| * 1f4e6d7 added ifd and gbe for xx20 and xx30 boards -| * b933bff Added the scripts for automatically downloading blobs -|/ -* 489f2ee memtest86+: fix build error (patch from Félicien Pillot) -* 240779a lenovo/x230: fix build -* f6cffa0 Merge branch 'master' of shmalebx9/osbmk into master -|\ -| * fa8e5fa switched back to the old way of downloading the mrc -| * 831d8f3 added t440p rom as an example of a rom needing the mrc -| * cf479fd added a simpler version of the old mrc download script. This one just uses the default coreboot way of extracting it using the included script, so it will always be up to date -| * 7fdfb07 added ability to detect if the board needs the mrc and download it -| * b8bd895 added mrc download script from old osbmk but changed to agnostic shebang -| * d80bcfb added x230 coreboot config as an example of a config using the blobs extracted with the extraction script -| * d40b01c add script to extract blobs from the vendor rom image for ivy bridge lenovo boards. Could possible work/be extended for other mainboards -| * c3dfcf4 re-add me_cleaner and change to agnostic shebang -* | f70c5cc lenovo/x230: set me_state=Disabled in cmos.default -* | 9b4afd1 x230_12mb: set cbfs back to 7mb. i will add special truncated configs instead -* | d39da96 rename x230_16 to x230_truncate_16mb -|/ -* baf4fd4 Revert "lenovo/x230: set me_state=Disable in cmos.default" -* 4828eb0 new cfg: lenovo/x230_16mb: 16MB-128KB CBFS size for truncated ME -* 1334dd5 lenovo/x230: set config 12MB-128KB cbfs size for truncated ME -* ecb98cc lenovo/x230: set me_state=Disable in cmos.default -* 3a5d399 1MB coreboot config: don't enable grub_withseabios -* 19d2cda optimize grub modules: pre-load ones that will likely be used -* d7e5a08 build/boot/roms: fix wrong variable name -* 81330c6 coreboot/*: set grub_scan_disk to ahci on most boards -* 99f58d8 apple/macbook21: set grub_scan_disk to ahci -* 17830a4 build/boot/roms: substitute grub_scan_disk according to board.cfg -* f222519 grub.cfg: skip ata/ahci according to grub_scan_disk -* defe338 grub.cfg: clean up messages, be less verbose -* 1fa0e53 grub.cfg: add isolinux menuentry for ata* (replace broken cd/dvd menuentry) -* e33645a grub.cfg: delete option to boot from CD/DVD -* b370cd1 grub.cfg: clean up comments -* 81f3755 grub.cfg: don't use */? wildcards. they slow down the boot -* 6a315b6 grub.cfg: optimize search_isolinux -* ccc7aed remove entry in .gitignore from the last commit -* f84d09b Fix grub's slow boot -* 6ffbcee rename README to README.md -* 47155b3 lenovo/x230: re-add support from coreboot -* 82f381b do full coreboot checkout. enable microcode updates. don't delete blobs -* 6afa56e rename project back to osboot and delete grub background -* 8614ee7 assimilate lbmk c3a66c32750fa4a9a90ddb6383b09fdfb6ff77f5 -``` - -Known issues -============ - -Intel ME firmware missing in ROMs that need it ----------------------------------------------- +### Intel ME firmware missing in ROMs that need it If you compile ROM images with lbmk directly, the build system automatically fetches ME images from the internet and neuters @@ -454,14 +105,12 @@ e.g. X220, T420, X230, T430, T440p. On *older* Intel platforms such as GM45+ICH9M (X200, T400, etc) the Intel ME image isn't needed and Libreboot ships with ME-disabled configuration. -MRC image missing in Haswell ROMs ---------------------------------- +### MRC image missing in Haswell ROMs Ditto ME images. To re-insert, follow the [guide](../docs/install/ivy_has_common.md). -Internal flashing on 16MB X230 images -------------------------------------- +### Internal flashing on 16MB X230 images The X230 has two ways of upgrading the default 12MB (8MB and 4MB chips) flash to 16MB: remove a bunch of resistors and capacitors on the board @@ -481,8 +130,7 @@ So, 16MB images on X230 are experimental. When these ROM images are built, the required IFD modification is already done in Libreboot's IFD for this setup. -S3 suspend/resume on Haswell (T440p/W541) ------------------------------------------ +### S3 suspend/resume on Haswell (T440p/W541) Totally broken. The suspected cause is component2density setting in IFD being wrong: ifdtool reports it as being too big for what's actually @@ -500,43 +148,7 @@ When X230 16MB was experimented with, Haswell was also looked at, and what seemed to be the same component density bits were set, also resulting in a brick (it's why only 12MB images are available for haswell in libreboot). -Chromebook boards mostly untested ---------------------------------- +### Chromebook boards mostly untested Alper has tested the `gru_kevin` ROM images produced by lbmk, but the other images are untested as of this day. - -Planned future work -=================== - -In general, you should also check the issue tracker to find other notes. -There is always more work to do, to improve Libreboot. - -Linux distro in flash ---------------------- - -STILL ON TODO SINCE LAST RELEASE. - -This is another project that has been on hold for a while. The issue -has been that I need a decent userland project. I've looked at many -different userlands and recently (as of late June) decided to make -my own. I want a BusyBox-like solution, but based on code from OpenBSD, -ported to run under Linux with musl libc. - -I want this distro to provide a kexec bootloader in flash, similar to Heads, -and I also want it to use apk-tools, pointing at Alpine Linux repositories -so as to allow any number of packages to be downloaded. It could also provide -lots of utils in general, to be a live *rescue system* of sorts. Linux system -in flash, that can bootstrap other systems. - -Re-factor and optimize GRUB ---------------------------- - -STILL ON TODO SINCE LAST RELEASE. - -GRUB is full of unused bloat that almost nobody uses, yet is in the current -Libreboot builds. It's been on TODO for some time, but work has not yet -begun on this project. My efforts are currently focused on the Linux distro. - -What I want is a fork of GRUB, optimized to run on bare metal as a coreboot -payload, on x86 and ARM platforms. diff --git a/site/news/libreboot20221214.md.description b/site/news/libreboot20221214.md.description new file mode 100644 index 0000000..996e778 --- /dev/null +++ b/site/news/libreboot20221214.md.description @@ -0,0 +1 @@ +Libreboot 20221214 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20230319.md b/site/news/libreboot20230319.md index 20ca122..1df682a 100644 --- a/site/news/libreboot20230319.md +++ b/site/news/libreboot20230319.md @@ -7,11 +7,13 @@ See: [Libreboot 20230413 release announcement of 13 April 2023](libreboot20230413.md) - the `t440pmrc_12mb` and `w541mrc_12mb` images have been re-added, in the new release.** -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** -Introduction -============ +Free your BIOS today! +-------------------- Libreboot provides boot firmware for supported x86/ARM machines, starting a bootloader that then loads your operating system. It replaces proprietary @@ -33,20 +35,18 @@ been provided pre-compiled; specifically, `daisy` and `veyron` chromebook boards are not available pre-compiled, but the other boards are. A few new boards have been added, in addition to several fixes and feature additions. -Build from source ------------------ +### Build from source *This* release was build-tested on Debian *Sid*, as of 18 March 2023. Your mileage may vary, with other distros. Refer to Libreboot documentation. Work done since last release -============================ +-------------------------- For more detailed change logs, look at the Git repository. This is a summary of changes. -Brief overview of changes ------------------ +### Brief overview of changes I've been very busy these last couple months, so there have been less changes in Libreboot lately. I'm expecting to have a lot more time throughout the @@ -58,7 +58,7 @@ The changes can be summarised, thus: * **LIBRE** raminit code now available, on Haswell boards (ThinkPad T440p and ThinkPad W541). This is using patches from Angel Pons (hell on coreboot IRC), that are currently still in review on coreboot master. The *old* configs - that use `mrc.bin` for raminit are still available aswell, so this release + that use `mrc.bin` for raminit are still available as well, so this release contains ROMs with libre raminit *and* ROMs with vendor raminit. The reasons are explained below. * **FIXED S3 suspend/resume on Haswell (T440p/W541)** - but only on configs @@ -104,8 +104,7 @@ Pre-compiled ROM images will for the `t440pmrc_12mb` and `w541mrc_12mb` targets will be available in the next release; the `t440p_12mb` and `w541_12mb` images are still available in this release, pre-compiled. -REMARK: libre raminit on Haswell --------------------------------- +### REMARK: libre raminit on Haswell Upon testing, I've discovered that the libre code has the following problems: @@ -133,10 +132,9 @@ The libre raminit comes from this patchset: The MRC vendor file (and Angel's replacement code) don't just do raminit, they -handle a few other init tasks aswell, including USB host controller. +handle a few other init tasks as well, including USB host controller. -New boards, x86 ----------- +### New boards, x86 * Lenovo ThinkPad W530 * Lenovo ThinkPad T530 @@ -152,12 +150,6 @@ add for the next release: ^ I would have put these in today's release, but didn't have time, and wanted to get this release done today. -Removed boards --------------- - -* asus p2b\_ls/p3b\_f - they didn't boot properly in pcbox, and the real - hardware is basically useless / impossible to find - lbmk Git changes ------------ @@ -242,90 +234,4 @@ follows: * 00187811 - util/nvmutil: exit non-zero if close() fails (3 months ago) ``` -Major works planned -=================== -In general, you should also check the issue tracker to find other notes. -There is always more work to do, to improve Libreboot. - -Linux distro in flash ---------------------- - -STILL ON TODO SINCE LAST RELEASE. - -This is another project that has been on hold for a while. The issue -has been that I need a decent userland project. I've looked at many -different userlands and since late June in 2022, decided to make -my own. I want a BusyBox-like solution, but based on code from OpenBSD, -ported to run under Linux with musl libc. - -I want this distro to provide a kexec bootloader in flash, similar to Heads, -and I also want it to use apk-tools, pointing at Alpine Linux repositories -so as to allow any number of packages to be downloaded. It could also provide -lots of utils in general, to be a live *rescue system* of sorts. Linux system -in flash, that can bootstrap other systems. - -About a week before this release, I actually started on the project for real, -after having many false starts. I've forked a project called `lobase` which -already ports OpenBSD's userland utilities *to glibc* under Linux, and it's -as of today about 5 years outdated based on OpenBSD 6.3. - -I've ported these utilities directly from OpenBSD 7.2, in my local fork of -lobase, superimposing the new code on top of the old and adapting according -to musl libc (lobase is full of hacks for glibc that I don't need): - -`mail`, `cat`, `ls`, `head`, `rcs`, `hexdump`, `whois` and `time` - -I've been working on this in a dedicated Alpine Linux virtual machine, -currently on release 3.17 of Alpine Linux. Alpine is an ideal test distro for -such development, because it already uses musl libc and has *libressl* -available in aports. - -I don't have enough to release yet, but when I have a release ready, I will -upload it to a Git repository. When the userland port is fully complete, -I shall then base off of Alpine Linux abuild+aports build system -infrastructure to provide small base images. It will be similar to the Heads -project, but built separately and not specifically targeted at Libreboot, -but in general to any coreboot setup, on supported hardware. It won't be a -general purpose distro, but I would at that point submit my userland port to -Alpine, proposing it as a replacement of their busybox package in base. - -Unlike Heads, I don't plan yet to make this a direct coreboot payload. -Instead, it'll be a standalone image loaded into CBFS, and chainloaded via -the GRUB or SeaBIOS payloads, which are both capable of executing ELF binaries -from the flash. - -Lobase, which my development is forked from, can be found here (archived): - - -I've been re-using lobase's build system, adapting newer code from OpenBSD. -It's a lot of work, but I'm hopeful I can have this ready before the next -Libreboot release. - -Re-factor and optimize GRUB ---------------------------- - -STILL ON TODO SINCE LAST RELEASE. - -GRUB is full of unused bloat that almost nobody uses, yet is in the current -Libreboot builds. It's been on TODO for some time, but work has not yet -begun on this project. My efforts are currently focused on the Linux distro. - -What I want is a fork of GRUB, optimized to run on bare metal as a coreboot -payload, on x86 and ARM platforms. - -I have an update since the last release. Paul Menzel of coreboot *has* made -GRUB modules more configurable, making it possible to reduce the size of the -payload. His patch is not yet used in Libreboot (not in this release, anyway), -but the patch in GRUB is: - -``` -commit 6c5ee45548fcb65d7921c9fca5867b256f9a48ad -Author: Paul Menzel -Date: Thu Mar 7 12:16:06 2019 +0100 - Makefile: Allow to set file systems modules for default_payload.elf -``` - -I'm going to play around with this when I get the time. Even with this -modification, GRUB is still full of code that Libreboot will never use. -A *GRUB Valhalla Rampage* is still in order! diff --git a/site/news/libreboot20230319.md.description b/site/news/libreboot20230319.md.description new file mode 100644 index 0000000..39e9e38 --- /dev/null +++ b/site/news/libreboot20230319.md.description @@ -0,0 +1 @@ +Libreboot 20230319 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20230413.md b/site/news/libreboot20230413.md index 657bf91..cf8839b 100644 --- a/site/news/libreboot20230413.md +++ b/site/news/libreboot20230413.md @@ -2,11 +2,13 @@ % Leah Rowe % 13 April 2023 -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** Introduction -============ +------------ Libreboot provides boot firmware for supported x86/ARM machines, starting a bootloader that then loads your operating system. It replaces proprietary @@ -31,16 +33,14 @@ The priority of this release has been build system fixes/improvements. For the time being, no more code changes will be made unless needed, in coreboot, for existing supported hardware; the focus is going to be on adding *more* boards to Libreboot, to support more hardware. I've been on a spree, buying lots of -mainboards that coreboot supports, that would be interesting in Libreboot. +motherboards that coreboot supports, that would be interesting in Libreboot. -Build from source ------------------ +### Build from source *This* release was build-tested on Debian *Sid*, as of 13 April 2023. Your mileage may vary, with other distros. Refer to Libreboot documentation. -KCMA-D8 and KGPE-D16 wanted! ----------------------------- +### KCMA-D8 and KGPE-D16 wanted! [ASUS KGPE-D16 and KCMA-D8 needed for testing!](kgpe-d16.md) @@ -50,13 +50,12 @@ with one (or both) of these, I would appreciate it. Please [get in touch](../contact.md)! Work done since last release -============================ +---------------------------- For more detailed change logs, look at the Git repository. This is a summary of changes. -Summary of changes: -------------------- +### Summary of changes: Zero code changes within coreboot on any boards, but the build system went through a mild overhaul: @@ -78,8 +77,7 @@ through a mild overhaul: images need `mrc.bin` for raminit. More info about this is in the previous release. -MRC W541/T440p ROM images re-added ----------------------------------- +### MRC W541/T440p ROM images re-added As alluded to and applied by the above text, T440p/W541 thinkpad images that use `mrc.bin` have been re-added. Libreboot supports experimental raminit on @@ -89,8 +87,7 @@ that use it, so that users can choose which one they want. More information this is available, in the *previous* [Libreboot 20230319 release announcement](libreboot20230319.md). -Detailed descriptions of changes --------------------------------- +### Detailed descriptions of changes Changelog: @@ -98,7 +95,7 @@ Changelog: ROM image archives in releases now contain lists of SHA1 hashes, matching what each file should be when running `blobutil/inject` * `blobutil/inject`: It is now possible to insert MRC and neutered ME images, - where required on specific mainboards, into *all* ROM images of a given + where required on specific motherboards, into *all* ROM images of a given tar archive, in addition to single ROM images. The patch for this is courtesy of Caleb La Grange (`shmalebx9` on libreboot IRC) * Removed daisy/peach chromebooks: The machines are believed to boot properly, @@ -137,19 +134,18 @@ Changelog: the script easier to read/work on. * `blobutil/inject`: use correct offset for insertion of `mrc.bin` (Haswell platform, e.g. ThinkPad T440p) - as written above. -* Removed mainboard: `d945gclf` - known to be problematic at boot. I have one, +* Removed motherboard: `d945gclf` - known to be problematic at boot. I have one, and I'm going to test it for re-entry in a future release. * Added missing dependency in Arch Linux dependencies installation script, patch courtesy of Andreas Hartmann. Hardware supported in this release -================================== +---------------------------------- All of the following are believed to *boot*, but if you have any issues, please contact the Libreboot project. They are: -Desktops (AMD, Intel, x86) ------------------------ +### Desktops (AMD, Intel, x86) - [Gigabyte GA-G41M-ES2L motherboard](../docs/install/ga-g41m-es2l.md) - [Acer G43T-AM3](../docs/install/acer_g43t-am3.md) @@ -188,7 +184,7 @@ Desktops (AMD, Intel, x86) - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) Downloads -========= +--------- You can find this release on the downloads page. At the time of this announcement, some of the rsync mirrors may not have it yet, so please check diff --git a/site/news/libreboot20230413.md.description b/site/news/libreboot20230413.md.description new file mode 100644 index 0000000..740e099 --- /dev/null +++ b/site/news/libreboot20230413.md.description @@ -0,0 +1 @@ +Libreboot 20230413 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20230423.md b/site/news/libreboot20230423.md index 51229e7..83fc8ae 100644 --- a/site/news/libreboot20230423.md +++ b/site/news/libreboot20230423.md @@ -2,11 +2,13 @@ % Leah Rowe % 23 April 2023 -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** -Introduction -============ +Free software BIOS/UEFI +--------------------- Libreboot provides boot firmware for supported x86/ARM machines, starting a bootloader that then loads your operating system. It replaces proprietary @@ -24,7 +26,7 @@ in 2023. *This* new release, Libreboot 20230423, is released today on April 23rd, 2023. This is marked as a *testing* release, though it is *basically stable*. -We've been going at it like crazy, on a big spree adding more mainboards from +We've been going at it like crazy, on a big spree adding more motherboards from coreboot. Some fixes to the build system were also made, since the last release only *10 days ago*. @@ -32,14 +34,12 @@ The *priority* for Libreboot is to add as many new boards as possible, from now to the next stable release (ETA Q3 2023), with many testing releases in between. Release early, release often. Rigorious testing ensues. -Build from source ------------------ +### Build from source *This* release was build-tested on Debian *Sid*, as of 23 April 2023. Your mileage may vary, with other distros. Refer to Libreboot documentation. -KCMA-D8 and KGPE-D16 wanted! ----------------------------- +### KCMA-D8 and KGPE-D16 wanted! [ASUS KGPE-D16 and KCMA-D8 needed for testing!](kgpe-d16.md) @@ -49,15 +49,14 @@ with one (or both) of these, I would appreciate it. Please [get in touch](../contact.md)! Work done since last release -============================ +-------------------------- This is in the last *10 days*, since the previous release was 10 days ago! Ergo, this is a very conservative changelog. It seems Libreboot has been releasing almost fortnightly, as of late; perhaps this could continue from now on. -New mainboards now supported: ------------------------------ +### New motherboards now supported: * **Dell Latitude E6400 (laptop)** (GM45, blob-free, flashable entirely in software, no disassembly required!) - courtesy Nicholas Chin, `nic3-14159` on @@ -69,8 +68,7 @@ New mainboards now supported: * HP EliteBook 2560p (laptop), courtesy Riku Viitanen (*seriously* cool guy) - Sandybridge hardware gen -Build system changes: ---------------------- +### Build system changes: * **GM45 no-microcode bug mitigations re-added: revert to old SMRR handling and disable PECI (for e.g. X200/T400 users who want to [remove microcode @@ -113,13 +111,12 @@ Build system changes: Leah Rowe. Hardware supported in this release -================================== +--------------------------------- All of the following are believed to *boot*, but if you have any issues, please contact the Libreboot project. They are: -Desktops (AMD, Intel, x86) ------------------------ +### Desktops (AMD, Intel, x86) - [Gigabyte GA-G41M-ES2L motherboard](../docs/install/ga-g41m-es2l.md) - [Acer G43T-AM3](../docs/install/acer_g43t-am3.md) @@ -163,9 +160,9 @@ Desktops (AMD, Intel, x86) - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) More boards soon! -================= +--------------- -I've purchased about ~10 HP mainboards, all of the viable sandybridge, +I've purchased about ~10 HP motherboards, all of the viable sandybridge, ivybridge and haswell ones from coreboot. I'm going to add them all. I also have Dell Optiplex 7020 and 9020; these are on coreboot gerrit and @@ -177,7 +174,7 @@ available on ThinkPad T440p and W541 as an option in Libreboot (including in this release!) Downloads -========= +------- You can find this release on the downloads page. At the time of this announcement, some of the rsync mirrors may not have it yet, so please check diff --git a/site/news/libreboot20230423.md.description b/site/news/libreboot20230423.md.description new file mode 100644 index 0000000..9176828 --- /dev/null +++ b/site/news/libreboot20230423.md.description @@ -0,0 +1 @@ +Libreboot 20230423 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20230625.md b/site/news/libreboot20230625.md index a0539a4..614f460 100644 --- a/site/news/libreboot20230625.md +++ b/site/news/libreboot20230625.md @@ -2,11 +2,13 @@ % Leah Rowe % 25 June 2023 -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** -Introduction -============ +Free software BIOS/UEFI +------------------------ Libreboot provides boot firmware for supported x86/ARM machines, starting a bootloader that then loads your operating system. It replaces proprietary @@ -34,8 +36,7 @@ firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/) a new *stable* release of Libreboot. The previous stable release was Libreboot 20220710, released on 10 July 2022. -A note about the changelog --------------------------- +### A note about the changelog The changes listed here are relative to Libreboot *20230423*, *not* 20220710. Therefore, to get a full list of changes since 20220710 (the previous stable @@ -45,17 +46,15 @@ the [20221214](libreboot20221214.md), [20230319](libreboot20230319.md), announcements before reading the *20230625* change log, in order to get a complete picture. -Build from source ------------------ +### Build from source *This* release was build-tested on Debian *Sid*, as of 25 June 2023. Your mileage may vary, with other distros. Refer to Libreboot documentation. Work done since last release -============================ +---------------------------- -New mainboards now supported: ------------------------------ +### New motherboards now supported: These boards were added to Libreboot: @@ -71,24 +70,22 @@ thus hardware support is not greatly improved since the last release. Moving forward, the next Libreboot release will be a *testing* release and *will* focus on hardware support in addition to payloads (linux boot, UEFI etc). -No-microcode ROMs available ---------------------------- +### No-microcode ROMs available Since Libreboot 20221214 and up, CPU microcode is -included by default on all applicable x86 mainboards. However, +included by default on all applicable x86 motherboards. However, Libreboot provided (and still provides) documentation for how to manually remove it. Such removal is still possible, but *this* release now provides -two sets of ROM images for each x86 mainboard: one set of ROMs +two sets of ROM images for each x86 motherboard: one set of ROMs will *contain* CPU microcode, and another set *excludes* them. For more context, see [Binary Blob Reduction Policy](policy.md) and [Freedom Status](../freedom-status.md). An earlier article was written about this, [here](microcode.md) -Massive build system audit --------------------------- +### Massive build system audit The full change log below will list all build system changes, but may not provide the overall picture, so to be clear: the @@ -99,8 +96,7 @@ based on the OpenBSD coding style) and many bugs are fixed. An earlier article was written about this, [here](audit.md) -Full list of build system changes --------------------- +### Full list of build system changes Certain build system changes will not be listed here in detail, if they pertain to general code style cleanup/re-factoring, as already alluded to @@ -122,7 +118,7 @@ Newest changes first, oldest changes last: * `u-boot`: Increase EFI variable buffer size. This fixes an error where Debian's signed shim allocates too many EFI variables to fit in the space provided, breaking the boot process in Debian. Patch courtesy Alper Nebi Yasak -* Re-added Gigabyte GA-G41M-ES2L mainboard. It actually does boot, but we have +* Re-added Gigabyte GA-G41M-ES2L motherboard. It actually does boot, but we have always known that raminit is quite experimental on this board. You just have to cycle through RAM until you find modules that work. * `nyan` chromebooks: Removed for now (not yet stable) - this release only @@ -141,8 +137,8 @@ Newest changes first, oldest changes last: ROMs that include microcode by default. This change is also alluded to in the sections above. * `blobutil/download`: Cache downloads based on checksum, to avoid needlessly - re-downloading files per mainboard. This is useful when compiling multiple - ROM images, for multiple mainboards. Patch courtesy Riku Viitanen. + re-downloading files per motherboard. This is useful when compiling multiple + ROM images, for multiple motherboards. Patch courtesy Riku Viitanen. * Dell Latitude E6400 (board): Fix SD cards (SD cards now work fine). Patch courtesy Nicholas Chin. * `util/nvmutil`: Vastly more efficient code (part of the audit, referenced in @@ -185,14 +181,14 @@ Newest changes first, oldest changes last: namely `-d`, which can be passed to the program. The code for debug is now present in any build. Usage: `spkmodem-recv -d` * New util: `util/spkmodem_recv` - imported from coreboot, which in turn forked - it originally from GNU GRUB. This is a receiving client for *spkmodem*, a type + it originally from GRUB. This is a receiving client for *spkmodem*, a type of serial console provided via pulses over PC speaker. Libreboot's version greatly improves the error handling, and it has been re-factored for OpenBSD - coding style, to replace the (very horrible) GNU coding style. + coding style, to replace the (very horrible, very messy) GNU coding style. It is also [pledged](https://man.openbsd.org/pledge.2) in Libreboot's version. For reference, - [here](https://git.savannah.gnu.org/cgit/grub.git/plain/util/spkmodem-recv.c?id=822b726b33b8dc07dd01b257a2dfcc7b07d12e2f) - is the GNU version, and + https://git.savannah.gnu.org/cgit/grub.git/plain/util/spkmodem-recv.c?id=822b726b33b8dc07dd01b257a2dfcc7b07d12e2f + is the GRUB version, and [here](https://raw.githubusercontent.com/coreboot/coreboot/8febc91b3041a1d027bf0d36d30ccb119496524f/util/spkmodem_recv/spkmodem-recv.c) is coreboot's version of it. And now to blow your mind, [here](https://browse.libreboot.org/lbmk.git/tree/util/spkmodem_recv/spkmodem-recv.c?id=b508245451b71b3443fa3202f3863a6de731e9c8) is the Libreboot version present in release 20230625. A very much GNU program, @@ -203,8 +199,8 @@ Newest changes first, oldest changes last: an `extra.sh` script, but it can be used to extend the default functionality of lbmk where lots of custom logic is needed for a given board. For example, if you needed to apply lots of patches from gerrit in a specific order, in a - way that could not be generalised for other mainboards where it's really - only applicable to that mainboard, you might use `extra.sh`. This was briefly + way that could not be generalised for other motherboards where it's really + only applicable to that motherboard, you might use `extra.sh`. This was briefly used in the erstwhile osboot project, on a few boards. * download/coreboot: Use the `gitclone` script for actually cloning coreboot, while still using the main script for handling trees/revisions and such. @@ -217,7 +213,7 @@ Newest changes first, oldest changes last: * gitclone (script): Check whether a given patch exists before applying. Works around a quirk in most shells where `*` will error out if no files exist. * download/grub (script): If downloading `gnulib` fails, scrap the *grub* - download aswell, and exit with non-zero status (fail). This is done because + download as well, and exit with non-zero status (fail). This is done because gnulib is a dependency of GRUB. * blobutil/inject (script): When inserting `gbe.bin`, check that the file actually exists, and exit with non-zero status (fail) otherwise. @@ -262,13 +258,12 @@ Newest changes first, oldest changes last: the 20230423 release) Hardware supported in this release -================================== +---------------------------------- All of the following are believed to *boot*, but if you have any issues, please contact the Libreboot project. They are: -Desktops (AMD, Intel, x86) ------------------------ +### Desktops (AMD, Intel, x86) - [Gigabyte GA-G41M-ES2L motherboard](../docs/install/ga-g41m-es2l.md) - [Acer G43T-AM3](../docs/install/acer_g43t-am3.md) @@ -311,14 +306,14 @@ Desktops (AMD, Intel, x86) - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) Downloads -========= +--------- You can find this release on the downloads page. At the time of this announcement, some of the rsync mirrors may not have it yet, so please check another one if your favourite one doesn't have it. Post-release errata -=================== +------------------- When building ROM images from the release archives, the following error is observed in some cases, depending on distro: diff --git a/site/news/libreboot20230625.md.description b/site/news/libreboot20230625.md.description new file mode 100644 index 0000000..f91d0a8 --- /dev/null +++ b/site/news/libreboot20230625.md.description @@ -0,0 +1 @@ +Libreboot 20230625 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20231021.md b/site/news/libreboot20231021.md index 25ee50a..8235e4c 100644 --- a/site/news/libreboot20231021.md +++ b/site/news/libreboot20231021.md @@ -2,11 +2,16 @@ % Leah Rowe % 21 October 2023 -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +A corresponding [Canoeboot 20231026](https://canoeboot.org/news/canoeboot20231026.html) +release is also available. -Introduction -============ +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +Free software BIOS/UEFI +------------------------ *This* new release, Libreboot 20231021, released today 21 October 2023, is a new *testing* release of Libreboot. The previous release was @@ -35,10 +40,9 @@ firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/) [supported](../docs/bsd/). Work done since last release -============================ +-------------------------- -New mainboards now supported: ------------------------------ +### New motherboards now supported: The *primary* focus of this release has been build system improvements, and new build system features. However, these boards were added to Libreboot: @@ -62,8 +66,7 @@ they compile properly on modern distros/toolchains. More info can be found in a previous news article: [ASUS KGPE-D16, KCMA-D8 and KFSN4-DRE re-added to Libreboot](fam15h.md) -GRUB LUKS2 now supported (with argon2 key derivation) ---------------------------------------------------- +### GRUB LUKS2 now supported (with argon2 key derivation) This was covered in a [previous article](argon2.md), which you should read. GRUB *2.12* is now the version that Librebooot uses, although it's currently in @@ -93,8 +96,7 @@ These libreboot patches added argon2 support: This means that you can now boot from encrypted `/boot` partitions. I'm very grateful to everyone who made this possible! -Simplified commands (build system) -------------------------- +### Simplified commands (build system) Simply put, lbmk (the Libreboot build system) is now *easier to use*; there are only *12* shell scripts in this release, versus 50 or so in the previous @@ -107,8 +109,7 @@ As always, you can find information about *using* the build system in the [Libreboot build instructions](../docs/build/) and in the [lbmk maintenance manual](../docs/maintain/). -TWO massive audits. 50% code size reduction in lbmk. --------------------------------------------- +### TWO massive audits. 50% code size reduction in lbmk. Libreboot's build system, lbmk, is written entirely in shell scripts. It is an automatic build system that downloads, patches, configures and compiles @@ -130,8 +131,7 @@ Their changes will also be listed here. The Libreboot build system (lbmk) has been completely re-designed, since the last release. It's the same fundamental design, but all of the commands have changed, and everything is much simpler. -Serprog firmware building (RP2040 and STM32) ------------------------------------ +### Serprog firmware building (RP2040 and STM32) In addition to coreboot firmware, the Libreboot build system (lbmk) can now build *serprog* firmware, specifically `pico-serprog` and `stm32-vserprog`, on @@ -145,8 +145,7 @@ Pre-compiled firmware images are available, for many of these devices, under the `roms/` directory in this Libreboot 20231021 release! Riku Viitanen is the one who added this capability to Libreboot. -Updated U-Boot revision (2023.10) ----------------------------- +### Updated U-Boot revision (2023.10) Alper Nebi Yasak submitted patches that update the U-Boot revision in Libreboot, on `gru_bob` and `gru_kevin` chromebooks. Additionally, the `cros` @@ -173,8 +172,7 @@ reading these diffs: Thank you, Alper! -Coreboot, GRUB, U-Boot and SeaBIOS revisions ------------------------------------- +### Coreboot, GRUB, U-Boot and SeaBIOS revisions In Libreboot 20231021 (*this release*): @@ -197,10 +195,9 @@ In Libreboot 20230625 (*previous release*): As you can see, all revisions are quite new in this release. Build system tweaks -=================== +----------------- -resources/ now config/ ----------------------- +### resources/ now config/ The `resources/scripts/` directory is now `script/`, and what was `resources/` now only contains configuration data plus code patches for various projects, @@ -217,7 +214,7 @@ Full list of changes (detail) -------------------- The changes are (not necessarily in order), but they do not necessarily cover -things like mainboards or extra features added; these are covered in sections +things like motherboards or extra features added; these are covered in sections above. This list is essentially a combination of the audit2 and audit3 change logs, combined: @@ -267,7 +264,7 @@ logs, combined: * All helper scripts are now under `include/`, and main scripts in `script/`, called by the main `build` script * Intel ME extraction is now provided in one function, instead of two, when - downloading vendor files per mainboard, before running it + downloading vendor files per motherboard, before running it through `me_cleaner` * Unified checking of the destination file, when downloading vendor updates. This results in more reliable checking of whether a vendor file has already @@ -303,14 +300,14 @@ logs, combined: * Don't use the `-B` option in make commands. * Where no-microcode ROM images are provided, ensure that the ROM hashes still match when running the vendor inject script. This is only useful on the - Dell Latitude E6400, which is otherwise blob-free but (in Libreboot) + Dell Latitude E6400, which is otherwise 100% free software but (in Libreboot) comes with or without microcode updates, and with or without the Nvidia VGA ROM (handled by vendor inject/download scripts) for dGPU variants. Verification previously failed, under certain conditions, when inserting that VGA ROM. * SECURITY: Use sha512sum (not sha1sum) when verifying certain downloads. This reduces the chance for collisions, during checksum verification. * Set GRUB timout to 5s by default, but allow override and set to 10s or 15s - on some mainboards. + on some motherboards. * Vendor scripts: don't use `/tmp` for ROM images when inserting vendor files. In case `/tmp` is a tmpfs and not much RAM is available, it is paramount that the user's file system is used instead, where there is likely greater capacity; @@ -346,7 +343,7 @@ logs, combined: * Don't support removal of microcode (during release time) on untested targets. Set `microcode_required="y"` on most boards, but leave it set to `"n"` on platfroms such as GM45 (ThinkPad X200/T400, Dell E6400, etc); anything that - can be blob-free, in other words. + can be entirely free software in the main boot flash, in other words. * Improved Dell Latitude E6400 support; the same image now provides iGPU and dGPU support, since it's SeaBIOS-only anyway, so a VGA ROM is inserted into the same ROM that also enables libgfxinit, enabling the Intel or Nvidia GPU @@ -554,7 +551,7 @@ logs, combined: * A lot of scripts have been removed entirely, and their logic not replaced; in many cases, Libreboot's build system contained logic that had gone unused for many years. -* More reliable configs now used on desktop mainboards: SeaBIOS-only for start, +* More reliable configs now used on desktop motherboards: SeaBIOS-only for start, but GRUB still available where feasible (in the SeaBIOS menu). This makes it more fool proof for a user who might use integrated graphics and then switch to a graphics card; the very same images will work. @@ -855,7 +852,7 @@ The log is as follows, relative to Libreboot 20230625: * d28ad6aa build/release/roms: use -T0 on serprog tarballs * 308c21dd build/boot/roms stragglers: properly handle errors * c16b28ef build/release/src: re-create symlinks, don't copy -* 32dcf9e5 coreboot/qemu_x86_12mb: re-add this mainboard +* 32dcf9e5 coreboot/qemu_x86_12mb: re-add this motherboard * 5aef8156 scripts: use printf, not echo, where appropriate * 76e12cd4 update/blobs printf statements: use double quotes * 84bf47b5 scripts: better handling of printf: stdout/stderr @@ -904,8 +901,8 @@ The log is as follows, relative to Libreboot 20230625: * da3c9bb3 merge config/ and resources/ * a0501050 blobs/download: don't handle ifd/gbe files * 03788d14 move ifd/gbe configs into config/ifd/ -* 6ddb0e09 run make oldconfig on coreboot/default mainboards -* 19efdf9e ich9m mainboards: use pre-assembled ifd/gbe files +* 6ddb0e09 run make oldconfig on coreboot/default motherboards +* 19efdf9e ich9m motherboards: use pre-assembled ifd/gbe files * af8d8cda add ich9m ifd/gbe files * d554efae build/release/src: copy e6430 ifd/gbe * 09aae7be build/rpi-pico-serprog: better error handling @@ -1050,7 +1047,7 @@ The log is as follows, relative to Libreboot 20230625: This is 445 changes in total, since Libreboot 20230625. Hardware supported in this release -================================== +-------------------------------------- All of the following are believed to *boot*, but if you have any issues, please contact the Libreboot project. They are: @@ -1060,8 +1057,7 @@ please contact the Libreboot project. They are: - [ASUS KFSN4-DRE motherboard](../docs/install/kfsn4-dre.md) - [ASUS KGPE-D16 motherboard](../docs/install/kgpe-d16.md) -Desktops (AMD, Intel, x86) ------------------------ +### Desktops (AMD, Intel, x86) - [Gigabyte GA-G41M-ES2L motherboard](../docs/install/ga-g41m-es2l.md) - [Acer G43T-AM3](../docs/install/acer_g43t-am3.md) @@ -1109,14 +1105,13 @@ Desktops (AMD, Intel, x86) - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) Downloads -========= +--------- You can find this release on the downloads page. At the time of this announcement, some of the rsync mirrors may not have it yet, so please check another one if your favourite one doesn't have it. -Post-release fix -================ +### Post-release fix There was a minor problem in the original Libreboot 20231021 release, namely: keymap configurations were not properly generated inside the ROM images, so @@ -1134,11 +1129,10 @@ because the main mirror that it downloads from was offline during the build, so the relevant acpica tarball was mirrored to Libreboot rsync at last minute. Post-release errata -=================== - -S3 suspend/resume ------------------ +### S3 suspend/resume + Broken on tested boards: i945, gm45, sandybridge and ivybridge (probably haswell too, but untested as I write this). @@ -1148,8 +1142,7 @@ be issued, along with several other fixes made in lbmk since this release. If you're using Libreboot 20231021, you should not try to put your machine to sleep. You should only turn it on or power it off (power cycle / coldboot). -Insertion of PIKE2008 ROMs, i945 bootblock copy ------------------------------------------------ +### Insertion of PIKE2008 ROMs, i945 bootblock copy Empty PIKE2008 ROMs not inserted in KCMA-D8 and KGPE-D16 ROMs. @@ -1181,8 +1174,7 @@ And without the bootblock copied on X60/T60 ROMs, flashing will result in a bric under these conditions: bucts not reset and ROM flashed successfully, and/or flashing the ROM from LenovoBIOS to Libreboot. -Fam15h microcode wrongly not detected as inserted -------------------------------------------------- +### Fam15h microcode wrongly not detected as inserted On those boards, `target.cfg` files specified `microcode_required="n"`, and the logic in the release script renames ROM images according to this rule: diff --git a/site/news/libreboot20231021.md.description b/site/news/libreboot20231021.md.description new file mode 100644 index 0000000..b6d8dbb --- /dev/null +++ b/site/news/libreboot20231021.md.description @@ -0,0 +1 @@ +Libreboot 20231021 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20231101.md b/site/news/libreboot20231101.md index e690ef3..2f8bb17 100644 --- a/site/news/libreboot20231101.md +++ b/site/news/libreboot20231101.md @@ -2,11 +2,16 @@ % Leah Rowe % 1 November 2023 -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +A corresponding [Canoeboot 20231101](https://canoeboot.org/news/canoeboot20231101.html) +release is also available. -Introduction -============ +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +Free Software Boot +------------------ *This* new release, Libreboot 20231101, released today 1 November 2023, is a new *testing* release of Libreboot. The previous release was @@ -35,10 +40,9 @@ firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/) [supported](../docs/bsd/). Work done since last release -============================ +---------------------------- -ThinkPad X201 support added ------------------------------ +### ThinkPad X201 support added **UPDATE: SUPPORT WAS REMOVED on 12 January 2024, because it was found that fans fail when using a neutered ME, on this platform - this bug only affects the @@ -46,8 +50,7 @@ older arrandales like X201, but newer platforms are not affected.** Intel D945GCLF was also re-added, in this release. -Coreboot, GRUB, U-Boot and SeaBIOS revisions ------------------------------------- +### Coreboot, GRUB, U-Boot and SeaBIOS revisions Libreboot 20231021 and 20231101 are both based on these revisions: @@ -63,7 +66,7 @@ of these, that fix certain bugs or improve certain functionalities. More information is available elsewhere in this page. Build system tweaks -=================== +------------------- These changes were made: @@ -160,7 +163,7 @@ time has passed since then. The focus of this Libreboot 20231101 release has been to fix bugs. Hardware supported in this release -================================== +---------------------------------- All of the following are believed to *boot*, but if you have any issues, please contact the Libreboot project. They are: @@ -170,8 +173,7 @@ please contact the Libreboot project. They are: - [ASUS KFSN4-DRE motherboard](../docs/install/kfsn4-dre.md) - [ASUS KGPE-D16 motherboard](../docs/install/kgpe-d16.md) -Desktops (AMD, Intel, x86) ------------------------ +### Desktops (AMD, Intel, x86) - [Gigabyte GA-G41M-ES2L motherboard](../docs/install/ga-g41m-es2l.md) - [Acer G43T-AM3](../docs/install/acer_g43t-am3.md) @@ -220,17 +222,16 @@ Desktops (AMD, Intel, x86) - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) Downloads -========= +--------- You can find this release on the downloads page. At the time of this announcement, some of the rsync mirrors may not have it yet, so please check another one if your favourite one doesn't have it. Post-release errata -=================== +------------------- -S3 suspend/resume ------------------- +### S3 suspend/resume The previous release broke suspend/resume on all Intel platforms, but it's fixed in this release on Sandybridge (e.g. ThinkPad X220), diff --git a/site/news/libreboot20231101.md.description b/site/news/libreboot20231101.md.description new file mode 100644 index 0000000..a2c1d88 --- /dev/null +++ b/site/news/libreboot20231101.md.description @@ -0,0 +1 @@ +Libreboot 20231101 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20231106.md b/site/news/libreboot20231106.md index b791b3f..7fe98ed 100644 --- a/site/news/libreboot20231106.md +++ b/site/news/libreboot20231106.md @@ -2,11 +2,16 @@ % Leah Rowe % 6 November 2023 -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +A corresponding [Canoeboot 20231107](https://canoeboot.org/news/canoeboot20231107.html) +release is also available. -Introduction -============ +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +Free your BIOS today! +------------------- *This* new release, Libreboot 20231106, released today 6 November 2023, is a new *testing* release of Libreboot. The previous release was @@ -36,13 +41,12 @@ firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/) [supported](../docs/bsd/). Work done since last release -============================ +-------------------- This is largely a bugfix release. Most notably, boot issues on GM45 thinkpads present in the 20231101 release have been resolved. -Dell E6400 on its own tree ------------------------------ +### Dell E6400 on its own tree Libreboot contains a DDR2 raminit patch for Dell Latitude E6400, that increases reliability on coldboot, but it negatively affects other GM45 machines that use @@ -59,8 +63,7 @@ when using on GM45 ThinkPads (ROM images for those machines were then deleted from the 20231021 and 20231101 release archives). Today's Libreboot release solves that problem, so these machines can be used reliably once again. -Coreboot, GRUB, U-Boot and SeaBIOS revisions ------------------------------------- +### Coreboot, GRUB, U-Boot and SeaBIOS revisions Libreboot 20231106 and 20231101 are both based on these revisions: @@ -75,8 +78,7 @@ Libreboot 20231106 and 20231101 are both based on these revisions: Several other fixes and tweaks have been made, in addition to this and the E6400 patch mentioned above. -Build system tweaks -=================== +### Build system tweaks These changes were made: @@ -149,7 +151,7 @@ is in progress, and rapid development towards a new stable release; it is very much planned that 12 December 2023 will have a new stable release of Libreboot. Hardware supported in this release -================================== +---------------------------------- All of the following are believed to *boot*, but if you have any issues, please contact the Libreboot project. They are: @@ -159,8 +161,7 @@ please contact the Libreboot project. They are: - [ASUS KFSN4-DRE motherboard](../docs/install/kfsn4-dre.md) - [ASUS KGPE-D16 motherboard](../docs/install/kgpe-d16.md) -Desktops (AMD, Intel, x86) ------------------------ +### Desktops (AMD, Intel, x86) - [Gigabyte GA-G41M-ES2L motherboard](../docs/install/ga-g41m-es2l.md) - [Acer G43T-AM3](../docs/install/acer_g43t-am3.md) @@ -209,18 +210,17 @@ Desktops (AMD, Intel, x86) - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) Downloads -========= +---------- You can find this release on the downloads page. At the time of this announcement, some of the rsync mirrors may not have it yet, so please check another one if your favourite one doesn't have it. Post-release errata -=================== - -S3 on GM45/i945 --------------- +### S3 on GM45/i945 + GM45 ThinkPads still have buggy S3 behaviour, ditto i945. x4x and Pineview untested, other Intel platforms work; AMD untested but should work. @@ -228,8 +228,7 @@ If you're using a GM45 ThinkPad (e.g. X200, T400), don't try putting your laptop to sleep. S3 suspend/resume is broken. The intention is that this will be fixed before the next stable release. -E6430 VBT config ----------------- +### E6430 VBT config See: @@ -241,7 +240,7 @@ now, you can build Libreboot from `lbmk.git`. See: [Building Libreboot from source](../docs/build/) Errata -====== +------- Many modules were removed from GRUB, to save space in flash, but the ones that are actually needed were carefully retained. diff --git a/site/news/libreboot20231106.md.description b/site/news/libreboot20231106.md.description new file mode 100644 index 0000000..47fc9a8 --- /dev/null +++ b/site/news/libreboot20231106.md.description @@ -0,0 +1 @@ +Libreboot 20231106 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20240126.md b/site/news/libreboot20240126.md index 9869c12..c7aa54f 100644 --- a/site/news/libreboot20240126.md +++ b/site/news/libreboot20240126.md @@ -2,8 +2,8 @@ % Leah Rowe % 26 January 2024 -Introduction -============ +Open source BIOS/UEFI firmware +------------------------------ *This* new release, Libreboot 20240126, released today 26 January 2024, is a new *testing* release of Libreboot. The previous release was @@ -32,18 +32,17 @@ firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/) [supported](../docs/bsd/). Testing needed! -=============== +--------------- The coreboot revision has been updated very recently. Make sure to have [external flashing gear](../docs/install/spi.md) ready just in case! Work done since last release -============================ +---------------------------- -New mainboards supported ------------------------- +### New motherboards supported -These new mainboards have been added: +These new motherboards have been added: * [HP EliteBook 820 G2](hp820g2.md), added by Leah Rowe to lbmk, using the coreboot port done by Iru Cai. @@ -57,29 +56,25 @@ These new mainboards have been added: Conversely, the [ThinkPad X201 was removed](x201.md). -S3 fixed on GM45 thinkpads --------------------------- +### S3 fixed on GM45 thinkpads The new coreboot revision includes a fix within it that fixes S3 suspend/resume on GM45 thinkpads (e.g. X200, T400). This was broken in the previous Libreboot release, but now it works again. -Modest code size reduction --------------------------- +### Modest code size reduction See: [Libreboot build system audit 4](audit4.md) These and subsequent changes are included in today's release. The build system has been further optimised, both in terms of code size and performance. -GRUB 2.12 revision now used ---------------------------- +### GRUB 2.12 revision now used The previous Libreboot release used a revision from GRUB 2.12-rc1, but now it uses the GRUB 2.12 released during December 2023. -GRUB support for EFI System Partition -------------------------------------- +### GRUB support for EFI System Partition We don't use UEFI on x86, but the GRUB config in Libreboot's GRUB payload has now been modified, to also scan `grub.cfg` from `EFI/` directories. @@ -112,7 +107,7 @@ changes first): using the `xtree` and `tree_depend` variables in `target.cfg` files, for each coreboot tree and, in the case of xtree, it can be defined in a given coreboot board target. -* Removed mainboard: Lenovo X201 (due to thermal safety issues on this machine, +* Removed motherboard: Lenovo X201 (due to thermal safety issues on this machine, when using a neutered ME - this issue only affects systems that use ME6, whereas older/newer platfroms are unaffected). * coreboot/fam15h: More fixes, e.g. disable `-Werror` on binutils 2.32, and @@ -152,7 +147,7 @@ changes first): * `script/build/serprog`: Return error status (exit) if basename fails, when processing various board targets available on stm32/rp2040 projects. Patch courtesy of Leah Rowe. -* **NEW BOARD:** HP 8300 CMT mainboard, added by Riku Viitanen, who worked +* **NEW BOARD:** HP 8300 CMT motherboard, added by Riku Viitanen, who worked on it with a tester in the IRC channel. * Fixed implicit typecasting bug on flashprog 1.2 source code, thus preventing a build issue (tested on Debian 12.2). Patch courtesy of Leah Rowe. @@ -221,7 +216,7 @@ changes first): changed to match the 68\* naming scheme. * `config/vendor/sources`: document HP laptop ROM families, for certain models, according to name scheme 68SFC, 68SCE, 68ICE and 68ICF. Some of these boards - iare part of the same families, and use the same blobs. Patch courtesy of + iare part of the same families, and use the same files. Patch courtesy of Riku Viitanen. * `script/build/roms`: remove the `modify_coreboot_rom` function. Fake PIKE2008 ROMs are now inserted by defining option roms in the coreboot config, where @@ -356,7 +351,7 @@ changes first): re-used by other planned ports for Dell latitudes in lbmk. Patch courtesy of Nicholas Chin. -Exact git log, relative to 20231106: +### Exacit git log, relative to 20231106 ``` * 7f0ca545 Libreboot 20240126 @@ -371,7 +366,7 @@ Exact git log, relative to 20231106: * dcf7da9a coreboot/fam15h_udimm: define xtree * f72a72af don't download projects on release archives * 435441d0 update/release: generate changelogs -* a225e4d5 fix amd mainboard configs +* a225e4d5 fix amd motherboard configs * c9961182 git.sh: fix bad call to ./update * 3e7e0c7d git.sh: support downloading dependency trees * 8f3d3ead re-use crossgcc builds on the coreboot trees @@ -562,7 +557,7 @@ Exact git log, relative to 20231106: ``` Errata -====== +------ Vendorfile inject script will report an error when inserting for HP 820 G2, because the refcode is compressed via `-c lzma` option in cbfstool (or it is diff --git a/site/news/libreboot20240126.md.description b/site/news/libreboot20240126.md.description new file mode 100644 index 0000000..5900979 --- /dev/null +++ b/site/news/libreboot20240126.md.description @@ -0,0 +1 @@ +Libreboot 20240126 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20240225.md b/site/news/libreboot20240225.md index b0d8ca4..a95aecd 100644 --- a/site/news/libreboot20240225.md +++ b/site/news/libreboot20240225.md @@ -2,15 +2,16 @@ % Leah Rowe % 25 February 2024 -Introduction -============ +Free software BIOS/UEFI +----------------------- Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing boot firmware that initialises the hardware in your computer, to then load an -operating system (e.g. Linux/BSD). It is specifically a *coreboot distribution*, +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, in the same way that Debian is a Linux distribution. It provides an automated build system to produce coreboot ROM images with a variety of payloads such as -GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy to use as possible for non-technical users. Libreboot provides many additional benefits such as fast boot speeds, greater @@ -30,7 +31,7 @@ run just fine. If you spot any issues, please report them on Libreboot's bug tracker. Hardware supported in this release -================================== +---------------------------------- This release supports the following hardware: @@ -104,15 +105,14 @@ This release supports the following hardware: - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) Work done since last release -============================ +---------------------------- With the exception of pico-serprog and replacing flashrom with flashprog (more on this later), the current upstream revisions remain unchanged, but this -release has fixed a few issues and added more mainboards, relative to last +release has fixed a few issues and added more motherboards, relative to last month's release. -New mainboards --------------- +### New motherboards * **HP EliteBook 8560w** - added to lbmk by Riku Viitanen, using the coreboot port written by Iru Cai, with Riku's MXM support added on top (more on this later) @@ -134,8 +134,7 @@ New mainboards coreboot for review, fixing VGA decode on discrete graphics cards when the Broadwell MRC is used - this patch too is not yet included in Libreboot). -SeaBIOS MXM INT15H interrupt ----------------------------- +### SeaBIOS MXM INT15H interrupt For Libreboot's new HP EliteBook 8560w support, MXM handling was added to SeaBIOS. This was performed by Riku Viitanen, who also wrote this tool: @@ -158,8 +157,7 @@ had a port for some time, but without the MXM support - for now, it is only available in SeaBIOS, so you must use *SeaBIOS* to run the VGA Option ROM (it cannot yet be done directly from coreboot). -U-Boot release script ---------------------- +### U-Boot release script The script at `script/update/release` now supports generating standalone U-Boot source archives, like so: @@ -171,8 +169,7 @@ than `release/`. Libreboot still provides U-Boot embedded within the larger source release archive, and does not yet actually provide U-Boot as a standalone project, but some people may find this useful. -Pico-serprog updates --------------------- +### Pico-serprog updates Riku Viitanen added support for controlling multiple chip-selects. With the new functionality, you can set unused chipselects high. This is useful when @@ -187,11 +184,10 @@ fixed this issue: Riku also increased the default drive strength to 12mA on all RP2024 boards, -increasing reliabily when externally flashing certain mainboards (e.g. PCH +increasing reliabily when externally flashing certain motherboards (e.g. PCH having low/no resistance on connections to the data lines for the flash). -Flashprog now used, instead of flashrom ---------------------------------------- +### Flashprog now used, instead of flashrom Nico Huber was unfairly banned from participation in the flashrom project, and went on to create a new project called [flashprog](https://flashprog.org/). The @@ -240,8 +236,7 @@ new features and hardware functionality - for instance, it has code for handling Riku Viitanen's recent changes on the RP2040 serprog images, for pulling unused chipselects high (useful on machines like ThinkPad W541 for external flashing). -Context regarding flashprog vs flashrom ---------------------------------------- +### Context regarding flashprog vs flashrom It was suggested by a reader, on 27 March 2024, that the lack of context made judging this situation very difficult. Therefore, the following links have diff --git a/site/news/libreboot20240225.md.description b/site/news/libreboot20240225.md.description new file mode 100644 index 0000000..0a22fa0 --- /dev/null +++ b/site/news/libreboot20240225.md.description @@ -0,0 +1 @@ +Libreboot 20240225 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20240504.md b/site/news/libreboot20240504.md index d477184..4b2c3ee 100644 --- a/site/news/libreboot20240504.md +++ b/site/news/libreboot20240504.md @@ -2,25 +2,29 @@ % Leah Rowe % 4 May 2024 +A corresponding [Canoeboot 20240504](https://canoeboot.org/news/canoeboot20240504.html) +release is also available. + **Do not use the 20240504 release. This changelog is still provided as reference, but there were problems with this release. Please instead use the [Libreboot 20240612 release](libreboot20240612.md).** Introduction -============ +------------- Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing boot firmware that initialises the hardware in your computer, to then load an -operating system (e.g. Linux/BSD). It is specifically a *coreboot distribution*, +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, in the same way that Debian is a Linux distribution. It provides an automated build system to produce coreboot ROM images with a variety of payloads such as -GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy to use as possible for non-technical users. From a project management perspective, this works in *exactly* the same way as a Linux distro, providing the same type of infrastructure, but for your boot firmware instead of your operating system. It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) -or [GNU GRUB](https://www.gnu.org/software/grub/) to boot your operating +or GRUB to boot your operating system; on ARM(chromebooks), we provide *U-Boot* (as a coreboot payload). Libreboot provides many additional benefits such as fast boot speeds, greater @@ -47,14 +51,14 @@ a major new release of Libreboot. The previous stable release was Libreboot 20230625 released on 25 June 2023, and the previous *testing* release was Libreboot 20240225 released on 25 February 2024. Extreme care has been taken with this release, but it adds a host of new features such as USB3 -support in the GRUB payload, and a slew of mainboard fixes. *Read on* to learn +support in the GRUB payload, and a slew of motherboard fixes. *Read on* to learn more. The main purpose of this release has been to fix bugs. A lot more work will now go into Libreboot for another release in the summer of 2024. Hardware supported in this release -================================== +---------------------------------- This release supports the following hardware: @@ -128,22 +132,22 @@ This release supports the following hardware: - [ASUS Chromebook Flip C101 (gru-bob)](../docs/install/chromebooks.md) - [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) -New mainboard added -==================== +New motherboard added +------------------- -This release adds support for the following mainboard: +This release adds support for the following motherboard: * Dell Latitude E5420, courtesy of Nicholas Chin Dell Latitude laptops: S3 resume fixed -================================ +---------------------------------- Nicholas Chin sent in a patch just before the release, fixing suspend/resume on sandy bridge and ivy bridge Dell laptops. According to him, resume on open is still broken and therefore disabled, but pressing the power button works. Work done since Libreboot 20230625 -============================ +------------------------------- To know the full set of differences between Libreboot 20230625 and Libreboot 20240405, first you must read the changelogs of those interim @@ -261,7 +265,7 @@ are highlighted in bold: * Simpler, safer error handling in the build system * **util/autoport:** New utility, imported from coreboot's version but with extra patches merged for Haswell platforms. This can be used in future, tied heavily - to Libreboot's own coreboot trees, to more easily add new mainboards. + to Libreboot's own coreboot trees, to more easily add new motherboards. * **util/dell-flash-unlock: NetBSD support added**, courtesy of the developer who goes by the name *Linear Cannon*. Here is that person's website as of today: @@ -274,7 +278,7 @@ are highlighted in bold: * Enable the serial console by default, on AMD boards (kgpe-d16, kcma-d8) Exact git log (versus Libreboot 20240225) -====================================== +------------------------------------ The following is an exact log of commits in the Git repository, on the master branch, relative to the previous January 2024 release. There are 99 changes: @@ -408,7 +412,7 @@ You may find archives of this release, by looking at the Libreboot download page. Support is available on IRC or Reddit if you need help. Disabled boards -=============== +--------------- Libreboot's build system can be configured to exclude certain boards in release archives, while still permitting them to be re-built. @@ -430,7 +434,7 @@ is believed to be stable and has been tested repeatedly) *All other boards have ROM images in this release.* eDP mods (ThinkPad X230/X220) -========================== +-------------------------- The `x230edp_12mb` and `x220edp_8mb` targets were removed, but the `x230_12mb` and `x220_8mb` targets were retained. Only the original @@ -456,7 +460,7 @@ to the Libreboot project. That is all. Errata -====== +------ See: @@ -481,7 +485,7 @@ It is now the default behaviour, in the next release, that certain images contain a bootorder file in CBFS, making SeaBIOS try GRUB first, but you can still press ESC to access the SeaBIOS boot menu if you want to directly boot an OS from that. This, and the other change mentioned above, will guarantee -stability. GRUB is *no longer* the primary payload, on any mainboard. +stability. GRUB is *no longer* the primary payload, on any motherboard. However, it was later decided to put this release in the `testing` directory instead; it was initially designated as a stable release. diff --git a/site/news/libreboot20240504.md.description b/site/news/libreboot20240504.md.description new file mode 100644 index 0000000..2adc0a3 --- /dev/null +++ b/site/news/libreboot20240504.md.description @@ -0,0 +1 @@ +Libreboot 20240504 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20240612.md b/site/news/libreboot20240612.md index ed9808c..a76d6c6 100644 --- a/site/news/libreboot20240612.md +++ b/site/news/libreboot20240612.md @@ -2,24 +2,30 @@ % Leah Rowe % 12 June 2024 -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +A corresponding [Libreboot 20240612](https://canoeboot.org/news/canoeboot20240612.html) +release is also available. -Introduction -============ +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +Open source BIOS/UEFI firmware +----------------------------- Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing boot firmware that initialises the hardware in your computer, to then load an -operating system (e.g. Linux/BSD). It is specifically a *coreboot distribution*, +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, in the same way that Debian is a Linux distribution. It provides an automated build system to produce coreboot ROM images with a variety of payloads such as -GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy to use as possible for non-technical users. From a project management perspective, this works in *exactly* the same way as a Linux distro, providing the same type of infrastructure, but for your boot firmware instead of your operating system. It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) -or [GNU GRUB](https://www.gnu.org/software/grub/) to boot your operating +or GRUB to boot your operating system; on ARM(chromebooks), we provide *U-Boot* (as a coreboot payload). This is a *bugfix* release, and is considered stable. It fixes a series of bugs @@ -28,7 +34,7 @@ The [errata](libreboot20240504.md#errata) on Libreboot 20240504 meant that all ROM images had to be removed, so a new stable release had to be made ASAP to compensate. -A new *testing* release is planned for July, adding many more new mainboards; +A new *testing* release is planned for July, adding many more new motherboards; today's stable release only fixes bugs and adds some new features to the build system, which have been rigorously tested during the course of the recent audit. @@ -37,7 +43,7 @@ this release, in addition to a few minor fixes made since that date. The audit was completed on 9 June 2024 and today is 12 June 2024. The release came unstuck. Changes since Audit 5 -===================== +-------------------- Audit 5 was only recent, and forms most of the changes in this release, so look further down for a list of those changes or read [the audit 5 page](audit5.md). @@ -71,13 +77,12 @@ precisely to avoid any potential issues if a board doesn't need it. The NVMe patch has been extensively tested, on all of the boards that actually have it. Audit 5 changes -=============== +--------------- Since the recent audit 5 changes are included in this release, the changelog of that audit has simply been copied for sake of efficiency. Firstly: -Modest code size reduction --------------------------- +### Modest code size reduction There are 1482 lines of shell script in the build system, versus 1680 in the Libreboot 20240504 release. Libreboot's build system is written purely in @@ -87,12 +92,11 @@ This is a difference of 198 lines, or a 12% reduction. Despite the reduction, numerous features have been added and a large number of bugs were fixed. Summarised list of changes -========================== +-------------------------- Changes are in order per category, from newest to oldest: -Feature changes ---------------- +### Feature changes * **Download crossgcc tarballs as dependencies, when cloning coreboot.** We previously relied on the coreboot build system, which automatically fetches @@ -147,10 +151,10 @@ Feature changes * **GRUB is now a multi-tree project.** Each given coreboot target can specify which GRUB tree it wants to use, each containing its own revision and patches, with its own GRUB configuration file. This can be used later on - to provide specific optimisations on each given mainboard, but it is used + to provide specific optimisations on each given motherboard, but it is used at present to exclude xHCI patches on boards that don't need it; please also read the bugfix section (of this audit report) pertaining to this same topic, - for more context. Before this change was implemented, all mainboards used + for more context. Before this change was implemented, all motherboards used the exact same GRUB revision, with the same patches and the same config. * grub.cfg: scan `grub2/` last, on each given device/partition; this speeds up the boot time in most tests, because most setups use `grub/`, @@ -184,7 +188,7 @@ Feature changes * script/roms: Allow to override `grub_scan_disk` via `-s`, for example: `./build roms -s nvme t1650_12mb` * **grub.cfg: Use `grub_scan_disk` to set boot order (rather, boot order by - device type).** It is possible now to configure each mainboard with this + device type).** It is possible now to configure each motherboard with this variable, so that certain types of devices are scanned in a precise order; for example, scan NVMe SSDs first. * **include/git.sh: Allow manual override of `git submodule` handling**, instead @@ -199,7 +203,7 @@ Feature changes later changed so as to be the ONLY method for downloading submodules, skipping the actual git-submodule-update command entirely, on all projects.* * **Native NVMe driver added to the GRUB payload**, allowing users to boot from - NVMe SSDs where present on a given mainboard. The patch is courtesy of + NVMe SSDs where present on a given motherboard. The patch is courtesy of Mate Kukri, who ported SeaBIOS's own NVMe driver, converting all of the code to run properly within GRUB's own kernel. NVMe SSDs are now fully bootable on all machines that can have them, offering vastly superior @@ -221,14 +225,13 @@ Feature changes * Print a two-line break before confirming the location of the generated release archive, when running release builds. This makes it more obvious to the operator. -* **Removed the MRC (raminit blob) on Intel Haswell** (4th generation) +* **Removed the MRC (vendor raminit code) on Intel Haswell** (4th generation) hardware, namely the ThinkPad T440p, W541, Dell OptiPlex 9020 MT and Dell OptiPlex 9020 SFF; the libre raminit now works well, and S3 works. * Removed all status checks from script/roms (formerly script/build/roms), because it's better to document this instead, and rely on testing regardless. -Bug fixes ---------- +### Bug fixes Some of these changes fix actual issues that were found in testing, while others were fixed *before* being triggered/reported and are thus *preventative @@ -344,12 +347,12 @@ The changes are, from newest to earliest: one you're reading about now so that they can be fixed, like this one was!) * **Re-configured GRUB so that only the Haswell and Broadwell machines contain xHCI support**, where it doesn't cause any issues (and is required), while - other mainboards use a version of GRUB that lacks support for xHCI. This is a + other motherboards use a version of GRUB that lacks support for xHCI. This is a mitigations against the bug reported in [lbmk issue 216](https://codeberg.org/libreboot/lbmk/issues/216). This is done, by using the new *multi-tree* GRUB handling, which is mentioned above in in the section (of this audit report) pertaining to *feature changes*, whereby - each mainboard can have its own GRUB revisions and patches, with its own + each motherboard can have its own GRUB revisions and patches, with its own GRUB configuration file (that could be uniquely optimised for it). * **Fix vboot build issue when running lbmk in i686 (32-bit) host machines**. The patch, courtesy of *Luke T. Schumaker*, adapts vboot's vmlinuz extract @@ -360,7 +363,7 @@ The changes are, from newest to earliest: fixing a bug that was actually triggered, and a preventative bug fix as the original code wasn't correct either, even on AMD64 hosts (where it happened to compile anyway). -* include/vendor.sh: Skip a given blob if the path to it is `/dev/null` - this +* include/vendor.sh: Skip a given file if the path to it is `/dev/null` - this fixes a bug exposed by the previous change two bullet points down (fine grained error control), because VGA ROMs are handled but the KGPE-D16 target mitigates a crash bug when PIKE2008's option ROM is executed by SeaBIOS, by @@ -393,12 +396,12 @@ The changes are, from newest to earliest: supported a configuration whereby SeaBIOS reads a `bootorder` file in CBFS, making it try to run the GRUB payload first, while still allowing you to interrupt by pressing ESC to bring up an alternative boot select menu. This - is now the *default*, on all x86 mainboards. This is a mitigation against + is now the *default*, on all x86 motherboards. This is a mitigation against future instability in GRUB because, if such issues happen again, it will not cause a brick since you can just use SeaBIOS instead, and skip booting to the GRUB payload (on the affected machines, BIOS GRUB still worked, which your distro provides and SeaBIOS executes it). *NOTE: GRUB was later made - into a multi-tree project, with certain mainboards using a version that + into a multi-tree project, with certain motherboards using a version that has the xHCI patches, if required, because the machines that actually need xHCI support were not affected by the bug referenced in issue 216.* * Main build script: Check SUID before checking Git name/email, otherwise the @@ -463,8 +466,7 @@ The changes are, from newest to earliest: * Main build script: exit (with error status) if not running directly from the root of the lbmk work directory. -General code cleanup --------------------- +### General code cleanup In addition to *general* very sweeping code cleanup, condensing code lines where possible and so on: @@ -590,13 +592,12 @@ where possible and so on: * script/build/roms: split up `main()` into multiple smaller functions Revision updates -================ +---------------- Some revisions were updated as part of standard routine, but happened to be done during this audit. Those updates are as follows: -SeaBIOS -------- +### SeaBIOS Bump SeaBIOS to revision `e5f2e4c69643bc3cd385306a9e5d29e11578148c`, which has these changes relative to the old one: @@ -619,15 +620,14 @@ these changes relative to the old one: * 192e23b7 vbe: implement function 09h (get/set palette data) * 3722c21d vgasrc: round up save/restore size * 5d87ff25 vbe: Add VBE 2.0+ OemData field to struct vbe_info -* 163fd9f0 fix smbios blob length overflow +* 163fd9f0 fix smbios data length overflow * 82faf1d5 Add LBA 64bit support for reads beyond 2TB. * 3f082f38 Add AHCI Power ON + ICC_ACTIVE into port setup code * 3ae88886 esp-scsi: terminate DMA transfer when ESP data transfer completes * a6ed6b70 limit address space used for pci devices. ``` -Flashprog ---------- +### Flashprog Updated to revision 5b4fdd1 from 2 May 2024, rebasing the MX workaround patch. @@ -698,7 +698,7 @@ Flashrom, lead by Nico Huber after a dispute with the new leadership of Flashrom, and it was felt that Flashprog is a better choice for Libreboot. Git log -======= +------ This entire set of changelogs is based on the precise Git history in lbmk, relative to Libreboot 20240504 which is from where the audit began. @@ -724,7 +724,6 @@ The latest changes are listed first, going all the way down to earlier changes: * 9cdf4192 git.sh: further simplify nuke() * 1cede024 git.sh: simplify link_crossgcc() * 77e482aa git.sh: simplify nuke() -* 42e97950 Merge pull request 'Add dependency scripts for Fedora 40 and Ubuntu 24.04' (#220) from fuel-pcbox/lbmk:master into master |\ | * 046007b4 Add dependency scripts for Fedora 40 and Ubuntu 24.04 * | a0eb79df add crossgcc tarballs to config/submodules/ @@ -802,7 +801,7 @@ The latest changes are listed first, going all the way down to earlier changes: * | f6cbc501 import nuke() from cbmk cdce8ba70b |/ * 7fbcb7be coreboot t440p/w541: enable nvme in grub_scan_disk -* 47f582d4 ./vendor download: skip if blob path is /dev/null +* 47f582d4 ./vendor download: skip if file path is /dev/null * e7cb10d6 do not allow dashes in coreboot target names * e9b9e825 ./vendor download: more fine-tuned error control * 0dd0dfaf vendor.sh: don't error on main targets @@ -919,7 +918,7 @@ The latest changes are listed first, going all the way down to earlier changes: * 190495d2 disable x301 for next release (for now) * 03fae0cf mrc.sh: remove redundant function extract_ref() * f66ceef6 print two line breaks before confirming release -* cc339741 remove haswell mrc blob (libre raminit stable now) +* cc339741 remove haswell mrc file (libre raminit stable now) * 05fbd392 remove all status checks. only handle release. * 8ba0fd83 git.sh: remove errant comment * d7ce26dc move script/*/* to script/ @@ -943,10 +942,9 @@ The latest changes are listed first, going all the way down to earlier changes: This is 211 changes, since Libreboot 20240504. Errata -====== +------ -Revision 1 ----------- +### Revision 1 A bug was found, where booting GRUB (payload) on Haswell ThinkPads with a USB device plugged in would sometimes cause GRUB to hang. This was fixed with the @@ -977,8 +975,7 @@ auto-load when GRUB starts. A full investigation is still required, but this workaround fixes the issue as far as the user is concerned. -Revision 2 ----------- +### Revision 2 NOTE: Source code archive not available for rev2, because another revision was made that also includes the rev2 change; a 'rev3` source archive is @@ -990,8 +987,7 @@ which caused issues when flashing. The file `libreboot-20240612rev2_hp8200sff_4mb.tar.xz` is available, replacing `libreboot-20240612_hp8200sff_4mb.tar.xz`, on Libreboot rsync. -Revision 3 ----------- +### Revision 3 Removed `util/autoport/`, becaues it's not required in release archives. diff --git a/site/news/libreboot20240612.md.description b/site/news/libreboot20240612.md.description new file mode 100644 index 0000000..a776bae --- /dev/null +++ b/site/news/libreboot20240612.md.description @@ -0,0 +1 @@ +Libreboot 20240612 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20241008.md b/site/news/libreboot20241008.md index f3ae86a..0b30c88 100644 --- a/site/news/libreboot20241008.md +++ b/site/news/libreboot20241008.md @@ -1,28 +1,34 @@ -% Libreboot 20241008 released! +% Libreboot 20241008 released! With PlayStation support! % Leah Rowe % 8 October 2024 +A corresponding [Canoeboot 20241102](https://canoeboot.org/news/canoeboot20241102.html) +release is also available. + This is a *testing* release, whereas the current stable release on this day is *Libreboot 20240612*. -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** -Introduction -============ +Open source BIOS/UEFI firmware +-------------------------- Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing boot firmware that initialises the hardware in your computer, to then load an -operating system (e.g. Linux/BSD). It is specifically a *coreboot distribution*, +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, in the same way that Debian is a Linux distribution. It provides an automated build system to produce coreboot ROM images with a variety of payloads such as -GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy to use as possible for non-technical users. From a project management perspective, this works in *exactly* the same way as a Linux distro, providing a source-based package manager (called lbmk) which patches sources and compiles coreboot images. It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) -or [GNU GRUB](https://www.gnu.org/software/grub/) to boot your operating +or GRUB to boot your operating system; on ARM(chromebooks), we provide *U-Boot* (as a coreboot payload). The changes of the recent [6th build system audit](audit6.md) are included, in @@ -30,8 +36,7 @@ this release, and several changes have been made since then; for simplicity, thi page is essentially identical to the audit 6 changelog, but with the additional changes referenced. -The build system is smaller ---------------------------- +### The build system is smaller The focus of audit6 was to reduce the code size, making the build system more efficient. The build system was 1482 source lines (of shell scripting) in the @@ -42,7 +47,7 @@ Several bug fixes were also made, in addition to new board support, since the Libreboot 20240612 release. Summarised list of changes -========================== +------------------------- The most interesting changes are marked in **bold**. "Interesting" means that the change greatly improves the usefulness/reliability of Libreboot, or that it @@ -50,8 +55,7 @@ affects the user in a profound and noticeable way. Changes are in order per category, from newest to oldest: -Board support -------------- +### Board support The following boards have been added since the Libreboot 20240612 release: @@ -66,18 +70,16 @@ The following boards have been added since the Libreboot 20240612 release: by 3mdeb, and I added the config for it to Libreboot, based on the Dell Precision T1650 config) -About the Dell Latitude ports ------------------------------ +### About the Dell Latitude ports These are yet more Ivybridge (Intel 3rd gen) and Sandybridge (Intel 2nd gen) -mainboards, using the same EC as on other Latitudes supported in Libreboot, so +motherboards, using the same EC as on other Latitudes supported in Libreboot, so they are all internally flashable from the factory firmware. Installation instructions, pertaining to Dell Latitude models, can be found on the [Dell Latitude page](../docs/install/latitude.md). -About the PlayStation BIOS --------------------------- +### About the PlayStation BIOS This is *not* coreboot, but it is a fully free/opensource BIOS with source code under MIT license, provided by @@ -101,14 +103,13 @@ of October 2024 or thereabouts. I'm planning to ship the *PCSX-Redux* BIOS by default, in the new project, which is why Libreboot has it, because I'll reference Libreboot from that project. -About the OptiPlex 3050 Micro port -------------------------- +### About the OptiPlex 3050 Micro port Mate Kukri's excellent *[deguard](https://review.coreboot.org/admin/repos/deguard,general)* utility is automatically used at build time, to modify the ME, which has a bug on that platform allowing arbitrary execution. Using this bug, Mate was able to disable the Intel Boot Guard, on this 7th gen -mainboard. Without such a hack, coreboot would have previously been impossible! +motherboard. Without such a hack, coreboot would have previously been impossible! I've made some fixes on top of it myself: adding HDA verb configuration, and a VBT file. Mate will incorporate these changes in the patchset, which is still @@ -121,7 +122,7 @@ is also working on a ThinkPad T480 port, that is not yet ready on this day (the port is on Gerrit but lacks EC support at the moment). It may be possible to add many more Dell OptiPlex and other 7th gen (Intel -Kaby Lake) mainboards to coreboot, using this hack. The *Boot Guard* is Intel +Kaby Lake) motherboards to coreboot, using this hack. The *Boot Guard* is Intel DRM that normally checks a cryptographic signature on the bootblock in the machine, and that bootblock cannot be changed. Various other hacks have also been discovered in the past, such as Trammell @@ -143,8 +144,7 @@ Because of the SeaBIOS issue, an exception is made: this board executes GRUB first, directly from coreboot. The usual policy, since Libreboot 20240612, is to prefer *SeaGRUB* (SeaBIOS first, and execute GRUB from SeaBIOS). -Feature changes ---------------- +### Feature changes The changes are as follows: @@ -171,7 +171,7 @@ The changes are as follows: A bug in MEv11, on earlier revisions, enables arbitrary code execution. Mate was able to exploit this bug, to disable the Intel Boot Guard, which is handled by the Intel ME. Currently used on the Dell OptiPlex 3050 Micro, but - could be expanded to support more mainboards. (**yes, you could have a libre + could be expanded to support more motherboards. (**yes, you could have a libre ME firmware in the future, because of this bug! Though the Intel ME is still required, albeit it with this hack and lbmk also runs `me_cleaner`**) * Relative to audit6: `lib.sh`: New `mk()` function can be used as shorthand @@ -206,7 +206,7 @@ The changes are as follows: enabling `CONFIG_PAYLOAD_NONE` exclusively. However, advanced users may wish to use something else such as Tianocore, which Libreboot may/will not provide (with Tianocore it's **will not**). Simply set `build_depend=""` - in the `target.cfg` file for a given mainboard, and then enable a payload + in the `target.cfg` file for a given motherboard, and then enable a payload under coreboot's menuconfig interface, or by direct modification of the defconfig file. When `CONFIG_PAYLOAD_NONE` is not set, lbmk will skip adding a payload, because it's a given that then coreboot's own build system @@ -255,7 +255,7 @@ The changes are as follows: downloading of vendor files, without needing specific hacks to be hardcoded in `script/trees`. The `./update trees -b coreboot TREE utils` command is no longer available; instead, do `./update trees -d coreboot TREE`; if - the TREE argument is instead an actual mainboard target, it also does the + the TREE argument is instead an actual motherboard target, it also does the vendor file download, if required. The `./vendor download` command is still available, and multiple board names can now be provided as argument, because for example, `./build roms x220_8mb x230_12mb` would @@ -312,12 +312,12 @@ The changes are as follows: single-tree projects, defined *by argument*, but it was quite error prone and there's no clean way to otherwise do it. We don't use the script this way, anywhere in lbmk, and users are advised the same. -* **`script/roms`: *Only* Support SeaBIOS and Sea*GRUB*, on x86 mainboards**. +* **`script/roms`: *Only* Support SeaBIOS and Sea*GRUB*, on x86 motherboards**. SeaGRUB is a configuration whereby SeaBIOS starts first, but immediately tries to load GRUB from the flash. This complements the other change, listed below. We will no longer provide configurations where GRUB is the primary payload, precisely to mitigate the same issue as described below (lbmk issue 216). - If *GRUB* is enabled, on a given mainboard, SeaBIOS-only setups are not + If *GRUB* is enabled, on a given motherboard, SeaBIOS-only setups are not provided; only SeaGRUB is provided. You can press ESC in the SeaGRUB menu, to access other boot methods besides *GRUB from flash*, so you can use it in the same way; additionally, you can remove the `bootorder` file from CBFS @@ -364,8 +364,7 @@ The changes are as follows: possible to create such a broken setup. Libreboot mitigates this fact, by avoiding such configurations. -Configuration changes ---------------------- +### Configuration changes This pertains to anything under `config/`, for any changes that are of note, but it does not pertain to *revisions* for specific projects, nor does it @@ -385,7 +384,7 @@ The changes are as follows: This mkhelper config also integrates `include/rom.sh`, containing these functions. This replicates the functionality originally provided by `script/roms`. -* coreboot: Set `build_depend` on `target.cfg` files for specific mainboards. +* coreboot: Set `build_depend` on `target.cfg` files for specific motherboards. This is used to manually specify which GRUB and SeaBIOS trees should be compiled, required when compiling for a specific target, for the next stage where a payload is added to the coreboot image, because lbmk does @@ -414,8 +413,7 @@ The changes are as follows: which is loaded per-project on multi-tree projects, before each target file. It allows easier configuration tree-wide on multi-tree projects. -Bug fixes ---------- +### Bug fixes The changes are as follows: @@ -447,8 +445,8 @@ The changes are as follows: where the BIOS region ends at 4MB; you would then flash the full image internally, after the fact. * Relative to audit6: Patch uefitool for musl libc. The code was making use - of `ACCESSPERMS`, which is a define in BSD libc (also available in the GNU - C Library) for use with chmod when setting 777 permission on files. The musl + of `ACCESSPERMS`, which is a define in BSD libc (also available in glibc) + for use with chmod when setting 777 permission on files. The musl libc doesn't have this, so the code was modified to explicitly define it in the same way, but only if not already defined. Useful for Alpine Linux users. * Relative to audit6: Don't dry-run `mkcorebootbin` when using the `-d` switch @@ -632,8 +630,7 @@ The changes are as follows: could create situations where the user can longer run lbmk without intervention such as changing permission on certain files. Avoid the issue entirely. -General code cleanup --------------------- +### General code cleanup Extensive code cleanup has been performed, as was one of the main focuses in this release (in addition to newer hardware support): @@ -989,10 +986,9 @@ The changes are as follows: * `script/roms`: shorter variable names, condensed several functions. Revision updates -================ +---------------- -Coreboot --------- +### Coreboot The `default` tree was updated to commit ID `97bc693ab` from 29 July 2024. Several patches were merged upstream and therefore no longer needed in lbmk. @@ -1012,8 +1008,7 @@ a single `fam15h` tree. This contains the ASUS KGPE-D16 and KCMA-D8 ports, based on coreboot's `4.11_branch` tree, with Libreboot's special build fixes that make it compile on modern distros, such as Debian Sid or Arch Linux. -U-Boot ------- +### U-Boot Alper Nebi Yasak is the maintainer of U-Boot, within Libreboot, and submitted a patch updating U-Boot to v2024.07, on the `gru_bob` and `gru_kevin` @@ -1021,15 +1016,13 @@ Chromebooks. Several improvements have been merged upstream, like Alper's patches for Qemu, so these patches have been dropped in lbmk because they're now included by default, in the new U-Boot revision. -GRUB ----- +### GRUB Updated the revision to commit ID b53ec06a1 from 17 June 2024. This fixes several bugs in the LUKS implementation. Several virtual memory fixes, and numerous fixes to file system drivers in the GRUB kernel. -SeaBIOS -------- +### SeaBIOS Updated the revision to commit ID `ec0bc256` from 24 June 2024. This brings in only a single change: @@ -1045,13 +1038,11 @@ in only a single change: This fixes buggy handling for 32-bit (i686) hosts, when allocating memory for the PCI devices. -Flashprog ---------- +### Flashprog Updated the revision to commit ID `639d563` from 2 August 2024. -PCSX Redux ----------- +### PCSX Redux This was added git commit ID `6ec5348058413619b290b069adbdae68180ce8c0`. It is a *Sony PlayStation* emulator, but we only need one part of it: the BIOS. @@ -1063,7 +1054,7 @@ the open BIOS image, which is compatible with every PlayStation emulator and also real PlayStations (soldering required). Git log -======= +------- This git log covers all changes in this audit, relative to Libreboot 20240612. diff --git a/site/news/libreboot20241008.md.description b/site/news/libreboot20241008.md.description new file mode 100644 index 0000000..0bfc05a --- /dev/null +++ b/site/news/libreboot20241008.md.description @@ -0,0 +1 @@ +Libreboot 20241008 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20241206.Revisions.md b/site/news/libreboot20241206.Revisions.md new file mode 100644 index 0000000..2242ca0 --- /dev/null +++ b/site/news/libreboot20241206.Revisions.md @@ -0,0 +1,198 @@ +--- +title: Libreboot 20241206 release revisions +x-toc-enable: true +... + +This article concerns Libreboot 20241206. For general information about that +release, please read +the [Libreboot 20241206 release announcement](libreboot20241206.md). + +Occasionally, stable releases such as this one may contain minor (or critical) +issues that went unnoticed during testing. When this occurs, critical or +otherwise desirable fixes are implemented, while not fundamentally altering +the substance of the original release. + +When this occurs, the ROM image and source code archives are entirely re-built, +and re-uploaded, replacing the old one. Patch files are provided alongside the +updated source archive, so that you can revert (from it) back to the older +revisions if you wish; by doing this, you can therefore also re-create the +original release archive, for reference. + +Revision 1 (8 December 2024) +---------- + +A bug was found whereby `seabios_` images are created twice, This was fixed in +the revision `e3b77b132e6b5981c09bc1ce282afaae64058ab3`. This bug caused vendor +file insertion to fail on release images, because the `vendorhashes` file would +list the file twice, but one of the hashes would be wrong. + +This is because the build system wrongly created U-Boot-only images first with +that name, because the `add_uboot` function in `rom.sh` unconditionally created +images with U-Boot in them; the function also creates ARM64 images, where U-Boot +is the primary payload. + +On x86 machines, SeaBIOS should be the main payload, chainloading U-Boot. + +The build system would then create the actual `seabios_` image, replacing the +other one, on x86 machines. + +So, the command to create the first image was removed. However, just before +uploading `rev1` images, it was discovered that this would cause no U-Boot +images to be built for ARM64 devices, which lead to Revision 2: + +Revision 2 (8 December 2024) +---------- + +See commit ID `b910424b5df8ed7c931a7b8f5cc8e34eacf0ca3e`. + +Revision 1 was reverted, and replaced with the following logic instead: + +In `add_uboot`, the instruction to create a ROM image was changed so that it +only creates one where U-Boot is the primary payload (which is the case for +ARM64). + +The source archive is now `20241206rev2` instead of `20241206`, and the same +is true of affected images on x86, where `vcfg` is set in `target.cfg`. + +Revision 3 (11 December 2024) +---------- + +See commit ID `3b6b283eabe7a655c861d1543aeae49d27566f53` and the two commits +before that. + +This revision disables PCI-E Re-plug (hotplug feature) for the NVMe SSD on +Dell OptiPlex 3050 Micro, to prevent the device from being renamed randomly; +such renaming will cause a system crash if booting Linux from the NVMe. + +In my case, I was running RAID1 (SATA+NVMe) and every few days, the RAID1 got +unsynced; I simply re-synced and it was fine, but what if that was a RAID0? It +would possibly corrupt the entire array. + +This revision should prevent the issue from occuring. Without this patch, +the `nvme0n1` device (as an example) might randomly rename to `nvme0n2`, because +Linux would see it as a new device. + +This same fix was made to the ThinkPad T480/T480s to fix the same issue there, +which manifested during S3 resume, but that bug never made it into the release +because it was fixed *before* the initial release of Libreboot 20241206. + +The ROM images were all re-uploaded, compiled from the rev3 tarball, because it was discovered that the rev2 tarballs had a GRUB built showing the old Libreboot 20241008 version number; the actual code in GRUB matched the code for 20241206, but it was a cached GRUB build from just before updating the version number for release. This is because the rev2 ROM image tarballs were done manually, to avoid a full re-build of every target in lbmk. To avoid all doubt, all ROM images have been re-compiled with the version number corrected, from the rev3 tag. + +Revision 4 (17 December 2024) +---------- + +Rev4 fixed a bug: GRUB was not allowing the background image to be changed, +despite rules in `grub.cfg` that made one in CBFS load before memdisk. This fix +was implemented by no longer inserting background images into GRUB's memdisk, +instead inserting them into CBFS. + +This way, you can remove what's in CBFS and replace it with your own, if that's +what you want to do. + +To celebrate this fix, the default background logo was also changed. The old +one was a white silhouette of the Libreboot logo, whereas the new one is of +the same shape but shows a rainbow-coloured gradient instead of all-white. This +rainbow logo was also used in U-Boot on the very initial Libreboot 20241206 +release, and it's also used for the main website logo at the time of this +revision. + +Basically, this fix was done as an excuse just to do another revision update, +to change the logo! The actual bug was actually quite minor and irrelevant. + +Revision 5 and 6 (17 December 2024) +---------------- + +All current ROM/src archives in this release match changes up to rev6. + +I decided afterall to keep using the boring all-grey silhouette logo in GRUB. +I also made the same decision for U-Boot. + +The plain logo is less eye catching and looks less out of place, and it's +uncontroversial in every way. This revision still contains the fix allowing +GRUB backgrounds to be changed. Rev5 made this change to GRUB and Rev6 made +it to U-Boot. All ROM images were re-compiled to rev6, and re-uploaded. + +A minor change, to be sure. I need Libreboot to be as trouble-free as possible +to everyone, and some countries are culturally hostile to the particular +colour gradient used by the old logo (from rev4); even if I preferred that +logo, I want those users to have no trouble at all using Libreboot in public. +Libreboot's only purpose is to provide free boot firmware. + +Revision 7 (18 December 2024) +---------- + +Added support for fetching ThunderBolt firmware and padding it, on ThinkPad +T480 and T480s motherboards. This can be used for externally flashing the newer +firmware update, without the need to boot Windows to use Lenovo's own updater. + +Revision 8 (6 January 2025) +---------- + +There are *so many* changes, in this revision, that it is being treated like +a brand new release, though it is still merely a revision to the existing +Libreboot 20241206 release. + +Please read the [Libreboot 20241206 8th +revision release announcement](libreboot20241206rev8.md). + +Here's a short summary of the revision 8 changes, but you should also read +the full announcement, linked above: + +* HP EliteBook 820 G2 images are now *provided*, whereas this port was + previously *source-only*; this is due to fixes that have been made to + the build system, that mean the images now have correct checksums after + running the `./mk inject` commands. +* Several upstream code revisions have been updated, with minor fixes. +* ThinkPad T480/T480s backlight keys now work perfectly, whereas you could + only change the brightness with software before. +* Thinkpad T480/T480s and OptiPlex 3050 Micro no longer automatically turn + on by merely plugging in a power supply; you must now actually press the + power button. This is especially desirable on the T480. +* Safer vendorfile insertion, on `include/vendor.sh` - much stricter error + handling, and the way it works now reduces the number of possible bricks. +* Intel FSP now inserted via `./mk inject` commands, instead of being + included directly inside release images. This is to mitigate technicalities + of Intel's licensing, pertaining to modifications, since coreboot has + to specifically split up the various modules and adjust various pointers + inside the M module. +* General bug fixes in the build system. +* Fix build errors on Debian Trixie/Sid and Arch Linux, as of January 2025. +* Pico 2 support added for the `pico-serprog` images, courtesy Riku Viitanen. +* Disabled TPM2 on T480/3050micro to mitigate SeaBIOS hanging, due to buggy + TPM drivers in SeaBIOS. +* Better handling of dependencies, for various Linux distros. +* Various code quality improvements for `util/nvmutil`, especially the Makefile. + +Revision 9 (12 February 2025) +----------- + +Merged a fix from Riku Viitanen, fixing an uninitialised variable in +pico-serprog, which caused sync issues on pico2 devices or other dongles +that used RP2530. See: + + + +This bug page on the upstream project describes the bug, and the fix as +mentioned there was merged in Libreboot's mirror, here in this commit: + + + +People who previously downloaded the tarball for pico-serprog images, should +download again, choosing 20241206rev9. + +The coreboot tarballs have not been replaced. The source tarball *has* been +replaced. + +Revision 10 (18 February 2025) +----------- + +Several critical security fixes made to GRUB, and a few improvements to LVM +scanning in `grub.cfg` were made. Other minor fixes. A full announcement is +available in the [20241206rev10 announcement](libreboot20241206rev10.md). + +Revision 11 (20 April 2025) +----------- + +Several regressions have been fixed, that were caused by the previous CVE +fixes merged in Revision 10. +See: [20241206rev11 announcement](libreboot20241206rev11.md). diff --git a/site/news/libreboot20241206.Revisions.md.description b/site/news/libreboot20241206.Revisions.md.description new file mode 100644 index 0000000..7d2350f --- /dev/null +++ b/site/news/libreboot20241206.Revisions.md.description @@ -0,0 +1 @@ +Libreboot 20241206 release revisions. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20241206.md b/site/news/libreboot20241206.md index 3285980..2f9744d 100644 --- a/site/news/libreboot20241206.md +++ b/site/news/libreboot20241206.md @@ -1,60 +1,85 @@ -% Libreboot 20241206 released! +% Libreboot 20241206 released! ThinkPad T480 added. Plus U-Boot UEFI on x86. Fixes for OptiPlex 3050 Micro. % Leah Rowe % 6 December 2024 +A corresponding [Canoeboot 20241207](https://canoeboot.org/news/canoeboot20241207.html) +release is also available. + Today's Libreboot 20241206 revision is a *stable release*, whereas the previous testing release was Libreboot 20241008, and the previous stable release was -Libreboot 20240612. +Libreboot 20240612. A new *revision* release became available on 5 January 2025, +namely Libreboot 20241206, 8th revision. -**IMPORTANT ADVICE: [PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING/UPDATING -LIBREBOOT](safety.md).** +**UPDATE (revision release), 6 January 2025:\ +The latest *revision* is the *8th revision*, released on 6 January 2025. This +has replaced the release archives for the original release revisions, +under the same `stable/20241206/` directory on release mirrors. See:** -Introduction -============ +**[Libreboot 20241206 revision 8 announcement](libreboot20241206rev8.md)** + +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +Open source BIOS/UEFI firmware +---------------------------- + + Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing boot firmware that initialises the hardware in your computer, to then load an -operating system (e.g. Linux/BSD). It is specifically a *coreboot distribution*, +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, in the same way that Debian is a Linux distribution. It provides an automated build system to produce coreboot ROM images with a variety of payloads such as -GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy to use as possible for non-technical users. From a project management perspective, this works in *exactly* the same way as a Linux distro, providing a source-based package manager (called lbmk) which patches sources and compiles coreboot images. It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) -or [GNU GRUB](https://www.gnu.org/software/grub/) to boot your operating +or GRUB to boot your operating system; on ARM(chromebooks), we provide *U-Boot* (as a coreboot payload). +### U-Boot UEFI payload on x86\_64 + For Libreboot 20241206, today's release, U-Boot is *also* provided as an optional coreboot payload on x86 machines. This provides a sensible UEFI implementation, useful for booting Linux/BSD systems more easily. More information available on the [U-Boot x86 page](../docs/uboot/uboot-x86.md). + + +This means that you can have a UEFI boot environment, even on machines where +the original vendor firmware never supported it. For example, the ThinkPad X200 +runs U-Boot virtually bug-free, and it can boot Linux distros via U-Boot's UEFI +implementation; that machine could not originally do UEFI. + This page lists all changes made since the *Libreboot 20241008* release. Since -it's a stable release, there has been a more conservative focus on fixing bugs -and in general polishing, though several interesting features have been added, -in addition to numerous new mainboards. +Libreboot 20241206 is a stable release, there has been a more conservative focus +on fixing bugs and in general polishing, though several interesting features +have been added, in addition to numerous new motherboards. Summarised list of changes -========================== +------------------------- -Board support -------------- +### Board support The following boards have been added since the Libreboot 20241008 release: * **[Lenovo ThinkPad T480](../docs/install/t480.md)** support, implemented by - Mate Kukri with testing and hardware logs provided by Leah Rowe. + Mate Kukri with testing and hardware logs provided by Leah Rowe. - You can also + [buy T480 with Libreboot pre-installed](https://minifree.org/product/libreboot-t480/) * **[Lenovo ThinkPad T480S](../docs/install/t480.md)** support, implemented by - Mate Kukri with testing and hardware logs provided by Leah Rowe. + Mate Kukri with testing and hardware logs provided by Leah Rowe. - You can also + [buy T480s with Libreboot pre-installed](https://minifree.org/product/libreboot-t480/) * **[Dell OptiPlex 780 USFF](../docs/install/dell780.md)** support, implemented by Nicholas Chin with testing and hardware logs provided by Lorenzo Aloe. * **[Dell OptiPlex 780 MT](../docs/install/dell780.md)** support, implemented by Nicholas Chin with testing and hardware logs provided by Lorenzo Aloe. -Revision updates -================ +### Revision updates In descending order from latest changes to earliest changes: @@ -62,7 +87,7 @@ In descending order from latest changes to earliest changes: generally for any MEv11-based board, whereas the previous version contained hacky hardcoded logic for only the Dell OptiPlex 3050 Micro. In this Libreboot release, deguard supports the 3050, but also the ThinkPad T480 and T480S, - providing machine-specific ME configurations for each mainboard. Mate's new + providing machine-specific ME configurations for each motherboard. Mate's new deguard implementation essentially does the same thing as Intel's FITC tool, though with a much more terse and minimalist design. It could be expanded for many other things in the future, related to Intel ME. @@ -78,8 +103,7 @@ In descending order from latest changes to earliest changes: * Bumped flashrom to revision d128a0a, which includes a fix for Macronix flash chips on ThinkPad W500 whereby it had previously used incorrect erase commands. -Feature changes ---------------- +### Feature changes In descending order from latest changes to earliest changes: @@ -114,8 +138,7 @@ In descending order from latest changes to earliest changes: on mobile graphics cards. This was used when implementing MXM support on the HP EliteBook 8560w. -Configuration changes ---------------------- +### Configuration changes In descending order from the latest changes to the earliest changes: @@ -123,7 +146,7 @@ In descending order from the latest changes to the earliest changes: boards will have U-Boot tweaks made to them, in subsequent hotfixes to the Libreboot 20241206 release, and hotfixes to U-Boot itself are also likely, since U-Boot still requires a lot more testing. U-Boot does work quite well - on a number of tested mainboards; if yours works, or doesn't work, please get + on a number of tested motherboards; if yours works, or doesn't work, please get in touch with the Libreboot project, so that a tally can be kept. * Added Libreboot branding/versioning to the U-Boot bootflow menu, showing the Libreboot logo instead of the U-Boot one, and with a purple background @@ -148,8 +171,7 @@ In descending order from the latest changes to the earliest changes: machines can make use of 8th-gen Coffee Lake CPUs, which offer greater performance and power efficiency. -Bug fixes ---------- +### Bug fixes The following bug fixes have been merged (in descending order from the latest changes to the earliest changes): @@ -187,7 +209,7 @@ changes to the earliest changes): on the host's x86\_64 toolchain, on an x86\_64 host. * Enabled the legacy 8254 timer on Dell OptiPlex 3050 Micro, to work around a hanging bug in SeaBIOS. This board was previously GRUB only, but now once again - uses a more flexible SeaGRUB setup like other mainboards do. The static option + uses a more flexible SeaGRUB setup like other motherboards do. The static option table was also disabled. * Merged a patch from Nicholas Chin, that tells the MEC5035 EC to send a correct shutdown signal to the operating system when the power button is pressed. @@ -211,8 +233,7 @@ changes to the earliest changes): of it is much more robust**) * Added missing `python3-devel` to Fedora 40 build dependencies. -General code cleanup --------------------- +### General code cleanup In descending order from the latest changes to the earliest changes: @@ -225,7 +246,7 @@ In descending order from the latest changes to the earliest changes: because lbmk now handles this outside of coreboot. Git log -======= +------- This log is relative to Libreboot 20241008: @@ -281,7 +302,7 @@ This log is relative to Libreboot 20241008: * 0c7fb21a062 enable the serial console on thinkpad t60 * eb14a176bc8 Only boot 32-bit u-boot from grub, 64 from seabios * 279e69172f7 make the u-boot grub menuentry more useful -* fdbdf0449b3 Re-enable U-Boot x86 on real mainboards +* fdbdf0449b3 Re-enable U-Boot x86 on real motherboards * b549d1e5f38 u-boot x86 serial/ns16550: disable UART as needed * eba73c778a8 Disable U-Boot x86 except on Qemu * 4bc6ca545e7 fix U-Boot hotkey mention in grub.cfg @@ -333,3 +354,21 @@ latter part of January 2025 or early February 2025. If you spot any issues in the Libreboot 20241206 release, please do get in contact with the Libreboot project. We appreciate any and all help. Thank you for reading, and have a wonderful day! + +Revisions +========= + +Several revisions have been made to this release, since the original release. +With stable releases, it's normal to make such revisions, when critical bugs +are discovered, or desirable changes are otherwise identified. + +When these changes are made, the release is re-compiled, with the newly amended +binaries and sources re-uploaded, replacing what was there before. Individual +patch files are also provided, so that you can (using them as reference) revert +the source archive back to previous revisions. + +Please see: [Libreboot 20241206 release revisions](libreboot20241206.Revisions.md) + +Many revisions are planned in the run-up to next year's stable release ETA Summer +of 2025. In particular, there is much work that still needs to be done on the +U-Boot payloads (x86 and ARM64). diff --git a/site/news/libreboot20241206.md.description b/site/news/libreboot20241206.md.description new file mode 100644 index 0000000..3e38cd1 --- /dev/null +++ b/site/news/libreboot20241206.md.description @@ -0,0 +1 @@ +Libreboot 20241206 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot20241206rev10.md b/site/news/libreboot20241206rev10.md new file mode 100644 index 0000000..3bd0a23 --- /dev/null +++ b/site/news/libreboot20241206rev10.md @@ -0,0 +1,71 @@ +% Libreboot 20241206, 10th revision released! GRUB security fixes, better LVM scanning, non-root USB2 hub support +% Leah Rowe +% 18 February 2025 + +A corresponding [Canoeboot 20250107rev1](https://canoeboot.org/news/canoeboot20250107rev1.html) +release is also available. + +Today's Libreboot 20241206 revision is the 10th revision in the Libreboot +20241206 stable release series. The changelog on this page is written, relative +to Libreboot 20241206 revision 9 which was released on 12 February 2025. +The *original* Libreboot 20241206 release came out on 6 December 2024. You +can find the full list of revisions [here](libreboot20241206.Revisions.md) +and the original release [here](libreboot20241206.md). + +Open source BIOS/UEFI firmware +------------------------------ + + + +Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing +boot firmware that initialises the hardware in your computer, to then load an +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, +in the same way that Debian is a Linux distribution. It provides an automated +build system to produce coreboot ROM images with a variety of payloads such as +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +to use as possible for non-technical users. From a project management perspective, +this works in *exactly* the same way as a Linux distro, providing a source-based +package manager (called lbmk) which patches sources and compiles coreboot images. +It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, +and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) +or GRUB to boot your operating +system; on ARM(chromebooks), we provide *U-Boot* (as a coreboot payload). + +We also provide an experimental U-Boot setup on x86, as a coreboot payload for +providing a minimal UEFI implementation. + +### Regarding revision 10 + +Normally, revisions would only be documented on +the [Libreboot 20241206 revisions page](libreboot20241206.Revisions.md), but +this revision contains *critical security fixes*, so it was decided that there +should be a full announcement, to ensure that more people see it. + +Summarised list of changes +------------------------ + +### Revision updates + +GRUB released *73 patches* to its main branch, fixing a large number of +security issues. You can read about them here: + +https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + +This updates GRUB to revision `4dc6166571645780c459dde2cdc1b001a5ec844c` +from 18 February 2025. Several OOB heap writes, buffer overflows, use after +frees and so on, are now prevented with this update. + +### Feature changes + +In addition to the security fixes, several out-of-tree fixes from Libreboot's +main branch have been merged for GRUB, fixing bugs in the xHCI driver, and +adding support for non-root USB2 hubs on platforms that use the `xhci` GRUB +tree. + +### Configuration changes + +Changes to the GRUB configuration have been made, to make scanning of LVM +volume/group names more reliable, including on full-disk-encryption setups. +More such changes are planned for the next major release; the current changes +are very minor. diff --git a/site/news/libreboot20241206rev11.md b/site/news/libreboot20241206rev11.md new file mode 100644 index 0000000..d21e303 --- /dev/null +++ b/site/news/libreboot20241206rev11.md @@ -0,0 +1,133 @@ +% Libreboot 20241206, 11th revision released! (fixes to GRUB regressions) +% Leah Rowe +% 20 April 2025 + +Today's Libreboot 20241206 revision is the 11th revision in the Libreboot +20241206 stable release series. The changelog on this page is written, relative +to Libreboot 20241206 revision 10 +You can find the full list of revisions [here](libreboot20241206.Revisions.md) +and the original release [here](libreboot20241206.md). + +Open source BIOS/UEFI firmware +------------------------------ + + + +Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing +boot firmware that initialises the hardware in your computer, to then load an +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, +in the same way that Debian is a Linux distribution. It provides an automated +build system to produce coreboot ROM images with a variety of payloads such as +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +to use as possible for non-technical users. From a project management perspective, +this works in *exactly* the same way as a Linux distro, providing a source-based +package manager (called lbmk) which patches sources and compiles coreboot images. +It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, +and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) +or GRUB to boot your operating +system; on ARM(chromebooks), we provide *U-Boot* (as a coreboot payload). + +We also provide an experimental U-Boot setup on x86, as a coreboot payload for +providing a minimal UEFI implementation. + +### Regarding revision 11 + +Normally, revisions would only be documented on +the [Libreboot 20241206 revisions page](libreboot20241206.Revisions.md), but +this revision contains *critical regression fixes*, so it was decided that there +should be a full announcement, to ensure that more people see it. + +Summarised list of changes +------------------------ + +Several major CVE fixes were merged in the previous release revision, but +these caused several regressions especially in filesystem drivers (e.g. fs/ext2). + +For example, very large files would sometimes not load properly on ext4 file +systems, leading to a distro no longer booting (this also affected people who +used the loopback device). + +See below for a full list of fixes merged from upstream, included in this +revision release. GRUB should hopefully be stable now. + +If you previously updated to the revision 10 release, and you rely on the +GRUB payload, you are *strongly* advised to install 20241206rev11 instead. + +### Revision updates + +The following GRUB fixes were merged from upstream: + +``` +* a4da71daf util/grub-install: Include raid5rec module for RAID 4 as well +* 223fcf808 loader/ia64/efi/linux: Reset grub_errno on failure to allocate +* 6504a8d4b lib/datetime: Specify license in emu module +* 8fef533cf configure: Add -mno-relax on riscv* +* 1fe094855 docs: Document the long options of tpm2_key_protect_init +* 6252eb97c INSTALL: Document the packages needed for TPM2 key protector tests +* 9d4b382aa docs: Update NV index mode of TPM2 key protector +* 2043b6899 tests/tpm2_key_protector_test: Add more NV index mode tests +* 9f66a4719 tests/tpm2_key_protector_test: Reset "ret" on fail +* b7d89e667 tests/tpm2_key_protector_test: Simplify the NV index mode test +* 5934bf51c util/grub-protect: Support NV index mode +* cd9cb944d tpm2_key_protector: Support NV index handles +* fa69deac5 tpm2_key_protector: Unseal key from a buffer +* 75c480885 tss2: Add TPM 2.0 NV index commands +* 041164d00 tss2: Fix the missing authCommand +* 46c9f3a8d tpm2_key_protector: Add tpm2_dump_pcr command +* 617dab9e4 tpm2_key_protector: Dump PCRs on policy fail +* 204a6ddfb loader/i386/linux: Update linux_kernel_params to match upstream +* 6b64f297e loader/xnu: Fix memory leak +* f94d257e8 fs/btrfs: Fix memory leaks +* 81146fb62 loader/i386/linux: Fix resource leak +* 1d0059447 lib/reloacator: Fix memory leaks +* f3f1fcecd disk/ldm: Fix memory leaks +* aae2ea619 fs/ntfs: Fix NULL pointer dereference and possible infinite loop +* 3b25e494d net/drivers/ieee1275/ofnet: Add missing grub_malloc() +* fee6081ec kern/ieee1275/init: Increase MIN_RMA size for CAS negotiation on PowerPC machines +* b66c6f918 fs/zfs: Fix a number of memory leaks in ZFS code +* 1d59f39b5 tests/util/grub-shell: Remove the work directory on successful run and debug is not on +* e0116f3bd tests/grub_cmd_cryptomount: Remove temporary directories if successful and debug is not on +* e6e2b73db tests/grub_cmd_cryptomount: Default TMPDIR to /tmp +* 32b02bb92 tests/grub_cmd_cryptomount: Cleanup the cryptsetup script unless debug is enabled +* c188ca5d5 tests: Cleanup generated files on expected failure in grub_cmd_cryptomount +* 50320c093 tests/util/grub-shell-luks-tester: Add missing line to create RET variable in cleanup +* bb6d3199b tests/util/grub-shell-luks-tester: Find cryptodisk by UUID +* 3fd163e45 tests/util/grub-shell: Default qemuopts to envvar $GRUB_QEMU_OPTS +* ff7f55307 disk/lvm: Add informational messages in error cases of ignored features +* a16b4304a disk/lvm: Add support for cachevol LV +* 9a37d6114 disk/lvm: Add support for integrity LV +* 6c14b87d6 lvm: Match all LVM segments before validation +* d34b9120e disk/lvm: Remove unused cache_pool +* 90848a1f7 disk/lvm: Make cache_lv more generic as ignored_feature_lv +* 488ac8bda commands/ls: Add directory header for dir args +* 096bf59e4 commands/ls: Print full paths for file args +* 90288fc48 commands/ls: Output path for single file arguments given with path +* 6337d84af commands/ls: Show modification time for file paths +* cbfb031b1 commands/ls: Merge print_files_long() and print_files() into print_file() +* 112d2069c commands/ls: Return proper GRUB_ERR_* for functions returning type grub_err_t +* da9740cd5 commands/acpi: Use options enum to index command options +* 1acf11fe4 docs: Capture additional commands restricted by lockdown +* 6a168afd3 docs: Document restricted filesystems in lockdown +* be0ae9583 loader/i386/bsd: Fix type passed for the kernel +* ee27f07a6 kern/partition: Unbreak support for nested partitions +* cb639acea lib/tss2/tss2_structs.h: Fix clang build - remove duplicate typedef +* 696e35b7f include/grub/mm.h: Remove duplicate inclusion of grub/err.h +* 187338f1a script/execute: Don't let trailing blank lines determine the return code +* ff173a1c0 gitignore: Ignore generated files from libtasn +* fbcc38891 util/grub.d/30_os-prober.in: Conditionally show or hide chain and efi menu entries +* 56ccc5ed5 util/grub.d/30_os-prober.in: Fix GRUB_OS_PROBER_SKIP_LIST for non-EFI +* 01f064064 docs: Do not reference non-existent --dumb option +* 3f440b5a5 docs: Replace @lbracechar{} and @rbracechar{} with @{ and @} +* f20988738 fs/xfs: Fix grub_xfs_iterate_dir() return value in case of failure +* 1ed2628b5 fs/xfs: Add new superblock features added in Linux 6.12/6.13 +* 348cd416a fs/ext2: Rework out-of-bounds read for inline and external extents +* c730eddd2 disk/ahci: Remove conditional operator for endtime +* f0a08324d term/ns8250-spcr: Return if redirection is disabled +* 7161e2437 commands/file: Fix NULL dereference in the knetbsd tests +* 11b9c2dd0 gdb_helper: Typo hueristic +* 224aefd05 kern/efi/mm: Reset grub_mm_add_region_fn after ExitBootServices() call +* 531750f7b i386/tsc: The GRUB menu gets stuck due to unserialized rdtsc +* f2a1f66e7 kern/i386/tsc_pmtimer: The GRUB menu gets stuck due to failed calibration +* 13f005ed8 loader/i386/linux: Fix cleanup if kernel doesn't support 64-bit addressing +``` diff --git a/site/news/libreboot20241206rev8.md b/site/news/libreboot20241206rev8.md new file mode 100644 index 0000000..947da69 --- /dev/null +++ b/site/news/libreboot20241206rev8.md @@ -0,0 +1,396 @@ +% Libreboot 20241206, 8th revision released! ThinkPad T480 backlight keys fixed, Pico 2 serprog support, other fixes +% Leah Rowe +% 6 January 2025 + +Today's Libreboot 20241206 revision, which is the 8th revision in the Libreboot +20241206 stable release series. The changelog on this page is written, relative +to Libreboot 20241206 revision 7 which was released on 18 December 2024. +The *original* Libreboot 20241206 release came out on 6 December 2024. + +Open source BIOS/UEFI firmware +------------------------------ + + + +Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing +boot firmware that initialises the hardware in your computer, to then load an +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, +in the same way that Debian is a Linux distribution. It provides an automated +build system to produce coreboot ROM images with a variety of payloads such as +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +to use as possible for non-technical users. From a project management perspective, +this works in *exactly* the same way as a Linux distro, providing a source-based +package manager (called lbmk) which patches sources and compiles coreboot images. +It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, +and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) +or GRUB to boot your operating +system; on ARM(chromebooks), we provide *U-Boot* (as a coreboot payload). + +We also provide an experimental U-Boot setup on x86, as a coreboot payload for +providing a minimal UEFI implementation. + +### Regarding revision 8 + +Normally, revisions would only be documented on +the [Libreboot 20241206 revisions page](libreboot20241206.Revisions.md), but +there are over *100* changes since the 7th revision, making the 8th revision +almost a full new release, so it was decided that this revision would have its +own dedicated release page. + +Many of these changes are early changes of *Libreboot Build System Audit 7*, +because an ongoing audit (the 7th audit) is in progress. The previous build +system audit was [Libreboot Build System Audit 6](audit6.md); these early +changes are the least invasive ones planned, so they are suitable for a stable +release. Much of the build system will have been re-designed, upon completion +of the 7th audit. + +You will find the tar archives (including sources and ROM images) for this +release, in the *same* directory under `stable/20241206/` on release mirrors. +The old archives (from rev6) were replaced entirely; rev7 was never released. + +### Regarding revision 7 + +The only meaningful addition in *revision 7* was the feature whereby T480/T480s +ThunderBolt firmware can be separately downloaded, for external flashing instead +of using Lenovo's Windows-only updater program, for those users who wish/need to +update their ThunderBolt controller firmware. + +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +Summarised list of changes +------------------------ + +### Board support + +RP2530 devices now supported in `pico-serprog`, e.g. Raspberry Pi Pico 2. + +We previously only supported the RP2040 devices, e.g. original Pi Pico. We +now support both RP2040 and RP2530. Images are provided in the same tarball. + +The documentation has been updated, to reflect this improvement. Libreboot also +now imports `picotool` which is now used to compile the UF2 binaries for +installation, when building them from `pico-sdk`. + +### Revision updates + +In descending order from latest changes to earliest changes: + +* Bumped SeaBIOS to revision 1602647f1 (7 November 2024). This brings in a + single change from upstream, that prevents the boot menu from being hidden + when `boot-menu-wait` is negative. +* Bumped GRUB to revision 6811f6f09 (26 November 2024). This brings in several + important fixes from upstream, most notably TPM2 key support, though we + don't yet actually enable it in the code as it's unused on all machines. + Minor fixes have been observed, e.g. graphical glitches fixed under certain + edge cases. +* Bumped flashprog to revision eb2c041 (14 Nov 2024). This brings in several + important fixes from upstream. + +### Feature changes + +In descending order from latest changes to earliest changes: + +* `vendor.sh`: Randomised MAC addresses are used by default now, even + if the user doesn't specify `setmac`. The `setmac keep` command will skip + setting a MAC address, and `setmac restore` shall insert the default one. +* `vendor.sh`: The `inject` command can now modify MAC addresses inside tar + archives, whereas it could previously only do so for single-image insertion; + the latter was removed, leaving only tarball-based injection in place. This + can also be used, even on boards that don't need vendor files; on those boards, + vendorfiles still aren't inserted, because again, they are not needed! +* `util/nvmutil`: Show the same byte order, in the same grouping and + display format, as `hexdump -C`, so that the output is more intuitive when + the user runs e.g. `./nvm gbe.bin dump` +* `./mk inject` commands are much safer now: tarballs are modified directly, + without leaving extracted images behind. This means that there is no longer + any ambiguity about which image to flash. Images are now padded with a + single byte when scrubbed, and prefixed with DONOTFLASH in the file name. + Single-image insertion has been removed, such that insertion is now + tarball-only. In general, the error handling is much stricter, and user + messages more verbose, to make the script more intuitive and much safer, + to vastly reduce the number of accidental mistakes that brick the user's + machine. +* `lib.sh`: Support `reinstall` on Fedora dnf. Use it by running + the `./mk dependencies fedora re` command. +* `lib.sh`: Support `--reinstall` on Debian apt-get, when running + the `./mk dependencies debian` command. You can + use: `./mk dependencies debian --reinstall` +* `vendor.sh`: Intel FSP is no longer directly provided in release images, on + boards that use it. Instead, images now exclude it and it is to be inserted + with the `./mk inject` commands. This is to mitigate technicalities of + Intel's licensing, despite the fact that the FSP is otherwise freely + redistributable, because coreboot technically modifies it by splitting the + modules and modifying pointers inside the FSP-M module for raminit. +* `rom.sh`: Support setting `payload_grubsea="y"` on a board's `target.cfg` + file when compiling, so that GRUB is the primary payload. This is not enabled + on any boards, nor will it be, on release images, but the user can do it + themselves when compiling from source. + +### Configuration changes + +In descending order from the latest changes to the earliest changes: + +* Disabled HyperThreading by default, on ThinkPad T480/T480s and OptiPlex 3050 + Micro, to mitigate speculative execution attacks like spectre/meltdown. Users + can turn it back on and build from source, if they wish, for a roughly 15 + percent performance boost under highly multi-threaded workloads. + +### Bug fixes + +Several fixes were made to prevent build errors on the latest Debian Sid +and Arch Linux, as of 6 January 2025. Fedora 41 was also tested, fixing +various issues. + +The following bug fixes have been merged (in descending order from the latest +changes to the earliest changes): + +* ThinkPad T480/T480s: Power LEDs are now reset to the state they were in during + coldboot, whereas previously they would not have been so, upon warm reboot. + This patch is courtesy Mate Kukri. +* ThinkPad T480/T480s: Fixed the backlight control keys (Fn key combination). + Brightness could already be set, but not with the Fn keys, only with software + e.g. `xbacklight`. Now it functions the way users expect, and demand. This + fix is courtesy Mate Kukri. +* `lib.sh`: Python versions are detected using Python's own built-in tuple, + instead of relying on the `--version` argument, because the tuple is more + consistent across various distros, whereas some distros might modify the + output of `--version` to include their own branding, which could have messed + up the way our build system was using `awk`. +* `lib.sh`: Properly set up `python` in the `PATH` directorier, by creating + a temporary link to the correct Python version, where detected. Python 3 + is the only python on most distros now, but we still occasionally encounter + setups where the user has `python` as v2.x and has `python3` in PATH for + Python v3.x; in this latter scenario, the build system corrects for it so + that `python` is temporarily v3.x while images are being compiled. Several + parts of the build system do use Python quite heavily, and it is *always* + Python 3. +* `vendor.sh`: Generally more robust checking of whether vendor files are + needed, and better handling of the event in which they are not; fewer errant + error conditions, that should otherwise not be error conditions, where they + would have previously been so. +* `vendor.sh`: Prevent double-nuke and double-inject. This is done by checking + whether the hash file is present, because it's removed post-injection now, + on the newly re-written inject command since 20241206 revision 8. +* `vendor.sh`: Don't error out if `vcfg` is not set. Later checks make it + skip instead, as is proper. The previous behaviour caused an error under + certain edge cases, when attempting to inject on boards that don't need + vendor files. +* `submodule/grub`: Use codeberg as the primary mirror, instead of the GNU + mirror, because the GNU mirror is often slow. This is done specifically + for the `gnulib` GRUB submodule. +* `util/nvmutil`: Describe what the program does, in help output. The lack + of such info is considered a bug, because lack of documentation is a bug. +* `util/nvmutil`: Proper `PREFIX` and `DESTDIR` handling in the Makefile. + The default prefix is now `/usr/local`, as is correct and righteous; it + was previously `/usr`. All variables are now properly honoured, + namely: `DESTDIR`, `PREFIX`, `INSTALL`, `CC` and `CFLAGS` - the user can + now set custom variables, when compiling. +* Fixed several errors produced by `shellcheck` on the build system. +* HP EliteBook 820 G2: Fixed vendorfile insertion so that checksums now + verify properly. The board is no longer `release="n"`, so now images for it + are provided, whereas the board was previously source-only on Libreboot. +* Added `libuuid-devel` to Fedora dependencies. +* T480 / T480s / 3050 Micro: Force power-off after power failure, when + power is restored. Previously, under such an event, plugging in a charger + or power supply would then always cause the machine to turn on, with no + ability to change this. This would happen if the battery ran out on a T480, + for example. +* flashprog: Disable `-Werror` on builds, to prevent over-zealous compilers + from yielding errors on mere warnings. This is a preventative bug fix, + because no errors had yet been observed. +* Debian dependencies: Replaced `liblz4-tool` with `liblz4-dev`, for + Debian Trixie/Sid. The same config still works for Debian Bookworm. +* `u-boot`: Imported a fix from upstream, that prevents a build error when + compiling with Swig 4.3.0, because the calling convention changed on one + of the functions that U-Boot's build system uses. Specifically, + the `SWIG_AppendOutput` is used now. The way this fix works means that there + are no behaviour changes, when compiling on an older machine with, + say, Swig 4.1.0 as used in Debian Bookworm, which is what Libreboot currently + uses on this day, when compiling releases. We still want the build system + to work on newer distros. +* Use `command -v` instead of `which`, where the latter was previously used + in a few places on the build system. The `command -v` command is standard, + whereas `which` isn't. This is to + mitigate [which hunts](https://lwn.net/Articles/874049/). +* Added double quotes on several variables in the build system, to prevent + globbing. +* Removed auto-confirm options on distro dependencies scripts. This is to + prevent buggy distros from messing up the user's packages, because now it + will show a confirmation dialog when the package manager sees a conflict; + previously, the build system just said yes to everything, which reduced the + amount of user interaction. The idea is to annoy the user, rather than + break their machine, and this is only a mild annoyance. +* `trees`: Hack the `PATH` environmental variable to link GCC and GNAT, matching + them so that both versions are the same. This mitigates an issue on Debian + Trixie/Sid as of January 2025, whereby `gcc` is `gcc-14` while `gnat` + is `gnat-13` and also installs `gcc-13`; if this ids what the user has, GCC + is set to GCC 13 in `PATH`. The user can install `gnat-14` if they wish, + and the GNAT version is auto-matched in `PATH` instead, matching GCC. This + is only done when compiling the coreboot crossgcc toolchain, because GNAT + is required there and must match the GCC version. +* Disabled TPM2 on ThinkPad T480/T480s, to speed up the boot time on SeaBIOS, + because SeaBIOS's TPM driver is buggy and constantly times out on this + board, when the TPM is enabled. This causes the boot speeds to now be almost + instantaneous. +* `dependencies/debian`: Changed `python3-distutils` + to `python3-distutils-extra`, so that dependencies can be installed on + Debian Trixie/Sid; the same config still works on Debian Bookworm. +* Added SPDX headers to various configuration files. +* `git.sh`: Re-initialise the `livepull` variable per-project and per-tree, + so that previous runs of it do not unpredictably affect the next, when + cloning upstream Git repositories. +* `vendor.sh`: Fixed a bug whereby the `lock` file was not deleted under + certain circumstances, when vendor files were not needed on a given board. + The consequence of this bug was that the user would have to manually delete + the lock file, to prevent error. +* `lib.sh`: Safer exit when running `./mk dependencies` (don't rely on the + exit statuses of chained commands being zero). + +### General code cleanup + +In descending order from the latest changes to the earliest changes: + +* `util/nvmutil`: Make the GbE checksum of `0xBABA` a define, for clarity. +* `lib.sh`: cleaned up a few if statements +* `util/nvmutil`: Tidied up several `pledge` calls on OpenBSD (code quality + improvement). +* Remove unused deguard patch, which was only used on the old version prior + to Mate Kukri's re-write. +* Removed geteltorito and mtools from distro dependencies, because it's not + currently used by anything. + +Git log +------ + +This log is relative to Libreboot 20241206 *revision 7*: + +``` +* 7d26f0a9c21 Libreboot 20241206, 8th revision +* d4cc94d6b44 rom.sh: don't run mkpicotool on dry builds +* de6d2f556f1 pico-sdk: Import picotool as a dependency +* 4210ee68ea2 lib.sh: Much safer python version check +* 8c7ba6131cc coreboot/next uprev: Fix T480 backlight keys +* 411fb697dfc set up python in PATH, ensuring that it is python3 +* e8336bcc3ca vendor.sh: Proper semantics on prefix file names +* 63f45782638 vendor.sh: Confirm if need_files=n +* 13b06ae130f vendor.sh: Allow restoring the default GbE file +* ab8feff92e0 vendor.sh: set random MAC address *by default* +* 0ceaa01d45d vendor.sh: add clarification to nogbe warning +* 4d5caf1dcfc vendor.sh: check that the vcfg file exists +* fc4ee88e167 vendor.sh: error out if nuking failed +* 8819a93d89b add line break, part 3 +* 8ce1a00f517 add line break, part 2 +* bc2c14e76a8 add line break +* c762850311a vendor.sh: prevent double-nuke +* 68299ad05ca vendor.sh: much more verbose errors/confirmation +* b8e6d12f3d9 add libx86 to arch dependencies +* cf8ad497b4e vendor.sh: Remove unnecessary return +* c858099b359 vendor.sh: Download utils even if vcfg unset +* ce16856a242 vendor.sh: Allow setmac if vendorfiles not needed +* 4b51787d078 add less to arch dependencies +* 8bd028ec153 lib.sh: Set python after dependencies +* 44b6df7c24c update my copyright years on modified scripts +* 818f3d630c2 vendor.sh: Don't error if vcfg is unset +* 432a1a5bca7 lib.sh: Fix unescaped quotes in chkvars() +* a73b0fd910a Revert "fix more unescaped quotes in eval" +* ec6bcc1fba5 fix more unescaped quotes in eval +* 5284f20b981 fix ./mk dependencies build issue +* d825f9a9683 rom.sh: Remove errant GRUB modules check +* 4149f3dc81a submodule/grub: use codeberg for 1st gnulib mirror +* 0305975e705 util/nvmutil: Update AUTHORS and COPYING files +* 20b192e13bd util/nvmutil: Describe nvmutil in help output +* d1ca21628cb util/nvmutil: Remove the correct binary on uninstall +* e63fe256dfc util/spkmodem-recv: More correct Makefile +* efd50ee548b util/nvmutil: Honour the INSTALL variable +* 8008838abbc util/nvmutil: Don't clean when doing uninstall +* 982f257f58a util/nvmutil: Proper DESTDIR/PREFIX handling +* 3f85ae5f853 util/nvmutil: Set CC and CFLAGS only if unset +* 2c7b9fb9412 util/nvmutil: Capitalise BABA +* 57f9906f6d1 util/nvmutil: Add uninstall to Makefile +* 4defe2c6085 util/nvmutil: Add distclean to Makefile +* 033e4cd9d50 util/nvmutil: Make the GbE checksum a define +* 874317c4e59 util/nvmutil: nicer hexdump display +* a338e585eed util/nvmutil: show the correct hexdump order +* b032e483ef1 lib.sh mktarball: cleaner if statement +* 0cf58c22734 fix lbmk shellcheck errors +* 8276560cc99 lib.sh and rom.sh: update my header +* 08e86d2218c vendor.sh inject: reset err upon return +* 41275d699ca vendor.sh: MUCH, MUCH, MUCH safer ./mk inject +* ed7293494e3 util/nvmutil: Obey the 79-character per line limit +* 637b5e36fd2 util/nvmutil: Tidy up copyright header +* cd28db883e2 vendor.sh: fix comment +* 57971ceb227 util/nvmutil: Fix another straggler +* 15b37b2a1ab util/nvmutil: Tidy up pledge calls +* e8799310db2 hp820g2: fix vendorfile inject and set release=y +* f9ab082ec19 fedora41/dependencies: add libuuid-devel +* 661591f9f0b add uuid-devel to fedora41 dependencies +* 1a46c047386 support ./mk dependencies fedora reinstall +* d58d63569f1 fix missing semicolon in grub nvme patch +* 95ea3293df5 bump seabios to rev 1602647f1 (7 November 2024) +* 6d7e6c361b3 Bump GRUB revision to 6811f6f09 (26 November 2024) +* 09a01477df6 t480/3050micro: force power off post power failure +* d344cd95eac flashprog: Disable -Werror +* dc95e912bfe bump flashprog to revision eb2c041 (14 Nov 2024) +* 27c8c1c16ba replace liblz4-tool with lz4 and liblz4-dev +* d3a732a64db lib.sh dependencies: support --reinstall argument +* 466ada423dd move xbmkpath to XBMK_CACHE/ +* b0a23840327 Revert "Remove legacy update/vendor commands" +* 3d7dd4aa9fe Fix U-Boot build issue with Swig 4.3.0 +* 0c810747469 use command -v instead of which +* 6c7e3ce2d6e trees: remove unnecessary subshell +* ad137eae89d trees: only symlink host gcc/gnat to build xgcc +* cfb6de94c33 trees: correction on check_gnu_path +* ec2f0716662 trees: match gcc/gnat versions both ways +* f64b5996279 Merge path.sh into script/trees +* 295463d281e path.sh: Further cleanup +* 5b24e0a5a96 path.sh: More thorough gcc/gnat version check +* 7849a075886 path.sh: minor cleanup +* 17168a87dbf path.sh: remove unnecessary shebang +* e565df94fd7 Fix globbing issue in lbmk +* c80cc0a00b6 remove auto-confirm on distro dependencies +* 01fc65a0a9d Mitigate Debian Trixie/Sid GCC/GNAT version mismatch +* 424b0c7103b t480/3050micro: disable hyperthreading +* 603105f3b4e t480/t480s: Disable TPM2 to mitigate SeaBIOS lag +* 754bd1e6ca3 rom.sh: Name pico directory serprog_pico +* db22308eba5 add 2024 to Riku's copyright header on rom.sh +* 4fa5f696db8 Merge pull request 'rp2530' (#258) from Riku_V/lbmk:rp2530 into master +|\ +| * a5e0360992d pico-sdk: update to 2.1.0 +| * e2f8cc7f3ee pico-serprog: enable building for multiple pico chips +|/ +* ccc2b4d589f add spdx headers to dependencies configs +* a3969701e6b dependencies/debian: fix debian sid +* 8f370cb60d9 add spdx headers to various config files +* d591ea4c5dc git.sh: don't initialise livepull globally +* b5da9feba3b vendor.sh: Print useful message on ./mk inject +* 12c6259cb2f vendor.sh: Handle FSP insertion post-release +* 78132051462 Remove legacy update/vendor commands +* 07037561bd6 lbmk: remove use of deprecated ./vendor command +* 5d1f1823067 vendor.sh: Safer exit when vendorfiles not needed +* a18175a5df9 data/deguard: Remove unused patch +* ee8f53b96ff lib.sh: Safer exit from ./mk dependencies +* a8b35c88cf1 remove geteltorito and mtools from lbmk +* 1dd32ea5487 rom.sh: support grub-first setups +``` + +This is roughly 100 changes. + +Older revisions +-------------- + +Please review the +original [Libreboot 20241206 announcement](libreboot20241206.md), and +the [Libreboot 20241206 revisions page](libreboot20241206.Revisions.md). + +Formalised release schedule +--------------- + +UPDATE: the text of this section was removed on 17 January 2025. + +Please read the following new article instead: + +[Formalised Libreboot 2025 release schedule](schedule.md) diff --git a/site/news/libreboot20241206rev8.md.description b/site/news/libreboot20241206rev8.md.description new file mode 100644 index 0000000..378cf72 --- /dev/null +++ b/site/news/libreboot20241206rev8.md.description @@ -0,0 +1 @@ +Libreboot 20241206rev8 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot2504.md b/site/news/libreboot2504.md new file mode 100644 index 0000000..7d9cfef --- /dev/null +++ b/site/news/libreboot2504.md @@ -0,0 +1,846 @@ +% Libreboot 25.04 "Corny Calamity" released! +% Leah Rowe +% 30 April 2025 + +A corresponding [Canoeboot 25.04](https://canoeboot.org/news/canoeboot2504.html) +release is also available. + +Today's Libreboot 25.04 revision is a *testing release*, whereas the previous +stable release was Libreboot 20241206. The codename for this release +is *Corny Calamity*. This is the first release to have a codename, and it is +using YY.MM format for the version number for the first time. Older releases +used YYYYMMDD as release dates. + + + +This release was built on the latest Debian 12.10 Bookworm release, as of +this day. It was also build-tested successfully on Debian Sid as of this +day, *with the experimental repository enabled and lbmk dependencies installed +from the experimental repository, including the recent GCC 15 toolchain*. +It was also tested on Fedora 42. Many fixes were made, so that it builds on the +most bleeding edge distros, and all the popular stable distros. + +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +New schedule and version numbers +------------------------------- + +This change in version release scheme was previously reported in the news +post announcing Libreboot's new [formal release schedule](schedule.md). As per +that article, the next stable release will be Libreboot 25.06, in June 2025. + +Regarding the changelog +-------------------- + +A lot has happened since Libreboot 20241206, released in December 2024. Although +several revisions were made to that release in recent months, *this* new +release changelog is relative to the *original* December 2024 release, so some +of these changes were also included in 20241206 revision releases. + +Open source BIOS/UEFI firmware +---------------------------- + + + +Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing +boot firmware that initialises the hardware in your computer, to then load an +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, +in the same way that Debian is a Linux distribution. It provides an automated +build system to produce coreboot ROM images with a variety of payloads such as +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +to use as possible for non-technical users. From a project management perspective, +this works in *exactly* the same way as a Linux distro, providing a source-based +package manager (called lbmk) which patches sources and compiles coreboot images. +It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, +and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) +or GRUB to boot your operating +system; on ARM(chromebooks) and certain x86 mainboards, we provide *U-Boot* (as +a coreboot payload), which provides a lightweight UEFI implementation.. + +Summarised list of changes +------------------------- + +### Board support + +The following boards have been added since the Libreboot 20241206 release: + +* Acer Q45T-AM support added (similar to G43T-AM3 mainboard) + +G43T-AM3 and Q45T-AM were also changed to a descriptor-based setup, with +full GbE region and correct 4MB ROM size, so for example ethernet should +work fine now. + +### Revision updates + + + +In descending order from latest changes to earliest changes: + +* Bump SeaBIOS to to rev 9029a010, 4 March 2025 +* Updated Untitled to newer LBSSG repository. +* Bump flashprog to rev e060018 (1 March 2025) +* Bump U-Boot on ARM64 boards to U-Boot v2025.04. Patching courtesy of + Alper Nebi Yasak. +* Bump uefitool to rev a072527, 26 Apr 2025 to fix CMake compatibility issue + since CMake 4 no longer supports version 3.5, whereas the old uefitool had + an earlier version as the minimum supported. This fixed a minor build error. +* Merged coreboot/next with coreboot/default +* Bump coreboot/next to rev c247f62749b as of 20 April 2025 +* Bump coreboot/default to rev c247f62749b as of 20 April 2025 +* Bump GRUB to rev a4da71daf (20 April 2025) +* Bump flashprog to revision eb2c041 (14 Nov 2024). + +The GRUB revision includes a number of critical CVE fixes, and regression +fixes, that were also included in Libreboot 20241206 rev11. + +The NASM version was updated to version 2.16.03 on coreboot/fam15h, to prevent +build errors, instead of fixing the old NASM 2.14.02. Tested on Debian Sid +Experimental, with GCC15-based toolchain, and on Fedora 42. + +PICO support: Reverted to the old pico serprog/sdk repositories used +in Libreboot 20240612. This is temporary, because pico2 support is currently +broken, so this release only has pico1 support, when dealing with Rpi Pico +devices. Upstream pico-serprog works fine on pico2, so this will be fixed +in and re-updated again in a future revision release. The pico2 update images +were retroactively removed from the 20241206 release on rsync. + +A patch from upstream was backported to the old pico-sdk version, so that it +builds correctly on newer GCC15 (tested on Debian Sid with "Experimental" +packages enabled). + +### Licensing + + + +* Added SPDX license headers to almost every configuration file in lbmk. + +### Security + +These can be considered bug fixes, but these are special fixes that are of +massive concern to users. + +* Merged *73* critical CVE fixes into the GNU GRUB source code, from upstream. +* Stricter use of pledge and unveil in the nvmutil source code. +* *Much* safer `./mk inject`. It used to be that the tarballs were extracted + and files inserted into the extracted images, but the tarballs were left + unmodified; many users thought then that they should extract the tarball + and flash that, which lead to bricks. And it was easy to flash uninjected + images, where files (e.g. Intel ME) are needed, so now ROM images are padded + by one byte, to prevent flashing, and the user is strongly reminded to + inject files first; upon running the `./mk inject` commands, these images + are then safe to flash. +* Fix globbing issues in lbmk by double-quoting variables everywhere, and + generally making sure that certain characters are escaped properly when + necessary. To reduce the chance of bad commands being run by mistake or + intentionally. +* Removed auto-confirm on `./mk dependencies` commands, to mitigate the risk + of a buggy package manager on the user's distro possibly removing many + packages. Now the user must confirm their choice, e.g. when a conflict + occurs, instead of the package manager already deciding for the user. +* ThinkPad T480 / OptiPlex 3050: Disable HyperThreading/SMT by default, for + security, to reduce the attack vector of certain speculative execution-based + exploits. + +### Feature changes + + + +In descending order from latest changes to earliest changes: + +* `init.sh`: More verbose error info, on non-zero exits. +* `util/nvmutil`: Within each 4KB part, only handle 4KB, even if the block + size is bigger. This means using less memory, and modification of anything + past 4KB is not required. +* `util/nvmutil`: Support 16KB and 128KB GbE files, in addition to the + usual 8KB files. The size is based on the block size of the flash you use. +* Added non-root USB3 hub support to GRUB on the xHCI implementation, courtesy + of a patch from Nitrokey. +* GRUB: Scan LUKS inside *every* LVM, to support the uncommon use case where + LUKS is inside LVM, instead of LVM inside LUKS. It is theoretically possible, + even if ill advised. +* GRUB: Scan *every* LVM device, where available, as a fallback at boot time + when all else fails. +* Release ROMs prefixed with a "DO NOT FLASH" warning and padded by one byte, + where vendor files are required. The `./mk inject` commands remove this + prefix/padding, after vendor files are inserted and checksums verified. +* Better detecting of whether vendor files are needed, and confirmation to + the user while running `./mk inject` commands. +* Allow restoring the default MAC address on `./mk inject` commands, by using + the `setmac restore` arguments. +* Randomise the MAC address by default, where applicable, when running + the `./mk inject` commands, because lots of users previously flashed without + changing it, so lots of users had generic MAC addresses. + The `setmac keep` argument prevents this from happening, where desired. +* `include/vendor.sh`: More user-friendly debug messages, for the user to + know what's going on. +* `util/nvmutil`: Add uninstall command to the Makefile +* `util/nvmutil`: Add distclean command to the Makefile +* `util/nvmutil`: Nicer hexdump display, similar to `hexdump -C`. +* Support a `re` argument in `./mk dependencies` Fedora commands, for + re-installation of packages as desired. +* Support `--reinstall` in the `./mk dependencies debian` command, when the + user wants to re-install dependencies. +* Put temporary `PATH` directory in the normal `XBMK_CACHE` directory, and + clear it whenever a new parent instance of the build system is executed. + This is used for the GCC/GNAT matched symlinks, for example, or the python + symlink created at startup. +* Pico 2 support briefly added, but was a bit buggy for now, so it's removed + in this release, and was retroactively removed in rsync for the + Libreboot 20241206 release; this will be re-added in a future release. +* Added GRUB-first payload setups as an option, but not enabled by default. + The user can add `payload_grubsea="y"` in the `target.cfg` file for a given + mainboard. +* Support automatically downloading Lenovo ThunderBolt firmware for the + ThinkPad T480, automatically padding it for installation. This update fixes + a charging bug that affected some earlier launch models. +* Insert GRUB backgrounds in CBFS instead of GRUB memdisk, which makes + GRUB background images easier to replace. + +### Configuration changes + + + +In descending order from the latest changes to the earliest changes: + +* T480/3050micro: Removed the `fsp` targets, because we only need + the `vfsp` targets. +* Added `gnutls-devel` to Fedora 41 dependencies. +* Added `libx86` to Arch dependencies, needed for the `int` utility. +* Added `less` to Arch dependencies, because it's needed for certain commands + e.g. git commands. +* GRUB: Use the codeberg mirror first, to mitigate GNU mirrors often being + slow or rate limited, e.g. for gnulib downloads. +* fedora41/dependencies: add libuuid-devel +* Added `uuid-devel` to fedora41 dependencies +* flashprog: Disable `-Werror` to prevent minor warnings being treated as errors. + +### Bug fixes + + + +The following bug fixes have been merged (in descending order from the latest +changes to the earliest changes): + +* coreboot (all trees): Added patch fixing GMP build errors on modern + GCC15 hostcc. +* coreboot (all trees): Fixed building of crossgcc with newer GCC15. Patches + courtesy of Alper Nebi Yasak. +* coreboot (all trees): Added a patch to fix building coreboot utils with + newer GCC15. +* dependencies/debian: Fixed the libusb package name for newer Debian releases, + courtesy of Alper Nebi Yasak. +* SeaBIOS: Fixed `malloc_fn` function pointers in the `romfile` patch, courtesy + of Alper Nebi Yasak. Fix build errors on GCC 15. +* `include/lib.sh`: Force use of System Python e.g. `/usr/bin/python`, when + a python venv is detected. This prevents the build system from hanging. +* coreboot `g43t_am3`: Fixed the `data.vbt` path. +* Alper Nebi Yasak fixed the Python 2/3 detection in some edge cases when + the `python` command is python2. +* `include/lib.sh` (later `init.sh`): Do root check *first*, right after + the dependencies check, whereas it previously did the python check before + checking for root user. +* lbmk: Don't use TMPDIR directly, use another variable containing its value, + and make sure it doesn't get changed wrongly. This reduces the possibility + of accidentally leaving old tmp files laying around. +* `include/lib.sh`: `tar` commands now return an exit with error, if a fault + occurs, whereas it didn't before, due to piped output. This is done + using the `x_` wrapper on tar commands, to provide error exits. +* `mk`: function `check_project_hashes` now returns an error, if the sha512sum + command fails. It previously didn't, due to piped outputs. It's now mitigated + by using `x_` on piped commands, for error exits. +* Forking of lbmk parent instance to child instance isno longer handled by + variables. It's been simplified, to only be based on whether TMPDIR is set, + and it's generally more robust now in this release. The old code sometimes + broke under certain edge cases. +* `include/vendor.sh` (later renaming to `inject.sh`): General code cleanup, + about 100 sloc removed without reducing features. +* lbmk: Initialise `PATH` to a standard string if not set, on the parent + instance of lbmk. +* lbmk: Use `pwd` instead of the `PWD` variable, resetting the latter safely + as lbmk runs. This prevents lbmk from changing directory to an erroneous + system path, if `PWD` wasn't properly set for some reason. This is a + preventative bug fix, because no actual issue ever occured in practise. +* Much safer Python version check at lbmk startup, using data structures that + are provided universally by all Python implementations, instead of + relying on the output of `--version`. +* Fixed T480 backlight controls, courtesy of a patch from Mate Kukri. +* Set up Python in `PATH` when lbmk starts, to ensure that it is always + version 3. This is checked at startup. +* `include/vendor.sh`: Prevent double-nuke, where a given tarball already had + vendor files removed prior to release. +* `include/vendor.sh`: Allow setting a MAC address even if vendor files aren't + needed. +* `include/vendor.sh`: Download utils even if `vcfg` is not set, in case the + user is also setting a MAC address. +* `util/nvmutil`: Honour the `INSTALL` variable, if set by the user, otherwise + it is set to `install` by default. +* `util/nvmutil`: Don't do `clean` when running `uninstall`. +* `util/nvmutil`: Proper DESTDIR/PREFIX handling, whereas it was not handled + properly at all before. +* `util/nvmutil`: Only set CC/CFLAGS if unset, and use sensible defaults. +* Fixed various shellcheck errors in lbmk. +* HP EliteBook 820 G2: Fixed vendor file insertion and set `release=y`. The + insertion of Intel MRC and refcode previously didn't pass checksum validation. +* ThinkPad T480 / OptiPlex 3050: Force power-off state upon recovery from + power loss, otherwise the system always turns on as soon as a charger is + plugged in. This is configured by hardcoding, due to a current lack of any + option table on the T480. +* Debian dependencies: replace liblz4-tool with lz4 and liblz4-dev. The latter + is also available in Debian Trixie and Sid, at this time, in addition to + Debian Bookworm, so it works on all of them. +* U-Boot (x86): Fixed a bug since Swig 4.3.0 changed the syntax for its + language-specific AppendOut functions. A patch from upstream was backported, + and the patch is also compatible with older versions of Swig. +* In lbmk scripts, use `command -v` instead of `which`, to find the locations + of certain binaries. This is a bug fix, since `which` is non-standard and + so could break on some setups. +* Crossgcc: when building it for coreboot, fix mismatching GCC/GNAT versions + so that they match, if multiple versions are present. This was done because + Debain Trixie initially had GCC 14 and GNAT 13, whereas we need GNAT to build + the Intel video init code on many mainboards. +* T480/T480: Disable TPM2 to mitigate a hang in SeaBIOS due to buggy drivers. +* `dependencies/debian`: Fix the `python3-distutils` package, renamed it + to `python3-distutils-extra`, which works on bookworm *and* newer, but the + former did not. +* `git.sh`: don't initialise the `livepull` variable globally, reset it per + target instead, to prevent some repositories from being wrongly re-cloned. +* Thinkpad T480 / Dell OptiPlex 3050: Handle FSP insertion post-release, rather + than providing FSP images directly in release images. It is now handled by + the `./mk inject` command, copying the reference image from coreboot and + splitting it upp and rebasing it, to mitigate certain technicalities of + Intel's FSP license, which otherwise permits free redistribution. +* Safer, more reliable exit when handling vendor files, because in some cases + lbmk was leaving the `lock` file in place (erroneously). +* Safer exit when running the `./mk dependencies` commands, so that lbmk is + more likely to exit, because it was theoretically possible that it might + not under certain edge cases. +* Disable nvme hotplug on Dell OptiPlex 3050 Micro, to prevent replugging in + Linux, which would otherwise lead to possible data corruption. +* T480: Fix coreboot SPD size to 512 instead of 256 (it was already + auto-corrected to 512 at build time, but the original configs were 256 which + is wrong). +* Add tarballs and gpg signatures to `.gitignore` + +### General code cleanup + + + +A large audit has been conducted, removing a lot of dead code in the build +system and improving the code quality considerably. Not all of such cleanup +changes are listed, because otherwise it'd overwhelm the changelog, and many +of the changes alone are quite pedantic, but together make a big change. You +can consult the Git log if you're more interested. + +A lot of bloat was removed, but a *lot* of new features, especially safety +features, were added, so the build system is *bigger*: lbmk has a sloccount +of *1507* source lines, in this release, versus 1145 in the 20241206 release. +However, this is with a slew of new features that are useful, including much +safer handling of vendor files, safer in that the risk of bricks is reduced. +This sloccount includes only the core shell scripts that comprise the build +system; there are millions of lines of code, between all the upstream sources +that lbmk imports, or otherwise depends on. lbmk is *[tiny](../docs/maintain/)*. + +In descending order from the latest changes to the earliest changes: + +* `init.sh`: Generally modularised it, moving separate tasks into separate + functions, rathher than having it be one big monolith. +* `vendor.sh` was renamed to `inject.sh`, so that future changes can be + in better sync between lbmk and cbmk on this file, because the cbmk version + has the MAC address changer (but no vendorfile handling). In the future, + this will be split so that `vendor.sh` exists again, containing only the + vendorfile handling, and `inject.sh` will only handle MAC addresses. +* `init.sh`: Several variables were moved out of this file and elsewwhere in + lbmk. +* Moved the `singletree` function to `git.sh` instead of `lib.sh` +* Moved the `cbfs` function from `lib.sh` to `rom.sh`. +* `include/lib.sh`: Use a more top-down function order, more clear, and it was + split into an extra file `init.sh` that does the most basic lbmk initialisation + at startup, whereas what remains in `lib.sh` really are generic library + functions used throughout lbmk. +* `include/git.sh`: Removed unused crossgcc linking feature, because we don't + use it anymore (coreboot trees have their own crossgcc and never link to + another these days). Libreboot used to have many more coreboot trees, some + of which re-used crossgcc from another tree. Similarly, the accompanying + variable `tree_depend` is no longer handled. The `xtree` variable is still + handled, because projects like U-Boot use that to configure crossgcc. +* include/vendor.sh: Removed unnecessary check against the ROM image size. + Generally simplified the processing of release images. +* include/git.sh`: Removed many redundant functions, merging several of them. +* `include/mrc.sh`: Fixed a bad print, making proper use of a string inside + a printf statement. +* Simplified many file checks in lbmk, by using the `e` function. +* Removed a bunch of useless `eval` commands in general, throughout lbmk, + making the code much cleaner. +* lbmk: the `x_` function is now used much more aggressively, for error + handling, simplifying error handling in lbmk overall. +* `mk` main script: Merged the `trees` script with it, so now it's all one + script. The `mk` script is now the only executable script in lbmk. +* `mk` (main script): The `roms` command is removed (legacy / obsolete). +* The version/versiondate files are now dotfiles, to hide during operation. +* `include/lib.sh`: Hardcoded projectname/projectsite variables, instead + of storing them in a file. +* `trees` script: Unified handling of flags (same string used in error output), + to ensure that error(usage) messages always match. +* `trees` script (later merged into `mk`): Removed a lot of old bloat. +* `util/nvmutil`: Make the checksum word position a define. Generally cleaned + up a lot of code to make it clearer for the reader. Added more verbose + messages to the user, confirming things such as how much was read or written + on the user's file system. Various miscallaneous bug fixes (edge cases that + were unlikely to ever be triggered). +* `util/nvmutil`: More efficient use of memory when handling files. +* `util/nvmutil`: Much cleaner handling of user input. +* `util/nvmutil: More granular MAC address parsing errors, easy for debugging. +* `util/nvmutil`: Make the Gbe Checksum a define, for readibility. +* `util/nvmutil`: Obey the 79-character-per-line limit, as per lbmk coding + style. +* `util/nvmutil`: Tidied up several pledge calls +* Removed use of several unnecessary subshells and `eval` statements in lbmk. +* `trees`: Later, the GCC/GNAT matching feature was rewritten to work both ways, + where an older GCC was matched to GNAT and vice versa, whereas it previously + only went one way. `gcc` and `gnat` are manipulated in `PATH` to ensure that + the user has a consistent version of both. +* `path.sh` later merged into the `trees` script (which later merged + into the main `mk` script). This `path.sh` is what contained the first + implementation of the GNAT/GCC version matching feature. +* `path.sh`: Remove unnecessary shebang, and the same on other `include/` + scripts. NOTE: `path.sh` was later merged into `lib.sh`, which then became + split into `init.sh` in later changes (see above). +* Removed legacy build system commands e.g. `./build` and `./update`; now + only the newer `./mk` commands are supported. This and the change below was + briefly reverted, for the 20241206 revisions, but then re-introduced in + preparation for this Libreboot 25.04 release. +* Removed the deprecated `./vendor` command; now only `./mk` commands are + used. The `./mk -d coreboot target` commands are used, for downloading + vendor files. +* Removed unused patch that was for the original deguard implementation, + prior to Mate Kukri's re-write of it. + +Git log +------- + +This log is relative to Libreboot 20241206: + +``` +* 4f77125066d coreboot/fam15h: update submodule for nasm +* 0f2202554ab coreboot/fam15h: update nasm to 2.16.03 +* 2009c26f0aa serprog: Remove pico2 support for the time being +* a08b8d94fc5 seabios: bump to rev 9029a010, 4 March 2025 +* 342eca6f3d1 update untitled +* b0a6d4711a3 coreboot413: add alper's fix to cbfstool for gcc15 +* 628ae867c9a flashprog: bump to rev e060018 (1 March 2025) +* 5e96db5a2b4 further gcc-15 fix for gmp on -std=23 +* 9a9cd26b2d5 coreboot/default and fam15h: gmp fix, gcc15 hostcc +* 80007223c85 lib.sh: Provide printf for mktarball +* a16c483e5fd Merge pull request 'coreboot: fam15h: Add patches to fix build with GCC 15 as host compiler' (#318) from alpernebbi/lbmk:coreboot-fam15h-gcc15 into master +|\ +| * 685685ab0e4 coreboot: fam15h: Add patches to fix build with GCC 15 as host compiler +|/ +* 02110f2bc1d Merge pull request 'coreboot: Add patch to fix build with GCC 15 as host compiler' (#317) from alpernebbi/lbmk:coreboot-gcc15-nonstring into master +|\ +| * 5ad1de3931a coreboot: Add patch to fix build with GCC 15 as host compiler +|/ +* 9e7bceb7fa9 Merge pull request 'seabios: Fix malloc_fn function pointer in romfile patch' (#313) from alpernebbi/lbmk:seabios-romfile-malloc-fptr into master +|\ +| * 35c853f8b33 seabios: Fix malloc_fn function pointer in romfile patch +* | 686e136f150 Merge pull request 'dependencies/debian: Fix libusb package name' (#315) from alpernebbi/lbmk:debian-libusb-dependency into master +|\ \ +| * | 6f120f01588 dependencies/debian: Fix libusb package name +| |/ +* / d8b0e749983 init.sh: fix yet another double quote for dotfiles +|/ +* 780844112ae Merge pull request 'Update U-Boot to v2025.10' (#305) from alpernebbi/lbmk:uboot-v2025.04 into master +|\ +| * 1265927ca38 u-boot: gru: Disable INIT_SP_RELATIVE +| * 5bea1fade9a u-boot: arm64: Expand our modified defconfigs to full configs +| * fd56d8ada13 u-boot: arm64: Merge our modifications into new defconfigs +| * ed9ddd7415f u-boot: arm64: Add new upstream defconfigs +| * b1fa44858cb u-boot: arm64: Rebase to v2025.04 +| * 976fc6890ae u-boot: arm64: Save our modifications to the upstream defconfigs +| * 418570a6172 u-boot: arm64: Turn configs into defconfigs +|/ +* 093a86d9c09 init.sh: don't use eval to read version files +* 3045079947b init.sh: use backslash for dotfiles in eval +* da108d1c045 mk: Don't run mkhelpers if mode is set +* 71a58a38ab4 mk: condense main() again +* f3882b9bf21 init.sh: make git name/email error more useful +* 9cebda333d5 init.sh: move git name/mail check to xbmk_git_init +* ea081adc4ca init.sh: tidy up the git name/email check +* 3292bded692 mk: make main() more readable +* 97a5e3d15ed mk: move git check to init.sh xbmk_set_version +* 11cd952060d init.sh: tidy up xbmk_init() +* f6c5c8d396d mk: move git_init to init.sh +* ec1c92238cc init.sh: minor cleanup +* e009f09e7fa init.sh: clean up setvars +* 9ec72153408 init.sh setvars: make err a printf for eval +* 18ad654a1f7 init.sh: merge xbmk_child_init with xbmk_init +* 15268202478 init.sh: split xbmk_child_init into functions +* 0280cd4c0e7 init.sh: move parent fork to new function +* a0e1d42ff74 init.sh: Provide more complete error info +* a8f0623efbb update uefitool to rev a072527, 26 Apr 2025 +* c698972130f rename include/vendor.sh to inject.sh +* 24e488aae56 lib.sh: move _ua to the xbmkget function +* 6779d3f9915 move variables out of init.sh to others +* 848159fa0eb lib.sh: rename vendor_checksum +* 1de77c6558c lib.sh: move singletree() to git.sh +* 703fe444312 lib.sh: move cbfs() to rom.sh +* b57952e90d2 re-split include/init.sh to lib.sh +* 8ecb62c6628 rename include/lib.sh to init.sh +* ce4381169fa lib.sh: introduce more top-down function order +* 15b64cfebe8 mk/git.sh: remove tree_depend variable +* 9b8179c0e5d git.sh: remove unused xgcc linking feature +* 4624c6e536c mk: remove unused variables (ser/xp) +* aba5b3a3532 mk: simplify main() +* 0ab7c6ff9cf lib.sh: use realpath to get sys python on venv +* 8edea026c58 lib.sh: Force use of System Python to prevent hang +* b1b964fa5c3 lib.sh: further condense the python check +* 9543a325acb lib.sh: further simplify the python check +* 9baabed7186 lib.sh: condense the python check +* 0c5c5ffc873 lib.sh: simplify mk() +* 83022b6ba83 lib.sh: simplify cbfs() +* 13ad839691d lib.sh: simplify the python check +* b1ea4165754 mk: remove mkhelp() and use x_() instead +* 4cf64e59ed0 mk: simplify handling of trees() +* d0581914c74 coreboot/hp8300cmt: purge xhci_overcurrent_mapping +* cb52fc4ba82 Fix VBT path on HP Elite desktops +* 2bee87cfc26 lib.sh: add missing copyright year +* 4b7ab403c65 ifd/q45t_am: unlock regions by default +* 564155277ea coreboot/g43t_am3: use ifd-based setup +* 0ddd1963751 coreboot/q45t_am3: use ifd-based setup +* 3b2d933842a coreboot/default: add missing submodules +* a10d81399c7 NEW MAINBOARD: Acer Q45T-AM (G43T-AM3 variant) +* d114e0a765c mk: don't print confirmation of git pkg.cfg +* f59c24f12aa coreboot/g43t_am3: fix data.vbt path +* 21020fa319a add missing config/data/coreboot/0 +* 2b4629d790b Merge pull request 'lib.sh: Fix python3 detection when 'python' is python2' (#290) from alpernebbi/lbmk:python3-detection-fix into master +|\ +| * a18d287a81e lib.sh: Fix python3 detection when 'python' is python2 +|/ +* c7569a67145 coreboot/next: merge with coreboot/default +* 762c7ff43eb coreboot/default: Update, c247f62749b (8 Feb 2025) +* 86e7aa80c51 Update the GRUB revisions +* 8d57bf6009e Revert "git.sh: minor cleanup" +* a2898771f6e lib.sh: perform root check even earlier +* 779f6003421 lib.sh: tidy up opening logic (put it together) +* bac4be99c20 lib.sh: do root check before python check +* e63d8dd20d9 git.sh: minor cleanup +* 11078508a25 lib.sh: simplify mktarball() +* 087bbedc5f8 vendor.sh: tidy up vendor_download() +* e11fd52d958 mk: tidy up check_gnu_path() +* 3442f4278ed mk: simplify check_project_hashes() +* 6b6a0fa607c lib.sh: fix missing s/TMPDIR/xbmktmp +* e07a2adb130 lbmk: don't handle TMPDIR directly +* 9d3b52cd1d2 rom.sh: minor cleanup +* b4402c54258 vendor.sh: yet even more code cleanup +* fe5bdc7633d vendor.sh: even more cleanup +* fcedb17a9a1 vendor.sh: more cleanup +* 4e2b59ed3ff vendor.sh: minor cleanup +* a3acf4c3f95 vendor.sh: simplify process_release_roms +* 30213a96883 vendor.sh: remove unnecessary check +* 38df7275f12 git.sh: remove unnecessary comment +* f5891fb6991 git.sh: remove link_crossgcc() +* a685654b90f git.sh: remove move_repo() +* e4aa62f79a8 git.sh: remove prep_submodule() +* 2839feb9e43 git.sh: make git_prep command clearer +* 410fa702c9c mrc.sh: Make proper use of variable inside printf +* 075902c3ea7 simplify a few file checks +* b2255425eba rom.sh: remove unnecessary check +* 39640d76a75 lbmk: minor cleanup +* c8dc701f3eb lib.sh mktarball: stricter tar error handling +* 58a53d7046f vendor.sh: don't err on bruteforce me extract +* 958fa34832a mk check_project_hashes: handle error on sha512sum +* 8b4b069e3f6 vendor.sh: remove unnecessary xchanged="y" +* 166dbb04c92 vendor.sh: set need_files="n" if skipping patch +* e90657cc734 vendor.sh: Don't handle vendor files if not needed +* 2e10a45fa36 Revert "lib.sh: use eval for the command in x_" +* 738d4bb6b6d lib.sh: fix bad eval writing resized file +* eb9e5d2d5d4 lib.sh: fix bad eval writing version/versiondate +* 3bfdecdc75b lib.sh: use eval for the command in x_ +* 4fa3bb9e5b1 mk: use eval to run mkhelp commands +* 9b3635718a8 mk: tidy up the switch/case block in main() +* 0c381028abc mk: tidier error handling +* 023f9cf0498 lib.sh: tidy up the error handling +* cb3253befb9 rom.sh: tidy up error handling +* 7af46721bcb vendor.sh: tidy up error handling +* 04ebb3b91a0 vendor.sh: tidy up decat_fspfd() +* 0c87fdf96ad git.sh: clean up fetch_project() +* 9eb8856b3c5 mk: Remove unnecessary argument checks on trees() +* 52f3d54116f vendor.sh: properly call err_ in fail_inject +* c4c6692b761 remove xbmk_parent, handle forking in lib.sh +* fd5431db05d lib.sh: define x_ right after err_ +* 972681a127b mk: minor cleanup +* b41cd39b686 lib.sh: minor cleanup +* 49939502648 mrc.sh: minor cleanup +* c158d82298b rom.sh: minor cleanup +* cb36248c8c0 vendor.sh: tidy up check_release() +* 409cab39c56 vendor.sh: tidy up vendor_inject() +* 12b1623e473 vendor.sh: tidy up readcfg() +* 0d85f061e2e vendor.sh: tidy up patch_release_roms() +* 61f20141028 vendor.sh: tidy up process_release_roms() +* 5901f36e49d vendor.sh: tidy up patch_rom() +* 082930ce0e7 vendor.sh: tidy up inject() +* e1f91f30372 vendor.sh: tidy up modify_mac_addresses() +* 3181ac50126 script/trees: merge with mk and delete script/ +* 3d03dd1a507 mk: remove the legacy "roms" command +* f0c629dcc6c lib.sh: write version/versiondate to dotfiles +* 23b942c83e9 lib.sh: hardcode projectname/projectsite +* a03bb793aea remove update/vendor symlinks +* d7f80ebe71e move build to mk +* 57d58527fd0 trees: unify the execution of mkhelper commands +* e5262da4be7 trees: tidy up configure_project() +* 51798278397 build: make coreboot building an else in "roms" +* c189257888a trees: don't build dependencies if dry=":" +* 115a66fddd3 trees: unified handling of flags +* 3ea633cc791 trees: simplified handling of badhash/do_make +* 9be40e94a2b trees: don't set mode on ./mk -b +* 67ad7c2635c trees: don't set mod on ./mk -d +* 24448948419 trees: don't initialise mode to "all" +* 97c50a39a60 trees: clean up some comments +* cfb14fd8dd8 vendor.sh: simplified readkconfig() +* 5b697b93a2d lib.sh: double-quote pwd to prevent globbing +* 5a0a24f5559 lbmk: unified PWD handling (work directory) +* a25a29cfbb7 lib.sh: initialise PATH if it's unset +* 1022abf6991 move XBMKPATH to include/lib.sh +* 0764c969a29 lbmk: use pwd util, not PWD environmental variable +* f98b9b01107 clean up a few semicolons in the build system +* 8ccb61cc718 trees: err if first argument is not a flag +* 947c3e1a176 trees: err if no argument given +* edbbde0b12d trees: set dry=":" on ./mk -f +* 33bb0ecf764 trees: clean up initialisation of the dry variable +* c7636ff1dfc trees: initialise mode to "all", not "" +* d0bd12631a6 trees: don't abuse the mode variable on -f +* c4cd876c609 trees: Add missing flag to error output +* 5ebcae5235f lbmk: minor code formatting cleanup +* 70cef71dbab grub/xhci: Remove unused patch +* 3f14a470a2e remove _fsp targets (keep _vfsp) +* d7312260e7e util/nvmutil: remove excessive comments +* e348ea0381a Bump GRUB revision to add 73 security patches +* 4b228c11f9f Merge pull request 'Update pico-serprog revision' (#271) from Riku_V/lbmk:master into master +|\ +| * a8359e30b27 Update pico-serprog revision +|/ +* d2cb954933b util/nvmutil: Fix bad error messages on R/W +* e1e515bd22a util/nvmutil: hardened pledge on help output +* ada057a865c Merge pull request 'Simplify the README' (#269) from runxiyu/lbmk:readme-simplification into master +|\ +| * 9ced146b47c README.md: Use newlines instead of bulleted list for docs/support links +| * 266122592cd README.md: Use the EFF's page on Right to Repair +| * e36aa8c5a5c README.md: Vastly simplify it +| * c17f4381ce5 README.md: Mention SeaBIOS and U-Boot instead of Tianocore as payloads +|/ +* 47eb049cb47 Merge pull request 'deps/arch: genisoimage belongs to cdrtools' (#267) from runxiyu/lbmk:master into master +|\ +| * fa9a0df2458 deps/arch: genisoimage belongs to cdrtools +|/ +* a98490573be util/nvmutil: only set mac_updated at the end +* 6b9cf09ca21 restore old x230 gbe file +* 8a435355135 util/nvmutil: Fix bad comparison +* a65a0c2f963 util/nvmutil: allow ./nvm gbe MAC +* 96356ce94f6 util/nvmutil: move "e" to swap() +* b1d8975959d util/nvmutil: Only read up to 4KB on larger gbe +* 6821659bcb2 util/nvmutil: fix minor mistake (line break) +* 3bb7520f6d9 util/nvmutil: do setmac if only filename given +* d94b274fd9f vendor.sh: don't error if grep -v fails +* 6ebdd3c72ba vendor.sh: Don't show gbe filename on inject +* a08748a9eda util/nvmutil: don't say write not needed if errno +* 6841a351ebc util/nvmutil: print dump *after* modification +* da0a6c216cf util/nvmutil: verbosely print the written MAC +* db5879c6b5a util/nvmutil: minor cleanup in cmd_dump +* bd7215d1eb7 util/nvmutil: show nvm words written on writeGbe +* c70117c79c4 util/nvmutil: clean up readonly check on writeGbe +* cf5a63e65ca util/nvmutil: Remove useless gbeFileChanged var +* 83601aa524b util/nvmutil: reset errno if any MAC updated +* 3e86bf5ce25 util/nvmutil: reset errno when writing a MAC +* bcf53cc2cc0 util/nvmutil: show total number of bytes read +* c91cc329cf8 util/nvmutil: rename tbw/bw to tnw/nw +* 90607108330 util/nvmutil: err if bytes read lower than nf +* c72f699d368 util/nvmutil: err if fewer bytes written +* d666f67ebe5 util/nvmutil: Show bytes written in writeGbe +* b2d6393ed5f util/nvmutil swap(): ensure that no overflow occurs +* 063fef14d34 util/nvmutil: make swap() a bit clearer +* fd1bbdc96cb util/nvmutil: make 0x3f checksum position a define +* 5ddf7f251d6 util/nvmutil: make 128 (nvm area) a define +* 8850acc7da6 util/nvmutil swap(): Only handle the nvm area +* 49506a88328 util/nvmutil: move write checks to writeGbe +* 948377b0e7e util/nvmutil: make cmd_swap its own function again +* 6e134c9f4bf util/nvmutil: minor cleanup +* 98e105ac4f1 util/nvmutil: allocate less memory for setchecksum +* 52e8ea57f7b util/nvmutil: Further reduce memory usage +* 7a7d356824e util/nvmutil: Remove unnecessary buf16 variable +* cdf23975bc1 util/nvmutil: Only allocate needed memory for file +* ed45da9cae5 util/nvmutil: Remove unnecessary buffer +* ec3148dc3b5 util/nvmutil: Show specific error for bad cmd argc +* 073420d3056 util/nvmutil: cleaner argument handling +* a6c18734e70 util/nvmutil: extreme pledge/unveil hardening +* deb307eaf63 util/nvmutil: more minor cleanup +* c14eccaf153 util/nvmutil: more granular MAC parsing errors +* 88fb9cc90ea util/nvmutil: more cleanup +* 5aaf27f80c3 remove errant comment in nvmutil +* c829b45c17c util/nvmutil: support 16kb and 128kb gbe files +* a98ca5bf65c util/nvmutil: Prevent unveil allowing dir access +* 68c32034a00 typo: nvme should say nvm in nvmutil.c +* c944c2bbac7 util/nvmutil: General code cleanup +* 8c65e64e398 snip +* f666652fe15 snip +* 64d3c7b5150 grub/xhci: Add xHCI non-root-hub fixes from Nitrokey +* 7bf0d4c2ed5 add gnults-devel to fedora 41 dependencies +* 66d084e7f7c grub.cfg: scan luks *inside lvm* +* 5a3b0dab966 grub.cfg: Scan *every* LVM device +* 3c9f4be76f6 Libreboot 20241206, 8th revision +* d4cc94d6b44 rom.sh: don't run mkpicotool on dry builds +* de6d2f556f1 pico-sdk: Import picotool as a dependency +* 4210ee68ea2 lib.sh: Much safer python version check +* 8c7ba6131cc coreboot/next uprev: Fix T480 backlight keys +* 411fb697dfc set up python in PATH, ensuring that it is python3 +* e8336bcc3ca vendor.sh: Proper semantics on prefix file names +* 63f45782638 vendor.sh: Confirm if need_files=n +* 13b06ae130f vendor.sh: Allow restoring the default GbE file +* ab8feff92e0 vendor.sh: set random MAC address *by default* +* 0ceaa01d45d vendor.sh: add clarification to nogbe warning +* 4d5caf1dcfc vendor.sh: check that the vcfg file exists +* fc4ee88e167 vendor.sh: error out if nuking failed +* 8819a93d89b add line break, part 3 +* 8ce1a00f517 add line break, part 2 +* bc2c14e76a8 add line break +* c762850311a vendor.sh: prevent double-nuke +* 68299ad05ca vendor.sh: much more verbose errors/confirmation +* b8e6d12f3d9 add libx86 to arch dependencies +* cf8ad497b4e vendor.sh: Remove unnecessary return +* c858099b359 vendor.sh: Download utils even if vcfg unset +* ce16856a242 vendor.sh: Allow setmac if vendorfiles not needed +* 4b51787d078 add less to arch dependencies +* 8bd028ec153 lib.sh: Set python after dependencies +* 44b6df7c24c update my copyright years on modified scripts +* 818f3d630c2 vendor.sh: Don't error if vcfg is unset +* 432a1a5bca7 lib.sh: Fix unescaped quotes in chkvars() +* a73b0fd910a Revert "fix more unescaped quotes in eval" +* ec6bcc1fba5 fix more unescaped quotes in eval +* 5284f20b981 fix ./mk dependencies build issue +* d825f9a9683 rom.sh: Remove errant GRUB modules check +* 4149f3dc81a submodule/grub: use codeberg for 1st gnulib mirror +* 0305975e705 util/nvmutil: Update AUTHORS and COPYING files +* 20b192e13bd util/nvmutil: Describe nvmutil in help output +* d1ca21628cb util/nvmutil: Remove the correct binary on uninstall +* e63fe256dfc util/spkmodem-recv: More correct Makefile +* efd50ee548b util/nvmutil: Honour the INSTALL variable +* 8008838abbc util/nvmutil: Don't clean when doing uninstall +* 982f257f58a util/nvmutil: Proper DESTDIR/PREFIX handling +* 3f85ae5f853 util/nvmutil: Set CC and CFLAGS only if unset +* 2c7b9fb9412 util/nvmutil: Capitalise BABA +* 57f9906f6d1 util/nvmutil: Add uninstall to Makefile +* 4defe2c6085 util/nvmutil: Add distclean to Makefile +* 033e4cd9d50 util/nvmutil: Make the GbE checksum a define +* 874317c4e59 util/nvmutil: nicer hexdump display +* a338e585eed util/nvmutil: show the correct hexdump order +* b032e483ef1 lib.sh mktarball: cleaner if statement +* 0cf58c22734 fix lbmk shellcheck errors +* 8276560cc99 lib.sh and rom.sh: update my header +* 08e86d2218c vendor.sh inject: reset err upon return +* 41275d699ca vendor.sh: MUCH, MUCH, MUCH safer ./mk inject +* ed7293494e3 util/nvmutil: Obey the 79-character per line limit +* 637b5e36fd2 util/nvmutil: Tidy up copyright header +* cd28db883e2 vendor.sh: fix comment +* 57971ceb227 util/nvmutil: Fix another straggler +* 15b37b2a1ab util/nvmutil: Tidy up pledge calls +* e8799310db2 hp820g2: fix vendorfile inject and set release=y +* f9ab082ec19 fedora41/dependencies: add libuuid-devel +* 661591f9f0b add uuid-devel to fedora41 dependencies +* 1a46c047386 support ./mk dependencies fedora reinstall +* d58d63569f1 fix missing semicolon in grub nvme patch +* 95ea3293df5 bump seabios to rev 1602647f1 (7 November 2024) +* 6d7e6c361b3 Bump GRUB revision to 6811f6f09 (26 November 2024) +* 09a01477df6 t480/3050micro: force power off post power failure +* d344cd95eac flashprog: Disable -Werror +* dc95e912bfe bump flashprog to revision eb2c041 (14 Nov 2024) +* 27c8c1c16ba replace liblz4-tool with lz4 and liblz4-dev +* d3a732a64db lib.sh dependencies: support --reinstall argument +* 466ada423dd move xbmkpath to XBMK_CACHE/ +* b0a23840327 Revert "Remove legacy update/vendor commands" +* 3d7dd4aa9fe Fix U-Boot build issue with Swig 4.3.0 +* 0c810747469 use command -v instead of which +* 6c7e3ce2d6e trees: remove unnecessary subshell +* ad137eae89d trees: only symlink host gcc/gnat to build xgcc +* cfb6de94c33 trees: correction on check_gnu_path +* ec2f0716662 trees: match gcc/gnat versions both ways +* f64b5996279 Merge path.sh into script/trees +* 295463d281e path.sh: Further cleanup +* 5b24e0a5a96 path.sh: More thorough gcc/gnat version check +* 7849a075886 path.sh: minor cleanup +* 17168a87dbf path.sh: remove unnecessary shebang +* e565df94fd7 Fix globbing issue in lbmk +* c80cc0a00b6 remove auto-confirm on distro dependencies +* 01fc65a0a9d Mitigate Debian Trixie/Sid GCC/GNAT version mismatch +* 424b0c7103b t480/3050micro: disable hyperthreading +* 603105f3b4e t480/t480s: Disable TPM2 to mitigate SeaBIOS lag +* 754bd1e6ca3 rom.sh: Name pico directory serprog_pico +* db22308eba5 add 2024 to Riku's copyright header on rom.sh +* 4fa5f696db8 Merge pull request 'rp2530' (#258) from Riku_V/lbmk:rp2530 into master +|\ +| * a5e0360992d pico-sdk: update to 2.1.0 +| * e2f8cc7f3ee pico-serprog: enable building for multiple pico chips +|/ +* ccc2b4d589f add spdx headers to dependencies configs +* a3969701e6b dependencies/debian: fix debian sid +* 8f370cb60d9 add spdx headers to various config files +* d591ea4c5dc git.sh: don't initialise livepull globally +* b5da9feba3b vendor.sh: Print useful message on ./mk inject +* 12c6259cb2f vendor.sh: Handle FSP insertion post-release +* 78132051462 Remove legacy update/vendor commands +* 07037561bd6 lbmk: remove use of deprecated ./vendor command +* 5d1f1823067 vendor.sh: Safer exit when vendorfiles not needed +* a18175a5df9 data/deguard: Remove unused patch +* ee8f53b96ff lib.sh: Safer exit from ./mk dependencies +* a8b35c88cf1 remove geteltorito and mtools from lbmk +* 1dd32ea5487 rom.sh: support grub-first setups +* f7801ef4770 vendor.sh: delete old tb.bin first, just in case +* 02cbf8a729d vendor.sh: make TBFW pad size configurable +* 9884e5ed1b0 T480/T480S: Support fetching ThunderBolt firmware +* 36b42dd1c11 also de-rainbow the u-boot menu +* eafc82028a4 Revert "use rainbow deer on the grub background" +* 44969c73bd2 rom.sh: insert grub background in cbfs not memdisk +* 401efb24b22 use rainbow deer on the grub background +* dc27cb91784 add some scripts to .gitignore +* 3b6b283eabe disable 3050micro nvme hotplug +* c2023921893 fix t480 spd size (512, not 256) +* da527459b68 add tarballs and signatures to gitignore +* b910424b5df fix another very stupid mistake +* e3b77b132e6 fix the stupidest bug ever +``` + +This is nearly *400* changes! + +Revision releases +----------------- + +When certain bugs are found, releases may be re-built and re-uploaded. When +this happens, the original release is replaced with a *revision release*. + +### 25.04rev1 (1 May 2025) + +A minor issue was found with AHCI initialisation on the ThinkPad T420, caused +by one of the seven new SeaBIOS patches merged in the release. The seven patches +are largely optional and inconsequential changes, for Libreboot users anyway, +so they have been reverted. + +The AHCI bug was was caused on ThinkPad T420 by a patch that *resets* the +state of the AHCI controller, before enabling it, in SeaBIOS. This patch was +written by the author, to make SeaBIOS's AHCI driver work in CSM mode. + +For this revision release, that patch is removed, but in Libreboot's master +branch, the SeaBIOS revision is once again up to date, including the seven +recently imported commits, but that version patches SeaBIOS to only apply +the change to AHCI behaviour if SeaBIOS is running as a CSM. + +This `25.04rev1` release also contains a missing config for text-mode startup +on the ThinkPad T420. + +It is possible that this AHCI issue may have been caused on other mainboards, +but we currently do not know. It is better to assume that all mainboards were +affected, so you should update to the rev1 release if you had the +original 25.04 release. + +This revision release was committed to the `25.04_branch` branch, and any +further revision releases will be in the same branch. diff --git a/site/news/libreboot2504.md.description b/site/news/libreboot2504.md.description new file mode 100644 index 0000000..f79fcdf --- /dev/null +++ b/site/news/libreboot2504.md.description @@ -0,0 +1 @@ +Libreboot 25.04 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/libreboot2506.md b/site/news/libreboot2506.md new file mode 100644 index 0000000..f99252c --- /dev/null +++ b/site/news/libreboot2506.md @@ -0,0 +1,1603 @@ +% Libreboot 25.06 "Luminous Lemon" released! +% Leah Rowe +% 30 June 2025 + +A corresponding [Canoeboot 25.06](https://canoeboot.org/news/canoeboot2506.html) +release is also available. + +There *was* a Libreboot 25.04 release in April 2025, but that is retroactively +regarded as an RC of 25.06. The original 25.06 release announcement showed +changes since 25.04, but the changelog is now relative to December 2024. +This reflects the [revised release schedule](revisions.md). It means that the +changelog is much bigger, and also includes the changes that went in +Libreboot 25.04. + +Today's Libreboot 25.06 revision is a *stable release*, whereas the previous +stable release was Libreboot 20241206. This revised release log lists all +changes as of today, 30 June 2025, since the Libreboot 20241206 release of +December 2024. + + + +**[PLEASE READ THESE INSTRUCTIONS BEFORE INSTALLING](../docs/install/ivy_has_common.md), OR +YOU MAY BRICK YOUR MACHINE!! - Please click the link and follow the instructions +there, before flashing. For posterity, +[here is the link again](../docs/install/ivy_has_common.md).** + +Open source BIOS/UEFI firmware +---------------------------- + +Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing +boot firmware that initialises the hardware in your computer, to then load an +operating system (e.g. Linux/BSD). It is specifically +a *[coreboot distribution](../docs/maintain/)*, +in the same way that Debian is a Linux distribution. It provides an automated +build system to produce coreboot ROM images with a variety of payloads such as +GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy +to use as possible for non-technical users. From a project management perspective, +this works in *exactly* the same way as a Linux distro, providing a source-based +package manager (called lbmk) which patches sources and compiles coreboot images. +It makes use of [coreboot](https://www.coreboot.org/) for hardware initialisation, +and then a payload such as [SeaBIOS](https://www.seabios.org/SeaBIOS) +or GRUB to boot your operating +system; on ARM(chromebooks) and certain x86 mainboards, we provide *U-Boot* (as +a coreboot payload), which provides a lightweight UEFI implementation.. + +Sumarised list of changes +------------------------- + +This section provides a brief overview, summarising all of the changes. The +next sections (after this) show *all* changes in detail. + +The most important changes are, thus: + +New mainboards: + +* Acer Q45T-AM support added (similar to G43T-AM3 mainboard) +* Dell Precision T1700 SFF and MT + +Revision updates: + +* GRUB, SeaBIOS, Untitled, flashprog, U-Boot, uefitool have all been updated + to newer revisions, from ~April 2025. + +Security: + +* GRUB has has *a lot* of security fixes applied to it from upstream, including + a very large series of *73* major security fixes, and a few minor tweaks + after the fact. +* Globbing issues fixed in the Libreboot build system, lbmk. Better error + handling in general. +* ThinkPad T480/3050micro: Disable hyperthreading by default + +Feature changes: + +* Better, more reliable caching of Git repositories and files during download. + Re-builds of sources make better use of local caching, instead of downloading + from scratch every time (e.g. coreboot and GRUB sources). +* Handling of vendor files is more reliable, caching everything more aggressively + and even verifying checksums of *extracted* files, from inside update archives. +* Non-root USB hub support added to GRUB, for xHCI devices +* GRUB: better LVM scanning, for auto-boot especially with encrypted `/boot/`; + Linux distros are easier to handle, in general. +* Safer handling of vendor files; release images padded to prevent flashing, + where such files are needed, until they have been inserted. +* Better MAC address handling, on IFD-based systems. Insertion of MAC addresses + is done by default, randomised by default, unless overridden by the user. + +Config changes: + +* Removed unnecessary sources by default, to make source archives smaller. Only + the sources needed to build the binaries are included, in many cases. +* Updated various dependencies configs, for installing build dependencies in + various Linux distros (for the `./build dependencies` command which installs + them in your distro). + +Bug fixes: + +* Better checksum verification for project files, when deciding whether to + re-build a given upstream source. +* General build system fixes, making the build process more reliable, with + much stricter error handling (and some false error conditions have also been + removed). +* GRUB payload: Mark E820 reserved for cbmem, which means that you no longer + need `iomem=relaxed` (kernel option) at boot time, to access the cbmem console. +* Use `x` instead of `?` in nvmutil, as a character for randomness in MAC + addresses, to work around a design quirk in ZSH. +* Where files are operated on post-build, e.g. coreboot images, more strictly + operate on them first, erroring out more reliably when a fault occurs; prevent + bad files from being copied to final build destinations. This reduces the + chance of bad/corrupt build artifacts being present in release builds. +* HP EliteBook 820 G2 images now included in releases, because handling of + the refcode files was corrected so that checksum verification passes during + insertion. + +This, and more, has all been done. There was also a general focus on heavily +auditing the build system, lbmk, so as to clean up the code. The amount of +overall code in lbmk was *reduced*, without removing functionality. + +These next sections will repeat many of the above items, but in more detail. + +Detailed list of changes +------------------------- + +### Board support + +The priority for the first half of 2025 has been on further auditing the +Libreboot build system, so fewer board ports were added. More board ports +will be added instead in the December 2025 release (a lot more). + +The following boards have been added since the Libreboot 20241206 release: + +* Acer Q45T-AM support added (similar to G43T-AM3 mainboard) +* Dell Precision T1700 SFF and MT + +Board ports were low priority for this release; now it shall be the focus, +between June 2025 and October 2025, ready for the 25.12 release cycle leading +into December 2025. + +Dell Precision T1700 is essentially the OptiPlex 9020 but with a slightly +different, code-compatible PCH that also supports ECC memory features when an +Intel Xeon processor is installed. + +### Revision updates + +In descending order from latest changes to earliest changes: + +* GRUB: Update to revision 73d1c959e (14 March 2025) +* Bump SeaBIOS to to rev 9029a010, 4 March 2025 +* Updated Untitled to newer LBSSG repository. +* Bump flashprog to rev e060018 (1 March 2025) +* Bump U-Boot on ARM64 boards to U-Boot v2025.04. Patching courtesy of + Alper Nebi Yasak. +* Bump uefitool to rev a072527, 26 Apr 2025 to fix CMake compatibility issue + since CMake 4 no longer supports version 3.5, whereas the old uefitool had + an earlier version as the minimum supported. This fixed a minor build error. +* Merged coreboot/next with coreboot/default +* Bump coreboot/next to rev c247f62749b as of 20 April 2025 +* Bump coreboot/default to rev c247f62749b as of 20 April 2025 +* Bump flashprog to revision eb2c041 (14 Nov 2024). + +The GRUB revision includes a number of critical CVE fixes, and regression +fixes, that were also included in Libreboot 20241206 rev11. Some later fixes +are also present, such as wiping LUKS keys from memory after successfully +booting Linux (Linux handles LUKS itself, and starts the process again). + +The NASM version was updated to version 2.16.03 on coreboot/fam15h, to prevent +build errors, instead of fixing the old NASM 2.14.02. Tested on Debian Sid +Experimental, with GCC15-based toolchain, and on Fedora 42. + +PICO support: Reverted to the old pico serprog/sdk repositories used +in Libreboot 20240612. This is temporary, because pico2 support is currently +broken, so this release only has pico1 support, when dealing with Rpi Pico +devices. Upstream pico-serprog works fine on pico2, so this will be fixed +in and re-updated again in a future revision release. The pico2 update images +were retroactively removed from the 20241206 release on rsync. + +A patch from upstream was backported to the old pico-sdk version, so that it +builds correctly on newer GCC15 (tested on Debian Sid with "Experimental" +packages enabled). + +### Licensing + + + +* Added SPDX license headers to almost every configuration file in lbmk. + +### Security + +These can be considered bug fixes, but these are special fixes that are of +massive concern to users. + +* This GRUB change was merged, in the aforementioned revision + update: `dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory` - this + wipes the LUKS key from memory, after GRUB exits, where one was created + by GRUB while unlocking a given volume. +* Merged *73* critical CVE fixes into the GNU GRUB source code, from upstream. +* Stricter use of pledge and unveil in the nvmutil source code. +* *Much* safer `./mk inject`. It used to be that the tarballs were extracted + and files inserted into the extracted images, but the tarballs were left + unmodified; many users thought then that they should extract the tarball + and flash that, which lead to bricks. And it was easy to flash uninjected + images, where files (e.g. Intel ME) are needed, so now ROM images are padded + by one byte, to prevent flashing, and the user is strongly reminded to + inject files first; upon running the `./mk inject` commands, these images + are then safe to flash. +* Fix globbing issues in lbmk by double-quoting variables everywhere, and + generally making sure that certain characters are escaped properly when + necessary. To reduce the chance of bad commands being run by mistake or + intentionally. +* Removed auto-confirm on `./mk dependencies` commands, to mitigate the risk + of a buggy package manager on the user's distro possibly removing many + packages. Now the user must confirm their choice, e.g. when a conflict + occurs, instead of the package manager already deciding for the user. +* ThinkPad T480 / OptiPlex 3050: Disable HyperThreading/SMT by default, for + security, to reduce the attack vector of certain speculative execution-based + exploits. + +### Feature changes + + + +In descending order from latest changes to earliest changes: + +* `init.sh`: looser `XBMK_THREADS` validation; correct it on child instances, + if it's not set, or set incorrectly. +* `get.sh`: use subshells on `try_` functions, wrapped in an error handler + so as to provide more verbose output under fault conditions. This makes it + easier to debug when a download fails. +* `git.sh`: Re-implement redundant git downloads, more reliably than before; all + repositories are now cached, reliably, including submodules, even when upstream + repo links differ wildly. This reduces the amount of internet bandwidth used, + when handling multiple builds. +* `release.sh`: build in tmp directory first, leaving old files behind under + fault conditions, for further analysis +* `inject.sh`: re-add mac address confirmation, for user-friendliness, when + running the inject commands. +* `init.sh`: Resolve `XBMK_CACHE` via readlink +* `init.sh`: Use `readlink` in `pybin()`, with realpath only as fallback. This + makes the function more redundant, working on more systems by default. +* `lib.sh`: support any command on `find_exec()` (later renamed); this is a + generic function, that implements a while loop for a given set of files, + based on the output a command that generates those paths. This is operated + on by a function, defined when calling find\_exec. This unifies all use of + while loops on lists of files and directories, throughout xbmk, rather + than re-implementing the for/while loops each time. +* `inject.sh`: simplify kconfig scanning by using the `fe_` with a new + function, `scankconfig()`. This new function checks *all* coreboot configs + for a given target, whereas the old behaviour only resulted in the *first* + config being checked. In practise, this causes no real behaviour changes. +* `rom.sh`: Print the rom image path being generated +* `lib.sh`: Add warning if x_ is called without args +* `init.sh`: More verbose error info, on non-zero exits. +* `util/nvmutil`: Within each 4KB part, only handle 4KB, even if the block + size is bigger. This means using less memory, and modification of anything + past 4KB is not required. +* `util/nvmutil`: Support 16KB and 128KB GbE files, in addition to the + usual 8KB files. The size is based on the block size of the flash you use. +* Added non-root USB3 hub support to GRUB on the xHCI implementation, courtesy + of a patch from Nitrokey. +* GRUB: Scan LUKS inside *every* LVM, to support the uncommon use case where + LUKS is inside LVM, instead of LVM inside LUKS. It is theoretically possible, + even if ill advised. +* GRUB: Scan *every* LVM device, where available, as a fallback at boot time + when all else fails. +* Release ROMs prefixed with a "DO NOT FLASH" warning and padded by one byte, + where vendor files are required. The `./mk inject` commands remove this + prefix/padding, after vendor files are inserted and checksums verified. +* Better detecting of whether vendor files are needed, and confirmation to + the user while running `./mk inject` commands. +* Allow restoring the default MAC address on `./mk inject` commands, by using + the `setmac restore` arguments. +* Randomise the MAC address by default, where applicable, when running + the `./mk inject` commands, because lots of users previously flashed without + changing it, so lots of users had generic MAC addresses. + The `setmac keep` argument prevents this from happening, where desired. +* `include/vendor.sh`: More user-friendly debug messages, for the user to + know what's going on. +* `util/nvmutil`: Add uninstall command to the Makefile +* `util/nvmutil`: Add distclean command to the Makefile +* `util/nvmutil`: Nicer hexdump display, similar to `hexdump -C`. +* Support a `re` argument in `./mk dependencies` Fedora commands, for + re-installation of packages as desired. +* Support `--reinstall` in the `./mk dependencies debian` command, when the + user wants to re-install dependencies. +* Put temporary `PATH` directory in the normal `XBMK_CACHE` directory, and + clear it whenever a new parent instance of the build system is executed. + This is used for the GCC/GNAT matched symlinks, for example, or the python + symlink created at startup. +* Pico 2 support briefly added, but was a bit buggy for now, so it's removed + in this release, and was retroactively removed in rsync for the + Libreboot 20241206 release; this will be re-added in a future release. +* Added GRUB-first payload setups as an option, but not enabled by default. + The user can add `payload_grubsea="y"` in the `target.cfg` file for a given + mainboard. +* Support automatically downloading Lenovo ThunderBolt firmware for the + ThinkPad T480, automatically padding it for installation. This update fixes + a charging bug that affected some earlier launch models. +* Insert GRUB backgrounds in CBFS instead of GRUB memdisk, which makes + GRUB background images easier to replace. + +### Configuration changes + + + +In descending order from the latest changes to the earliest changes: + +* ifd/hp8300usdt: set the HAP bit by default; it was previously not set, but + the `me_cleaner` config was nonetheless used, and ME Soft Temporary Disable + was also used. As a result, this change is basically redundant, but otherwise + technically correct (more so than the previous behaviour). +* coreboot: Remove unused vboot tests (futility tests), to shrink the size of + release tarballs. +* coreboot/default: Remove unneeded FSP modules when downloading, because + only the Kabylake version is needed at this time. This is done, using + the `nuke()` function via `nuke.list` files. This shrinks the size of + release tarballs. +* `dependencies/debian`: add `libx86` +* HP 820 G2: Use fam15h cbfstool tree for refcode; this avoids the need to + clutter the source code with an entire additional coreboot tree, thus reducing + the size of releases. +* A GRUB configuration change was made, fixing auto-scanning of LVMs when + doing cryptomount. +* T480/3050micro: Removed the `fsp` targets, because we only need + the `vfsp` targets. +* Added `gnutls-devel` to Fedora 41 dependencies. +* Added `libx86` to Arch dependencies, needed for the `int` utility. +* Added `less` to Arch dependencies, because it's needed for certain commands + e.g. git commands. +* GRUB: Use the codeberg mirror first, to mitigate GNU mirrors often being + slow or rate limited, e.g. for gnulib downloads. +* fedora41/dependencies: add libuuid-devel +* Added `uuid-devel` to fedora41 dependencies +* flashprog: Disable `-Werror` to prevent minor warnings being treated as errors. + +### Bug fixes + + + +This combines both build system fixes, and changes to upstream sources (e.g. +coreboot and various payloads like SeaBIOS/GRUB, utilities like flashprog, and +so on). + +The following bug fixes have been merged (in descending order from the latest +changes to the earliest changes): + +* `tree.sh`: add sha512 error for `check_project_hashes()`. Handle errors + in `sha512sum` and `awk`; also check that `project.hash` exists and error + out if it doesn't, when checking a given project hash. We know that the + project hash file should always exist, and always be read; technically, + find might not yield results, but then an empty file would be produced. + the empty file edge-case scenario would already have resulted in an error + exit inside `configure_project()`, so that's already covered. +* `tree.sh`: add error checking in `check_project_hashes()`, when reading + the `old_pkhash` variable; we need to error out where a read error occurs. + such an error is extremely unlikely, so this fix is largely theoretical and + preventative. +* `tree.sh`: more reliable clean in `run_make_command()`; don't do a no-op if + it fails, instead fall back to the `clean` method, and throw an error + if *that* fails. The no-op existed because not all projects have distclean, + but we always intend for them to be cleaned. This therefore prevents + further unhandled error conditions, in such edge cases. +* put coreboot utils in `elf/coreboot/TREE`, to prevent old binaries from + still being used when a code change is made. +* `release.sh`: use printf to create version files, instead of copying the + version files, because they don't exist in some cases, so this prevents + an error condition. +* `init.sh`: error out if .git/ is a symlink; this is a preventative bug fix, + to prevent future unknown bugs in such a scenario. +* `get.sh`: Properly error out if `tmpclone()` fails, where it previously + failed to throw an error under certain fault conditions. +* `tree.sh`: Don't auto-run make-oldconfig; it now must be applied permanently, + via e.g. `./mk -u` commands. Otherwise, undesirable changes can sometimes + be made during build time, especially on projects that don't use scons + quite as reliably, as in the U-Boot build system. +* `get.sh`: re-generate remotes every time, on cached Git repositories, so + that configuration changes in `config/git/` are automatically applied when + dealing with multiple versions of a given upstream project. +* `release.sh`: copy version files to `rsrc` (release source directory), + otherwise an `unknown` version number is erroneously created. This fixes + a regression caused by previous optimisation to `init.sh` +* xbmk: add fake config makefile args to `flashprog`, and `pcsx-redux`, to + prevent `./mk -u` (without additional arguments) from erroneously exiting + with error status. otherwise, an error can occur in such conditions if + a Makefile has not yet been created. +* `rom.sh`: skip running `copyps1bios()` on dry builds, otherwise + running `./mk -d` without argument will cause an error. +* `tree.sh`: Don't run make-clean on dry runs (`./mk -d`), to prevent error + conditions while building GRUB, if `./mk -d` is passed without additional + argument, since the latter requiires running autoconf to get a Makefile in + the GRUB build system. +* `get.sh`: add missing check in `fetch_project()`; we were checking the + main URL on a download, but not the backup URL. +* `get.sh`: stricter URL check in `xbmkget()`; throw an error if a URL is + empty, rather than skipping to the next. If a URL is set but fails, then + falling back to the next is OK (or throw an error if the backup is set, + and also failed). +* `get.sh`: Make `xbmkget` always throw an error upon exiting the loop check; + it was previously throwing an error if the for loop returned with zero status. + Depending on the sh implementation, or changes made in the future, this could + cause unpredictable buggy behaviour. Therefore, the error exit is much + stricter now, and less ambiguous, to prevent future bugs, because it is + imperative that execution must never continue under fault conditions. If a + file or repository is successfully handled, a return (zero) occurs, otherwise + the loop exits and a non-zero exit occurs. +* `tree.sh`: fix up `copy_elf()`, or specifically fix a bad `for` loop, + because shorthand conditionals are used and the way they were used can be + buggy on some sh implementations, so they are terminated more explicitly. +* xbmk: stricter handling of files on while loops, to prevent instances where + execution continues under fault conditions. This prevents other, less + predictable bugs in the future. +* `init.sh`: Hardcode `XBMK_CACHE` for integrity; this is a bug fix, because + there's too much that can be wrong with this being configurable, so now it + is hardcoded at runtime. It was never intended to be configurable anyway. +* `init.sh`: check/validate version/versiondate once read, in child instances + of xbmk, to further verify that they were previously set, and set correctly. + This is theoretically a preventative bug fix. +* `init.sh`: force an error condition if the xbmk version was not read. This + prevents further erroneous state within xbmk. +* `init.sh`: check the `lock` file BEFORE `git init`, to prevent erroneous + initialisation while another xbmk parent instance is running. +* `init.sh`: return from xbmk child instances in `set_env()` instead. This is + easier than the previous check, preventing the initialisation of a git repo + and/or recreation of xbmktmp and xbmklocal by erroneoues parent executions + of xbmk while another parent is running - the latter of which could have + caused a massively unpredictable build failure, so this is also a + preemptive bug fix, fixing and preventing all kinds of weird unknown bugs. +* `vendor.sh`: Remove `_dest` if it's bad; this complements a bug fix, in the + bug fix section above, that caches the extracted files and hashes them. On a + subsequent run where the given file is needed, it is *re-checked* if the + final file exists. This mitigates the possibility that corruption may have + occured, under unhandled fault conditions. Therefore, this is a preventative + bug fix. +* `release.sh`: don't move `src/docs/` to `docs/` inside release archives, + because otherwise `./mk -b` will fail, inside release archives. +* `vendor.sh`: Properly verify SHA512SUM on extraction. This is performed on + the actual extracted files, alongside the existing check on downloaded files. + This mitigates against future fault conditions in the extraction process, + thus fixing a major design flaw. *This change also caches those files, thus + speeding up extractions when they're done multiple times.* +* `get.sh` submodules: Don't delete files recursively. Use `rm -R` instead + of `rm -Rf`, on files. +* `git.sh`: Only create destination repo on success; don't leave a broken cache + laying around, which would otherwise break the build system under certain + conditions. +* `release.sh`: removed an unnecessary `src_dirname` variable +* `release.sh`: delete tmp/cache from release tarballs +* `inject.sh`: Remove confusing path on tar creation; that is, don't print said + path, because temporary paths are printed during this, when creating tarballs. + In this file, the correct path is printed at the end of the process, when + handling an images tarball. +* `tree.sh`: only create elfdir in `copy_elf()`, to prevent empty directories + being created where a project provides `build.list`, but where no actual + configs are being built on a given target name. +* `mrc.sh`: operate on refcode in tmp area first, to prevent bad files from + being saved to the final destination under fault conditions. This pertains + to the change made at build time that enables GbE devices from the refcode. +* `inject.sh`: use subshell to speed up `find_me()` (this is a bug fix, because + slowness is a bug) +* `mk`: add missing error handli for `mk -f` (when doing releases) +* `git.sh`: hard fail if git am fails (regression fix) +* `git.sh`: Hard fail if reset fails; allowing re-try when cloning fails, but + the reset-fail scenario didn't cause any exit at all. This is fixed now. +* `init.sh`: Only check `XBMK_CACHE` if it exists +* `grub.cfg`: fix trying to boot all logical volumes after unlocking an encrypted + volume; this makes booting LVMs more reliable, on encrypted boot setups. +* `init.sh`: also allow `XBMK_RELEASE=Y` or `=N`, not just `n` and `y`, + because some people use uppercase here. This is considered a bug fix, but + could just as easily have been in the features section. +* `init.sh`: check `XBMK_CACHE` is a directory instead of a file. +* `init.sh`: run `set_version` *before* `set_env`, to prevent a future situation + where the version is not set correctly. In general, the version should always + be set as early as poessible when running xbmk. +* `inject.sh`: clean up tmp me file before extract; this is a preventative fix, + to ensure that cross-flashing does not occur. +* `lib.sh`: re-add missing break in fe/fx\_, that caused improper exits (or non + exits) in some cases. +* `singletree/elfcheck`: use `fx_`, not `fe_`; this is a less strict test, to + prevent certain errors under specific edge-case conditions. +* `rom.sh`: Safer `cprom()`; don't insert special files like GRUB keymaps AFTER + copying the system ROM to the final destination; do it BEFORE, instead, to + ensure that bad images aren't left in place under fault conditions. +* `rom.sh`: specifically check keymaps in `cprom()`; it previously checked + whether a setup is *not* seauboot, which was valid, but future conditionals + would break this check. the code has been changed in advance, to prevent bugs + in a future revision of xbmk. +* `mk`: Fix bad error handling for `gnu_setver`; I accidentally mixed and/or in + a shorthand conditional statement, which leads to buggy behaviour in various + implementations of sh. +* GRUB: Mark E820 reserved on coreboot memory, to fix cbmem when running + with strict `/dev/mem` access; otherwise, restrictions on access to memory + below 1MB will cause an error when trying to access the cbmem console. +* `lib.sh`: set `-u -e` in `err()` in case they were set `+u +e` in other parts + of xbmk. +* `init.sh`: Silence the output of git config --global +* `init.sh`: Run git name/email check before init; otherwise, it returns if + init is already done, which could lead to an error later when building + coreboot. +* `lib.sh`: stricter `xbmk_err` check in `err()` +* `lib.sh`: simplify err-not-set handling +* `lib.sh` err: add missing redirect to stderr +* xbmk: MUCH safer `err` function; make it an actual function, instead of + a variable. Initially, this function was made to then check a variable, + that refers to a function, and a fallback was provided for non-zero exit + in case the pointed function didn't, but it was later made to be just a + simple function that exits with a message. Code equals bugs, so fewer lines + of code will yield fewer bugs. +* `lib.sh`: Make x_ err if first arg is empty; this is a preventative bug fix, + to make the build system still exit under such conditions, but it would + result in an empty error message. +* `lib.sh`: Make err_ always exit no matter what; this is a preventative bug + fix, just making the exit stricter in all cases. +* `mk`: re-make gnupath/ after handling crossgcc, rather than deleting files + within. This makes the creation of it more reliable. +* `mk`: re-make gnupath/ for each cross compiler, to ensure that no stagnant + build artifacts are re-used +* `inject.sh`: Stricter TBFW handling; don't copy it until it has been + properly padded to the correct size. +* `init.sh`: *Re-create* tmpdirs on parent instance, to ensure that they are + not cluttered with old files that might cause weird bugs in the future; this + is a preventative bug fix. +* `init.sh`: Always create xbmklocal, to prevent errors in the case when it + isn't created automatically in certain child instances, like when running + a *release* copy of the build system, during release builds. +* `lib.sh`: Fix bad touch command +* `inject.sh`: always re-build nvmutil, so that changes to it are automatically + re-applied when running the build system again. (and only build it once, + for a given instance of xbmk) +* `util/nvmutil`: use `x`, not `?`, for random characters, while still + supporting `?` for backwards compatibility. This is because ZSH errors out + when providing the old characters, in some setups. Use of `x` is more + reliable, across several implementations of sh, e.g. `xx:xx:xx:xx:xx:xx` + would be a full random MAC address. +* `lib.sh` find\_ex: explicitly create the tmp file, to prevent errors, which + were nonetheless unlikely to begin with. +* `init.sh`: Explicitly create the xbmktmp directory (make sure to do this + when creating this which is a temporary directory). +* `lib.sh`: add fe_ which is fx_ but err on find +* xbmk: unified execution on `find` commands. Handle it with a new special + function that is common across the build system. +* `mk`: Download vendorfiles before building release, to mitigate intermittent + internet connectivity during release builds, otherwise a release build could + fail. This way, all downloads are done simultaneously, since downloads are + the fastest part, even on a crap internet connection. +* Revert AHCI reset patch for SeaBIOS, which caused AHCI not to work in SeaBIOS + on the 25.04 release; the latter was also revised, to fix this. SeaBIOS has + since added a new release, which includes a fix that delays AHCI reset, to + mitigate in cases where the controller isn't ready sooner. However, this + release simply reverts the AHCI reset patch for now. The AHCI reset plus delay + will be present in Libreboot's next release, after 25.06. +* lenovo/t420: Add missing text-mode configuration +* coreboot (all trees): Added patch fixing GMP build errors on modern + GCC15 hostcc. +* coreboot (all trees): Fixed building of crossgcc with newer GCC15. Patches + courtesy of Alper Nebi Yasak. +* coreboot (all trees): Added a patch to fix building coreboot utils with + newer GCC15. +* dependencies/debian: Fixed the libusb package name for newer Debian releases, + courtesy of Alper Nebi Yasak. +* SeaBIOS: Fixed `malloc_fn` function pointers in the `romfile` patch, courtesy + of Alper Nebi Yasak. Fix build errors on GCC 15. +* `include/lib.sh`: Force use of System Python e.g. `/usr/bin/python`, when + a python venv is detected. This prevents the build system from hanging. +* coreboot `g43t_am3`: Fixed the `data.vbt` path. +* Alper Nebi Yasak fixed the Python 2/3 detection in some edge cases when + the `python` command is python2. +* `include/lib.sh` (later `init.sh`): Do root check *first*, right after + the dependencies check, whereas it previously did the python check before + checking for root user. +* lbmk: Don't use TMPDIR directly, use another variable containing its value, + and make sure it doesn't get changed wrongly. This reduces the possibility + of accidentally leaving old tmp files laying around. +* `include/lib.sh`: `tar` commands now return an exit with error, if a fault + occurs, whereas it didn't before, due to piped output. This is done + using the `x_` wrapper on tar commands, to provide error exits. +* `mk`: function `check_project_hashes` now returns an error, if the sha512sum + command fails. It previously didn't, due to piped outputs. It's now mitigated + by using `x_` on piped commands, for error exits. +* Forking of lbmk parent instance to child instance isno longer handled by + variables. It's been simplified, to only be based on whether TMPDIR is set, + and it's generally more robust now in this release. The old code sometimes + broke under certain edge cases. +* `include/vendor.sh` (later renaming to `inject.sh`): General code cleanup, + about 100 sloc removed without reducing features. +* lbmk: Initialise `PATH` to a standard string if not set, on the parent + instance of lbmk. +* lbmk: Use `pwd` instead of the `PWD` variable, resetting the latter safely + as lbmk runs. This prevents lbmk from changing directory to an erroneous + system path, if `PWD` wasn't properly set for some reason. This is a + preventative bug fix, because no actual issue ever occured in practise. +* Much safer Python version check at lbmk startup, using data structures that + are provided universally by all Python implementations, instead of + relying on the output of `--version`. +* Fixed T480 backlight controls, courtesy of a patch from Mate Kukri. +* Set up Python in `PATH` when lbmk starts, to ensure that it is always + version 3. This is checked at startup. +* `include/vendor.sh`: Prevent double-nuke, where a given tarball already had + vendor files removed prior to release. +* `include/vendor.sh`: Allow setting a MAC address even if vendor files aren't + needed. +* `include/vendor.sh`: Download utils even if `vcfg` is not set, in case the + user is also setting a MAC address. +* `util/nvmutil`: Honour the `INSTALL` variable, if set by the user, otherwise + it is set to `install` by default. +* `util/nvmutil`: Don't do `clean` when running `uninstall`. +* `util/nvmutil`: Proper DESTDIR/PREFIX handling, whereas it was not handled + properly at all before. +* `util/nvmutil`: Only set CC/CFLAGS if unset, and use sensible defaults. +* Fixed various shellcheck errors in lbmk. +* HP EliteBook 820 G2: Fixed vendor file insertion and set `release=y`. The + insertion of Intel MRC and refcode previously didn't pass checksum validation. +* ThinkPad T480 / OptiPlex 3050: Force power-off state upon recovery from + power loss, otherwise the system always turns on as soon as a charger is + plugged in. This is configured by hardcoding, due to a current lack of any + option table on the T480. +* Debian dependencies: replace liblz4-tool with lz4 and liblz4-dev. The latter + is also available in Debian Trixie and Sid, at this time, in addition to + Debian Bookworm, so it works on all of them. +* U-Boot (x86): Fixed a bug since Swig 4.3.0 changed the syntax for its + language-specific AppendOut functions. A patch from upstream was backported, + and the patch is also compatible with older versions of Swig. +* In lbmk scripts, use `command -v` instead of `which`, to find the locations + of certain binaries. This is a bug fix, since `which` is non-standard and + so could break on some setups. +* Crossgcc: when building it for coreboot, fix mismatching GCC/GNAT versions + so that they match, if multiple versions are present. This was done because + Debain Trixie initially had GCC 14 and GNAT 13, whereas we need GNAT to build + the Intel video init code on many mainboards. +* T480/T480: Disable TPM2 to mitigate a hang in SeaBIOS due to buggy drivers. +* `dependencies/debian`: Fix the `python3-distutils` package, renamed it + to `python3-distutils-extra`, which works on bookworm *and* newer, but the + former did not. +* `git.sh`: don't initialise the `livepull` variable globally, reset it per + target instead, to prevent some repositories from being wrongly re-cloned. +* Thinkpad T480 / Dell OptiPlex 3050: Handle FSP insertion post-release, rather + than providing FSP images directly in release images. It is now handled by + the `./mk inject` command, copying the reference image from coreboot and + splitting it upp and rebasing it, to mitigate certain technicalities of + Intel's FSP license, which otherwise permits free redistribution. +* Safer, more reliable exit when handling vendor files, because in some cases + lbmk was leaving the `lock` file in place (erroneously). +* Safer exit when running the `./mk dependencies` commands, so that lbmk is + more likely to exit, because it was theoretically possible that it might + not under certain edge cases. +* Disable nvme hotplug on Dell OptiPlex 3050 Micro, to prevent replugging in + Linux, which would otherwise lead to possible data corruption. +* T480: Fix coreboot SPD size to 512 instead of 256 (it was already + auto-corrected to 512 at build time, but the original configs were 256 which + is wrong). +* Add tarballs and gpg signatures to `.gitignore` + +### General code cleanup + + + +Another bug focus in this release was to clean up the logic of Libreboot's +build system, and fix several bugs, especially those relating to error handling. + +A lot of cleanup was done on the init functions used by the build system, to +initialise common variables, such as environmental variables, and temporary +files and/or directories; such logic was moved to a new script called `init.sh`. + +In descending order from the latest changes to the earliest changes: + +* `lib.sh`: simplify `setvars()` +* `lib.sh`: simplify `chkvars()` +* `mk`: simplify `main()` +* `get.sh`: simplify `fetch_project()` +* `get.sh`: simplify `try_copy()` +* `get.sh`: tidy up `bad_checksum()` +* `get.sh`: simplify `fetch_targets()` +* general cleanup in `get.sh` and `vendor.sh` +* xbmk: rename `xbmklocal`/`xbmktmp` variables (shorten them) +* `get.sh`: consolidate printf statements +* `get.sh`: remove redundant printf in `fetch_project()` +* `get.sh`: remove superfluous command in `try_git()` +* `vendor.sh`: simplify `fetch()` +* `rom.sh`: simplify `mkcoreboottar()` +* `rom.sh`: rename `mkvendorfiles()`, which actually handles general init + tasks, including the processing of vendor files where appropriate. +* `rom.sh`: simplify ccache handling for coreboot; make-oldconfig wasn't + needed at all, when cooking configs to enable ccache, so the *cook* function + became much smaller and was then merged with `mkvendorfiles()` +* `rom.sh`: simplify u-boot payload handling, by using a single variable name + that defines the type of U-Boot tree. This allows several other U-Boot-related + checks to be greatly simplified, as they were. +* `vendor.sh`: add a colon at the end of a `for` loop +* `get.sh`: make `xbmkget()` easier to understand, by not using shorthand + conditional statements in the for loop handling a repository or file + download. +* `init.sh`: merge `xbmk_lock()` with `xbmk_set_env()` +* `init.sh`: set pyver from `set_env()` instead of the main function. +* `init.sh`: merge `xbmk_mkdirs()` with `set_env()` +* `init.sh`: only update version files on parent, to speed up xbmk +* `init.sh`: simplify unknown version creation, where none was created and + no Git metadata exists. +* `init.sh`: only set xbmk version on parent instance; we only need to read + what was set, on child instances. In other words, apply the principle of + least privelege. +* `init.sh`: initialise variables AFTER path, to avoid unnecessary work inside + child instances of xbmk. +* `init.sh`: merge `create_pathdirs()` with `set_pyver()` +* `init.sh`: Set python version only on parent instances of xbmk, to speed + up operation of the xbmk build system. +* `init.sh`: `xbmk_create_tmpdir()` to `xbmk_mkdirs()` +* `init.sh`: move `gnupath` creation to `create_tmpdir()` +* `init.sh`: move PATH init to `set_env()` +* `inject.sh`: shorten the `nukemode` variable name +* `vendor.sh`: simplify `mksha512sum()` +* `get.sh`: simplify `bad_checksum()` +* `release.sh`: use `x_()` on find command for `nuke()`, so as to remove the + need for a more complicated while loop inside said function. +* `get.sh`: move `nuke()` to `release.sh` and only run it on releases; don't + do it on normal xbmk Git. It's only needed in the former context, because + that has to do with distribution by the project, and this makes + development easier. Therefore, files are only purged within the release + archives, but not during development. +* `release.sh`: simplify `prep_release_bin()` +* `mrc.sh`: merge `extract_mrc()` with `extract_shellball()` +* `get.sh`: simplify `tmpclone()` +* `get.sh`: simplify `nuke()` by using `fx_` for the file loop +* `get.sh`: simplify `try_copy()` +* `get.sh`: simplify `fetch_submodules()` config check +* `get.sh`: simplify `fetch_submodules()` by using `xbmkget()` for everything, + instead of implementing redundant logic in the build system. +* `git.sh`: rename to `get.sh` +* `rom.sh`: reduce indendation in `check_coreboot_utils`; simplify the for + loop by replacing it with a call to `fx_` instead. +* `release.sh`: simplify `release()` +* `release.sh`: clean up the `vdir` after release +* `release.sh`: removed an unnecessary `mkdir` command +* `release.sh`: split up `build_release()` into smaller functions +* `lib.sh`: remove `rmgit()` +* `lib.sh`: remove the unnecessary `mk()` function +* `lib.sh`: move `xbmkget()` to `git.sh` +* `lib.sh`: move `mksha512sum()` to `vendor.sh` +* `lib.sh`: split up `try_file()` into smaller functions +* `lib.sh`: move `_ua` to `try_file()` +* `mrc.sh`: minor cleanup +* `inject.sh`: remove the `hashfiles` variable +* `inject.sh`: define `xchanged` here instead +* `vendor.sh`: remove `check_vcfg()` +* `vendor.sh`: simplify `getvfile()` +* `vendor.sh`: simplify `setvfile()` +* `lib.sh`: use `fx_` in `rmgit()` +* `lib.sh`: split up `xbmkget()` into smaller functions +* `inject.sh`: only compile nvmutil if needed +* `inject.sh`: simplified serprog check +* `vendor.sh`: tidy up variables +* `vendor.sh`: split up `setvfile()` into smaller functions +* `inject.sh`: further cleanup for `vendor.sh`, such that all vendor-download + functions are only defined in `vendor.sh`; this means that the Canoeboot + version of the file can remain in much closer sync, with fewer differences. +* `tree.sh`: simplified srcdir check on make-clean +* `inject.sh`: split download functions to a new file, `vendor.sh` +* `inject.sh`: split up the inject functions into smaller functions for + each specific task. +* xbmk: use `x_` instead of `err`, where appropriate, because it handles + globbing perfectly these days, and `x_` is cleaner in most cases. +* `mrc.sh`: fix outdated info in a comment +* `inject.sh`: use direct comparison for metmp, to speed up checking so many + files. +* `mk`: remove unnecessary line break +* `mk`: re-split tree logic to new file, `include/tree.sh` +* `mk`: move release functions to `include/release.sh` +* `git.sh`: use `setvars()` for fail variables +* `init.sh`: remove useless export; variables that are y/n can just be reset + to `n` if not set to `y`, for simplicity. +* `init.sh`: export `LOCALVERSION` in `set_env` instead of `set_version`. +* `inject.sh`: simplify `extract_kbc1126ec()` +* `inject.sh`: simplified MAC address handling +* `inject.sh`: Simplify `patch_release_roms()` +* `lib.sh`: Remove useless command in `err()` +* `inject.sh`: rename `copytb` and `preprom` functions (make the names shorter). +* `lib.sh`: Simplified `fx_()` and removed `fe_()`; fe didn't prefix `x_` to + a given command, but fx did. Now, it is prefix manually, for greater control, + on commands that need stricter error handling, while it can be avoided on + commands where strict error handling is unfeasible. +* `mk`: Create serprog tarballs here instead; `rom.sh` was simplified to use + mkhelp when building actual images. +* build serprog images using `fx_` *defined inside mkhelper*, to tidy up xbmk +* `rom.sh`: build serprog images with `fx_`, rather than implementing a + specific for loop. +* `inject.sh`: insanely optimise the me bruteforce, by operating on files + recursively via the `fx_` function, instead of manually implementing a + recursive file search, when bruteforce-extracting `me.bin` images. +* `git.sh`: Simplify git am handling by using the new `fe_` or `fx_` function, + instead of making a specific while loop. +* `inject.sh`: remove an unused function +* `init.sh`: New function `dx_` to execute path files; this is used instead + of for loops all around xbmk, to simplify operations where the output of + a file search is used as argument to a function. +* `inject.sh`: Further simplified FSP extraction +* `lib.sh` `find_ex`: Write sort errors to `/dev/null` +* `lib.sh` `x_()`: Remove warning of empty args; it's really not required, + since it's obvious anyway in the resulting final error message. +* xbmk: Replace `err()` with much simpler implementation, for reliability + and bug prevention. +* `rom.sh`: simplify `mkseagrub()` +* `mk`: simplify `elfcheck()` +* `lib.sh`: simplify `singletree()` +* `git.sh`: move `singletree()` to `lib.sh` +* `inject.sh`: simplify `extract_intel_me_bruteforce()` +* `inject.sh`: Remove unnecessary check +* `inject.sh` `extract_intel_me()`: reduce indentation +* `inject.sh`: Move FSP extraction only to `extract_fsp`, since that's the + only place where it's needed. +* `inject.sh`: tidy up intel me handling +* `inject.sh`: tidy up the deguard command +* `lib.sh`: simplify `err()` +* `init.sh`: single-quote xbmklock in `xbmk_lock()` +* `init.sh`: define lock file in a variable instead; this makes it more + flexible, because the path can be checked and then re-used nicely. +* `init.sh`: tidy up `xbmk_child_exec()`; make the command style more consistent +* `lib.sh`: rename errx to xmsg +* `inject.sh`: tidy up TBFW handling +* `inject.sh`: remove useless comment block +* `init.sh`: tidy up the python version check +* `init.sh`: move non-init functions to `lib.sh` +* `init.sh`: simplify dependencies handling +* `rom.sh`: tidy up `copyps1bios()` +* `mk`: tidy up xgccargs handling +* `mk`: generally removed dead code +* `init.sh`: tidy up pathdir creation +* `mk`: tidy up `check_cross_compiler()` +* `mk`: reduce indentation in `check_cross_compiler()` +* `mk`: Allow use of x_ on prefix functions +* `mk`: tidy up `check_project_hashes()` sha512sum check +* `mk`: simplify `check_gnu_path()` +* `inject.sh`: general code cleanup +* `inject.sh`: simplify `extract_archive()` +* `inject.sh`: simplified fsp extraction +* `inject.sh`: Remove redundant code in copy_tbfw +* xbmk: Unified local ./tmp handling +* `lib.sh`: redirect find errors to `/dev/null` to prevent clutter on + the user's terminal +* `init.sh`: unified handling of ./tmp +* `mk`: include rom.sh directly +* `lib.sh`: Simplify rmgit() +* `lib.sh`: support multiple arguments in remkdir() +* `lib.sh`: simplify remkdir() +* xbmk: move x_() to `lib.sh` +* `init.sh`: move setvars/err_ to lib.sh +* `init.sh`: Generally modularised it, moving separate tasks into separate + functions, rathher than having it be one big monolith. +* `vendor.sh` was renamed to `inject.sh`, so that future changes can be + in better sync between lbmk and cbmk on this file, because the cbmk version + has the MAC address changer (but no vendorfile handling). In the future, + this will be split so that `vendor.sh` exists again, containing only the + vendorfile handling, and `inject.sh` will only handle MAC addresses. +* `init.sh`: Several variables were moved out of this file and elsewwhere in + lbmk. +* Moved the `singletree` function to `git.sh` instead of `lib.sh` +* Moved the `cbfs` function from `lib.sh` to `rom.sh`. +* `include/lib.sh`: Use a more top-down function order, more clear, and it was + split into an extra file `init.sh` that does the most basic lbmk initialisation + at startup, whereas what remains in `lib.sh` really are generic library + functions used throughout lbmk. +* `include/git.sh`: Removed unused crossgcc linking feature, because we don't + use it anymore (coreboot trees have their own crossgcc and never link to + another these days). Libreboot used to have many more coreboot trees, some + of which re-used crossgcc from another tree. Similarly, the accompanying + variable `tree_depend` is no longer handled. The `xtree` variable is still + handled, because projects like U-Boot use that to configure crossgcc. +* include/vendor.sh: Removed unnecessary check against the ROM image size. + Generally simplified the processing of release images. +* include/git.sh`: Removed many redundant functions, merging several of them. +* `include/mrc.sh`: Fixed a bad print, making proper use of a string inside + a printf statement. +* Simplified many file checks in lbmk, by using the `e` function. +* Removed a bunch of useless `eval` commands in general, throughout lbmk, + making the code much cleaner. +* lbmk: the `x_` function is now used much more aggressively, for error + handling, simplifying error handling in lbmk overall. +* `mk` main script: Merged the `trees` script with it, so now it's all one + script. The `mk` script is now the only executable script in lbmk. +* `mk` (main script): The `roms` command is removed (legacy / obsolete). +* The version/versiondate files are now dotfiles, to hide during operation. +* `include/lib.sh`: Hardcoded projectname/projectsite variables, instead + of storing them in a file. +* `trees` script: Unified handling of flags (same string used in error output), + to ensure that error(usage) messages always match. +* `trees` script (later merged into `mk`): Removed a lot of old bloat. +* `util/nvmutil`: Make the checksum word position a define. Generally cleaned + up a lot of code to make it clearer for the reader. Added more verbose + messages to the user, confirming things such as how much was read or written + on the user's file system. Various miscallaneous bug fixes (edge cases that + were unlikely to ever be triggered). +* `util/nvmutil`: More efficient use of memory when handling files. +* `util/nvmutil`: Much cleaner handling of user input. +* `util/nvmutil: More granular MAC address parsing errors, easy for debugging. +* `util/nvmutil`: Make the Gbe Checksum a define, for readibility. +* `util/nvmutil`: Obey the 79-character-per-line limit, as per lbmk coding + style. +* `util/nvmutil`: Tidied up several pledge calls +* Removed use of several unnecessary subshells and `eval` statements in lbmk. +* `trees`: Later, the GCC/GNAT matching feature was rewritten to work both ways, + where an older GCC was matched to GNAT and vice versa, whereas it previously + only went one way. `gcc` and `gnat` are manipulated in `PATH` to ensure that + the user has a consistent version of both. +* `path.sh` later merged into the `trees` script (which later merged + into the main `mk` script). This `path.sh` is what contained the first + implementation of the GNAT/GCC version matching feature. +* `path.sh`: Remove unnecessary shebang, and the same on other `include/` + scripts. NOTE: `path.sh` was later merged into `lib.sh`, which then became + split into `init.sh` in later changes (see above). +* Removed legacy build system commands e.g. `./build` and `./update`; now + only the newer `./mk` commands are supported. This and the change below was + briefly reverted, for the 20241206 revisions, but then re-introduced. +* Removed the deprecated `./vendor` command; now only `./mk` commands are + used. The `./mk -d coreboot target` commands are used, for downloading + vendor files. +* Removed unused patch that was for the original deguard implementation, + prior to Mate Kukri's re-write of it. + +Git log +------- + +This log shows all changes in today's release, from 30 June 2025, ever +since the Libreboot 20241206 release of 6 December 2025: + +``` +* c46a71138c7 Libreboot 25.06 release +* b1ef562b767 tree.sh: add sha512 error for check_project_hashes +* 04bee3834d0 tree.sh: add error check in check_project_hashes() +* 677dfc4d103 tree.sh: more reliable clean in run_make_command +* 267d4c90341 inject.sh: add missing semicolons +* 974bdbb3815 vendor.sh: fix bad cbfstool path +* dc6996252a0 put coreboot utils in elf/coreboot/TREE +* b77154640de release.sh: use printf to create version files +* dee6997d0cc lib.sh: simplify setvars() +* 79ded40f3d0 lib.sh: simplify chkvars() +* 5036a0bc501 mk: simplify main() +* 41308ee9244 get.sh: simplify fetch_project() +* b5867be214d get.sh: simplify try_copy() +* 495098d6a71 get.sh: tidy up bad_checksum() +* 671e3aa27b4 get.sh: simplify fetch_targets() +* 09b6e91803d general cleanup in get.sh and vendor.sh +* 18dacd4c22b xbmk: rename xbmklocal/xbmktmp variables +* e981132c829 get.sh: consolidate printf statements +* afc36754b13 get.sh: remove redundant printf in fetch_project +* ffe387ac6b9 get.sh: remove superfluous command in try_git() +* ba7c49c090b vendor.sh: simplify fetch() +* 30bc3732c39 init.sh: error out if .git/ is a symlink +* 2493203ee53 get.sh: Properly error out if tmpclone fails +* ad333ae2481 tree.sh: Don't auto-run make-oldconfig +* 97ce531c341 rom.sh: simplify mkcoreboottar() +* a47e9811723 rom.sh: rename mkvendorfiles +* d2e148fdd9d rom.sh: simplify ccache handling for coreboot +* 8c3f10ba402 rom.sh: simplify u-boot payload handling +* 3e28873532b ifd/hp8300usdt: set the HAP bit by default +* 452aeb6001a coreboot: Remove unused vboot tests +* 64cc91bca33 coreboot/default: Remove unneeded FSP modules +* 0216a3104a5 get.sh: Always update git remotes +* 419733d3073 get.sh: re-generate remotes every time +* 231b320e63b release.sh: copy version files to rsrc +* fc0720184d9 xbmk: add fake config makefile args to flashprog +* f9266601b8c vendor.sh: add colon at the end of a for loop +* 8e0c6059d15 rom.sh: skip copyps1bios on dry builds +* a3250d14474 tree.sh: Don't run make-clean on dry runs +* 24b8e633e03 GRUB: Update to revision 73d1c959e (14 March 2025) +* f6b77822835 Revert "vendor.sh: optimise find_me()" +* fb7aaa78bb0 vendor.sh: optimise find_me() +* 903f78bf080 get.sh: add missing check in fetch_project() +* f15bb8153a3 get.sh: stricter URL check in xbmkget() +* cdc0fb49e1c get.sh: make xbmkget() easier to understand +* 620c1dd6fae get.sh: Make xbmkget err on exiting the loop check +* 900da04efa9 tree.sh: fix up copy_elf(), bad for loop +* 8aaf404ddea lib.sh: Use while, not for, to process arguments +* d9c64b26754 xbmk: stricter handling of files on while loops +* b25a4876434 init.sh: looser XBMK_THREADS validation +* 769a97aed5a init.sh: Hardcode XBMK_CACHE for integrity +* 265ec0b7673 dependencies/debian: add libx86 +* 2702a43a86d init.sh: merge xbmk_lock() with xbmk_set_env() +* fc4006ce877 init.sh: move xbmk_set_version +* 962902a1c4a init.sh: set pyver from set_env +* 158c56072c0 init.sh: merge xbmk_mkdirs with set_env +* 5f022acbf47 init.sh: check version/versiondate once read +* 485a60e2f6a init.sh: error if version not read +* 99f09f25ef3 init.sh: only update version files on parent +* 94437278dc7 init.sh: simplify unknown version creation +* 6b603b9fbf4 init.sh: only set xbmk version on parent instance +* ac36ea7f950 init.sh: initialise variables AFTER path +* 484afcb9196 init.sh: merge create_pathdirs with set_pyver +* d0bee6b4ebb init.sh: Set python version only on parent +* 4aa69a7d1f0 init.sh: remove useless command +* 36ffe6ef501 init.sh: remove useless comment +* 0343081d905 init.sh: xbmk_create_tmpdir to xbmk_mkdirs +* c75bc0449d0 init.sh: move gnupath creation to create_tmpdir +* 253aa81a3f9 init.sh: move PATH init to set_env +* e05a18d3513 init.sh: check the lock file BEFORE git init +* cde3b7051e4 init.sh: return from child in set_env instead +* 7ec9ee42283 inject.sh: shorten the nukemode variable name +* b48eb161e49 vendor.sh: simplify mksha512sum() +* ac609d5aae4 vendor.sh: Remove _dest if it's bad +* a3e1ed9823d release.sh: rename relsrc to rsrc +* 44df3b2bff8 release.sh: tidy up nuke() +* 3c58181f69e get.sh: remove useless message +* 01a0217c1e3 get.sh: simplify bad_checksum() +* 4ca57943d70 release.sh: simplify nuke() EVEN MORE, yet again +* 47a3982bbea release.sh: use x_ on find command for nuke() +* 6dc71cc0246 release.sh: simplify nuke() EVEN MORE +* 05c07f7401b get.sh: move nuke() to release.sh +* 587d245cafa release.sh: simplify prep_release_bin() +* 136bd66c280 mrc.sh: merge extract_mrc with extract_shellball +* dbe109d7b54 release.sh: don't move src/docs/ +* 840d6a1d277 get.sh: FURTHER simplify nuke() +* d2564fd9457 get.sh: simplify tmpclone() +* 6dea381614d get.sh: fix bad mkdir command +* 6a2ed9428b7 vendor.sh: Fix broken KBC1126 insertion +* 4313b474a59 vendor.sh: additional safety check +* d668f3a3529 vendor.sh: Properly verify SHA512SUM on extraction +* a191d22bd6d get.sh: add missing eval to dx_ in nuke() +* c8813c9a144 properly exit 1 when calling fx_ +* 208dfc89bd5 get.sh: simplify nuke() +* 46f42291d3c get.sh: fix broken printf statement +* f29aa9c8d59 get.sh: use subshells on try_ functions +* e62886dedae get.sh: simplify try_copy() +* d9ed03f9ea5 get.sh submodules: Don't delete files recursively +* 8d5475ed5b5 get.sh: simplify fetch_submodules() config check +* 21867b7d805 get.sh: simplify fetch_submodules() +* e9fe5a74a2e get.sh: fix caching of crossgcc tarballs +* 6089716f07c release.sh: Don't run prep_release with fx_ +* b04c86e5740 git.sh: rename to get.sh +* 3c23ff4fa18 git.sh: Only create destination repo on success +* ed8a33d6fb1 git.sh: cleanup +* 1ca26c5d238 git.sh: Re-implement redundant git downloads +* e38805a9448 rom.sh: reduce indendation in check_coreboot_utils +* 6bf24221e60 release.sh: simplify release() +* 66f7ecdb2d7 release.sh: clean up the vdir after release +* d4c0479093a release.sh: remove src_dirname variable +* 6d3a6347c3e release.sh: build in tmp directory first +* a0105e1ab44 release.sh: remove unnecessary mkdir command +* f4871da9bca release.sh: split up build_release() +* c85aff5c54e release.sh: delete tmp/cache from the tarball +* 92954eeb38f lib.sh: remove rmgit() +* 05b5914b354 lib.sh: remove mk() +* c9696e23338 lib.sh: move xbmkget() to git.sh +* 23913bb8d2a lib.sh: move mksha512sum() to vendor.sh +* 80f0562e8d1 lib.sh: split up try_file() +* 89cd828e87c lib.sh: move _ua to try_file() +* 308a9ab1e17 mrc.sh: minor cleanup +* 40163dcfa4e mrc.sh: update copyright year to include 2025 +* ef800b652c8 inject.sh: remove the hashfiles variable +* 311ae2f8df2 inject.sh: define xchanged here instead +* 76f81697e6e vendor.sh: remove check_vcfg() +* 97d4d020d97 vendor.sh: simplify getvfile() +* 57f896ac016 vendor.sh: simplify setvfile() +* 3879f6c4d8f lib.sh: use fx_ in rmgit() +* 0911a5a5aed lib.sh: split up xbmkget() +* a449afb287f inject.sh: only compile nvmutil if needed +* 2bbf2ae80b7 inject.sh: simplified serprog check +* 9c27b7437cf vendor.sh: tidy up variables +* 0cc816167bb vendor.sh: split up setvfile() +* 7d90d434252 remove another confusing message +* a0c436ad4ba inject.sh: Remove confusing path on tar creation +* dcfd3e632e2 inject.sh: re-add mac address confirmation +* e5af201060e inject.sh: further cleanup for vendor.sh +* 0aa99f4bf8b tree.sh: only create elfdir in copy_elf() +* a8e374020c0 tree.sh: simplified srcdir check on make-clean +* 0f931b508a8 inject.sh: split to vendor.sh the download parts +* 3554b5aad9c inject.sh: split up the inject functions +* 81dbde7e09f lbmk: use x_ instead of err, where appropriate +* 14d46abceda mrc.sh: operate on refcode in tmp area first +* 6e521c2e1ea mrc.sh: fix outdated info in the comment +* 23486abef3a inject.sh: use direct comparison for metmp +* 91220ce1833 inject.sh: use subshell to speed up find_me() +* ff33ec3352b mk: use zero exit instead, to run trees +* c2b627dc6d0 remove useless comment +* 066402b7e7a mk: remove unnecessary line break +* 7012c00ed11 mk: re-split tree logic to include/tree.sh +* 50ce1ac9b22 mk: move release functions to idnclude/release.sh +* 1ce3e7a3d39 mk: add missing error handli for mk -f +* 0d876622fcb git.sh: re-write tmpclone without caching +* 454f11bdd7b git.sh: use setvars for fail variables +* 6bdb15fd329 git.sh: hard fail if git am fails +* 93d4eca04ae git.sh: Hard fail if reset fails +* a3ba8acface init.sh: Only check XBMK_CACHE if it exists +* 021e7615c84 HP 820 G2: Use fam15h cbfstool tree for refcode +* fe926052441 also fix the other grub trees +* a8594762d27 Merge pull request 'fix trying to boot all logical volumes after unlocking an encrypted volume' (#330) from cqst/lbmk:master into master +|\ +| * e084b06dc76 fix trying to boot all logical volumes after unlocking an encrypted volume +|/ +* 2cea8517f3b init.sh: remove useless export +* 1b0afdcea22 init.sh: also allow XBMK_RELEASE=Y or N +* 570f1417a80 init.sh: Resolve XBMK_CACHE via readlink +* e1af1055ed1 init.sh: check XBMK_CACHE is a directory instead +* e1628ad8f3e init.sh: export LOCALVERSION in set_env +* 40a944118f2 init.sh: run set_version before set_env +* cba04aa74b8 init.sh: Use readlink in pybin() +* a94bd3c0939 inject.sh: simplify extract_kbc1126ec() +* e3098c61f43 inject.sh: simplified MAC address handling +* d530e68594d inject.sh: Simplify patch_release_roms() +* 7f71328f0e2 lib.sh: Remove useless command in err() +* 394b4ea7a59 inject.sh: rename copytb and preprom functions +* ec5c954337b lib.sh: Simplified fx_() and removed fe_() +* 1390f7f8007 mk: Create serprog tarballs here instead +* 0ef77e65832 build serprog using fe_ *defined inside mkhelper* +* d2e6f989d7e rom.sh: build serprog images with fe_ +* 0faef899469 lib.sh: support any command on find_exec() +* 2b7f6b7d7ce inject.sh: Simplify extract_intel_me_bruteforce() +* 485d785d331 inject.sh: clean up tmp me file before extract +* fac99aa2d44 lib.sh: re-add missing break in fe/fx_ +* 03300766d14 inject.sh: tidy up extract_intel_me_bruteforce +* 4781dbd2a05 inject.sh: fix oversight in me bruteforce +* cf78583a6d8 inject.sh: remove unnecessary check +* 5657cc1afb3 inject.sh: don't use subshell for me bruteforce +* 5686f35e0f1 inject.sh: insanely optimise the me bruteforce +* e8be3fd1d41 git.sh: Simplify git am handling +* 4c1de1ad126 inject.sh: remove unused function +* 282b939d9da init.sh: New function dx_ to execute path files +* 73074dedee3 inject.sh: Further simplified FSP extraction +* 7585336b914 inject.sh: simplify kconfig scanning +* ef38333f8b0 lib.sh find_ex: Write sort errors to /dev/null +* c275f35e7e2 lib.sh x_(): Remove warning of empty args +* 17d826d3a96 lbmk: Replace err with much simpler implementation +* f98e34a24dd singletree/elfcheck: use fx_, not fe_ +* 8ca06463ebc rom.sh: Print the rom image path being generated +* dc9fe517cb0 rom.sh: Safer cprom() +* 2be8d1c7982 rom.sh: specifically check keymaps in cprom() +* 89a8cd4936a rom.sh: simplify mkseagrub() +* c2182d82193 mk: simplify elfcheck() +* 437ac2454c1 lib.sh: simplify singletree() +* 62ec3dac075 git.sh: move singletree() to lib.sh +* 6b247c93e25 mk: Fix bad error handling for gnu_setver +* ee8bb28ba21 GRUB: Mark E820 reserved on coreboot memory +* 61ec396ef6d inject.sh: simplify extract_intel_me_bruteforce() +* e4edc2194d3 inject.sh: Remove unnecessary check +* f4057d7daab inject.sh extract_intel_me(): reduce indentation +* b7ca59debe6 inject.sh: Move FSP extraction only to extract_fsp +* eb882de94cb inject.sh: tidy up intel me handling +* 153dd76a82e inject.sh: tidy up the deguard command +* 428c46ca2b1 lib.sh: set -u -e in err() +* 20c87308587 lib.sh: Provide error message where none is given +* 35265731c5b init.sh: Silence the output of git config --global +* 5e3aaa1eb8b init.sh: Run git name/email check before init +* a3b5626f53d lib.sh: stricter xbmk_err check in err() +* 51b2a1159d0 lib.sh: simplify err-not-set handling +* 61e5fd1a0b2 lib.sh: Add warning if x_ is called without args +* 4020fb43280 lib.sh: simplify err() +* b51846da6de init.sh: single-quote xbmklock in xbmk_lock() +* 8b7bd992f66 init.sh: define lock file in a variable instead +* 9611c19e7ed init.sh: tidy up xbmk_child_exec() +* 37ca0c90e1c lib.sh err: add missing redirect to stderr +* 54291ebb720 lbmk: MUCH safer err function +* 3f7dc2a55f5 lib.sh: rename errx to xmsg +* 59c94664e3e lib.sh: Make x_ err if first arg is empty +* 91bb6cbede0 lib.sh: Make err_ always exit no matter what +* b19c4f8f674 inject.sh: tidy up TBFW handling +* 439020fbda5 inject.sh: remove useless comment block +* 6e447876cca init.sh: tidy up the python version check +* 7392f6fc8ec init.sh: move non-init functions to lib.sh +* 7acec7a3a1d init.sh: simplify dependencies handling +* 93ba36ae456 rom.sh: tidy up copyps1bios() +* fc71e52fdfc mk: tidy up xgccargs handling +* 184871bc17c mk: remove useless code +* b6a2dc4ea3c init.sh: tidy up pathdir creation +* f5b2bdb8868 mk: re-make gnupath/ after handling crossgcc +* 1b7a9fd637d mk: tidy up check_cross_compiler +* 488d52e784f mk: re-make gnupath/ for each cross compiler +* c33467df1e6 mk: reduce indentation in check_cross_compiler() +* aa4083443b1 mk: Allow use of x_ on prefix functions +* 8f828e6cd35 mk: tidy up check_project_hashes() sha512sum check +* 7a2f33264d7 mk: simplify check_gnu_path() +* 46b968a6e85 inject.sh: minor code cleanup +* 5499ae66bd8 inject.sh: simplify extract_archive() +* 72f4412a52d inject.sh: simplified fsp extraction +* bf569d2b4dc inject.sh: Remove redundant code in copy_tbfw +* 8de0ed811fb inject.sh: Stricter TBFW handling +* 530e4109a2b init.sh: *Re-create* tmpdirs on parent instance +* 498f5a26cc8 init.sh: Always create xbmklocal +* 00d22f20829 lbmk: Unified local ./tmp handling +* 0f7b3691aba lib.sh: redirect find errors to /dev/null +* 7fadb17fd9e lib.sh: Fix bad touch command +* 0b09d970732 inject.sh: Only build nvmutil once +* 308df9ca406 inject.sh: always re-build nvmutil +* 44a1cc9ef85 util/nvmutil: use x, not ?, for random characters +* a17875c3459 lib.sh find_ex: explicitly create the tmp file +* 0ffaf5c7331 init.sh: Explicitly create the xbmktmp directory +* fcc52b986e7 init.sh: unified handling of ./tmp +* 47762c84ad0 lib.sh: add fe_ which is fx_ but err on find +* d18d1c2cae2 lbmk: unified execution on find commands +* 773d2deaca0 NEW MAINBOARD: Dell Precision T1700 SFF and MT +* 9b11e93686c mk: include rom.sh directly +* 1f7e4b35cb2 mk: Download vendorfiles before building release +* acb0ea202f2 lib.sh: Simplify rmgit() +* 15b76bc202f lib.sh: support multiple arguments in remkdir() +* f3ae3dbbbe4 lib.sh: simplify remkdir() +* 6c4d88f2686 move x_() to lib.sh +* 2ae565ba93a init.sh: move setvars/err_ to lib.sh +* c073ee9d4fc Restore SeaBIOS 9029a010 update, but with AHCI fix +* 8245f0b3211 Revert "seabios: bump to rev 9029a010, 4 March 2025" +* 4c50157234d coreboot/t420_8mb: add missing txtmode config +* f21749da8b1 Libreboot 25.04 Corny Calamity +* bb5f5cd5763 add pico-sdk backport patch fixing gcc 14.x +* 4f77125066d coreboot/fam15h: update submodule for nasm +* 0f2202554ab coreboot/fam15h: update nasm to 2.16.03 +* 2009c26f0aa serprog: Remove pico2 support for the time being +* a08b8d94fc5 seabios: bump to rev 9029a010, 4 March 2025 +* 342eca6f3d1 update untitled +* b0a6d4711a3 coreboot413: add alper's fix to cbfstool for gcc15 +* 628ae867c9a flashprog: bump to rev e060018 (1 March 2025) +* 5e96db5a2b4 further gcc-15 fix for gmp on -std=23 +* 9a9cd26b2d5 coreboot/default and fam15h: gmp fix, gcc15 hostcc +* 80007223c85 lib.sh: Provide printf for mktarball +* a16c483e5fd Merge pull request 'coreboot: fam15h: Add patches to fix build with GCC 15 as host compiler' (#318) from alpernebbi/lbmk:coreboot-fam15h-gcc15 into master +|\ +| * 685685ab0e4 coreboot: fam15h: Add patches to fix build with GCC 15 as host compiler +|/ +* 02110f2bc1d Merge pull request 'coreboot: Add patch to fix build with GCC 15 as host compiler' (#317) from alpernebbi/lbmk:coreboot-gcc15-nonstring into master +|\ +| * 5ad1de3931a coreboot: Add patch to fix build with GCC 15 as host compiler +|/ +* 9e7bceb7fa9 Merge pull request 'seabios: Fix malloc_fn function pointer in romfile patch' (#313) from alpernebbi/lbmk:seabios-romfile-malloc-fptr into master +|\ +| * 35c853f8b33 seabios: Fix malloc_fn function pointer in romfile patch +* | 686e136f150 Merge pull request 'dependencies/debian: Fix libusb package name' (#315) from alpernebbi/lbmk:debian-libusb-dependency into master +|\ \ +| * | 6f120f01588 dependencies/debian: Fix libusb package name +| |/ +* / d8b0e749983 init.sh: fix yet another double quote for dotfiles +|/ +* 780844112ae Merge pull request 'Update U-Boot to v2025.10' (#305) from alpernebbi/lbmk:uboot-v2025.04 into master +|\ +| * 1265927ca38 u-boot: gru: Disable INIT_SP_RELATIVE +| * 5bea1fade9a u-boot: arm64: Expand our modified defconfigs to full configs +| * fd56d8ada13 u-boot: arm64: Merge our modifications into new defconfigs +| * ed9ddd7415f u-boot: arm64: Add new upstream defconfigs +| * b1fa44858cb u-boot: arm64: Rebase to v2025.04 +| * 976fc6890ae u-boot: arm64: Save our modifications to the upstream defconfigs +| * 418570a6172 u-boot: arm64: Turn configs into defconfigs +|/ +* 093a86d9c09 init.sh: don't use eval to read version files +* 3045079947b init.sh: use backslash for dotfiles in eval +* da108d1c045 mk: Don't run mkhelpers if mode is set +* 71a58a38ab4 mk: condense main() again +* f3882b9bf21 init.sh: make git name/email error more useful +* 9cebda333d5 init.sh: move git name/mail check to xbmk_git_init +* ea081adc4ca init.sh: tidy up the git name/email check +* 3292bded692 mk: make main() more readable +* 97a5e3d15ed mk: move git check to init.sh xbmk_set_version +* 11cd952060d init.sh: tidy up xbmk_init() +* f6c5c8d396d mk: move git_init to init.sh +* ec1c92238cc init.sh: minor cleanup +* e009f09e7fa init.sh: clean up setvars +* 9ec72153408 init.sh setvars: make err a printf for eval +* 18ad654a1f7 init.sh: merge xbmk_child_init with xbmk_init +* 15268202478 init.sh: split xbmk_child_init into functions +* 0280cd4c0e7 init.sh: move parent fork to new function +* a0e1d42ff74 init.sh: Provide more complete error info +* a8f0623efbb update uefitool to rev a072527, 26 Apr 2025 +* c698972130f rename include/vendor.sh to inject.sh +* 24e488aae56 lib.sh: move _ua to the xbmkget function +* 6779d3f9915 move variables out of init.sh to others +* 848159fa0eb lib.sh: rename vendor_checksum +* 1de77c6558c lib.sh: move singletree() to git.sh +* 703fe444312 lib.sh: move cbfs() to rom.sh +* b57952e90d2 re-split include/init.sh to lib.sh +* 8ecb62c6628 rename include/lib.sh to init.sh +* ce4381169fa lib.sh: introduce more top-down function order +* 15b64cfebe8 mk/git.sh: remove tree_depend variable +* 9b8179c0e5d git.sh: remove unused xgcc linking feature +* 4624c6e536c mk: remove unused variables (ser/xp) +* aba5b3a3532 mk: simplify main() +* 0ab7c6ff9cf lib.sh: use realpath to get sys python on venv +* 8edea026c58 lib.sh: Force use of System Python to prevent hang +* b1b964fa5c3 lib.sh: further condense the python check +* 9543a325acb lib.sh: further simplify the python check +* 9baabed7186 lib.sh: condense the python check +* 0c5c5ffc873 lib.sh: simplify mk() +* 83022b6ba83 lib.sh: simplify cbfs() +* 13ad839691d lib.sh: simplify the python check +* b1ea4165754 mk: remove mkhelp() and use x_() instead +* 4cf64e59ed0 mk: simplify handling of trees() +* d0581914c74 coreboot/hp8300cmt: purge xhci_overcurrent_mapping +* cb52fc4ba82 Fix VBT path on HP Elite desktops +* 2bee87cfc26 lib.sh: add missing copyright year +* 4b7ab403c65 ifd/q45t_am: unlock regions by default +* 564155277ea coreboot/g43t_am3: use ifd-based setup +* 0ddd1963751 coreboot/q45t_am3: use ifd-based setup +* 3b2d933842a coreboot/default: add missing submodules +* a10d81399c7 NEW MAINBOARD: Acer Q45T-AM (G43T-AM3 variant) +* d114e0a765c mk: don't print confirmation of git pkg.cfg +* f59c24f12aa coreboot/g43t_am3: fix data.vbt path +* 21020fa319a add missing config/data/coreboot/0 +* 2b4629d790b Merge pull request 'lib.sh: Fix python3 detection when 'python' is python2' (#290) from alpernebbi/lbmk:python3-detection-fix into master +|\ +| * a18d287a81e lib.sh: Fix python3 detection when 'python' is python2 +|/ +* c7569a67145 coreboot/next: merge with coreboot/default +* 762c7ff43eb coreboot/default: Update, c247f62749b (8 Feb 2025) +* 86e7aa80c51 Update the GRUB revisions +* 8d57bf6009e Revert "git.sh: minor cleanup" +* a2898771f6e lib.sh: perform root check even earlier +* 779f6003421 lib.sh: tidy up opening logic (put it together) +* bac4be99c20 lib.sh: do root check before python check +* e63d8dd20d9 git.sh: minor cleanup +* 11078508a25 lib.sh: simplify mktarball() +* 087bbedc5f8 vendor.sh: tidy up vendor_download() +* e11fd52d958 mk: tidy up check_gnu_path() +* 3442f4278ed mk: simplify check_project_hashes() +* 6b6a0fa607c lib.sh: fix missing s/TMPDIR/xbmktmp +* e07a2adb130 lbmk: don't handle TMPDIR directly +* 9d3b52cd1d2 rom.sh: minor cleanup +* b4402c54258 vendor.sh: yet even more code cleanup +* fe5bdc7633d vendor.sh: even more cleanup +* fcedb17a9a1 vendor.sh: more cleanup +* 4e2b59ed3ff vendor.sh: minor cleanup +* a3acf4c3f95 vendor.sh: simplify process_release_roms +* 30213a96883 vendor.sh: remove unnecessary check +* 38df7275f12 git.sh: remove unnecessary comment +* f5891fb6991 git.sh: remove link_crossgcc() +* a685654b90f git.sh: remove move_repo() +* e4aa62f79a8 git.sh: remove prep_submodule() +* 2839feb9e43 git.sh: make git_prep command clearer +* 410fa702c9c mrc.sh: Make proper use of variable inside printf +* 075902c3ea7 simplify a few file checks +* b2255425eba rom.sh: remove unnecessary check +* 39640d76a75 lbmk: minor cleanup +* c8dc701f3eb lib.sh mktarball: stricter tar error handling +* 58a53d7046f vendor.sh: don't err on bruteforce me extract +* 958fa34832a mk check_project_hashes: handle error on sha512sum +* 8b4b069e3f6 vendor.sh: remove unnecessary xchanged="y" +* 166dbb04c92 vendor.sh: set need_files="n" if skipping patch +* e90657cc734 vendor.sh: Don't handle vendor files if not needed +* 2e10a45fa36 Revert "lib.sh: use eval for the command in x_" +* 738d4bb6b6d lib.sh: fix bad eval writing resized file +* eb9e5d2d5d4 lib.sh: fix bad eval writing version/versiondate +* 3bfdecdc75b lib.sh: use eval for the command in x_ +* 4fa3bb9e5b1 mk: use eval to run mkhelp commands +* 9b3635718a8 mk: tidy up the switch/case block in main() +* 0c381028abc mk: tidier error handling +* 023f9cf0498 lib.sh: tidy up the error handling +* cb3253befb9 rom.sh: tidy up error handling +* 7af46721bcb vendor.sh: tidy up error handling +* 04ebb3b91a0 vendor.sh: tidy up decat_fspfd() +* 0c87fdf96ad git.sh: clean up fetch_project() +* 9eb8856b3c5 mk: Remove unnecessary argument checks on trees() +* 52f3d54116f vendor.sh: properly call err_ in fail_inject +* c4c6692b761 remove xbmk_parent, handle forking in lib.sh +* fd5431db05d lib.sh: define x_ right after err_ +* 972681a127b mk: minor cleanup +* b41cd39b686 lib.sh: minor cleanup +* 49939502648 mrc.sh: minor cleanup +* c158d82298b rom.sh: minor cleanup +* cb36248c8c0 vendor.sh: tidy up check_release() +* 409cab39c56 vendor.sh: tidy up vendor_inject() +* 12b1623e473 vendor.sh: tidy up readcfg() +* 0d85f061e2e vendor.sh: tidy up patch_release_roms() +* 61f20141028 vendor.sh: tidy up process_release_roms() +* 5901f36e49d vendor.sh: tidy up patch_rom() +* 082930ce0e7 vendor.sh: tidy up inject() +* e1f91f30372 vendor.sh: tidy up modify_mac_addresses() +* 3181ac50126 script/trees: merge with mk and delete script/ +* 3d03dd1a507 mk: remove the legacy "roms" command +* f0c629dcc6c lib.sh: write version/versiondate to dotfiles +* 23b942c83e9 lib.sh: hardcode projectname/projectsite +* a03bb793aea remove update/vendor symlinks +* d7f80ebe71e move build to mk +* 57d58527fd0 trees: unify the execution of mkhelper commands +* e5262da4be7 trees: tidy up configure_project() +* 51798278397 build: make coreboot building an else in "roms" +* c189257888a trees: don't build dependencies if dry=":" +* 115a66fddd3 trees: unified handling of flags +* 3ea633cc791 trees: simplified handling of badhash/do_make +* 9be40e94a2b trees: don't set mode on ./mk -b +* 67ad7c2635c trees: don't set mod on ./mk -d +* 24448948419 trees: don't initialise mode to "all" +* 97c50a39a60 trees: clean up some comments +* cfb14fd8dd8 vendor.sh: simplified readkconfig() +* 5b697b93a2d lib.sh: double-quote pwd to prevent globbing +* 5a0a24f5559 lbmk: unified PWD handling (work directory) +* a25a29cfbb7 lib.sh: initialise PATH if it's unset +* 1022abf6991 move XBMKPATH to include/lib.sh +* 0764c969a29 lbmk: use pwd util, not PWD environmental variable +* f98b9b01107 clean up a few semicolons in the build system +* 8ccb61cc718 trees: err if first argument is not a flag +* 947c3e1a176 trees: err if no argument given +* edbbde0b12d trees: set dry=":" on ./mk -f +* 33bb0ecf764 trees: clean up initialisation of the dry variable +* c7636ff1dfc trees: initialise mode to "all", not "" +* d0bd12631a6 trees: don't abuse the mode variable on -f +* c4cd876c609 trees: Add missing flag to error output +* 5ebcae5235f lbmk: minor code formatting cleanup +* 70cef71dbab grub/xhci: Remove unused patch +* 3f14a470a2e remove _fsp targets (keep _vfsp) +* d7312260e7e util/nvmutil: remove excessive comments +* e348ea0381a Bump GRUB revision to add 73 security patches +* 4b228c11f9f Merge pull request 'Update pico-serprog revision' (#271) from Riku_V/lbmk:master into master +|\ +| * a8359e30b27 Update pico-serprog revision +|/ +* d2cb954933b util/nvmutil: Fix bad error messages on R/W +* e1e515bd22a util/nvmutil: hardened pledge on help output +* ada057a865c Merge pull request 'Simplify the README' (#269) from runxiyu/lbmk:readme-simplification into master +|\ +| * 9ced146b47c README.md: Use newlines instead of bulleted list for docs/support links +| * 266122592cd README.md: Use the EFF's page on Right to Repair +| * e36aa8c5a5c README.md: Vastly simplify it +| * c17f4381ce5 README.md: Mention SeaBIOS and U-Boot instead of Tianocore as payloads +|/ +* 47eb049cb47 Merge pull request 'deps/arch: genisoimage belongs to cdrtools' (#267) from runxiyu/lbmk:master into master +|\ +| * fa9a0df2458 deps/arch: genisoimage belongs to cdrtools +|/ +* a98490573be util/nvmutil: only set mac_updated at the end +* 6b9cf09ca21 restore old x230 gbe file +* 8a435355135 util/nvmutil: Fix bad comparison +* a65a0c2f963 util/nvmutil: allow ./nvm gbe MAC +* 96356ce94f6 util/nvmutil: move "e" to swap() +* b1d8975959d util/nvmutil: Only read up to 4KB on larger gbe +* 6821659bcb2 util/nvmutil: fix minor mistake (line break) +* 3bb7520f6d9 util/nvmutil: do setmac if only filename given +* d94b274fd9f vendor.sh: don't error if grep -v fails +* 6ebdd3c72ba vendor.sh: Don't show gbe filename on inject +* a08748a9eda util/nvmutil: don't say write not needed if errno +* 6841a351ebc util/nvmutil: print dump *after* modification +* da0a6c216cf util/nvmutil: verbosely print the written MAC +* db5879c6b5a util/nvmutil: minor cleanup in cmd_dump +* bd7215d1eb7 util/nvmutil: show nvm words written on writeGbe +* c70117c79c4 util/nvmutil: clean up readonly check on writeGbe +* cf5a63e65ca util/nvmutil: Remove useless gbeFileChanged var +* 83601aa524b util/nvmutil: reset errno if any MAC updated +* 3e86bf5ce25 util/nvmutil: reset errno when writing a MAC +* bcf53cc2cc0 util/nvmutil: show total number of bytes read +* c91cc329cf8 util/nvmutil: rename tbw/bw to tnw/nw +* 90607108330 util/nvmutil: err if bytes read lower than nf +* c72f699d368 util/nvmutil: err if fewer bytes written +* d666f67ebe5 util/nvmutil: Show bytes written in writeGbe +* b2d6393ed5f util/nvmutil swap(): ensure that no overflow occurs +* 063fef14d34 util/nvmutil: make swap() a bit clearer +* fd1bbdc96cb util/nvmutil: make 0x3f checksum position a define +* 5ddf7f251d6 util/nvmutil: make 128 (nvm area) a define +* 8850acc7da6 util/nvmutil swap(): Only handle the nvm area +* 49506a88328 util/nvmutil: move write checks to writeGbe +* 948377b0e7e util/nvmutil: make cmd_swap its own function again +* 6e134c9f4bf util/nvmutil: minor cleanup +* 98e105ac4f1 util/nvmutil: allocate less memory for setchecksum +* 52e8ea57f7b util/nvmutil: Further reduce memory usage +* 7a7d356824e util/nvmutil: Remove unnecessary buf16 variable +* cdf23975bc1 util/nvmutil: Only allocate needed memory for file +* ed45da9cae5 util/nvmutil: Remove unnecessary buffer +* ec3148dc3b5 util/nvmutil: Show specific error for bad cmd argc +* 073420d3056 util/nvmutil: cleaner argument handling +* a6c18734e70 util/nvmutil: extreme pledge/unveil hardening +* deb307eaf63 util/nvmutil: more minor cleanup +* c14eccaf153 util/nvmutil: more granular MAC parsing errors +* 88fb9cc90ea util/nvmutil: more cleanup +* 5aaf27f80c3 remove errant comment in nvmutil +* c829b45c17c util/nvmutil: support 16kb and 128kb gbe files +* a98ca5bf65c util/nvmutil: Prevent unveil allowing dir access +* 68c32034a00 typo: nvme should say nvm in nvmutil.c +* c944c2bbac7 util/nvmutil: General code cleanup +* 8c65e64e398 snip +* f666652fe15 snip +* 64d3c7b5150 grub/xhci: Add xHCI non-root-hub fixes from Nitrokey +* 7bf0d4c2ed5 add gnults-devel to fedora 41 dependencies +* 66d084e7f7c grub.cfg: scan luks *inside lvm* +* 5a3b0dab966 grub.cfg: Scan *every* LVM device +* 3c9f4be76f6 Libreboot 20241206, 8th revision +* d4cc94d6b44 rom.sh: don't run mkpicotool on dry builds +* de6d2f556f1 pico-sdk: Import picotool as a dependency +* 4210ee68ea2 lib.sh: Much safer python version check +* 8c7ba6131cc coreboot/next uprev: Fix T480 backlight keys +* 411fb697dfc set up python in PATH, ensuring that it is python3 +* e8336bcc3ca vendor.sh: Proper semantics on prefix file names +* 63f45782638 vendor.sh: Confirm if need_files=n +* 13b06ae130f vendor.sh: Allow restoring the default GbE file +* ab8feff92e0 vendor.sh: set random MAC address *by default* +* 0ceaa01d45d vendor.sh: add clarification to nogbe warning +* 4d5caf1dcfc vendor.sh: check that the vcfg file exists +* fc4ee88e167 vendor.sh: error out if nuking failed +* 8819a93d89b add line break, part 3 +* 8ce1a00f517 add line break, part 2 +* bc2c14e76a8 add line break +* c762850311a vendor.sh: prevent double-nuke +* 68299ad05ca vendor.sh: much more verbose errors/confirmation +* b8e6d12f3d9 add libx86 to arch dependencies +* cf8ad497b4e vendor.sh: Remove unnecessary return +* c858099b359 vendor.sh: Download utils even if vcfg unset +* ce16856a242 vendor.sh: Allow setmac if vendorfiles not needed +* 4b51787d078 add less to arch dependencies +* 8bd028ec153 lib.sh: Set python after dependencies +* 44b6df7c24c update my copyright years on modified scripts +* 818f3d630c2 vendor.sh: Don't error if vcfg is unset +* 432a1a5bca7 lib.sh: Fix unescaped quotes in chkvars() +* a73b0fd910a Revert "fix more unescaped quotes in eval" +* ec6bcc1fba5 fix more unescaped quotes in eval +* 5284f20b981 fix ./mk dependencies build issue +* d825f9a9683 rom.sh: Remove errant GRUB modules check +* 4149f3dc81a submodule/grub: use codeberg for 1st gnulib mirror +* 0305975e705 util/nvmutil: Update AUTHORS and COPYING files +* 20b192e13bd util/nvmutil: Describe nvmutil in help output +* d1ca21628cb util/nvmutil: Remove the correct binary on uninstall +* e63fe256dfc util/spkmodem-recv: More correct Makefile +* efd50ee548b util/nvmutil: Honour the INSTALL variable +* 8008838abbc util/nvmutil: Don't clean when doing uninstall +* 982f257f58a util/nvmutil: Proper DESTDIR/PREFIX handling +* 3f85ae5f853 util/nvmutil: Set CC and CFLAGS only if unset +* 2c7b9fb9412 util/nvmutil: Capitalise BABA +* 57f9906f6d1 util/nvmutil: Add uninstall to Makefile +* 4defe2c6085 util/nvmutil: Add distclean to Makefile +* 033e4cd9d50 util/nvmutil: Make the GbE checksum a define +* 874317c4e59 util/nvmutil: nicer hexdump display +* a338e585eed util/nvmutil: show the correct hexdump order +* b032e483ef1 lib.sh mktarball: cleaner if statement +* 0cf58c22734 fix lbmk shellcheck errors +* 8276560cc99 lib.sh and rom.sh: update my header +* 08e86d2218c vendor.sh inject: reset err upon return +* 41275d699ca vendor.sh: MUCH, MUCH, MUCH safer ./mk inject +* ed7293494e3 util/nvmutil: Obey the 79-character per line limit +* 637b5e36fd2 util/nvmutil: Tidy up copyright header +* cd28db883e2 vendor.sh: fix comment +* 57971ceb227 util/nvmutil: Fix another straggler +* 15b37b2a1ab util/nvmutil: Tidy up pledge calls +* e8799310db2 hp820g2: fix vendorfile inject and set release=y +* f9ab082ec19 fedora41/dependencies: add libuuid-devel +* 661591f9f0b add uuid-devel to fedora41 dependencies +* 1a46c047386 support ./mk dependencies fedora reinstall +* d58d63569f1 fix missing semicolon in grub nvme patch +* 95ea3293df5 bump seabios to rev 1602647f1 (7 November 2024) +* 6d7e6c361b3 Bump GRUB revision to 6811f6f09 (26 November 2024) +* 09a01477df6 t480/3050micro: force power off post power failure +* d344cd95eac flashprog: Disable -Werror +* dc95e912bfe bump flashprog to revision eb2c041 (14 Nov 2024) +* 27c8c1c16ba replace liblz4-tool with lz4 and liblz4-dev +* d3a732a64db lib.sh dependencies: support --reinstall argument +* 466ada423dd move xbmkpath to XBMK_CACHE/ +* b0a23840327 Revert "Remove legacy update/vendor commands" +* 3d7dd4aa9fe Fix U-Boot build issue with Swig 4.3.0 +* 0c810747469 use command -v instead of which +* 6c7e3ce2d6e trees: remove unnecessary subshell +* ad137eae89d trees: only symlink host gcc/gnat to build xgcc +* cfb6de94c33 trees: correction on check_gnu_path +* ec2f0716662 trees: match gcc/gnat versions both ways +* f64b5996279 Merge path.sh into script/trees +* 295463d281e path.sh: Further cleanup +* 5b24e0a5a96 path.sh: More thorough gcc/gnat version check +* 7849a075886 path.sh: minor cleanup +* 17168a87dbf path.sh: remove unnecessary shebang +* e565df94fd7 Fix globbing issue in lbmk +* c80cc0a00b6 remove auto-confirm on distro dependencies +* 01fc65a0a9d Mitigate Debian Trixie/Sid GCC/GNAT version mismatch +* 424b0c7103b t480/3050micro: disable hyperthreading +* 603105f3b4e t480/t480s: Disable TPM2 to mitigate SeaBIOS lag +* 754bd1e6ca3 rom.sh: Name pico directory serprog_pico +* db22308eba5 add 2024 to Riku's copyright header on rom.sh +* 4fa5f696db8 Merge pull request 'rp2530' (#258) from Riku_V/lbmk:rp2530 into master +|\ +| * a5e0360992d pico-sdk: update to 2.1.0 +| * e2f8cc7f3ee pico-serprog: enable building for multiple pico chips +|/ +* ccc2b4d589f add spdx headers to dependencies configs +* a3969701e6b dependencies/debian: fix debian sid +* 8f370cb60d9 add spdx headers to various config files +* d591ea4c5dc git.sh: don't initialise livepull globally +* b5da9feba3b vendor.sh: Print useful message on ./mk inject +* 12c6259cb2f vendor.sh: Handle FSP insertion post-release +* 78132051462 Remove legacy update/vendor commands +* 07037561bd6 lbmk: remove use of deprecated ./vendor command +* 5d1f1823067 vendor.sh: Safer exit when vendorfiles not needed +* a18175a5df9 data/deguard: Remove unused patch +* ee8f53b96ff lib.sh: Safer exit from ./mk dependencies +* a8b35c88cf1 remove geteltorito and mtools from lbmk +* 1dd32ea5487 rom.sh: support grub-first setups +* f7801ef4770 vendor.sh: delete old tb.bin first, just in case +* 02cbf8a729d vendor.sh: make TBFW pad size configurable +* 9884e5ed1b0 T480/T480S: Support fetching ThunderBolt firmware +* 36b42dd1c11 also de-rainbow the u-boot menu +* eafc82028a4 Revert "use rainbow deer on the grub background" +* 44969c73bd2 rom.sh: insert grub background in cbfs not memdisk +* 401efb24b22 use rainbow deer on the grub background +* dc27cb91784 add some scripts to .gitignore +* 3b6b283eabe disable 3050micro nvme hotplug +* c2023921893 fix t480 spd size (512, not 256) +* da527459b68 add tarballs and signatures to gitignore +* b910424b5df fix another very stupid mistake +* e3b77b132e6 fix the stupidest bug ever +``` + +This is about 650 changes. + +Revision releases +----------------- + +When certain bugs are found, releases may be re-built and re-uploaded. When +this happens, the original release is replaced with a *revision release*. + +Revisions are numbered; for example, the first post-release revision +is *rev1*. + +### 25.06 (30 June 2025) + +No revisions, thus far. The original 25.06 release is the current revision, so +it could be considered *rev0* (revision zero). + +Build testing +------------- + +This release was built on the latest Debian 12.10 Bookworm release, as of +this day. It was also build-tested successfully on the latest Arch Linux updates +as of 26 June 2025. + diff --git a/site/news/libreboot2506.md.description b/site/news/libreboot2506.md.description new file mode 100644 index 0000000..f8ae0af --- /dev/null +++ b/site/news/libreboot2506.md.description @@ -0,0 +1 @@ +Libreboot 25.06 release announcement. Libreboot is a free/opensource BIOS/UEFI firmware distribution with coreboot payloads such as GNU boot loader GRUB. diff --git a/site/news/microcode.md b/site/news/microcode.md index ad157d9..7f84567 100644 --- a/site/news/microcode.md +++ b/site/news/microcode.md @@ -11,8 +11,8 @@ As I write this, I'm quite close to providing a new stable release of Libreboot. The final push to get it out the door is underway, with round-the-clock build testing and general polishing. -Introduction -============ +Free as in freedom? +------------------- Firstly, what is microcode? In this context, CPU microcode is what configures logic gates in the CPU to implement an instruction set. You can learn more @@ -21,9 +21,9 @@ about microcode on the [FAQ](../faq.md#microcode) and In the next Libreboot releases, ROM images that *exclude* CPU microcode updates will once again be available. Libreboot's [Binary Blob Reduction -Policy](policy.md) dictates that each mainboard must be provided with **as few** +Policy](policy.md) dictates that each motherboard must be provided with **as few** binary blobs as possible, ideally **none**. *At present*, *all* x86 and ARM -mainboards supported in Libreboot (in `lbmk.git` and in releases) can boot +motherboards supported in Libreboot (in `lbmk.git` and in releases) can boot with entirely [free software](https://writefreesoftware.org/), requiring *zero* vendor files of any kind within *coreboot*. @@ -37,7 +37,7 @@ these, or mitigate their existence (for example, `me_cleaner` is used on newer Intel platforms). One exception made in that policy is that CPU microcode updates *must* be -provided by default, on all x86 mainboards. The ARM platforms do not use +provided by default, on all x86 motherboards. The ARM platforms do not use microcode at all. This is a correct policy, because these updates fix critical security and stability issues in the silicon; more information about that can be found [here](policy.md#more-detailed-insight-about-microcode). Since @@ -50,8 +50,7 @@ announced that Libreboot had re-added certain mitigations, working around bugs caused when microcode is removed on certain Intel GM45 platforms (e.g. X200 or T400 ThinkPads). -Why? ----- +### Why? Freedom of choice, that's why. Libreboot's policy explicitly [states](policy.md#configuration), in the context of *adding* vendor files: @@ -76,14 +75,13 @@ features. The CPU already has older, buggier microcode burned into mask ROM, so the choice is to either update it, or encounter more bugs. Regardless, this is a point of contention for some people. -How? ----- +### How? The change was implemented by [this patch](https://browse.libreboot.org/lbmk.git/commit/?id=f338697b96757977d2a14da00a91236595704fed) on 19 June 2023, in the Libreboot build system. -In `board.cfg` for each mainboard defined (in Libreboot's build system, lbmk), +In `board.cfg` for each motherboard defined (in Libreboot's build system, lbmk), the following entries are available: * `microcode_required="n" or "y"` (it's "n" on ALL boards) @@ -104,14 +102,14 @@ If `microcode_required="n"`, the given ROM image `filename.rom` is either: * If no microcode file exists within it already, such as on ARM - mainboards, the ROM is simply copied to: `filename_nomicrocode.rom` + motherboards, the ROM is simply copied to: `filename_nomicrocode.rom` * If the ROM contains microcode (default on most x86 boards, except Qemu or in rare cases where none are advised), `filename.rom` is retained and is copied to `filename_nomicrocode.rom`, and the CPU microcode update file shall be removed from `filename_nomicrocode.rom`. What this means is that ROMs *with* OR *without* microcode will be present, -where applicable, on ROM images for each given mainboard. This will be the case +where applicable, on ROM images for each given motherboard. This will be the case by default, for ROM images provided in the next release of Libreboot and all releases that follow. @@ -121,7 +119,7 @@ Example: * `seabios_e6400_4mb_libgfxinit_txtmode_noblobs_nomicrocode.rom` It is *strongly* recommended, by the Libreboot project, that you -do *not* use the `_nomicrocode` ROMs on x86 mainboards. These updates +do *not* use the `_nomicrocode` ROMs on x86 motherboards. These updates are *required* to implement stable x86 ISA, otherwise your CPU will behave in strange, unpredictable ways, which could cause severe bugs in software that cause *real* issues. Issues such as data loss. @@ -145,7 +143,7 @@ is what people would otherwise use; thus, Libreboot's modern policy is pragmatic, advancing further the cause of *software freedom*. By contrast, Libreboot's previous policy was to *ban all binary blobs*, which -meant that many mainboards from coreboot were excluded. This resulted in less +meant that many motherboards from coreboot were excluded. This resulted in less people achieving a level of software freedom, because to this day, nothing quite like Libreboot exists with the scope and ambition that it has. Libreboot makes coreboot as easy to use as possible for normal, non-technical people who @@ -154,7 +152,7 @@ like the idea of coreboot, but are not competent to configure it from scratch. Accordingly, the old Libreboot policy, prior to November 2022, *harmed* the Free Software movement. Such harm was *corrected* in November 2022 and, going forward, it is the intention of the Libreboot project to eventually have -build targets *for every mainboard that coreboot supports!* +build targets *for every motherboard that coreboot supports!* ARM platforms ------------- @@ -164,7 +162,7 @@ ROM images there are named simply according to what is already the case. Removing microcode also possible on older releases -================================================== +--------------------------------------------------- Libreboot releases *before* 20221214 excluded microcode by default, and did not provide ROMs *with* microcode. diff --git a/site/news/microcode.md.description b/site/news/microcode.md.description new file mode 100644 index 0000000..20fae76 --- /dev/null +++ b/site/news/microcode.md.description @@ -0,0 +1 @@ +Policy announcement regarding CPU microcode updates in Libreboot. diff --git a/site/news/mirrors.md b/site/news/mirrors.md index b722c96..5d7cb1b 100644 --- a/site/news/mirrors.md +++ b/site/news/mirrors.md @@ -1,4 +1,4 @@ -% New Git repositories added as backup mirrors +% New Git repositories added as backup Libreboot mirrors % Leah Rowe % 11 April 2023 diff --git a/site/news/mirrors.md.description b/site/news/mirrors.md.description new file mode 100644 index 0000000..2363b29 --- /dev/null +++ b/site/news/mirrors.md.description @@ -0,0 +1 @@ +New Libreboot Git repository mirrors are available, for downloading Libreboot free/opensource BIOS/UEFI boot firmware. diff --git a/site/news/news.cfg b/site/news/news.cfg index 89b9fbb..5b36fd2 100644 --- a/site/news/news.cfg +++ b/site/news/news.cfg @@ -1,2 +1,2 @@ -BLOGTITLE="News for libreboot.org" -BLOGDESCRIPTION="News for libreboot.org" +BLOGTITLE="News about Libreboot releases and development" +BLOGDESCRIPTION="News about Libreboot releases and development" diff --git a/site/news/policy.de.md b/site/news/policy.de.md index c3b071a..8fb3b0f 100644 --- a/site/news/policy.de.md +++ b/site/news/policy.de.md @@ -3,12 +3,12 @@ % 4 January 2022 (updated 15 November 2022) Einleitung -============ +------------ Dieser Artikel beschreibt die *Prinzipien* die das Libreboot Projekt definieren. Für Informationen darüber *wie diese Prinzipien in der Praxis angewendet werden*, bitte lies diesen Artikel stattdessen: [Software and hardware -freedom status for each mainboard supported by Libreboot](../freedom-status.md) +freedom status for each motherboard supported by Libreboot](../freedom-status.md) Libreboot's Richtlinie ist für jeden Benutzer so viel Software Freiheit zu bieten wie möglich, auf jeglichem Bit von unterstützter Hardware, und @@ -33,7 +33,7 @@ technische Informationen schau in die [Libreboot build system documentation](../docs/maintain/). Derzeitiger Projektrahmen -===================== +------------------------- Das Libreboot Projekt ist besorgt um das was in den Haupt Boot Flash IC geht, aber es gibt andere Firmware Teile welche in Betracht gezogen werden sollten, @@ -45,8 +45,7 @@ Die kritischsten hiervon sind: * HDD/SSD firmware * Intel Management Engine / AMD PSP firmware -Was ist ein binärer Blob? ----------------------- +### Was ist ein binärer Blob? Ein binärer Blob, in diesem Zusammenhang, ist jegliches Ausführbares für welches kein Quelltext existiert, welchen Du nicht in einer angemessenen @@ -62,16 +61,15 @@ Für Informationen über die Intel Management Engine und AMD PSP, schau unter FAQ. Blob *reduction* policy -======================= +--------------------- -Default configurations ----------------------- +### Default configurations Coreboot, upon which Libreboot is based, is mostly libre software but does require vendor files on some platforms. A most common example might be raminit (memory controller initialisation) or video framebuffer initialisation. The -coreboot firmware uses certain vendor code for some of these tasks, on some mainboards, -but some mainboards from coreboot can be initialised with 100% libre source +coreboot firmware uses certain vendor code for some of these tasks, on some motherboards, +but some motherboards from coreboot can be initialised with 100% libre source code, which you can inspect, and compile for your use. Libreboot deals with this situation in a *strict* and *principled* way. The @@ -99,17 +97,17 @@ The libreboot project has the following policy: fact *required* as per libreboot policy. These updates fix CPU bugs, including security bugs, and since the CPU already has non-libre microcode burned into ROM anyway, the only choice is either *x86* or *broken x86*. Thus, libreboot - will only allow coreboot mainboard configurations where microcode updates - are *enabled*, if available for the CPU on that mainboard. + will only allow coreboot motherboard configurations where microcode updates + are *enabled*, if available for the CPU on that motherboard. [Releases after 20230423 will provide separate ROM images with microcode excluded, alongside the default ones that include microcode.](microcode.md) * Intel Management Engine: in the libreboot documentation, words *must* be written to tell people how to *neuter* the ME, if possible on a given board. The `me_cleaner` program is very useful, and provides a much more secure ME configuration. -* Vendor blobs should *never* be deleted, even if they are unused. In the +* Such vendor files should *never* be deleted, even if they are unused. In the coreboot project, a set of `3rdparty` submodules are available, with vendor - blobs for init tasks on many boards. These must *all* be included in libreboot + files for init tasks on many boards. These must *all* be included in libreboot releases, even if unused. That way, even if the Libreboot build system does not yet integrate support for a given board, someone who downloads libreboot can still make changes to their local version of the build system, if they @@ -126,8 +124,7 @@ Libreboot's pragmatic policies will inevitably result in more people becoming coreboot developers in the future, by acting as that crucial *bridge* between *it* and non-technical people who just need a bit of help to get started. -Configuration -------------- +### Configuration The principles above should apply to *default* configurations. However, libreboot is to be *configurable*, allowing the user to do whatever they like. @@ -142,12 +139,12 @@ problem! The goal of the libreboot project is simply to make coreboot more accessible for otherwise non-technical users. FREEDOM CATALOG -=============== +-------------- A *[freedom status](../freedom-status.md)* page should also be made available, educating people about the software freedom status on each machine supported by the Libreboot build system. Please read: -[Software and hardware freedom status for each mainboard supported by +[Software and hardware freedom status for each motherboard supported by Libreboot](../freedom-status.md). It is desirable to see a world where all hardware and software is libre, under @@ -177,15 +174,62 @@ exist, for example, the work done by Sam Zeloof and the Libre Silicon project: (Sam literally makes CPUs in his garage) -Why? -==== +More detailed insight about microcode +--------------------------------- -This next section previously existed in a less than diplomatic manner. It -has been restored, as of August 2024, because the wisdom that it provides is -important, yet being respectful of our friends in Massachussets is also -a good thing to do, where feasible. This section was previously deleted, as -a gesture of good will to those people, but it can't not be here, so without -further ado: +To be clear: it is preferable that microcode be free. +Not including CPU microcode updates is an absolute disaster for system +stability and security, so Libreboot *includes microcode updates by default, in +all modern release images, where possible to do so*. + +The CPU already has microcode burned into mask ROM. The microcode configures +logic gates in the CPU, to implement an instruction set, via special *decoders* +which are fixed-function; it is not possible, for example, to implement a RISCV +ISA on an otherwise x86 processor. It is only possible for the microcode to +implement x86, or *broken* x86, and the default microcode is almost always +*broken x86* on Intel/AMD CPUs; it is inevitable, due to the complexity of +these processors. + +These processors provide a way to supply microcode *updates*. These updates +are volatile, and consequently must be applied during every boot cycle. The +updates fix stability/reliability/security bugs, and their *absence* +is *technically incorrect*, so you are strongly advised to install them. +Examples of where these updates fix bugs: on ASUS KCMA-D8/KGPE-D16 +and ThinkPad X200/T400/T500/W500/X200T/X200/R500/X301, the updates make +hardware-based virtualization (via `kvm`) completely stable, where it would +otherwise lead to a kernel panic. They allow those same thinkpads to be run with +high CPU usage and I/O (RAM usage), without crashing (otherwise, it's very +likely to encounter a kernel panic caused by a *Machine Check Exception*). + +Not including these updates will result in an unstable/undefined state. Intel +themselves define which bugs affect which CPUs, and they define workarounds, or +provide fixes in microcode. Based on this, software such as the Linux kernel +can work around those bugs/quirks. Also, upstream versions of the Linux kernel +can update the microcode at boot time (however, it is recommend still to do it +from coreboot, for more stable memory controller initialization or “raminit”). +Similar can be said about AMD CPUs. + +Once upon a time, Libreboot *excluded* microcode updates by default, but this +lead to broken behaviour. Here are some examples: + + + + + +These patches revert *bug fixes* in coreboot, fixes that happen to break other +functionality but only when microcode updates are excluded. The most +technically correct solution is to *not* apply the above patches, and instead +supply microcode updates! + +You *need* microcode updates, or you will have a broken CPU; broken, because +it literally behaves differently than it's supposed to, so software will have +unpredictable bugs that could even cause data corruption - or worse. + +Why was this page written? +-------------------------- + +Many of the topics discussed here are actually hotly contested, by different +sections of the free software movement. Libreboot has taken a firm stance. Firstly, observe the following graphic: @@ -217,7 +261,7 @@ You may ask: should the other firmwares be free too? The answer is **yes**, but it's complicated: it's not always practical to even study those firmwares. For example, there are so many webcams out there, so many SSDs, so many devices all doing the same thing, but implemented differently. Coreboot is already -hard enough, and there are so many mainboards out there. +hard enough, and there are so many motherboards out there. For example: every SSD has its own controller, and it has to do a lot of error correction at great speed, to mitigate the inherent unreliability of @@ -264,7 +308,7 @@ that stores it, and it makes research/development more expensive; having an easy software update mechanism allows bugs to be fixed more quickly, during development and post-release, thus reducing costs. This saves the industry *billions*, and it is actually of benefit to the free software -community, because it makes reverse engineering easier, and it makes +movement, because it makes reverse engineering easier, and it makes actually updating the firmware easier, so more proprietary software can actually be *replaced with free software*. If some standard interface exists, for the firmware, then that makes reverse engineering easier *across many @@ -337,8 +381,8 @@ proprietary software at all, but in order to have less of it, we have to have more - for now. Let's take an extreme example: what if coreboot was entirely binary blobs -for a given mainboard? Coreboot itself only initialises the hardware, and -jumps to a payload in the flash; in this case, the payload (e.g. GNU GRUB) +for a given motherboard? Coreboot itself only initialises the hardware, and +jumps to a payload in the flash; in this case, the payload (e.g. GRUB) would still be free software. Surely, all free firmware would be better, but this is still an improvement over the original vendor firmware. The original vendor firmware will have non-free boot firmware *and* its analog @@ -360,7 +404,7 @@ accept blobs, and *not* talk about them. In Libreboot, it's the exact opposite: we make sure you know about them, and tell you that they are bad, and we say that they should be fully replaced. -Unlike some in the community, we even advocate for free software in cases +Unlike certain types of people, we even advocate for free software in cases where the software can't actually be replaced. For example: the RP2040 Boot ROM is free software, with public source code: diff --git a/site/news/policy.md b/site/news/policy.md index 2777c0f..d268b76 100644 --- a/site/news/policy.md +++ b/site/news/policy.md @@ -2,12 +2,12 @@ % Leah Rowe % 4 January 2022 (updated 15 November 2022) -Introduction -============ +Free as in freedom! +----------------- This article describes the *principles* that govern the Libreboot project. For information about *how those principles are applied in practise*, please read -this article instead: [Software and hardware freedom status for each mainboard +this article instead: [Software and hardware freedom status for each motherboard supported by Libreboot](../freedom-status.md) Libreboot's policy is to provide as much @@ -31,7 +31,7 @@ ideology and it is therefore (mostly) non-technical; for technical information, you can refer to the [Libreboot build system documentation](../docs/maintain/). Current project scope -===================== +--------------------- The libreboot project is concerned with what goes in the main boot flash IC, but there are other pieces of firmware to take into consideration, as covered @@ -43,8 +43,7 @@ Most critical of these are: * HDD/SSD firmware * Intel Management Engine / AMD PSP firmware -What is a binary blob? ----------------------- +### What is a binary blob? A binary blob, in this context, is any executable for which no source code exists, that you cannot study and modify in a reasonable manner. By definition, @@ -53,16 +52,15 @@ all such blobs are *proprietary* in nature, and should be avoided if possible. For information about Intel Management Engine and AMD PSP, refer to the FAQ. Blob *reduction* policy -======================= +--------------------- -Default configurations ----------------------- +### Default configurations Coreboot, upon which Libreboot is based, is mostly libre software but does require certain vendor code on some platforms. A most common example might be raminit (memory controller initialisation) or video framebuffer initialisation. The -coreboot firmware uses certain vendor code for some of these tasks, on some mainboards, -but some mainboards from coreboot can be initialised with 100% libre source +coreboot firmware uses certain vendor code for some of these tasks, on some motherboards, +but some motherboards from coreboot can be initialised with 100% libre source code, which you can inspect, and compile for your use. Libreboot deals with this situation in a *strict* and *principled* way. The @@ -90,15 +88,15 @@ The libreboot project has the following policy: fact *required* as per libreboot policy. These updates fix CPU bugs, including security bugs, and since the CPU already has non-libre microcode burned into ROM anyway, the only choice is either *x86* or *broken x86*. Thus, libreboot - will only allow coreboot mainboard configurations where microcode updates - are *enabled*, if available for the CPU on that mainboard. + will only allow coreboot motherboard configurations where microcode updates + are *enabled*, if available for the CPU on that motherboard. [Releases after 20230423 will provide separate ROM images with microcode excluded, alongside the default ones that include microcode.](microcode.md) * Intel Management Engine: in the libreboot documentation, words *must* be written to tell people how to *neuter* the ME, if possible on a given board. The `me_cleaner` program is very useful, and provides a much more secure ME configuration. -* Vendor blobs should *never* be deleted, even if they are unused. In the +* Such vendor files should *never* be deleted, even if they are unused. In the coreboot project, a set of `3rdparty` submodules are available, with vendor code for init tasks on many boards. These must *all* be included in libreboot releases, even if unused. That way, even if the Libreboot build system does @@ -117,8 +115,7 @@ Libreboot's pragmatic policies will inevitably result in more people becoming coreboot developers in the future, by acting as that crucial *bridge* between *it* and non-technical people who just need a bit of help to get started. -Configuration -------------- +### Configuration The principles above should apply to *default* configurations. However, libreboot is to be *configurable*, allowing the user to do whatever they like. @@ -134,7 +131,7 @@ problem! The goal of the libreboot project is simply to make coreboot more accessible for otherwise non-technical users. Examples of Libreboot policy in action -====================================== +----------------------------------- More information about this is also available on the [freedom status](../freedom-status.md) page. @@ -146,7 +143,7 @@ examples of how this very policy is implemented in Libreboot: graphics card enabled; more about Intel graphics is covered below. We could provide the VGA ROM for those extra chips, e.g. Nvidia graphics chips, but we don't. We configure the machines in such a way where the Intel graphics - is used, exclusively, so the dedicated GPU may aswell be turned off, and + is used, exclusively, so the dedicated GPU may as well be turned off, and it *is* turned off in such circumstances. The Intel graphics provide good enough performance and reliable operation for most people, and native initialisation code is available from coreboot to make use of the Intel GPU @@ -154,7 +151,7 @@ examples of how this very policy is implemented in Libreboot: * Newer Intel platforms have Intel ME, which is a coprocessor inside the machine that handles many functions including certain power management, and it can provides useful remote management features with Intel AMT for example. - This is a giant 5MB+ blob in the flash, and the ME has full access to your + This is a giant 5MB+ section in the flash, and the ME has full access to your RAM and other peripherals; more is documented about this in the Libreboot FAQ. On older ME4-based platforms such as Intel GM45 platforms, e.g. ThinkPad X200/T400, we remove the ME firmware entirely from the flash, leaving @@ -170,7 +167,7 @@ examples of how this very policy is implemented in Libreboot: actually run anything. ME Cleaner is required, instead of full removal, because the machines don't boot reliably without at least the BUP/ROMP modules present in flash. -* On Intel Haswell platform (Intel 4th gen), a binary blob is available for +* On Intel Haswell platform (Intel 4th gen), vendor firmware is available for memory controller initialisation, called the Intel *MRC* or System Agent. We previously included this in Libreboot; nowadays, we have free initialisation code written by Angel Pons. The libre code, called NRI (Native RAM @@ -207,12 +204,12 @@ examples of how this very policy is implemented in Libreboot: operating of a free operating system. FREEDOM CATALOG -=============== +-------------- A *[freedom status](../freedom-status.md)* page should also be made available, educating people about the software freedom status on each machine supported by the Libreboot build system. Please read: -[Software and hardware freedom status for each mainboard supported by +[Software and hardware freedom status for each motherboard supported by Libreboot](../freedom-status.md). It is desirable to see a world where all hardware and software is libre, under @@ -242,15 +239,59 @@ exist, for example, the work done by Sam Zeloof and the Libre Silicon project: (Sam literally makes CPUs in his garage) -Why? -==== +More detailed insight about microcode +--------------------------------- -This next section previously existed in a less than diplomatic manner. It -has been restored, as of August 2024, because the wisdom that it provides is -important, yet being respectful of our friends in Massachussets is also -a good thing to do, where feasible. This section was previously deleted, as -a gesture of good will to those people, but it can't not be here, so without -further ado: +To be clear: it is preferable that microcode be free. +Not including CPU microcode updates is an absolute disaster for system +stability and security, so Libreboot *includes microcode updates by default, in +all modern release images, where possible to do so*. + +The CPU already has microcode burned into mask ROM. The microcode configures +logic gates in the CPU, to implement an instruction set, via special *decoders* +which are fixed-function; it is not possible, for example, to implement a RISCV +ISA on an otherwise x86 processor. It is only possible for the microcode to +implement x86, or *broken* x86, and the default microcode is almost always +*broken x86* on Intel/AMD CPUs; it is inevitable, due to the complexity of +these processors. + +These processors provide a way to supply microcode *updates*. These updates +are volatile, and consequently must be applied during every boot cycle. The +updates fix stability/reliability/security bugs, and their *absence* +is *technically incorrect*, so you are strongly advised to install them. +Examples of where these updates fix bugs: on ASUS KCMA-D8/KGPE-D16 +and ThinkPad X200/T400/T500/W500/X200T/X200/R500/X301, the updates make +hardware-based virtualization (via `kvm`) completely stable, where it would +otherwise lead to a kernel panic. They allow those same thinkpads to be run with +high CPU usage and I/O (RAM usage), without crashing (otherwise, it's very +likely to encounter a kernel panic caused by a *Machine Check Exception*). + +Not including these updates will result in an unstable/undefined state. Intel +themselves define which bugs affect which CPUs, and they define workarounds, or +provide fixes in microcode. Based on this, software such as the Linux kernel +can work around those bugs/quirks. Also, upstream versions of the Linux kernel +can update the microcode at boot time (however, it is recommend still to do it +from coreboot, for more stable memory controller initialization or “raminit”). +Similar can be said about AMD CPUs. + +Once upon a time, Libreboot *excluded* microcode updates by default, but this +lead to broken behaviour. Here are some examples: + + + + + +These patches revert *bug fixes* in coreboot, fixes that happen to break other +functionality but only when microcode updates are excluded. The most +technically correct solution is to *not* apply the above patches, and instead +supply microcode updates! + +You *need* microcode updates, or you will have a broken CPU; broken, because +it literally behaves differently than it's supposed to, so software will have +unpredictable bugs that could even cause data corruption - or worse. + +Why was this page written? +---------------------------- Firstly, observe the following graphic: @@ -282,7 +323,7 @@ You may ask: should the other firmwares be free too? The answer is **yes**, but it's complicated: it's not always practical to even study those firmwares. For example, there are so many webcams out there, so many SSDs, so many devices all doing the same thing, but implemented differently. Coreboot is already -hard enough, and there are so many mainboards out there. +hard enough, and there are so many motherboards out there. For example: every SSD has its own controller, and it has to do a lot of error correction at great speed, to mitigate the inherent unreliability of @@ -329,7 +370,7 @@ that stores it, and it makes research/development more expensive; having an easy software update mechanism allows bugs to be fixed more quickly, during development and post-release, thus reducing costs. This saves the industry *billions*, and it is actually of benefit to the free software -community, because it makes reverse engineering easier, and it makes +movement, because it makes reverse engineering easier, and it makes actually updating the firmware easier, so more proprietary software can actually be *replaced with free software*. If some standard interface exists, for the firmware, then that makes reverse engineering easier *across many @@ -402,8 +443,8 @@ proprietary software at all, but in order to have less of it, we have to have more - for now. Let's take an extreme example: what if coreboot was entirely binary blobs -for a given mainboard? Coreboot itself only initialises the hardware, and -jumps to a payload in the flash; in this case, the payload (e.g. GNU GRUB) +for a given motherboard? Coreboot itself only initialises the hardware, and +jumps to a payload in the flash; in this case, the payload (e.g. GRUB) would still be free software. Surely, all free firmware would be better, but this is still an improvement over the original vendor firmware. The original vendor firmware will have non-free boot firmware *and* its analog @@ -425,7 +466,7 @@ accept blobs, and *not* talk about them. In Libreboot, it's the exact opposite: we make sure you know about them, and tell you that they are bad, and we say that they should be fully replaced. -Unlike some in the community, we even advocate for free software in cases +Unlike certain types of people, we even advocate for free software in cases where the software can't actually be replaced. For example: the RP2040 Boot ROM is free software, with public source code: diff --git a/site/news/policy.md.description b/site/news/policy.md.description new file mode 100644 index 0000000..f0d0ebf --- /dev/null +++ b/site/news/policy.md.description @@ -0,0 +1 @@ +Libreboot project Binary Blob Reduction Policy, which pertains to the handling of vendor code. Libreboot provides exclusively free software, when possible. diff --git a/site/news/policy.uk.md b/site/news/policy.uk.md index a808979..7e1d7a4 100644 --- a/site/news/policy.uk.md +++ b/site/news/policy.uk.md @@ -3,7 +3,7 @@ % 4 січня 2022 року (оновлено 15 листопада 2022 року) Вступ -============ +----- У цій статті описано *принципи*, які керують проектом Libreboot. Щоб отримати інформацію про те, *як ці принципи застосовуються на практиці*, прочитайте @@ -30,7 +30,7 @@ coreboot*, приблизно так само, як *Alpine Linux* є дистр ви можете звернутися до [документації системи збірки Libreboot](../docs/maintain/). Поточний обсяг проекту -===================== +---------------------- Проект libreboot стосується того, що входить до основної мікросхеми завантажувальної флеш-пам'яті, але є й інші компоненти мікропрограми, які слід взяти до уваги, про що йдеться @@ -42,8 +42,7 @@ coreboot*, приблизно так само, як *Alpine Linux* є дистр * Прошивка жорстких дисків/твердотілих накопичувачів * Прошивка Intel Management Engine / AMD PSP -Що таке двійковий блоб? ----------------------- +### Що таке двійковий блоб? Двійковий блоб у цьому контексті - це будь-який виконуваний файл, для якого не існує вихідного коду, який ви не можете досліджувати та змінювати розумним чином. За визначенням, @@ -56,10 +55,9 @@ coreboot*, приблизно так само, як *Alpine Linux* є дистр Для інформації про Intel Management Engine та AMD PSP зверніться до поширених запитань. Політика *зменшення* блобів -======================= +--------------------------- -Конфігурації за замовчуванням ----------------------- +### Конфігурації за замовчуванням Coreboot, на якому Libreboot базується, є здебільшого вільним програмним забезпеченням, але на деяких платформах вимагає двійкових блобів. Найпоширенішим прикладом може бути raminit @@ -120,8 +118,7 @@ Libreboot вирішує цю ситуацію *суворо* та *принци розробниками coreboot, виступаючи в якості важливого *містка* між *ним* і нетехнічними людьми, яким просто потрібна допомога, щоб розпочати роботу. -Налаштування -------------- +### Налаштування Наведені вище принципи мають застосовуватися до конфігурацій *за замовчуванням*. Однак libreboot має бути *конфігурованим*, дозволяючи користувачеві робити все, що заманеться. @@ -136,7 +133,7 @@ Libreboot вирішує цю ситуацію *суворо* та *принци доступним для нетехнічних користувачів. КАТАЛОГ СВОБОДИ -=============== +--------------- Також має бути доступна сторінка *[статусу блобів](../freedom-status.uk.md)*, яка інформуватиме людей про статус бінарних блобів на кожній машині, що @@ -171,15 +168,59 @@ Libreboot вирішує цю ситуацію *суворо* та *принци (Сем буквально виробляє процесори в своєму гаражі) -Why? -==== +More detailed insight about microcode +------------------------------------- -This next section previously existed in a less than diplomatic manner. It -has been restored, as of August 2024, because the wisdom that it provides is -important, yet being respectful of our friends in Massachussets is also -a good thing to do, where feasible. This section was previously deleted, as -a gesture of good will to those people, but it can't not be here, so without -further ado: +To be clear: it is preferable that microcode be free. +Not including CPU microcode updates is an absolute disaster for system +stability and security, so Libreboot *includes microcode updates by default, in +all modern release images, where possible to do so*. + +The CPU already has microcode burned into mask ROM. The microcode configures +logic gates in the CPU, to implement an instruction set, via special *decoders* +which are fixed-function; it is not possible, for example, to implement a RISCV +ISA on an otherwise x86 processor. It is only possible for the microcode to +implement x86, or *broken* x86, and the default microcode is almost always +*broken x86* on Intel/AMD CPUs; it is inevitable, due to the complexity of +these processors. + +These processors provide a way to supply microcode *updates*. These updates +are volatile, and consequently must be applied during every boot cycle. The +updates fix stability/reliability/security bugs, and their *absence* +is *technically incorrect*, so you are strongly advised to install them. +Examples of where these updates fix bugs: on ASUS KCMA-D8/KGPE-D16 +and ThinkPad X200/T400/T500/W500/X200T/X200/R500/X301, the updates make +hardware-based virtualization (via `kvm`) completely stable, where it would +otherwise lead to a kernel panic. They allow those same thinkpads to be run with +high CPU usage and I/O (RAM usage), without crashing (otherwise, it's very +likely to encounter a kernel panic caused by a *Machine Check Exception*). + +Not including these updates will result in an unstable/undefined state. Intel +themselves define which bugs affect which CPUs, and they define workarounds, or +provide fixes in microcode. Based on this, software such as the Linux kernel +can work around those bugs/quirks. Also, upstream versions of the Linux kernel +can update the microcode at boot time (however, it is recommend still to do it +from coreboot, for more stable memory controller initialization or “raminit”). +Similar can be said about AMD CPUs. + +Once upon a time, Libreboot *excluded* microcode updates by default, but this +lead to broken behaviour. Here are some examples: + + + + + +These patches revert *bug fixes* in coreboot, fixes that happen to break other +functionality but only when microcode updates are excluded. The most +technically correct solution is to *not* apply the above patches, and instead +supply microcode updates! + +You *need* microcode updates, or you will have a broken CPU; broken, because +it literally behaves differently than it's supposed to, so software will have +unpredictable bugs that could even cause data corruption - or worse. + +Why was this page written? +------------------------- Firstly, observe the following graphic: @@ -211,7 +252,7 @@ You may ask: should the other firmwares be free too? The answer is **yes**, but it's complicated: it's not always practical to even study those firmwares. For example, there are so many webcams out there, so many SSDs, so many devices all doing the same thing, but implemented differently. Coreboot is already -hard enough, and there are so many mainboards out there. +hard enough, and there are so many motherboards out there. For example: every SSD has its own controller, and it has to do a lot of error correction at great speed, to mitigate the inherent unreliability of @@ -258,7 +299,7 @@ that stores it, and it makes research/development more expensive; having an easy software update mechanism allows bugs to be fixed more quickly, during development and post-release, thus reducing costs. This saves the industry *billions*, and it is actually of benefit to the free software -community, because it makes reverse engineering easier, and it makes +movement, because it makes reverse engineering easier, and it makes actually updating the firmware easier, so more proprietary software can actually be *replaced with free software*. If some standard interface exists, for the firmware, then that makes reverse engineering easier *across many @@ -331,8 +372,8 @@ proprietary software at all, but in order to have less of it, we have to have more - for now. Let's take an extreme example: what if coreboot was entirely binary blobs -for a given mainboard? Coreboot itself only initialises the hardware, and -jumps to a payload in the flash; in this case, the payload (e.g. GNU GRUB) +for a given motherboard? Coreboot itself only initialises the hardware, and +jumps to a payload in the flash; in this case, the payload (e.g. GRUB) would still be free software. Surely, all free firmware would be better, but this is still an improvement over the original vendor firmware. The original vendor firmware will have non-free boot firmware *and* its analog @@ -354,7 +395,7 @@ accept blobs, and *not* talk about them. In Libreboot, it's the exact opposite: we make sure you know about them, and tell you that they are bad, and we say that they should be fully replaced. -Unlike some in the community, we even advocate for free software in cases +Unlike certain types of people, we even advocate for free software in cases where the software can't actually be replaced. For example: the RP2040 Boot ROM is free software, with public source code: diff --git a/site/news/ports202402.md b/site/news/ports202402.md index a34c639..a3d5481 100644 --- a/site/news/ports202402.md +++ b/site/news/ports202402.md @@ -4,13 +4,13 @@ Libreboot is a free/open source BIOS/UEFI replacement, providing boot firmware that initialises the hardware in your computer, to then load an operating system (e.g. Linux/BSD). It provides many additional benefits such as fast boot speeds, greater security and greater customisation, but the *primary* benefit is [software freedom](https://writefreesoftware.org/learn). -Libreboot has had a slew of new mainboards added recently. The work doesn't +Libreboot has had a slew of new motherboards added recently. The work doesn't stop. Many more will be added, for the next Libreboot release. The boards are: Dell OptiPlex 7020 and 9020 (MT and SFF) -======================================== +----------------------------------------- See: [Dell OptiPlex 9020 SFF/MT (and 7020)](../docs/install/dell9020.html) @@ -19,13 +19,13 @@ upgrade options available. Notably, it is a *desktop* computer, available as *SFF* (similar to ITX) and *MT* (ATX) variants. It is also also sold with [Libreboot preinstalled](https://minifree.org/product/libreboot-9020/); -I sell these machines preinstalled, aswell as several others, to raise funds +I sell these machines preinstalled, as well as several others, to raise funds for the Libreboot project. Profits from Minifree sales directly fund the Libreboot project. I added this myself recently, based on patches from coreboot Gerrit. HP EliteBook 8560w -================== +------------------ Riku Viitanen added this recently. See: [HP EliteBook 8560w](../docs/install/hp8560w.html). @@ -40,7 +40,7 @@ we don't need to do anything there except load the VGA option ROM from SeaBIOS. However, on these EliteBooks, it must be provided in the boot flash. A *lot* more Dell Latitudes -=========================== +--------------------------- Nicholas Chin recently added these Dell Latitudes (of Sandybridge and Ivybridge platforms) to Libreboot: diff --git a/site/news/ports202402.md.description b/site/news/ports202402.md.description new file mode 100644 index 0000000..44c2d44 --- /dev/null +++ b/site/news/ports202402.md.description @@ -0,0 +1 @@ +A number of new motherboards were added to Libreboot. Libreboot is a coreboot distro, providing payloads such as the GNU boot loader named GRUB, by default. diff --git a/site/news/revisions.md b/site/news/revisions.md new file mode 100644 index 0000000..f30c2eb --- /dev/null +++ b/site/news/revisions.md @@ -0,0 +1,157 @@ +% NEW Libreboot 2025 release schedule +% Leah Rowe +% 9 May 2025 + +**THIS REPLACES THE [original 2025 release schedule](schedule.md).** + +This policy change was enacted on 9 May 2025. The original plan was to +have April/June and October/December releases each for, for testing and +stable releases respectively, but this is pointless. + +Instead, we will have stable releases in June and December each year, and +any releases in-between will either be a revision to the current stable +release, or an RC to the next release. + +RC (release candidate) releases, when they are made, will later be deleted +when a new RC comes out, or the next main stable release comes out. This is +more logical, and essentially the same as the original plan, except that +we will then no longer have old testing releases lingering on the rsync +server, moving forward. + +To make everything clear, the next sections will clarify this in detail +anyway, as the original release schedule article did: + +RC/Stable release cycle +---------------------------- + +These rules shall govern Libreboot release cycles, in the year 2025 and in +years beyond 2025. + +### June and December + +In other words, the following Libreboot releases will come out in 2025: + +* Libreboot 25.06 (stable release) +* Libreboot 25.12 (stable release) + +A [Libreboot 25.04](libreboot2504.md) release was also made, under the +previous plan. It won't actually be renamed, but you might now therefore +regard that as an RC to the 25.06 release. + +A general rule of thumb is that an RC should be made no later than about two +to three months before the stable release, with many RC revisions made +throughout, until it is replaced by the real stable release. + +For example, an RC release might come out in March of a given year, and that +would continue to be refined until it got replaced by the June release. The +same logic applies for September to December. + +Aggressive development periods can continue throughout. + +Each release series will get its own branch; the 25.06 release will have +the `25.06_branch` branch on the Git repository of lbmk. We currently, at +the time of this article, have a `25.04_branch` branch; this will later branch +off to `25.06_branch`, as soon as the next commits go into it. + +Releases will have codenames too; please read further down this article, for +information about that. The April 2025 release, Libreboot 25.04, was: +Libreboot 25.04 "Corny Calamity". + +Corny Calamity won't be the codename for Libreboot 25.06; the June 2025 +release will be named *Luminous Lemon*. + +### Rules for revisions + +RC releases come out two to three months before stable; any number of +non-breaking or otherwise relatively safe changes can be made. In practise, +the master branch of lbmk mostly uses a branchless development model anyway. + +In practise, what this means is that there will be a feature freeze a little +while before a given stable release, but only in that release's own branch; +the master branch can continue to receive aggressive development. + +For example, if a major new feature is being done in the master branch that +won't be ready for the next release, that's OK, it can continue in master, +because the release will have its own branch anyway. + +### Post-stable revisions + +Revision releases can be made *after* a stable release comes out. A pre-release +RC (release candidate) shall have `rc` in it, for example `25.06rc1` commit +tag. If `25.06` then came out, a stable release, and later a new update to it +would be made, the first update release would be tagged as `25.06rev1`. + +Stable release revisions must not fundamentally alter the substance of a given +stable release, relative to first release. Essentially, any revisions to stable +releases post-release will be critical bug fixes; in a few cases, special +additions will be made when desirable and safe (e.g. Pico 2 support was added +to Libreboot 20241206 post-release, in the revision 8 update from 2025-01-06). + +Revisions made to a stable release, after the RC phase, must basically only +be critical bug fixes and especially security fixes. Any change of substance +should go into the master branch and/or the branch for the next release. + +### Why? + +In the past, a problem Libreboot has had was that we'd do testing releases, +but not do revisions on them; then by the time a stable release came around, +some upstream revisions would be about 4-6 months out of date (typically). + +With this new formalised structure, we can be as close to upstream as possible +by the time of each stable release, for each given upstream e.g. coreboot. + +This release schedule will also provide greater opportunity for coverage of +Libreboot releases, since people know then what to expect and what dates to +put in their calendars. + +This decision is part of a much larger initiative to boost Libreboot's +popularity and therefore use within the free software world. + +Release version numbers +----------------------- + +### Libreboot YY.MM releases + +Libreboot YYYYMMDD was the previous version number scheme. + +The new scheme is: Libreboot YY.MM + +For example, the April 2025 release was Libreboot 25.04. This was a one-off +release, under the [previous 2025 schedule](schedule.md). + +The new release scheme is better, because we presently need to start release +builds early in the morning to ensure (given build time and possible errors +to be fixed) that they are released on the day. For example, a 20250404 release +would have to come out on April 4th, so if it finished compiling on April 5th, +it would become Libreboot 20250405 under the previous scheme. + +With this new scheme, and given Libreboot's expansion plans, it won't matter +even if a release build takes 2 days to complete, because the day of the month +will no longer be included in a given release number. + +### Y2.1k compliance + +If Libreboot still exists in the year 2100, then those releases will be +e.g. Libreboot 100.04 for April 2100 release. + +It could happen. Even if I'm no longer around by then, Libreboot might still be. + +### Release codenames + +The release codename for Libreboot 25.04 will be "Corny Calamity", which is a +nod of respect to an equally gutsy release codename that *Fedora* used in +one of their releases (Beefy Miracle!). + +The rules for Libreboot release codenames are: two words, each starting with +the same letter. + +### TL DR + +This is basically the same as the original 2025 release schedule, except +that we won't have testing releases anymore; we will have RC releases, and RC +releases will not stay on rsync forever. Therefore, each year, Libreboot +will only have two new sets of release tarballs uploaded to its servers, +instead of four. This is more efficient. + +So in substance, this is the same but re-fashioned to make the project cheaper +to run. diff --git a/site/news/safety.md b/site/news/safety.md index c748973..14ce48f 100644 --- a/site/news/safety.md +++ b/site/news/safety.md @@ -2,18 +2,59 @@ % Leah Rowe % 7 July 2023 +UPDATE 2025-01-03: New safety features +------------------- + +NOTE: This page is mostly completely obsolete, as of 3 January 2025; changes +made in the vendor inject script for Libreboot 20241206 rev8 or higher (and +releases newer than the 20241206 series) make the script almost completely +safe to use, as described in the section pertaining to this on +the [main guide](../docs/install/ivy_has_common.md). + +To summarise, those new safety features are as follows: + +* Newer release ROMs (20241206rev8 or higher, or releases newer than 20241206 + series) have 1-byte padding on non-inject images, to trigger an error in + flashprog due to a size mismatch versus chip size, and they have the + words `DO_NOT_FLASH` in the image file names. (older release images don't + have this, so watch out) +* Injects directly into the *tarballs*, and replaces the given tarball with + one containing the injected images. Older versions left the tarball + untouched and outputted images to `bin/release/` (directory), whereas many + users wrongly believed they could use the tarball; the new version therefore + adheres accordingly to the user's natural expectation, in this regard. +* Avoids replacing the tarball, where errors are observed, and prints much more + pedantic error messages, to let the user know that they must *stop* and take + note. + +With this in mind, the original article written below is largely obsolete, and +the steps below (which would require extreme over-engineering) are probably not +going to be implemented. + +Now, continue reading the article below, if you wish! + +NOTE: The sections in the article below are *still* important to read, so please +do read it, and note that **you must +still [insert vendor files](../docs/install/ivy_has_common.md) regardless, +prior to Libreboot installation, if required on your board.** + +Article +------ + **Please also follow this guide if using Dell Latitude laptops.** **If unsure, just follow this guide. If you follow this guide on a board that does not need vendor files, the resulting ROM images will be identical and therefore nothing will have happened. The inject script is designed to insert -certain files, only if required on a given mainboard.** +certain files, only if required on a given motherboard.** -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. +The reason why was explained, in +the [Libreboot 20240225 release](libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** Introduction -============ +------------- **UPDATE (21 August 2023): None of the proposals below have yet been implemented, and this page is still relevant for Libreboot 20231021. It applies @@ -23,18 +64,17 @@ to any system that requires vendor code to be inserted inside ROM images.** 20240612, 20241008 and 20241206) **UPDATE (16 August 2023): This also applies to the recently added Dell -Precision T1650 mainboard.** +Precision T1650 motherboard.** As I write this post, [Libreboot 20230625](libreboot20230625.md) recently came out. There's technically nothing unsafe about the release itself, but certain -users have been bricking their machines, on the following mainboards: +users have been bricking their machines, on the following motherboards: * Sandybridge platforms (e.g. ThinkPad X220, T420) * Ivybridge platforms (e.g. ThinkPad X230, T430) * Haswell platforms (e.g. ThinkPad T440p, W541, OptiPlex 9020) -Why? ----- +### Why? On these platforms, the following binary vendor files are required: @@ -62,7 +102,7 @@ Instructions are given here, for how to insert these files on release ROMs: [Insert vendor files on Sandybridge/Ivybridge/Haswell](../docs/install/ivy_has_common.md) The linked guide makes use of vendor scripts, that -handles *all* firmwares, automatically for each given mainboard. It can +handles *all* firmwares, automatically for each given motherboard. It can automatically download and insert all of the following: * Intel ME firmware @@ -75,8 +115,7 @@ automatically download and insert all of the following: More information is available in the guide. -What can be done to reduce the risk? ------------------------------------- +### What can be done to reduce the risk? Like I said, there's technically nothing wrong with recent Libreboot releases. @@ -86,8 +125,7 @@ prominently displayed. Such warnings are now littered all throughout the Libreboot documentation, even mentioned in bold lettering at the top of the downloads page, so there's no way a user can miss it. -Other mitigations considered ------------------------------ +### Other mitigations considered See: @@ -111,8 +149,8 @@ BIOS region is coreboot. Per the issue page, I intend to implement the following regime in future Libreboot releases, on the affected machines: -* If BIOS region blob-free (no MRC/EC firmware needed): set IFD, GbE and BIOS - regions read-write by default, but lock the ME region. +* BIOS region doesn't need vendor files (no MRC/EC firmware needed): set IFD, + GbE and BIOS regions read-write by default, but lock the ME region. * If BIOS region requires vendor files: set IFD and GbE regions read-write by default, but lock the ME and BIOS regions. diff --git a/site/news/safety.md.description b/site/news/safety.md.description new file mode 100644 index 0000000..7224887 --- /dev/null +++ b/site/news/safety.md.description @@ -0,0 +1 @@ +Safety instructions pertaining to installation of Libreboot free/opensource BIOS/UEFI firmware. diff --git a/site/news/schedule.md b/site/news/schedule.md new file mode 100644 index 0000000..7f8d24f --- /dev/null +++ b/site/news/schedule.md @@ -0,0 +1,127 @@ +% Formalised Libreboot 2025 release schedule +% Leah Rowe +% 17 January 2025 + +**THIS RELEASE SCHEDULE IS OBSOLETE. PLEASE READ +THE [NEW SCHEDULE](revisions.md) instead - there will instead be just TWO +releases annually, and a Release Candidate stage will be used. Therefore, +the Libreboot 25.04 release, which did come out, might instead be +considered Libreboot 25.06 RC1 - except an actual RC1 is planned, so just +think of it as RC0 instead!.** + +TL DR, the new schedule is basically the same as below, but only a June and +December release will be done; releases in-between will be either a revision +release to the previous release, or an RC to the next release. + +This policy change was enacted on 9 May 2025. + +And now, the original article: + +Libreboot releases will now be on a much stricter timeline than in the past. + +Testing/Stable release cycle +---------------------------- + +### April/June and October/December + +As alluded to in the Libreboot 20241206 release, a new release schedule is +planned for 2025 onward: + +* April/October will be for testing releases. +* June/December will be for stable releases. + +In other words, the following Libreboot releases will come out in 2025: + +* Libreboot 25.04 (testing release) +* Libreboot 25.06 (stable release) +* Libreboot 25.10 (testing release) +* Libreboot 25.12 (stable release) + +So, two testing releases and two stable releases. Each release can have any +number of revisions, whereby the tarballs are re-generated and re-uploaded, +replacing old ones, as was done on the 20241206 and 20240612 +releases. + +Releases will have codenames too; please read further down this article, for +information about that. The April 2025 release will +be: Libreboot 25.04 "Corny Calamity". + +This .4, .6, .10 and .12 scheme will continue in 2026 and beyond. + +### Rules for revisions + +Testing releases come out two months before stable; any number of non-breaking +or otherwise relatively safe changes can be made, and testing releases will +stop receiving new revisions about 3-4 weeks before the stable release. Any +number of improvements can be made, including massive updating of upstream +code revisions. + +Stable release revisions must not fundamentally alter the substance of a given +stable release, relative to first release. Essentially, any revisions to stable +releases post-release will be critical bug fixes; in a few cases, special +additions will be made when desirable and safe (e.g. Pico 2 support was added +to Libreboot 20241206 post-release, in the revision 8 update from 2025-01-06). + +### Why? + +In the past, a problem Libreboot has had was that we'd do testing releases, +but not do revisions on them; then by the time a stable release came around, +some upstream revisions would be about 4-6 months out of date (typically). + +With this new formalised structure, we can be as close to upstream as possible +by the time of each stable release, for each given upstream e.g. coreboot. + +This release schedule will also provide greater opportunity for coverage of +Libreboot releases, since people know then what to expect and what dates to +put in their calendars. + +This decision is part of a much larger initiative to boost Libreboot's +popularity and therefore use within the free software world. + +Release version numbers +----------------------- + +### Libreboot YY.MM releases + +Libreboot YYYYMMDD was the previous version number scheme. + +The new scheme is: Libreboot YY.MM + +For example, the April 2025 release will be Libreboot 25.04. + +The new release scheme is better, because we presently need to start release +builds early in the morning to ensure (given build time and possible errors +to be fixed) that they are released on the day. For example, a 20250404 release +would have to come out on April 4th, so if it finished compiling on April 5th, +it would become Libreboot 20250405 under the previous scheme. + +With this new scheme, and given Libreboot's expansion plans, it won't matter +even if a release build takes 2 days to complete, because the day of the month +will no longer be included in a given release number. + +### Y2.1k compliance + +If Libreboot still exists in the year 2100, then those releases will be +e.g. Libreboot 100.04 for April 2100 release. + +It could happen. Even if I'm no longer around by then, Libreboot might still be. + +### Release codenames + +The release codename for Libreboot 25.04 will be "Corny Calamity", which is a +nod of respect to an equally gutsy release codename that *Fedora* used in +one of their releases (Beefy Miracle!). + +The rules for Libreboot release codenames are: two words, each starting with +the same letter. + +Credit +------ + +[Jane Arkanian](https://janethemotherfucker.github.io/) was the one who suggested +to me that I use this new release number and codename scheme, and I previously +came up with the plan to use an April/June and October/December testing/stable +release schedule. + +Jane also came up with the codename that I've decided to use for +the June 2025 stable release - stay tuned! diff --git a/site/news/schedule.md.description b/site/news/schedule.md.description new file mode 100644 index 0000000..7d6a057 --- /dev/null +++ b/site/news/schedule.md.description @@ -0,0 +1 @@ +Libreboot adopted a new release schedule in 2025, with more consistent version numbering and release codenames. Two stable and two testing releases annually. diff --git a/site/news/sourcehut.md.description b/site/news/sourcehut.md.description new file mode 100644 index 0000000..f8bb3f4 --- /dev/null +++ b/site/news/sourcehut.md.description @@ -0,0 +1 @@ +Libreboot is now officially available on SourceHut, including mailing lists. diff --git a/site/news/translations.de.md b/site/news/translations.de.md index f0b9836..8f7a0be 100644 --- a/site/news/translations.de.md +++ b/site/news/translations.de.md @@ -13,7 +13,7 @@ HTML Seiten. Die Seite die Du gerade liest wurde auf diese Weise erstellt! Vorbereitung -=============== +-------------------- Die Libreboot Webseite ist verfügbar, in Markdown, über ein Git Repository:\ @@ -34,9 +34,8 @@ dort jedesmal vermerken wenn ich Änderungen an der Seite vornehme, und zeigen wo diese Änderungen dann auf übersetzten Seiten erledigt werden müssen für jede Seite die ich ändere. - Wie übersetzt man libreboot.org -============================== +------------------------ Die Dokumentation auf erläutert wie Du Übersetzungen handhaben kannst. diff --git a/site/news/translations.de.md.description b/site/news/translations.de.md.description new file mode 100644 index 0000000..b6a1ed1 --- /dev/null +++ b/site/news/translations.de.md.description @@ -0,0 +1 @@ +Instructions for how to translate the Libreboot website. diff --git a/site/news/translations.md b/site/news/translations.md index 3ae0c7c..42e15a9 100644 --- a/site/news/translations.md +++ b/site/news/translations.md @@ -1,8 +1,11 @@ -% Translations wanted +% Translations wanted for the Libreboot website % Leah Rowe % 4 January 2022 -The libreboot website is currently only available in English. +Libreboot wants *you* +--------------------- + +Most of the Libreboot website is currently only available in English. I've recently added support for translations to the [Untitled Static Site Generator](https://untitled.vimuser.org/), which the @@ -12,7 +15,7 @@ this software generates HTML pages. This very page that you are reading was created this way! Getting started -=============== +--------------- The libreboot website is available, in Markdown, from a Git repository:\ @@ -32,7 +35,7 @@ where these changes need to then be performed in translated versions of each page that I change. How to translate libreboot.org -============================== +------------------------------- The documentation on tells you how to handle translations. diff --git a/site/news/translations.md.description b/site/news/translations.md.description new file mode 100644 index 0000000..bc531c8 --- /dev/null +++ b/site/news/translations.md.description @@ -0,0 +1 @@ +Translations needed for the Libreboot website. Learn how you can create and submit translations for the Libreboot project website. diff --git a/site/news/update202308.md b/site/news/update202308.md index df1664d..f4112b9 100644 --- a/site/news/update202308.md +++ b/site/news/update202308.md @@ -12,12 +12,11 @@ To receive these updates, you must use Git for now. See: [how to download Libreboot from Git](../git.md) Introduction -============ +-------------- -SeaBIOS and GRUB updates ------------------------- +### SeaBIOS and GRUB updates -For *all* mainboards that provide GRUB or SeaBIOS revisions, new versions of +For *all* motherboards that provide GRUB or SeaBIOS revisions, new versions of these payloads are now used in Libreboot, as implemented by these patches: * GRUB is now on version 2.12-rc1 from 10 July 2023, where previously it was on @@ -27,8 +26,7 @@ these payloads are now used in Libreboot, as implemented by these patches: a 20 January 2023 revision. Patch: -Coreboot update ---------------- +### Coreboot update The `default` cbtree is now based upon coreboot from 2 August 2023, where previously it was based upon coreboot from 17 February 2023. Patch: @@ -58,14 +56,13 @@ tree (libre MRC on T440p/W541), `cros` (gru chromebooks) and `fam15h` trees used on KGPE-D16/KCMA-D8/KFSN4-DRE have not yet been updated. Testing needed! -=============== +--------------- I want to get as much testing done now as possible, ready for the next release, which will still be marked as a testing release anyway; the next stable release is a long way off, as much new work is planned for Libreboot. -Apply to become a tester ------------------------- +### Apply to become a tester If you wish to provide such testing, please read the following page: @@ -77,14 +74,12 @@ need to know. Coreboot tends to audit very carefully and updates are usually smooth, but testing is one of Libreboot's main purposes, to provide stable releases based on coreboot. -How to download ---------------- +### How to download To receive these updates, you must use Git for now. See: [how to download Libreboot from Git](../git.md) -Build from source ------------------ +### Build from source This update, since it is not yet available pre-compiled in a release, must be compiled from source. See: diff --git a/site/news/update202308.md.description b/site/news/update202308.md.description new file mode 100644 index 0000000..9d99d83 --- /dev/null +++ b/site/news/update202308.md.description @@ -0,0 +1 @@ +Upstream code revisions in Libreboot, as of August 2023, for example the GNU boot loader named GRUB was updated. diff --git a/site/news/usa-libre-part2.md b/site/news/usa-libre-part2.md index ae1a874..e787b16 100644 --- a/site/news/usa-libre-part2.md +++ b/site/news/usa-libre-part2.md @@ -2,8 +2,8 @@ % Leah Rowe % 12 February 2023 -Introduction -============ +Free software in your government? +-------------------------- This article makes use of the term *libre software*, which has the same meaning as more popular terms such as *open source software* @@ -38,8 +38,7 @@ With your help, libre software could suddenly find itself in a much stronger position, with more users and more developers, encouraged by such positive changes. -When, who, what and where? ------------------- +### When, who, what and where? Eric Gallager, the representative behind the previous bill, has continued his efforts and now has a new hearing for the following bill very soon: @@ -59,8 +58,7 @@ the bill, and to defend it against any opposition. The bill's hearing shall take place in room 306-308. -Who to contact --------------- +### Who to contact Eric Gallager is the representative in charge of the proposed bill, and you can contact him in the following ways: @@ -76,7 +74,7 @@ to its proprietary nature - use Mastodon or email if you can): \ Why should you support this bill? -================================= +------------------------------ If this newly proposed bill is passed, it will provide the libre software movement a *foot in the door*, that could lead to greater reform at a later @@ -174,7 +172,7 @@ or Apple's profits. No, I'm referring to *yours*. With libre software, *you* have the freedom to make real money; I'm just one of many examples of people who do just that. With *software freedom*, you can take existing technology and build something completely new that becomes the Next Best Thing; everyone -else has this freedom aswell, and people share knowledge freely because of the +else has this freedom as well, and people share knowledge freely because of the culture that type of world inspires. It's the world we live in, now. The people of New Hampshire will benefit greatly, if such freedoms are diff --git a/site/news/usa-libre-part2.md.description b/site/news/usa-libre-part2.md.description new file mode 100644 index 0000000..32b6a46 --- /dev/null +++ b/site/news/usa-libre-part2.md.description @@ -0,0 +1 @@ +Free and open source software in your government. diff --git a/site/news/usa-libre-part3.md b/site/news/usa-libre-part3.md index b599878..4e1d7a3 100644 --- a/site/news/usa-libre-part3.md +++ b/site/news/usa-libre-part3.md @@ -3,7 +3,7 @@ % 20 February 2023 Introduction -============ +------------ You may recall last year's article: [New Hampshire (USA) may soon enshrine Software Freedom into law](usa-libre.md) - a proposed bill, if it passed, @@ -26,15 +26,14 @@ contact your house representative, and ask them to support this bill! This web page can let you find who your representative is:\ * -Can't attend? -------------- +### Can't attend? That's OK! You can still help. Please tell as many people about this as possible, and spread the news on as many websites/blogs as possible. Post it on your social media account, if you have one. Write to the media! When and where? -=============== +--------------- **This bill's hearing is on 21 February 2023 at 9AM in the Legislative Office Building, 33 N. State Ct., Concord, New Hampshire:**\ @@ -48,7 +47,7 @@ the goal of the movement, and that of the Libreboot project which is a part of said movement. Who to contact -============== +-------------- Eric Gallager is the representative in charge of the proposed bill, and you can contact him in the following ways: @@ -64,7 +63,7 @@ to its proprietary nature - use Mastodon or email if you can): \ What does house bill 556-FN say? -================================ +-------------------------------- The actual text of the bill is provided here:\ @@ -81,7 +80,7 @@ copyleft versus permissive (BSD-style) licensing, the advancement of *any* libre software on such massive scale will help the entire movement. Live streams -============ +------------ Although not mentioned in previous articles on this agenda, the New Hampshire court building provides live streams of hearings. @@ -99,8 +98,7 @@ Per the text of HB-556, the stream for *that* bill will be on: The links change, for each stream, so you should check them on the day. -Use invidious! --------------- +### Use invidious! The Youtube.com link is provided, above, for the sake of completion. However, you should use an Invidious instance. Invidious acts as a proxy for Youtube, diff --git a/site/news/usa-libre-part3.md.description b/site/news/usa-libre-part3.md.description new file mode 100644 index 0000000..07dbfed --- /dev/null +++ b/site/news/usa-libre-part3.md.description @@ -0,0 +1 @@ +Free Software inside your government. diff --git a/site/news/usa-libre.md b/site/news/usa-libre.md index 2bf5e52..0f9bc9e 100644 --- a/site/news/usa-libre.md +++ b/site/news/usa-libre.md @@ -2,8 +2,8 @@ % Leah Rowe % 8 January 2022 -Introduction -============ +Free software in your government? +---------------------------------- This event of such global importance to libre software projects, and the libre movement as a whole, has made me decide to write an article. **The @@ -36,7 +36,7 @@ of Libreboot is to help users *avoid* proprietary software at the firmware level, whenever feasible. What's happening in New Hampshire? -================================== +--------------------------- An important bill is being proposed in New Hampshire, which would enshrine much of what we know as Open Source *into law*. Here is the proposed bill, @@ -60,7 +60,7 @@ detail. It's not very long. At first glance, it may not seem that the bill affects individuals, but don't be fooled; this is a hugely positive step forward for everyone! If the state is -using Libre Software, that most likely means it'll be used in education aswell. +using Libre Software, that most likely means it'll be used in education as well. Although perhaps not immediately and readily apparent, this is a stake in the heart of proprietary software's current dominance, because it would remove one @@ -115,10 +115,9 @@ which could redefine our movement and give *libre software* real power instead. HOW TO HELP -=========== +------------ -TESTIFY IN SUPPORT OF THE BILL ------------------------------- +### TESTIFY IN SUPPORT OF THE BILL **The reading of the bill is happening on 11 January 2022. This is when you should go to New Hampshire.** @@ -151,8 +150,7 @@ This thread on Twitter is where Eric announced that the reading of the bill is to proceed (original Twitter URL):\ -More states/countries will follow ---------------------------------- +### More states/countries will follow If this bill is passed in New Hampshire, more states will likely follow. It will lead to a massively renewed drive to liberate all computer users, and US @@ -164,8 +162,7 @@ global level. You *must* support this bill. If you want to see it pass, please go to New Hampshire on 11 January 2022 to make sure your voice is heard. -OUR ENEMIES WILL BE THERE -------------------------- +### OUR ENEMIES WILL BE THERE The *proprietary* software companies like Microsoft and Apple will also be there, trying to argue the case *against* the use of Libre Software. @@ -239,14 +236,6 @@ They will try to trick the law makers by claiming things such as: by some external entity; *your* installation of libre software is controlled by *you*. -If you're familiar with the *Matrix* films, proprietary operating systems like -Windows/MacOS are basically like the Matrix; bland, no individuality, no -independent thought, everything tightly controlled. By contrast, libre operating -systems (such as Linux distributions or the BSDs) are like zion/io; vibrant, -full of life, buzzing with activity, everything loose and free, and everyone -is different (a highly diverse culture of people from all walks of life, acting -in common cause but nonetheless individuals). - Meanwhile, Windows is known to have backdoors. Microsoft actively informs the NSA about how to exploit them, so that it can break into people's computers and steal private data. @@ -258,16 +247,3 @@ Defend freedom! Don't listen to any of the arguments against it by proprietary software companies; they don't care about you, and instead only care about profit. They fundamentally do not want you to have any sort of freedom over your own computer, and they actively pursue tactics (such as DRM) to thwart you. - -Microsoft and Apple are not your friends. There is no such thing as the -Windows community. When you use proprietary systems, you are isolated from -everyone around you, and so are they. *You* are the product, for the proprietary -software to exploit at the behest of their developers who only care -about *money*. - -However, there *is* such a thing as the Libre Software community. It is a -vibrant community, consisting of millions of people collectively all over the -world, and they are all free to work with each other infinitely. It gave us -most of the technology that we take for granted today, including *the modern -internet, where ISPs run libre software almost exclusively!* - diff --git a/site/news/usa-libre.md.description b/site/news/usa-libre.md.description new file mode 100644 index 0000000..32b6a46 --- /dev/null +++ b/site/news/usa-libre.md.description @@ -0,0 +1 @@ +Free and open source software in your government. diff --git a/site/news/x201.md b/site/news/x201.md index a9bffff..55239db 100644 --- a/site/news/x201.md +++ b/site/news/x201.md @@ -1,10 +1,10 @@ -% ThinkPad X201 removed from Libreboot +% ThinkPad X201 support removed from Libreboot % Leah Rowe % 12 January 2024 Builds have also been removed from rsync, and build logic has been removed from lbmk. It was discovered that fan controls fail on this -mainboard, when you use a neutered Intel ME image. This issue seems +motherboard, when you use a neutered Intel ME image. This issue seems to only affect these older arrandale machines; the issue was discovered on X201 but probably affects the thinkpad T410, and other mobile arrandale machines. diff --git a/site/news/x201.md.description b/site/news/x201.md.description new file mode 100644 index 0000000..c9ff70a --- /dev/null +++ b/site/news/x201.md.description @@ -0,0 +1,2 @@ +ThinkPad X201 support was removed from Libreboot, due +to thermal safety issues on that board. diff --git a/site/robots.txt b/site/robots.txt index eb05362..53a1aad 100644 --- a/site/robots.txt +++ b/site/robots.txt @@ -1,2 +1,3 @@ +Sitemap: https://libreboot.org/sitemap.xml User-agent: * Disallow: diff --git a/site/sitemap.md.description b/site/sitemap.md.description new file mode 100644 index 0000000..e9d02ce --- /dev/null +++ b/site/sitemap.md.description @@ -0,0 +1 @@ +This page lists every other page on the Libreboot website. diff --git a/site/tasks/index.md b/site/tasks/index.md index 383a767..8b2df59 100644 --- a/site/tasks/index.md +++ b/site/tasks/index.md @@ -1,18 +1,12 @@ --- -title: Jobs that need doing +title: Jobs that need doing in the Libreboot project x-toc-enable: true ... -NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) +**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog) now, as of 27 January 2024, which is a fork of flashrom. - -This page contains a curated list of tasks that are to be worked on, or tasks -that are being worked on. This is intended to complement -the [issue pages](https://codeberg.org/libreboot/lbmk/issues/). - -Many of these entries will pertain to *lbmk*, which is Libreboot's build -system, but some entries may relate to documentation, or organisational -changes. +The reason why was explained, in +the [Libreboot 20240225 release](../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)** If you want to work on some of these yourself, patches are always welcome! Please read the [code review page](../git.md), which provides guidance on @@ -22,7 +16,7 @@ You may also benefit from *assimilating* all knowledge contained in the *[lbmk maintenance manual](../docs/maintain/).* Rockchip RK3588 SoCs in coreboot -================================ +-------------------------------- See: @@ -32,8 +26,7 @@ to coreboot. Also: -Add TF-A support to Libreboot ------------------------------ +### Add TF-A support to Libreboot Yes. We already provide other non-coreboot firmware, such as the serprog images. We even integrate U-Boot, albeit as a coreboot payload with some init @@ -47,7 +40,7 @@ It is essentially an analog of coreboot; coreboot even uses parts of this, on some boards. general auditing -================ +---------------- Libreboot's build system design is already extremely efficient. See: [lbmk build system documentation](../docs/maintain/) @@ -62,77 +55,46 @@ audits are done in Libreboot, see: * [Libreboot build system audit 1](../news/audit.md) * [Libreboot build system audit 2](../news/audit2.md) * [Libreboot build system audit 3](../news/audit3.md) +* [Libreboot build system audit 4](../news/audit4.md) +* [Libreboot build system audit 5](../news/audit5.md) +* [Libreboot build system audit 6](../news/audit6.md) Auditing can often be pedantic, and seem petty. You might commit a patch that -reduces the sloccount by only 1 line, maybe 3, but they all add up. Audit 3 -contained hundreds of changes, small changes, that together accounted for -about 1000 lines of code removed, while not affecting functionality in any way. +reduces the sloccount by only 1 line, maybe 3, but they all add up. -This will always remain on the TODO list, because there will always be a need -for auditing, as is true of any codebase. It is always possible to fix more -bugs or improve a piece of code. As they say: the code is never finished. +I say again: -Port vendor scripts to Heads -============================ - -Ironically, one of the first entries on this page pertains to a competing -project. - -I promised the Heads project that I'd port Libreboot's vendorfile download and -inject scripts to the Heads build system. Libreboot provides these scripts for -automatically downloading certain firmwares at build time, as and when -required for a given mainboard. These are provided by the vendor, e.g. SMSC -SCH5545 Environment Control (EC) firmware used for fan control on Dell -Precision T1650. - -Heads has such logic, but it's not as developed as the logic in Libreboot, -which was originally inspired by the Heads logic and then greatly expanded upon. - -I'm putting this here on the Libreboot TODO page, so that I always see it. And -I'm keeping it at the top of the page. This TODO entry is still relevant to -Libreboot, because it concerns work that I will do in my official capacity, -representing Libreboot while helping the (friendly) competition. - -See: - -Heads is a really cool project, offering Linux-based kexec payloads on -supported hardware. It's another coreboot distro, and their build system design -even works similarly to Libreboot's (though they heavily use Makefiles whereas -Libreboot exclusively uses shell scripts and uses a much simpler design). Heads -provides many advanced security features like measured boot, even things like -TOTP-based authentication using secrets stored in the TPM. - -Very, very, very^2 cool project, and Libreboot has plans to integrate some -of the same functionalitiys within it (see other notes on this page). +Code equals bugs, so fewer lines of code will cause fewer bugs. Interesting board ports -======================= +----------------------- + +**Any board port is interesting. These are just a few that happened to be +noticed at a given time. The list below is by no means complete!** Libreboot can support any board from coreboot, in principle. It would also be feasible to integrate other (libre) boot firmware, if desirable. The list below is not exhaustive, it just lists boards that are interesting to us at this time: -Boards ------- +### Boards * HP EliteBook 2760p * HP ProBook 6360b * HP Revolve 810 G1 * HP EliteBook Folio 9480m * HP EliteBook 8770w -* HP EliteBook 840 G2 (not in coreboot yet, but should be similar to 820 G2) -* HP Z220 CMI and SFF mainboards -* MSI PRO Z690-A mainboard (supported by Dasharo, not sure about coreboot) - - also, Dasharo supports several more mainboards that aren't in coreboot +* HP EliteBook 840 G2* (not in coreboot yet, but almost identical to 820 G2) +* HP Z220 CMI and SFF motherboards +* MSI PRO Z690-A motherboard (supported by Dasharo, not sure about coreboot) - + also, Dasharo supports several more motherboards that aren't in coreboot proper. * KGPE-D16 and KCMA-D8: use the Dasharo fork of coreboot, instead of coreboot `4.11_branch`, because Dasharo's version is much more up to date and more reliable with raminit. D8 isn't supported by Dasharo, but it's - not much different code-wise to the D16 mainboard, so differences + not much different code-wise to the D16 motherboard, so differences in coreboot `4.11_branch` could be adapted to provide a Dasharo port. -ThinkPad T430s and T431s -------------------------- +### ThinkPad T430s and T431s These are interesting; the T431s in particular has soldered RAM, so we'd need to take care of SPDs (not done automatically yet, in coreboot). The schematics @@ -144,32 +106,28 @@ machine). Both are supported by coreboot. -840 G2 (possible 820 G2) -------------------------- +### Zbook 14/15u G2 / Elitebook 840/850 G2 (~820 G2) -These notes are based on a chat on Libreboot IRC. +Indistinguishably same boards (id 2216) with different gpu if included.(a bit bigger board, but almost everything is equal to the 820 G2) -The TPM is Infineon SLB9660 and does TPM 1.2. We could maybe upgrade -firmware to that of SLB9665. It would no longer work with the HP BIOS but -maybe coreboot could be used, and then we could have -newer TPM version - SLB9665 firmware can meet TPM 2.0 specification. +The 840/850 G2 may have an AMD® Radeon™ R7 M260X gpu and 14/15u would have an AMD® FirePro™ M4170 gpu added, which would became useless using libreboot. -(we do not yet use the TPM in any meaningful way on Libreboot machines) +Works the same way as the 820 G2 (including flashing libreboot on it too.), but the battery indicator usually shows wrong values (for example; a quick power drain down to 25%, then rebooting the machine shows ~50%, etc..) -Blobless boards ------------ +Everything else (except the battery status and extra gpus) shall work as it is on the elitebook 820 g2. + +### Blobless boards Not yet supported, but interesting for the project. Separated thus: already supported by coreboot: -* [ASUS P5Q mainboard](https://doc.coreboot.org/mainboard/asus/p5q.html) (ICH10 / i82801jx), +* [ASUS P5Q motherboard](https://doc.coreboot.org/mainboard/asus/p5q.html) (ICH10 / i82801jx), known variants, e.g.: Pro, C, L-Pro, SE * Scan coreboot code for ICH9/ICH10 systems, or boards with x4x/gm45 based northbridges. Many of these can boot blobless. -Dell Latitude/Precision: ------------------------ +### Dell Latitude/Precision: * Dell Latitude laptops: E4200, E4300, E5400, E5500, E6500, Precision M4400, @@ -188,13 +146,11 @@ SuperIO: at least M6500 is known to use ECE5028. I have a bunch of these Dells at my lab, they are high priority for porting because they would be easily flashable. -Broadwell Dell --------------- +### Broadwell Dell E5450 uses MEC5085, currently untested for dell-flash-unlock. -Skylake Dell ------------- +### Skylake Dell @@ -203,8 +159,7 @@ Non-E models don't have the MEC ECs. The E models have MEC5085. Nicholas isn't sure whether these have bootguard. TODO: test, and also test with dell-flash-unlock. -Dell Latitude E7240 -------------------- +### Dell Latitude E7240 See: @@ -215,8 +170,7 @@ libremrc in lbmk. NOTE: Iru Cai is the person working on this. -Dell Precision M4800 and M6800 --------------------- +### Dell Precision M4800 and M6800 Also M6800, though no port is available yet. 17.3 inch display. @@ -231,8 +185,7 @@ for entry into coreboot due to copyright reasons. This port is worth looking at. When the issues are fixed, this will make a fine addition to lbmk. -E4200 SPD ---------- +### E4200 SPD NOTE: Some of this may be inaccurate, because it's copied from handwritten notes that were written very hastily and are barely legible. @@ -264,8 +217,7 @@ see -AMD Family16 boards -------------------- +### AMD Family16 boards See: @@ -346,12 +295,11 @@ being maintained anymore, so they were dropped. Some of those boards are still quite decent today. Various efforts here and there have revived some of them, e.g. the Dasharo project. -Also referenced there: Biostar A68N-5200 mainboard. Check +Also referenced there: Biostar A68N-5200 motherboard. Check coreboot `4.18_branch` for these boards. Coreboot started removing the AGESA boards after release 4.11. -Lenovo G505s ------------- +### Lenovo G505s Old board, removed from coreboot ages ago, but one of the fastest pre-PSP AMD laptops, has full init in coreboot - it does require a VGA ROM for @@ -361,8 +309,7 @@ graphics. Anyway: This page was linked to me ages ago by Mike Banon. It contains instructions for how to configure the machine. It might be worth integrating into lbmk. -RISC-V hardware ---------------- +### RISC-V hardware See: @@ -375,65 +322,16 @@ oreboot is still a good project. (though, whenever possible, lbmk should stick to coreboot, to keep things simpler - are there efforts to implement oreboot ports in coreboot/C?) -UEFI payload -============ +### LoongArch support -A UEFI payload in Libreboot is highly desirable, because it would basically -enable any distro or BSD to Just Work. +Ariadne Conill has been working on bringup for coreboot. Work also being done +with edk2; U-Boot also desirable here. -MrChromebox distribution ------------------------- - -MrChromebox is another coreboot distro, similar in spirit to Libreboot. - -Of interest: Mrchromebox provides Tianocore-based UEFI setups on chromebooks, -and we could probably integrate some of that in Libreboot. Tianocore is -essentially bloatware, and really a liability for the Libreboot project due -to its complexity, though MrChromebox targets a very different audience. - -Chromebooks (x86) ------------------ - -Start supporting x86 chromebooks in Libreboot. We don't support any. -There is already MrChromebox, we could just track that, but use our own -payloads instead of Tianocore. - -Specifically: lbmk could have a feature added to it where it re-uses configs -from MrChromebox, with logic to automatically disable the payload. In lbmk, -coreboot configs do not enable payloads at all, because payloads are -compiled by lbmk and added after the fact - this is why we have `elf/` -containing coreboot images without payloads, and `bin/` which contains the -full ROMs, with payloads inside. This design is much more flexible, and permits -builds to be re-used more efficiently so as to reduce overall build time, when -compiling for multiple mainboards. - -U-Boot SPL and UEFI on x86 --------------------------- - -Simon Glass has been working extensively on x86 support for U-Boot, to be used -as a coreboot payload. This work is of interest to the Libreboot project, -because we provide UEFI on ARM but not on x86. - -U-Boot also provides SPL which can be used to execute other software in the -flash, and it's often used to boot a Linux kernel; since U-Boot provides a -UEFI implementation, it's perfect. - -U-Boot is the preferred choice of UEFI implementation on x86, for Libreboot -purposes, because U-Boot uses a coding style similar to Linux and can more -easily import Linux drivers which are high quality, and Linux functionality -in general, for anything that we need. - -Since we already provide U-Boot on ARM (thanks to the continued work done by -Alper Nebi Yasak), U-Boot on x86 would then create a situation whereby Libreboot -is consistent across platforms, at least for UEFI-based setups. - -RockPro64 ---------- +### RockPro64 Another interesting board that coreboot supports. We could add this. -uefistub --------- +### uefistub Currently [under review](https://review.coreboot.org/c/coreboot/+/78913) in the coreboot project, this provides an *incomplete* UEFI implementation, but @@ -445,8 +343,12 @@ For UEFI purposes, U-Boot seems more mature, and it offers other features like SPL. As already stated, this is the preferred UEFI implementation for Libreboot, but uefistub is listed too because it's interesting. -Videos (plus RISCV) ------- +Probably useless, since U-Boot is more complete. We may as well use U-Boot, but +uefistub will remain mentioned here for the time being. The context for +uefistub is linuxboot-only setups; this is where uefistub can truly shine, +specifically on ARM64 devices. + +### Videos (plus RISCV) The *Open Source Firmware Conference* (OSFC) in 2023 had several interesting talks pertaining to ARM, secureboot, linuxboot, UEFI and everything in between. @@ -464,12 +366,11 @@ In general, there are many interesting talks: The talks go all the way back to 2018. They're all worth watching. Linuxboot -========= +--------- -See for inspiration: [Heads project](https://osresearch.net/) -and [Ownerboot project](https://sr.ht/~amjoseph/ownerboot/), these are other -coreboot distros similar to Libreboot, but they provide Linux-based payloads. -Also see more in general, the [Linuxboot](https://www.linuxboot.org/) project. +**NOTE: Stali Linux is a useful base, on top of which any Linux-based setup +could be built. With a stripped down kernel, it already provides a sensible +build system for ARM64 and AMD64.** Libreboot's build system is documented, see: [lbmk documentation](../docs/maintain/). @@ -482,7 +383,7 @@ the [u-root](https://github.com/u-root/u-root) project. Libreboot's current choice of coreboot payloads are: * SeaBIOS (x86 only), provides a traditional PC BIOS implementation -* GNU GRUB (x86 only), provides a multiboot implementation, can boot Linux and +* GRUB (x86 only), provides a multiboot implementation, can boot Linux and BSD. This is the preferred default payload on x86, especially for Linux distros, because it provides many security features like GPG signature checking on Linux kernels, and password protection. @@ -495,12 +396,11 @@ Libreboot's current choice of coreboot payloads are: U-Root in particular (not to be confused with U-boot has parsers in it for GRUB and Syslinux config files. GRUB also has a parser for syslinux configs. -This makes it a useful drop-in replacement for the GNU GRUB payload that +This makes it a useful drop-in replacement for the GRUB bootloader payload that Libreboot currently uses. Linux has much better drivers than GRUB, especially for things like LUKS2 and networking. -Ideas for how to implement in lbmk ------------------------------------ +### Ideas for how to implement in lbmk Look at the [lbmk documentation](../docs/maintain/) for context. The most logical way to implement Linux payloads in Libreboot's build system, lbmk, @@ -539,14 +439,12 @@ build system would not increase much. It's mainly the addition of musl-cross-make. Most of the generic build logic already exists in lbmk, for projects that use cmake and/or make. It could be done with minimal complexity. -Flash size limitations ----------------------- +### Flash size limitations With a stripped down kernel, and sensible configuration, about 6-8MB of flash space would be required in this setup. The Heads setup is just under 8MB. -Why Linux in flash? -------------------- +### Why Linux in flash? Linux has better drivers than GRUB, has netboot, and it's much more practical when you want to control the boot process. For example, you could more easily @@ -555,15 +453,13 @@ implement measured boot and make use of TPM-based security mechanisms. For the everyday user, it probably doesn't make much difference if they're already happy with SeaBIOS, GRUB or SeaBIOS. -x86 implementation ------------------- +### x86 implementation Coreboot can directly execute it as a payload, but we would also execute it from the GRUB payload - if running from the GRUB payload, we could just provide it as a vmlinuz and initramfs file. -ARM implementation ------------------- +### ARM implementation We already standardise on U-Boot, for ARM machines. It's debateable whether Linuxboot is even desirable here, U-Boot is quite competent, but the SPL mode @@ -582,8 +478,7 @@ correct UEFI implementation. (then again, linux on bare metal providing kexec as main bootloader method is also quite non-standard, at least on x86 and ARM). -Netboot.xyz ------------ +### Netboot.xyz It's unlikely that this will actually be used in lbmk, but this provides a really nice way to boot Linux distros over the network: @@ -592,8 +487,7 @@ nice way to boot Linux distros over the network: It uses iPXE, whereas we would be using Linux and kexec. -Zfsbootmenu ------------ +### Zfsbootmenu See: @@ -604,9 +498,9 @@ This was briefly documented on the Libreboot website, before [argon2 kdf support](../news/argon2.md) was merged in Libreboot GRUB. Seek QUBES endorsement -====================== +---------------------- -Libreboot is compatible with Qubes, on several supported mainboards. This could +Libreboot is compatible with Qubes, on several supported motherboards. This could be audited, to provide a complete list. Qubes has a page on their website which lists compatible devices. @@ -615,7 +509,7 @@ the same time, which is an excellent project. We could host a page specifically for it, saying what works on our end, and basically copy that to their wiki. GRUB VGA modes -============== +-------------- VGA support is not universal in Libreboot. We typically rely on GRUB to start in console mode (`GRUB_TERMINAL=console`), which means GRUB won't change @@ -626,7 +520,7 @@ try to use VGA modes, or some syslinux configs (that GRUB can parse) will, causing weird behaviour on many Libreboot systems. TODO: modify GRUB to only have behaviour matching `GRUB_TERMINAL=console`. -See: +See: `https://www.gnu.org/software/grub/manual/grub/html_node/Simple-configuration.html` This will prevent the need for modification. In some cases, it is necessary to modify `GRUB_TERMINAL` in distro grub configs. The way Libreboot's GRUB @@ -634,7 +528,7 @@ menu works is, it scans for GRUB and Syslinux/Extlinux configs on the user's HDD/SSD, switching to the first one found. GRUB configs menu -================ +----------------- Libreboot systematically scans for GRUB/Syslinux/Extlinux configs provided by the user's operating system, by scanning partitions. It can also scan @@ -654,10 +548,9 @@ This pertains to the GRUB *payload* provided in the flash, by Libreboot. It is currently the preferred payload in Libreboot, at least for x86 machines. Document flash write protection -============================ +------------------------------- -IFD-based method ----------------- +### IFD-based method Already covered, but could be documented more prominently. Use `ifdtool --lock libreboot.rom` to lock the IFD. @@ -670,8 +563,7 @@ useless; on the E6400, the EC firmware can be instructed to override the IFD settings, by enabling the Flash Descriptor Override (in fact, this is part of what the `dell-flash-unlock` utility does). -FLILL-based method ------------------- +### FLILL-based method We already vaguely mention Intel Flash Descriptor settings ta enable write protection. This documentation should be expanded on. @@ -698,13 +590,11 @@ Flash Descriptor Override, will not affect FLILL entries. We could document this on the Libreboot website. -SMM write protection --------------------- +### SMM write protection system management mode can also be used, to implement flash write protection. -PR (Protected Range) registers ------------------------------- +### PR (Protected Range) registers Differing per platform but defined by Intel datasheets, the Protected Range registers can be set, to enable flash write protection. Once written, these @@ -714,7 +604,7 @@ This is the preferred method and should be the default (enabled by default), because it can be done from GRUB. So, it could be provided on GRUB setups. We could make it so that all menuentries in the default Libreboot GRUB menu -enable this, when possible on a given mainboard. The GRUB *shell* would not +enable this, when possible on a given motherboard. The GRUB *shell* would not enable it, and special menuentries that don't enable it could be provided (or an entirely separate GRUB config, e.g. `grub_unprotected.cfg`). @@ -734,21 +624,19 @@ protecting `/dev/mem` by default, that the user can turn off at boot time when they want to flash (e.g. cmdline option `iomem=relaxed` in Linux, or `kern.securelevel=-1` in OpenBSD). -Chip-specific -------------- +### Chip-specific Some flash chips support their own write protection scheme, covered in their datasheets, but this is usually unreliable or inconsistent. This method is not to be relied upon. -Layers! -------- +### Layers! Security is all about layers. When you want to lock down the flash, use every method available to you. lbwww: Document MXM graphics -============================ +---------------------------- MXM graphics modules are present, on some laptops that we do not yet support, because certain functionality is needed on them that we do not implement yet. @@ -765,7 +653,7 @@ Several more high-end HP EliteBook machines use MXM graphics modules, e.g. HP EliteBook 8560w. lbmk-c: clustered builds -======================== +------------------------ I had an idea on IRC when we were talking about how to optimise the build speed in Libreboot. Most of the time is spent simply compiling the ROM images, @@ -792,13 +680,12 @@ distcc is probably useful here: -ccache ------- +### ccache not directly related, but this can speed up coreboot builds Fixdep -====== +------ This would be something to implement in coreboot's build system, but could also benefit lbmk. Currently, any changes to the coreboot's config results in Make @@ -830,22 +717,22 @@ config. Consider: -- Board A, which sets CONFIG_TEST=y -- Board B, which sets CONFIG_TEST=n -- Board C, which sets CONFIG_TEST=y -- test.c, which uses the value of CONFIG_TEST +- Board A, which sets CONFIG\_TEST=y +- Board B, which sets CONFIG\_TEST=n +- Board C, which sets CONFIG\_TEST=y +- test.c, which uses the value of CONFIG\_TEST -An order such as A->C->B would be most efficient: +An order such as A-\>C-\>B would be most efficient: -1. A: test.c compiled for the first time with CONFIG_TEST=y -2. C: CONFIG_TEST hasn't changed, so test.o can be reused from step 1 -3. B: test.c recompiled, since CONFIG_TEST changed back to n +1. A: test.c compiled for the first time with CONFIG\_TEST=y +2. C: CONFIG\_TEST hasn't changed, so test.o can be reused from step 1 +3. B: test.c recompiled, since CONFIG\_TEST changed back to n -An order such as A->B->C would be least efficient: +An order such as A-\>B-\>C would be least efficient: -1. A: test.c compiled for the first time with CONFIG_TEST=y -2. B: test.c recompiled, since CONFIG_TEST changed to n -3. C: test.c recompiled again, since CONFIG_TEST changed back to y, even though +1. A: test.c compiled for the first time with CONFIG\_TEST=y +2. B: test.c recompiled, since CONFIG\_TEST changed to n +3. C: test.c recompiled again, since CONFIG\_TEST changed back to y, even though this configuration was previously built in step 1. Given the number of possible configs, the ideal order is likely impractical to @@ -864,7 +751,7 @@ the header "Dependency tracking": Nicholas Chin is looking at this in coreboot. Use crossgcc for SeaBIOS and GRUB -================================= +--------------------------------- We currently use hostcc for the SeaBIOS and GRUB payloads. This, among other things, means lbmk is currently only supported for amd64 machines. @@ -879,7 +766,7 @@ GRUB specifically, we should therefore use musl-cross-make. SeaBIOS can be built using crossgcc. Port lbmk to BSD systems -======================== +------------------------ In particular, FreeBSD is of interest. @@ -913,7 +800,7 @@ Libreboot already has excellent support for booting all of the BSDs. Having the build system be compatible would just be another great boon. Package lbmk in distros -======================= +----------------------- Providing binaries of Libreboot in distros wouldn't make sense, because we do that anyway, on Libreboot RSYNC, but having ports of the build system on @@ -940,10 +827,9 @@ system itself. A distro could package lbmk to build for a specific Libreboot version, and handle all of the dependencies and everything. Vendor scripts -============== +-------------- -Bruteforce more files ---------------------- +### Bruteforce more files We bruteforce extract IME but some other firmwares are more or less hardcoded in config. @@ -955,14 +841,14 @@ or it isn't a VGA ROM. We currently extract an nvidia ROM for certain models of Dell Latitude E6400, but the logic is more or less hardcoded. The script at `script/vendor/download` auto-downloads vendor firmwares needed -on certain mainboards, during build time. Libreboot's build system +on certain motherboards, during build time. Libreboot's build system uses the script at `script/vendor/inject` to add or remove such files after the fact, on release ROMs, because those firmwares are *deleted* at release time. This work began mostly after mid-2022, and has since been expanded to -cover many types of firmwares, used on various mainboards. +cover many types of firmwares, used on various motherboards. Investigate 16MB flash setups -============================= +----------------------------- On some ivybridge and sandybridge boards, where flash is 8MB or 12MB, it is feasible (with some soldering) to upgrade it to 16MB setups. @@ -989,7 +875,7 @@ MOSI/MISO are shared, and the PCH/southbridge will enable or disable the given flash IC to access the region needed. ME Cleaner status page -====================== +---------------------- See: @@ -997,7 +883,7 @@ It's a good reference, though far from complete. People post there saying whether their hardware works with `me_cleaner`. Overclocking -============ +------------ See: @@ -1009,7 +895,7 @@ It might be useful on some machines. The research here (by Angel Pons) may be transferrable to other platforms. Detect module changes -===================== +--------------------- When a given package is already downloaded and built in some way, lbmk currently works on the assumption that it doesn't change. During development, @@ -1026,7 +912,7 @@ In practise, revisions don't change very often in Libreboot, and they're normally updated all at once, when they are updated. Normal/fallback scheme -====================== +---------------------- Libreboot currently does not handle the normal/fallback payload scheme at all. Instead, it is assumed that the user will always be booting from the fallback @@ -1037,7 +923,7 @@ Coreboot supports configuring which scheme to use, at boot time, but we don't use it. Coreboot's default is to always load the fallback, so we use that. Improved payload documentation -=============================== +------------------------------ The actual payload documentation is quite sparse in Libreboot, especially SeaBIOS but also GRUB. We don't need to repeat what is said by upstream docs, but we @@ -1047,9 +933,9 @@ We should start writing about the payloads in more detail, referencing upstream documentation whenever possible. Static compiled utils in releases -================================= +--------------------------------- -We curerntly only provide binaries of the firmware itself, for each mainboard, +We curerntly only provide binaries of the firmware itself, for each motherboard, but we do not provide utilities compiled. We provide only source code, and the user is expected to compile utilities from source. @@ -1058,11 +944,11 @@ download scripts. This should be done alongside providing musl-cross-make for the linuxboot builds. Download repositories in bulk -============================= +----------------------------- At present, lbmk does what it needs to do, and downloads repositories only as required, upon each stage of the boot process. For example, it may download -gnulib when downloading GRUb, after having maybe built 5 mainboards all with +gnulib when downloading GRUb, after having maybe built 5 motherboards all with only SeaBIOS, having built SeaBIOS before those 5 - it doesn't build SeaBIOS and GRUB before the 5. @@ -1071,8 +957,7 @@ but for very long builds (ones that take hours, which some do), it may be that the user's internet goes down, and a latter part of the build fails, where it might have succeeded if packages were downloaded much earlier and in bulk. -Optimisation ------------- +### Optimisation So, TODO: Make lbmk determine precisely what packages would later be downloaded through various parts of a build, for a given command, and do it all at once, @@ -1088,7 +973,7 @@ recommended that you run lbmk an on internet connection that is at least 100Mbps You can still use slower connections, it'll just take longer. Don't copy src trees -==================== +-------------------- For multi-tree projects, lbmk currently copies the source code per tree, e.g. `coreboot/default`, `coreboot/dell`. What could be done instead is to @@ -1114,10 +999,9 @@ provided, they would just use whatever revision is used in the defined submodule for the main target project that lbmk is downloading for. Vendor scripts -============== +-------------- -Check hashes of resulting files -------------------------------- +### Check hashes of resulting files Libreboot extracts the files from vendor updates, and those updates are checked against known hashes, but lbmk only defines such hashes for the larger updates @@ -1127,7 +1011,7 @@ to current behaviour (only check the main file) if individual checksums for inside files are not defined. Reproducible builds -=================== +------------------- We can't focus on this reliably, because we use hostcc extensively for many parts of the build process. Other parts of this TODO page talk about how to @@ -1137,8 +1021,7 @@ Cross compilation is the first step to reproducibility, because then we only have to worry about the toolchain, which is easier to control. We can start focusing specifically on reproducibility once all of that has been done. -Tarballs --------- +### Tarballs We already have partial reproducibility, though we currently use the `-T0` option in xz, whereas `-T1` is more appropriate; forcing it to run on 1 core @@ -1156,7 +1039,7 @@ Also: This post writes about the rationale for `-T1` when using xz. VGA: Run-time, not build-time -============================= +----------------------------- In coreboot, configuration of video initialisation is done at build time. This has several disadvantages, in that you now need multiple ROM images for multiple @@ -1165,9 +1048,9 @@ fewer bytes of code within it. From an lbmk perspective, the upsides are largely ignored because we want to build hundreds and hundreds of ROM images, fast. That means reducing the amount -of time spent to compile for each mainboard. +of time spent to compile for each motherboard. -We currently do this on each mainboard: +We currently do this on each motherboard: * libgfxinit with text mode startup, if possible * libgfxinit with coreboot framebuffer, if possible @@ -1175,7 +1058,7 @@ We currently do this on each mainboard: This is often literally 3 different ROM images, for all of the above. It is possible to have a libgfxinit setup where SeaBIOS is the payload, so that VGA -ROMs can be executed aswell, but this has several issues, covered elsewhere on +ROMs can be executed as well, but this has several issues, covered elsewhere on this page. It would be nice if all of this could be runtime options instead. By "runtime", @@ -1200,10 +1083,9 @@ possible to change the payload at runtime for instance (manually), by running cbfstool. Modularise the coreboot stages -============================== +------------------------------ -ie. generate cbfs in lbmk -------------------------- +### ie. generate cbfs in lbmk We currently use the coreboot build system which is designed to build all stages, such as the bootblock, car, ramstage, romstage etc. The coreboot build @@ -1233,7 +1115,7 @@ We might have to backport to some older revisions, because lbmk uses certain older revisions on some machines, e.g. AMD AGESA platforms. Macbook21 C-states patch -======================== +------------------------ See: @@ -1245,8 +1127,7 @@ is described there), we can expand it to configure c-states differently on imac52. This config is used to enable efficient power management, on these machines. -How to dump c-state config --------------------------- +### How to dump c-state config ``` i2cdump 0x69 @@ -1264,7 +1145,7 @@ these machines, doesn't work well in apple's firmware. mentioned by avph in the gerrit link (see above) Check file ownership in builds -============================== +------------------------------ When lbmk is running, it is assumed that the current user has ownership of the files. If lbmk is operated on a clone that is under different ownership, @@ -1284,13 +1165,10 @@ warning message to the user, so that they know what to do to fix it. Lbmk would also then exit earlier, rather than trying to run something, which might result in very unpredictable behaviour. -Sanity checks -------------- +### Sanity checks We basically should have startup sanity checks in general, such as checking -whether all the right dependencies are installed on the host system - similar -to autoconf setups used by many GNU projects, though we don't want to use -autoconf, it's bloat. +whether all the right dependencies are installed on the host system. If a sanity check is passed, a configuration file can then be provided, which can be used to control how lbmk runs. For example, if a certain version of a @@ -1308,7 +1186,7 @@ is basically the same thing as the other entry on this page about porting to BSD. So tackle both. Software Bill of Materials -========================== +-------------------------- Generate an SBOM for all of Libreboot, on release builds specifically; it can be skipped for performance/convenience reasons on regular development builds @@ -1373,7 +1251,7 @@ NOTE: the `-z` option in ./update trees is not yet implemented. Again, the above just a concept. Re-use build artifacts -====================== +----------------------- Libreboot's build system, lbmk, does not re-use artifacts well. It largely assumes that you are building everything from scratch, which is great for @@ -1388,17 +1266,15 @@ most projects only get built once, unless they are modified (by a developer). This might be useful for: -Partial coreboot re-builds --------------------------- +### Partial coreboot re-builds A lot of the time in lbmk, we are building multiple variants of the same -mainboard, for different setups. We could skip a lot of the re-building. +motherboard, for different setups. We could skip a lot of the re-building. This pretty much goes hand in hand with the other entry on this TODO page, about spliting up the various stages in coreboot, and handling CBFS generation within lbmk. -Notes about Git ---------------- +### Notes about Git See: @@ -1411,7 +1287,7 @@ reducing the amount of deltas that need to be resolved when cloning). In particular, Git Work Trees are a useful feature that we might use in lbmk. Chinese users can't run lbmk -========================== +---------------------------- Libreboot has quite a few Chinese users, but the Chinese internet blocks access to several sites like github - and apparently the coreboot gerrit site is also @@ -1430,15 +1306,13 @@ copy of GitHub), but registration required a Chinese phone number, so I couldn't make an account. I was going to set it up for Libreboot. me cleaner is old -================= +----------------- From what I can tell, `me_cleaner` is not well-tested or supported on many newer Intel platforms. it shouldn't affect us in Libreboot for now, because we're not even past Haswell yet, but see for instance: - -Also: disablement ------------------ +### Also: disablement See: @@ -1447,7 +1321,7 @@ possible to completely disable the ME (remove it from the nor flash), with "almost no ill effects" according to the OP on that issue page. FAQ: cover USB fuzzing attacks -============================== +------------------------------ We write on the FAQ that SATA devices could potentially have DMA capability, but this has still not been proven, and it's probably not true in practise. @@ -1468,7 +1342,7 @@ So we should cover it, and talk about ways to mitigate the risk (e.g. disable USB input devices and networking devices, in the user's operating system). Auto-configure IFD region limits -================================ +-------------------------------- We currently configure the ME/BIOS region sizes manually, which is fine, but the way it's configured is very complicated. @@ -1476,7 +1350,7 @@ the way it's configured is very complicated. See: [Vendor file guide](../docs/install/ivy_has_common.html) The way the Libreboot build system works, the Intel ME and other firmware is -automatically downloaded at build time. At release time, blobs such as these +automatically downloaded at build time. At release time, files such as these are deleted, but an extra *insert* script is provided that can provide the same auto-download and auto-insert on release ROMs. @@ -1508,12 +1382,12 @@ more; you can also read about them on the [lbmk maintenance manual](../docs/maintain/). Signed commits -============== +-------------- Start signing commits in Git. There's nothing more to say. Just do it. Secure suspend method (LUKS setups) -================================ +----------------------------------- See: @@ -1522,7 +1396,7 @@ keys are not stored in memory. It's worth looking into. We might be able to provide something automated in lbmk. USB keyboard in secondary payload -================================= +--------------------------------- We don't use secondary payloads defined here, but see: @@ -1531,7 +1405,7 @@ The issue page has info about the problem, and a workaround. Listed here for reference, in case this functionality is ever used in Libreboot. zstd in btrfs on grub -===================== +--------------------- Reported buggy by a user on IRC. TODO: test it @@ -1540,7 +1414,7 @@ information was given, other than it is "buggy". Reported on Libreboot 20231101. Optimise crossgcc space -======================= +----------------------- Re-use crossgcc from other coreboot trees, in other coreboot trees. We currently build several versions of it, but we probably only need one, maybe two. Audit @@ -1548,7 +1422,7 @@ this, across various coreboot trees. Specific coreboot trees (older ones) could just be patched if re-using crossgcc from a newer tree. T60 /proc/acpi/ibm/thermal -========================== +-------------------------- Reported by a user (unknown what LIbreboot version), this file is not available at all. It was later revealed that the user flashed a ROM image without microcode @@ -1556,7 +1430,7 @@ updates, triggering the AE18 errata. Thermal management is buggy without the updates, on that platform. Link CPU errata PDFs -===================== +-------------------- Libreboot makes reference to CPU errata in documentation, but without actually linking to the documents themselves. Link to the PDFs for all available CPUs, @@ -1566,7 +1440,7 @@ microcode updates - they also generally provide information for OS developers, to know how certain bugs should be mitigated, whenever possible. Macbook2,1 backlight controls -============================= +----------------------------- Was reported broken in linux 6.1, but works in 5.x @@ -1583,13 +1457,12 @@ coreboot can differ a bit from the vendor firmware on some boards. Not really a major issue, but it does need to be addressed. -TODO: test other platforms too -------------------------------- +### TODO: test other platforms too Test other platforms. Document CH341A variants -======================== +------------------------ All CH341A variants are garbage for ISP-based flashing, because of weak drive strength and poor board layout, also the WP/HOLD pins are often held @@ -1609,8 +1482,7 @@ convenient, because you don't have to mess with a breadboard or anything, because they already have ZIF sockets on them for DIP-8 ICs, on which you can also use adapters for SOIC-8, SOIC-16 and WSON-8. -E6400 VGA ROM (Nvidia) ----------------------- +### E6400 VGA ROM (Nvidia) See: @@ -1621,8 +1493,7 @@ Also: `e6400nvidia_4mb` works better on that setup, nouveau is actually stable in some cases. Check the E6400 page for libreboot, it lists issues with nouveau on those machines. -Test Crystalwell CPUs on T440p ------------------------------- +### Test Crystalwell CPUs on T440p Coreboot has support for these, but they have not been tested as far as I know, and no reports have been made for them by Libreboot users. These offer higher @@ -1630,8 +1501,7 @@ performance and the machine is already very nice. Ditto W541. -How to extract VBT data ------------------------ +### How to extract VBT data See: @@ -1652,7 +1522,7 @@ Example patch (merged in coreboot) that used this: Guix: use debootstrap -===================== +--------------------- GCC-Gnat is unavailable in Guix, due to the distro's requirement for sources to be bootstrapped. GCC-Gnat is also required, for building GCC-Gnat. We build @@ -1675,8 +1545,8 @@ In the logic for `./build dependencies distroname`, add an option for Guix, but on that one, make lbmk automatically set up debootstrap if it's being run for Guix (and it would detect whether the host actually is Guix System). -docs/build/clean.md -=================== +docs/build/clean*.*md +------------------- Add this section, telling the user (of lbmk specifically) how to clean various directories. This isn't handled universally, due to lbmk's design. When @@ -1698,15 +1568,14 @@ That is Libreboot's philosophy, that the user should never have to do more than is absolutely necessary when someonething could just as easily be done in code. E6400 security -============== +-------------- See other section on this page about write protection. Setting PR registers for write protection is a valid way to write protect on Dell E6400, and it would not be affected by the flash-unlock utilitiy. -SMM methods ------------ +### SMM methods Tere are two SMM write protect methods: @@ -1723,7 +1592,7 @@ method. ^ These notes were supplied by Nicholas Chin via IRC. PCI-E REBAR -=========== +----------- See: @@ -1735,15 +1604,15 @@ It allows the host CPU to access all of VRAM at once, without 32-bit legacy code. The above repository is a proof of concept that shows it working, though the work there is not directly applicable to us. -This feature is only supported commercially on much newer mainboards, and is -unavailable on many older mainboards, but it can be added if the firmware is +This feature is only supported commercially on much newer motherboards, and is +unavailable on many older motherboards, but it can be added if the firmware is updated. This is one of the benefits of the *freedom* coreboot gives you. We could enable this on all the older desktop machines, where otherwise their factory firmware does not and will not enable it (and the above link is for UEFI systems only). Shrink FSP size (Intel) -========================= +----------------------- See: @@ -1753,15 +1622,14 @@ but possible on other platforms. Thanks go to Nicholas Chin for linking this. -Chromebooks ------------ +### Chromebooks Especially useful here, if using the default setup. In the default setup, there are essentially three copies of the firmware in flash: a recovery image, an "A" image and a "B" image, according to Nicholas Chin. Compare factory/download neutered ME -==================================== +------------------------------------ Use tools and hexdump diffs to compare neutered Intel ME images, comparing ones neutered from factory.bin dump, and ones from @@ -1773,7 +1641,7 @@ doing this in osboot, and heads did it for years before we did, and they never had any problems). HP 820 G2 TPM -============= +------------- TODO: check that it can be upgraded to TPM 2.0 (default is 1.2). It's a SLB 9660 TPM @@ -1791,7 +1659,7 @@ And also this, straight from the horse's mouth: 4th SSD on T440p -================ +---------------- probably possible on w541 too @@ -1805,7 +1673,7 @@ be possible to use this in coreboot with linux/bsd todo: test it. need to actually solder it and test it. Disable ME device in devicetree -================================ +------------------------------- We neutered, but coreboot still enables MEI1 on many boards. @@ -1824,7 +1692,7 @@ we neuter anyway, so the ME interface is broken by default. Leaving it on in devicetree will result in a benign error message on linux dmesg. Switchable Graphics (Optimus) -============================= +----------------------------- Some of the Thinkpads we support have dual graphics, using Nvidia Optimus. It'd be nice to have. This coreboot patch enables it on Thinkpads: @@ -1838,7 +1706,7 @@ There are other patches on Gerit, related to Optimus too: This should be looked into. Overclocking (CPU and RAM) -========================= +-------------------------- Coreboot could be modified to support overclocking. Here is an example patch on gerrit (not merged in main): @@ -1865,8 +1733,7 @@ on certain machines. NOTE: Page is in Russian, use a translator. The type of people (enthusiasts) that like Libreboot would be into this sort of thing. It may be interesting to study, especially on haswell machines. -Haswell -------- +### Haswell @@ -1880,7 +1747,7 @@ haswell overclocking would be very useful to have, on libreboot machines, because you can get some still-very-nice CPUs for these machines. X60/T60 alloc magic is broken at 0x7b1aedf0: 0 -=============================================== +---------------------------------------------- See: @@ -1901,7 +1768,7 @@ to work around the issue, but it'll possibly be fixed before that release, otherwise afterward. Intel/AMD errata PDF -==================== +-------------------- List PDF links for Intel/AMD CPUs, provided by Intel/AMD, showing what is unpatched as of yet, in microcode updates. @@ -1913,24 +1780,22 @@ unpatched as of yet, in microcode updates. Links. interesting video -================= +----------------- Automate testing -================ +---------------- Even though there's lots of error handling, it's better to be paranoid than brick users' machines. -Unit tests ----------- +### Unit tests - Build time or separate? - me_cleaner -c: checks that ime was inserted and has valid signatures -CI --- +### CI Preferably self-hosted. Run tests for every commit. There could be tests of different size, and even a periodic nightly release could be done. @@ -1939,7 +1804,7 @@ Integrating this with an automated test stand would also be doable. At the very least, it would assure that the ROM images boot successfully. Board status -============ +------------ As the number of ports grows, it becomes harder to keep track of what works. Let's build a machine-readable repo documenting every release (or commit) @@ -1951,7 +1816,7 @@ to not install an unbootable (broken) ROM, and would inform users about any known problems and have meaningful options. haswell board bifircation -========================= +------------------------- @@ -1962,13 +1827,12 @@ also ec hacking on lenovo x230 -========================= +------------------------- DELL 7th gen -============ - +------------ 3050 micro is being worked on. @@ -1977,12 +1841,12 @@ DELL 7th gen 5050 models also. Dell 3020 -========= +--------- another haswell. different to 9020, but could be added. Dell 3050 Micro century byte -============================ +---------------------------- The `CONFIG_USE_LEGACY_8254_TIMER` and `CONFIG_USE_PC_CMOS_ALTCENTURY` options must both be diff --git a/site/template-license.tr.md b/site/template-license.tr.md new file mode 100644 index 0000000..0921bc6 --- /dev/null +++ b/site/template-license.tr.md @@ -0,0 +1,28 @@ +--- +title: Şablon lisansı +... + +Bu web sitesi Markdown ile yazılmış ve Pandoc kullanılarak statik HTML'ye derlenmiştir. Kullanılan HTML şablonu, +Telif Hakkı (c) 2014--2017, John MacFarlane + +Şablondaki değişiklikler 2021-2024 Leah Rowe telif hakkına sahiptir ve Creative Commons Zero lisansı versiyon 1.0 evrensel şartları altında yayınlanmıştır. Bu lisansı şu adreste bulabilirsiniz: + + +Şablon dosyasını burada bulabilirsiniz: [/template.include](/template.include) + +`template.include` dosyası değiştirilmiş versiyondur (Leah Rowe tarafından değiştirilmiştir). +Orijinal versiyonu burada bulabilirsiniz: [/template.original](/template.original) + +Belirli sayfalarda başka değiştirilmiş şablonlar da kullanılabilir. Bunu libreboot web sitesinin Git deposunda kontrol edebilirsiniz. + +John MacFarlane tarafından oluşturulan `template.original` adlı orijinal şablon dosyası aşağıdaki koşullar altında yayınlanmıştır: + +Kaynak ve ikili formlarda, değiştirilmiş veya değiştirilmemiş olarak yeniden dağıtım ve kullanım, aşağıdaki koşullar karşılandığı sürece izin verilir: + +Kaynak kodunun yeniden dağıtımı, yukarıdaki telif hakkı bildirimini, bu koşullar listesini ve aşağıdaki sorumluluk reddini içermelidir. + +İkili formda yeniden dağıtım, yukarıdaki telif hakkı bildirimini, bu koşullar listesini ve aşağıdaki sorumluluk reddini, dağıtımla birlikte sağlanan belgelerde ve/veya diğer materyallerde yeniden üretmelidir. + +John MacFarlane'in adı veya diğer katkıda bulunanların adları, önceden yazılı izin alınmadan bu yazılımdan türetilen ürünleri onaylamak veya tanıtmak için kullanılamaz. + +BU YAZILIM TELİF HAKKI SAHİPLERİ VE KATKIDA BULUNANLAR TARAFINDAN "OLDUĞU GİBİ" SAĞLANMIŞTIR VE TİCARİ ELVERİŞLİLİK VE BELİRLİ BİR AMACA UYGUNLUK DAHİL ANCAK BUNLARLA SINIRLI OLMAMAK ÜZERE, AÇIK VEYA ZIMNİ HERHANGİ BİR GARANTİ REDDEDİLMEKTEDİR. TELİF HAKKI SAHİBİ VEYA KATKIDA BULUNANLAR, HERHANGİ BİR DOĞRUDAN, DOLAYLI, ARIZİ, ÖZEL, ÖRNEK NİTELİĞİNDE VEYA SONUÇSAL HASARDAN (YEDEK MAL VEYA HİZMETLERİN TEMİNİ; KULLANIM, VERİ VEYA KAR KAYBI; VEYA İŞ KESİNTİSİ DAHİL ANCAK BUNLARLA SINIRLI OLMAMAK ÜZERE) SORUMLU TUTULAMAZ, BU TÜR HASARLARIN OLASILIĞI KONUSUNDA BİLGİLENDİRİLMİŞ OLSALAR BİLE, SÖZLEŞME, KATI SORUMLULUK VEYA HAKSIZ FİİL (İHMAL VEYA DİĞER DURUMLAR DAHİL) GİBİ HERHANGİ BİR SORUMLULUK TEORİSİ ALTINDA, BU YAZILIMIN KULLANIMINDAN KAYNAKLANAN HİÇBİR ŞEKİLDE SORUMLU TUTULAMAZLAR. \ No newline at end of file diff --git a/site/template.de.include b/site/template.de.include index 106168d..22ebe5e 100644 --- a/site/template.de.include +++ b/site/template.de.include @@ -2,9 +2,14 @@ + + + + + @@ -51,9 +56,9 @@ $include-before$ $endfor$ $if(title)$
-
+

$title$

@@ -70,17 +75,13 @@ $endif$
  • Home
  • FAQ
  • Download
    • -
  • -
    • +
  • Git
  • Vorinstalliertes Gerät kaufen
    • -
  • -
  • Installation
  • Dokumentation
  • Neuigkeiten
  • Bugs
    • -
  • TODO
    • -
  • Patch senden
  • Kontakt
    • -
  • -
  • Spenden
    • @@ -91,7 +92,7 @@ $return$ $endif$ $if(toc)$ $endif$ diff --git a/site/template.include b/site/template.include index 6a5d9cc..ccdb4f1 100644 --- a/site/template.include +++ b/site/template.include @@ -2,9 +2,14 @@ + + + + + @@ -51,9 +56,9 @@ $include-before$ $endfor$ $if(title)$
    -
    +

    $title$

    @@ -70,17 +75,13 @@ $endif$
  • Home
  • FAQ
  • Download
    • -
  • -
    • +
  • Git
  • Buy Libreboot preinstalled
    • -
  • -
  • Install
  • Docs
  • News
  • Bugs
    • -
  • TODO
    • -
  • Send patch
  • Contact
    • -
  • -
  • Donate
    • @@ -91,7 +92,7 @@ $return$ $endif$ $if(toc)$ $endif$ diff --git a/site/template.it.include b/site/template.it.include index 4a257bf..73b9fcc 100644 --- a/site/template.it.include +++ b/site/template.it.include @@ -2,9 +2,14 @@ + + + + + @@ -51,9 +56,9 @@ $include-before$ $endfor$ $if(title)$
    -
    +

    $title$

    @@ -70,17 +75,13 @@ $endif$
  • Home
  • FAQ
  • Download
    • -
  • -
    • +
  • Git
  • Compra un PC con libreboot gia' installato
    • -
  • -
  • Installazione
  • Documentazione
  • Notizie
    • -
  • TODO
  • Difetti (bugs)
    • -
  • Spedisci correzioni (patches)
  • Contatti
    • -
  • -
  • Donazioni
    • @@ -91,7 +92,7 @@ $return$ $endif$ $if(toc)$ $endif$ diff --git a/site/template.uk.include b/site/template.uk.include index 3592267..6ed8413 100644 --- a/site/template.uk.include +++ b/site/template.uk.include @@ -2,9 +2,14 @@ + + + + + @@ -51,9 +56,9 @@ $include-before$ $endfor$ $if(title)$
    -
    +

    $title$

    @@ -70,17 +75,13 @@ $endif$
  • Домашня
  • FAQ
  • Завантаження
    • -
  • -
    • +
  • Відправити виправлення
  • Придбати передвстановленим
    • -
  • -
  • Встановлення
  • Документація
  • Новини
    • -
  • TODO
  • Помилки
    • -
  • Відправити виправлення
  • Зв'язок
    • -
  • -
  • Пожертвувати
    • @@ -91,7 +92,7 @@ $return$ $endif$ $if(toc)$ $endif$ diff --git a/site/template.zh-cn.include b/site/template.zh-cn.include index 805614a..096cc99 100644 --- a/site/template.zh-cn.include +++ b/site/template.zh-cn.include @@ -2,9 +2,14 @@ + + + + + @@ -51,9 +56,9 @@ $include-before$ $endfor$ $if(title)$
    -
    +

    $title$

    @@ -70,17 +75,13 @@ $endif$
  • 主页
  • 常见问题
  • 下载
    • -
  • -
    • +
  • 发送补丁
  • 购买预装品
    • -
  • -
  • 安装
  • 文档
  • 新闻
    • -
  • TODO
  • 缺陷
    • -
  • 发送补丁
  • 联系
    • -
  • -
  • 捐赠
    • @@ -91,7 +92,7 @@ $return$ $endif$ $if(toc)$ $endif$ diff --git a/site/who.de.md b/site/who.de.md deleted file mode 100644 index 7e73469..0000000 --- a/site/who.de.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Who develops libreboot? -x-toc-enable: true -... - -Der Zweck dieser Seite ist klar zu definieren wer am Libreboot Projekt -arbeitet, wer das Projekt betreibt, wie Entscheidungen getroffen werden, -und wie das Projekt grundsätzlich funktioniert. - -Informationen über die wichtigsten Beteiligten an Libreboot sind auf -dieser Seite zu finden, -dort sind diese Leute aufgeführt: [Liste der Beteiligten](contrib.md) - -Leah Rowe (Gründerin, Chef Entwicklerin) -=================================== - -Leah Rowe ist die Gründerin des Libreboot Projekts. Leah beaufsichtigt -die gesamte Libreboot Entwicklung, überprüft -externe Beiträge, and hat bei Entscheidungen das letzte Wort. -Leah ist Eigentümerin der libreboot.org Server, und betreibt diese von -ihrem Labor in Großbrittanien. - -Wenn Du mehr über Leah's Mitwirken an Libreboot erfahren möchtest, dann -kannst Du ihren Eintrag unter der -[Seite mit allen Mitwirkenden, Vergangenheit und Gegenwart](contrib.md) -lesen. - -Caleb La Grange -=============== - -Caleb ist online auch bekannt unter `shmalebx9`. -Caleb kümmert sich hauptsächlich um Verbesserungen am lbmk Build System, -das Hinzufügen neuer Boards sowie um die Dokumentation. - -Wenn Du mehr über Caleb's Mitwirken an Libreboot erfahren möchtest, dann -kannst Du seinen Eintrag unter der -[Seite mit allen Mitwirkenden, Vergangenheit und Gegenwart](contrib.md) -lesen. - -Alper Nebi Yasak -================ - -Alper kümmert sich um die Entwicklung der U-Boot Payload Unterstützung -in Libreboot, koordiniert Tests auf Chromebooks die dies nutzen, und -erledigt jegliche notwendige Upstream Arbeit an U-Boot selbst. -`alpernebbi` bei Libera IRC. - -Wenn Du mehr über Alper's Mitwirken an Libreboot erfahren möchtest, dann -kannst Du seinen Eintrag unter der -[Seite mit allen Mitwirkenden, Vergangenheit und Gegenwart](contrib.md) -lesen. - -Entwickler gesucht! -================== - -**Lerne wie Du Patches beisteuern kannst unter der [git Seite](git.de.md)** - -Jeder ist willkommen an der Entwicklung teilzunehmen. diff --git a/site/who.md b/site/who.md deleted file mode 100644 index 125b9bd..0000000 --- a/site/who.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Who develops libreboot? -x-toc-enable: true -... - -The purpose of this page is to clearly define who works on libreboot, who runs -the project, how decisions are made, and in general how the project functions. - -You can find information about major contributions made to libreboot, on this -page which lists such people: [List of contributors](contrib.md) - -Leah Rowe (founder, lead developer) -=================================== - -Leah Rowe is the founder of the libreboot project. Leah oversees all development of libreboot, reviewing -outside contributions, and has the final say over all decisions. Leah owns and -operates the libreboot.org servers from her lab in the UK. - -Caleb La Grange -=============== - -Caleb goes by the screen name `shmalebx9`. -Caleb mainly deals with improvements to the lbmk build system, board porting, -and documentation. - -Alper Nebi Yasak -================ - -Alper handles development of the U-Boot payload support in Libreboot, -coordinates testing on Chromebooks that use it, and does any necessary -upstream work on U-Boot itself. `alpernebbi` on Libera IRC. - -List of contributions -===================== - -You can learn more about any developer's involvement with Libreboot, by reading their -entry on the [page listing all contributors, past and present](contrib.md) - -Developers wanted! -================== - -**Learn how to contribute patches on the [git page](git.md)** - -All are welcome to join in on development. diff --git a/site/who.uk.md b/site/who.uk.md deleted file mode 100644 index cacf24a..0000000 --- a/site/who.uk.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Хто розробляє libreboot? -x-toc-enable: true -... - -Мета цієї сторінки - чітко визначити, хто працює над libreboot, хто виконує -проект, як приймаються рішення, і взагалі як проект функціонує. - -Ви можете знайти інформацію про великий внесок, зроблений у libreboot, на цій -сторінці, яка перелічує таких людей: [Список учасників](contrib.md) - -Лія Роу (засновниця, провідний розробник) -=================================== - -Лія Роу є засновницею проекту libreboot. Лія контролює всю розробку libreboot, переглядає -зовнішні внески, і має останнє слово щодо всіх рішень. Лія володіє -і керує серверами libreboot.org зі своєї лабораторії у Великобританії. - -Ви можете дізнатися більше про участь Лії в libreboot, прочитавши її запис на -[сторінці зі списком усіх учасників, минулих і теперішніх](contrib.md) - -Калеб Ла Гранж -=============== - -Калеб має псевдонім `shmalebx9`. -Калеб в основному займається вдосконаленням системи збірки lbmk, портуванням плати, -та документацією. - -Ви можете дізнатись більше про участь Калеба в libreboot, прочитавши його -запис на [сторінці зі списком усіх учасників, минулих і теперішніх](contrib.md) - -Альпер Небі Ясак -================ - -Альпер займається розробкою підтримки корисного навантаження U-Boot в Libreboot, -координує тестування Chromebook, які його використовують, і виконує будь-яку необхідну -апстрім роботу над самим U-Boot. `alpernebbi` на Libera IRC. - -Ви можете дізнатись більше про участь Альпера в Libreboot, читаючи його -запис на [сторінці зі списком усіх учасників, минулих і теперішніх](contrib.md) - -Потрібні розробники! -================== - -**Дізнайтесь, як додати виправлення на [сторінці git](git.md)** - -Запрошуємо всіх долучитися до розробки.