|Original author(s)||Ronald G. Minnich, Eric Biederman, Li-Ta (Ollie) Lo, Stefan Reinauer, and the coreboot community|
4.8.1 / 16 May 2018
|Written in||Mostly C, and about 1% in assembly. Optionally Ada|
|Platform||IA-32, x86-64, ARMv7, ARMv8, MIPS, RISC-V, POWER8|
coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.
Since coreboot initializes the bare hardware, it must be ported to every chipset and motherboard that it supports. As a result, coreboot is available only for a limited number of hardware platforms and motherboard models.
One of the coreboot variants is Libreboot, a variant of coreboot aiming to be fully free of proprietary blobs.
The coreboot project began in the winter of 1999 in the Advanced Computing Laboratory at Los Alamos National Laboratory (LANL), with the goal of creating a BIOS that would start fast and handle errors intelligently. It is licensed under the terms of the GNU General Public License (GPL). Main contributors include LANL, SiS, AMD, Coresystems and Linux Networx, Inc, as well as motherboard vendors MSI, Gigabyte and Tyan, which offer coreboot alongside their standard BIOS or provide specifications of the hardware interfaces for some of their motherboards. Google partly sponsors the coreboot project. CME Group, a cluster of futures exchanges, began supporting the coreboot project in 2009.
coreboot has been accepted in seven consecutive years (2007–2014) for the Google Summer of Code. Other than the first three models, all Chromebooks run coreboot. Code from Das U-Boot has been assimilated to enable support for processors based on the ARM instruction set.
On 1 May 2017, Intel has confirmed and patched a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management firmware, a bug long suspected by coreboot and Libreboot users. Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine). Another security risk inside the IME, is the Intel vPro cellular radio, through which hardware components can be accessed remotely, or the computer can even be killed.
CPU architectures supported by coreboot include IA-32, x86-64, ARM, ARM64, MIPS and RISC-V. Supported system-on-a-chip (SOC) platforms include AMD Geode, starting with the Geode GX processor developed for the OLPC. Artec Group added Geode LX support for its ThinCan model DBE61; that code was adopted by AMD and further improved for the OLPC after it was upgraded to the Geode LX platform, and is further developed by the coreboot community to support other Geode variants. Coreboot can be flashed onto a Geode platform using Flashrom.
From that initial development on AMD Geode based platforms, coreboot support has been extended onto many AMD processors and chipsets. The processor list includes Family 0Fh and 10h (K8 core), and recently Family 14h (Bobcat core, Fusion APU). coreboot support also extends to AMD chipsets: RS690, RS7xx, SB600, and SB8xx.
AMD Generic Encapsulated Software Architecture (AGESA)—a bootstrap protocol by which system devices on AMD64 mainboards are initialized—was open sourced in early 2011, aiming to provide required functionality for coreboot system initialization on AMD64 hardware. However, such releases never became the basis for future development by AMD, and were subsequently halted.
Devices that can be preloaded with coreboot or one of its derivatives include some x86-based Chromebooks, the Libreboot X200 and T400 (rebranded ThinkPad X200 and T400, respectively, available from Minifree, previously known as Gluglug), OLPC XO from the One Laptop per Child initiative, and ThinCan models DBE61, DBE62 and DBE63. An initial port of the Librem 13 has begun and is underway as of 2017.
coreboot typically loads a Linux kernel, but it can load any other stand-alone ELF executable, such as iPXE, gPXE or Etherboot that can boot a Linux kernel over a network, or SeaBIOS that can load a Linux kernel, Microsoft Windows 2000 and later, and BSDs (previously, Windows 2000/XP and OpenBSD support was provided by ADLO). coreboot can also load a kernel from any supported device, such as Myrinet, Quadrics, or SCI cluster interconnects. Booting other kernels directly is also possible, such as a Plan 9 kernel. Instead of loading a kernel directly, coreboot can pass control to a dedicated boot loader, such as a coreboot-capable version of GNU GRUB 2.
coreboot is written primarily in C, with a small amount of assembly code. Choosing C as the primary programming language enables easier code audits when compared to contemporary PC BIOS that was generally written in assembly, which results in improved security. There's build and runtime support to write parts of coreboot in Ada to further raise the security bar, but it's currently only sporadically used. The source code is released under the GNU GPL version 2 license.
coreboot performs the absolute minimal amount of hardware initialization and then passes control to the operating system. As a result, there is no coreboot code running once the operating system has taken control. A feature of coreboot is that the x86 version runs in 32-bit mode after executing only ten instructions (almost all other x86 BIOSes run exclusively in 16-bit mode). This is similar to the modern UEFI firmware, which is used on newer PC hardware.
By itself, coreboot does not provide BIOS call services. The SeaBIOS payload can be used to provide BIOS calls and thus allow coreboot to load operating systems that require those services, such as Windows 2000/XP/Vista/7 and BSDs. However, most modern operating systems access hardware in another manner and only use BIOS calls during early initialization and as a fallback mechanism.
- Bootblock stage: prepare to obtain Flash access and look up the ROM stage to use
- ROM stage: memory and early chipset init (a bit like PEI in EFI)
- RAM stage: device enumeration and resource assignment, ACPI table creation, SMM handler (a bit like DXE stage in EFI)
The most difficult hardware that coreboot initializes is the DRAM controllers and DRAM. In some cases, technical documentation on this subject is NDA restricted or unavailable. RAM initialization is particularly difficult because before the RAM is initialized it cannot be used. Therefore, to initialize DRAM controllers and DRAM, the initialization code may have only the CPU's general purpose registers or Cache-as-RAM as temporary storage.
With newer x86 processors, the processor cache can be used as RAM until DRAM is initialized. The processor cache has to be initialized into Cache-as-RAM mode as well, but this needs fewer instructions than initializing DRAM. Also, the Cache-as-RAM mode initialization is specific to CPU architectures, thus more generic than DRAM initialization, which is specific to each chipset and mainboard.
Developing and debugging coreboot
Since coreboot must initialize the bare hardware, it must be ported to every chipset and motherboard that it supports. Before initializing RAM, coreboot initializes the serial port (addressing cache and registers only), so it can send out debug text to a connected terminal. It can also send byte codes to port 0x80 that are displayed on a two-hex-digit display of a connected POST card.
Another porting aid was the commercial "RD1 BIOS Savior" product from www.ioss.com.tw, (not to be confused with US Interagency OPSEC Support Staff at www.iad.gov/ioss/) which was a combination of two boot memory devices that plugs into the boot memory socket and has a manual switch to select between the two devices. The computer could boot from one device, and then the switch can be toggled to allow the computer to reprogram or "flash" the second device. A more expensive alternative is an external EPROM/flash programmer.
There are also CPU emulators that either replace the CPU or connect via a JTAG port, with the Sage SmartProbe being an example. Code can be built on, or downloaded to, BIOS emulators rather than flashing the BIOS device.
coreboot can load a payload, which may be written using the libpayload helper library. Existing payloads include the following:
- SeaBIOS, a tiny implementation of x86 BIOS, written mostly in 16-bit C using the GNU C compiler
- TianoCore, a free and open-source implementation of UEFI
- OpenBIOS, a free and open-source implementation of Open Firmware
- GNU GRUB, a bootloader
- FILO, a GRUB-like bootloader with USB boot support
- Etherboot, it can boot an operating system over the network
- gPXE/iPXE, the successor to Etherboot, works when run under SeaBIOS
- Depthcharge is used by Google for Chrome OS
- A branch of Das U-Boot was used by Google for Chromium OS in the past
European Coreboot Conference
One physical meeting is the European Coreboot Conference which was organized in October 2017 and lasted for 3 days.
|Event and year||Date||Host city||Venue||Resources||Themes|
|ECC2017||26.10. – 29.10||Bochum, Germany||RUB Convention Center||https://ecc2017.coreboot.org/|
coreboot has a number of variants from its original code base each with slightly different objectives;
- librecore - A variant with more focus on freedom, non-x86 and firmware development frameworks.
- libreboot - A variant with a primary focus to remove all binary blobs.
Libreboot has been established as a distribution of coreboot without proprietary binary blobs. Libreboot is not a straight fork of coreboot; instead, it is a parallel effort that works closely with and re-bases every so often on the latest coreboot as the upstream supplier, with patches merged upstream whenever possible. In addition to removing proprietary software, libreboot also attempts to make coreboot easy to use by automating the build and installation processes.
- Libreboot, distribution of coreboot without proprietary binary blobs, sponsored by Free Software Foundation
- Beowulf cluster
- Open-source hardware
- Rapid Boot
- "Releases". coreboot. n.d.
- "ARM". coreboot. 15 October 2013. Retrieved 1 February 2014.
- "coreboot's licence". github.com. 1991. Retrieved 2018-10-13.
- "[LinuxBIOS] Welcome to coreboot". 12 January 2008.
- coreboot FAQ: Who is working on coreboot?
- Anton Borisov: The Open Source BIOS is Ten. An interview with the coreboot developers. The H, 2009.
- Google Sponsors the LinuxBIOS project
- "CME Group Dives Into Coreboot and Other Linux Open Source Projects". Wall Street & Technology. Retrieved 23 September 2015.
- "GSoC". coreboot.org. Retrieved 1 February 2014.
- "Previous GSoC Projects". coreboot.org. Retrieved 1 February 2014.
- Larabel, Michael (22 April 2012). "Many FSF Priority Projects Still Not Progressing". Phoronix. Retrieved 29 December 2014.
The success out of Coreboot recently is Google providing Sandy/Ivy Bridge support for Coreboot. Google's planning to begin shipping new Intel "Chromebooks" that will use Coreboot. Google likes Coreboot for the faster start-up time, among other benefits.
- "Chromebooks". coreboot. 16 January 2014. Retrieved 17 February 2014.
- "GSoC2011(Week 1): Analysis of U-boot ARM boot code | coreboot developer blogs". Retrieved 12 April 2014.
- Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege -Intel Security Center
- ‘Active Management Technology’ is Quite Likely a BackDoor, Along With Intel’s UEFI
- Remote security exploit in all 2008+ Intel platforms
- Red alert! Intel patches remote execution hole that's been hidden in biz, server chips since 2008
- Intel vPro 3G Digital signage
- 'Occupy' affiliate claims Intel bakes SECRET 3G radio into vPro CPUs
- Intel's "smart" 3G chip allows snoopers to access computers
- "Technical details on AMD's coreboot source code release". AMD. 28 February 2011. Archived from the original on 25 March 2014. Retrieved 1 February 2016.
- Griffith, Bruce (2014-11-05). "AMD's binary-only AGESA libraries". Retrieved 2017-05-08.
- "Supported Motherboards - coreboot". www.coreboot.org. Retrieved 2017-04-03.
- "Many FSF Priority Projects Still Not Progressing". Phoronix. 22 April 2012. Retrieved 22 September 2015.
- "Minifree". Retrieved 24 September 2015.
- "The Gluglug". fsf.org. Retrieved 23 September 2015.
- Alaoui, Youness (2017-01-12). "Librem 13 coreboot report – January 12, 2017". puri.sm. Retrieved 2017-01-12.
- SeaBIOS (previously known as LegacyBIOS) is an open-source legacy BIOS implementation
- coreboot Add-on Layer (ADLO) Archived 25 November 2010 at the Wayback Machine.
- SEBOS, Security Enhanced Bootloader for Operating Systems, Phase 2 Archived 19 June 2007 at the Wayback Machine., adding PC BIOS Services to coreboot via Bochs BIOS (Link noted to be defunct on 18 July 2008. See )
- Comparison of UEFI and legacy BIOS, pronouncing that same advantage for UEFI
- commit adding that support
- coreboot v3 early startup code
- Yinghai Lu; Li-Ta Lo; Gregory R. Watson; Ronald G. Minnich (15 January 2009). "CAR: Using Cache as RAM in Linux BIOS" (PDF). qmqm.pl. Retrieved 25 February 2014.
- A Framework for Using Processor Cache as RAM (CAR)
- Sage Engineering Archived 15 March 2011 at the Wayback Machine.
- "Google Pushes "Project PIANO" Into Coreboot - Phoronix". phoronix.com. Retrieved 23 September 2015.
- "Depthcharge: The ChromeOS bootloader". docs.google.com. Retrieved 26 October 2015.
- "Modify u-boot code to allow building coreboot payload. [chromiumos/third_party/u-boot-next : chromeos-v2011.03]". 24 July 2011.
- "Libreboot". Free Software Foundation. Retrieved 31 July 2014.
- "Libreboot". libreboot.org. Retrieved 31 July 2014.
- "About the libreboot project". libreboot.org. Retrieved 25 April 2015.
- Gay, Joshua (9 October 2012). "Respects Your Freedom hardware product certification". Free Software Foundation. Retrieved 25 February 2015.
- "Hardware compatibility list". libreboot.org. Retrieved 25 February 2015.
- "Libreboot ported to Asus Chromebook C201 (free software bootloader)". liliputing.com. Retrieved 24 October 2015.
- Open BIOSes for Linux, by Peter Seebach
- LinuxBIOS ready to go mainstream, by Bruce Byfield
- First desktop motherboard supported by LinuxBIOS: GIGABYTE M57SLI-S4, by Brandon Howard
- Video recording of Ron Minnich's LinuxBIOS talk from FOSDEM 2007
- Coreboot Your Service, Linux Journal, October 2009