[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v1 09/11] FSF: hardware: disable option roms: update and point ha
|
From: |
Denis 'GNUtoo' Carikli |
|
Subject: |
[PATCH v1 09/11] FSF: hardware: disable option roms: update and point hardware/graphics-card to it. |
|
Date: |
Tue, 5 Nov 2024 15:14:31 +0100 |
Rationale:
- GNU Boot now also exists and I'm assuming that it's probably
preffered over Canoeboot by the FSF sysadmins as Canoeboot has a
less long term approach (it changes things a lot, has features that
depend on out of tree patches, etc).
- I also added a bit of context.
- Libreboot from 2016 only has GRUB and SeaBIOS images and it doesn't
have 'seabios_grubfirst' hybrid images yet (images that uses SeaBIOS
to load GRUB to workaround some issues with GRUB). GNU Boot just got
rid of the hybrid images with the commit
6fa9af30ad276a6ebf3268238c0a31d291b92964 ("Remove images with the
seabios_grubfirst main payload.").
And the problem this article solves only occurs with SeaBIOS, and
I've verified that in the Coreboot configuration for both a recent
GNU Boot and Libreboot r20160907.
- For the MAC address, I was told within a private mail by Tiberiu
from Technoetical that they modified Libreboot images to use the
computer MAC address, and they now do that with GNU Boot, so I
included them as well.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
---
.../disable-option-roms-with-cbfstool.mdwn | 56 ++++++++++++++-----
sviki/fsf/hardware/graphics-cards.mdwn | 6 ++
2 files changed, 47 insertions(+), 15 deletions(-)
diff --git a/sviki/fsf/hardware/disable-option-roms-with-cbfstool.mdwn
b/sviki/fsf/hardware/disable-option-roms-with-cbfstool.mdwn
index 6ef9158..ce803a6 100644
--- a/sviki/fsf/hardware/disable-option-roms-with-cbfstool.mdwn
+++ b/sviki/fsf/hardware/disable-option-roms-with-cbfstool.mdwn
@@ -12,9 +12,14 @@ Contributions are welcome. See
<https://savannah.gnu.org/maintenance/fsf/>.
# disable option roms with cbfstool
-This method applies a hard-coded variable to the LibreBoot / Coreboot ROM that
-tells it to not load external option roms. (LibreBoot from 2016 loads option
-roms by default.)
+This method applies a hard-coded variable to GNU Boot / Canoeboot /
+Coreboot images that use SeaBIOS and tells it to not load external
+option roms (like the video BIOS or tools from RAID or network cards
+for instance).
+
+Images with SeaBIOS, of LibreBoot from 2016 or GNU Boot, loads option
+roms by default. However Images with GRUB do not run option roms
+(unless users run SeaBIOS from GRUB).
## documentation on this method
@@ -26,11 +31,16 @@ If those pages are missing, visit <https://archive.is> or
## compile cbfstool
-Clone the Coreboot git repo:
+cbfstool is currently missing from many free distributions, especially
+from Trisquel. See the [Tools section of the article on
+Coreboot](https://libreplanet.org/wiki/Group:Hardware/Upstream_projects/Coreboot#Tools)
+on the LibrePlanet wiki for the status of tools.
+
+If you lack a package for cbfstool, clone the Coreboot git repository:
git clone http://review.coreboot.org/coreboot.git
-Compile cbfstool:
+then compile cbfstool:
cd coreboot
cd util/cbfstool
@@ -41,7 +51,7 @@ Compile cbfstool:
If dependencies are missing, `libreboot_r20160907_util.tar.xz` has a compiled
version at the `https://libreboot.org/download.html` mirrors.
-## get the LibreBoot rom from the machine
+## get the LibreBoot or GNU Boot rom from the machine
Downloading the rom from the machine itself is a good approach so you don't
have to worry about **setting the MAC address** to a non-generic value before
@@ -49,25 +59,41 @@ writing the patched rom.
If you are able to boot to GNU/Linux on the device:
- flashrom -p internal -r libreboot.rom
+ flashrom -p internal -r gnuboot.rom
-## patch the LibreBoot ROM
+## patch the LibreBoot or GNU Boot ROM
> *Controls option ROM execution for roms found on PCI devices (as opposed to
> roms found in CBFS/fw_cfg). Valid values are 0: Execute no ROMs, 1: Execute
> only VGA ROMs, 2: Execute all ROMs. The default is 2 (execute all ROMs).*
- cbfstool libreboot.rom add-int -i 1 -n etc/pci-optionrom-exec
- cbfstool libreboot.rom print
+ cbfstool gnuboot.rom add-int -i 1 -n etc/pci-optionrom-exec
+ cbfstool gnuboot.rom print
+
+## Add your MAC Address
+
+If you are an FSF sysadmin or bought a Thinkpad from Technoetical and
+that you are using a fresh ROM image, don't forget to patch it so
+there aren't **MAC collisions** as Libreboot or GNU Boot come with a
+default MAC address on computers using the GM45 chipset (like the
+ThinkPad X200) with the exception of the ThinkPad R500 as it uses a
+Broadcom Ethernet controller instead.
+
+Alternatively, get the rom from the machine itself (see above).
+
+If you need to patch it, you can use ich9gen from
+[ich9utils](https://notabug.org/libreboot/ich9utils.git) with
+something like that (obviously change the MAC address below):
+
+ ich9gen --macaddress 00:1f:16:80:80:80
-## write the LibreBoot ROM
+The tool will then tell you how to modify your GNU Boot or Libreboot
+image.
-If you are using a fresh ROM image, don't forget to patch it so there aren't
-**MAC collisions**. Alternatively, get the rom from the machine itself (see
-above).
+## write the LibreBoot or GNU Boot ROM
If you are booted into GNU/Linux on the device:
- flashrom -p internal -w libreboot.rom
+ flashrom -p internal -w gnuboot.rom
Do a shutdown, then a cold boot.
diff --git a/sviki/fsf/hardware/graphics-cards.mdwn
b/sviki/fsf/hardware/graphics-cards.mdwn
index a803ddb..067e7e4 100644
--- a/sviki/fsf/hardware/graphics-cards.mdwn
+++ b/sviki/fsf/hardware/graphics-cards.mdwn
@@ -38,6 +38,9 @@ Nvidia graphics card or chip require nonfree software to work:
* The nvidia driver need to load and run some bytecode that is also
stored somewhere in the memory chip of the graphic card.
+See [[fsf/hardware/disable-option-roms-with-cbfstool]] for how to deal
+with this issue.
+
Beside the video BIOS issue, another question is if these cards works
in free distros.
@@ -102,6 +105,9 @@ AMD graphics card or chip require nonfree software to work:
bytecode (called AtomBIOS) that is also stored somewhere in the
memory chip of the graphic card.
+See [[fsf/hardware/disable-option-roms-with-cbfstool]] for how to deal
+with this issue.
+
Beside the video BIOS issue, another question is if these cards works
in free distros.
--
2.46.0
- Re: [PATCH v1 06/11] FSF: hardware: graphics-card: Nvidia: Warn about nonfree software., (continued)
- [PATCH v1 08/11] FSF: hardware: graphics-card: Add section about other card vendors., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 10/11] FSF: hardware: disable option roms: improve flashrom commands., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 02/11] FSF: explain how to test contributions., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 01/11] FSF: clarify how to contribute., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 04/11] FSF: hardware: graphics-card: Intel: Update and clarify., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 03/11] FSF: hardware: graphics-card: Intel: fix typo., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 05/11] FSF: hardware: graphics-card: Update AMD status., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 07/11] FSF: hardware: graphics-card: Add possible lead with nouveau instabilities., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 11/11] FSF: hardware: disable option roms: clarify shutdown / cold boot., Denis 'GNUtoo' Carikli, 2024/11/07
- [PATCH v1 09/11] FSF: hardware: disable option roms: update and point hardware/graphics-card to it.,
Denis 'GNUtoo' Carikli <=