Coreboot at Your Service!
Listing 1. Configuration Process for libpayload
* * Libpayload Configuration * * Architecture Options * Multiboot header support (MULTIBOOT) [Y / n] * * Standard Libraries * Enable C library support (LIBC) [Y / n] Enable tinycurses support (TINYCURSES) [Y / n] * * Console Options * See output on the serial port console (SERIAL_CONSOLE) [Y / n] I/O base for the serial port (SERIAL_IOBASE) [0x3f8] Override the serial console baud rate (SERIAL_SET_SPEED) [N / y] Use plain ASCII characters for ACS (SERIAL_ACS_FALLBACK) [N / y /?] See output on a video console (VIDEO_CONSOLE) [Y / n] VGA video console driver (VGA_VIDEO_CONSOLE) [Y / n] Geode LX video console driver (GEODELX_VIDEO_CONSOLE) [N / y] Allow input from a PC keyboard (PC_KEYBOARD) [Y / n] English (US) keyboard layout (PC_KEYBOARD_LAYOUT_US) [Y / n] German keyboard layout (PC_KEYBOARD_LAYOUT_DE) [N / y] * * Drivers * Support for PCI devices (PCI) [Y / n] Support for reading / writing NVRAM bytes (NVRAM) [Y / n] Extended RTC ports are 0x74/0x75 (RTC_PORT_EXTENDED_VIA) [N / y /?] Support for PC speaker (SPEAKER) [Y / n] USB Support (USB) [N / y]
Once the configuration parameters are set, run make again to compile the library:
$ cd ../filo $ make
Now you can set the options for FILO. Again, simply press Enter for all the prompts and accept the defaults.
Listing 2. Configuration Process for FILO
* * FILO Configuration * * Interface Options * Use GRUB like interface (USE_GRUB) [Y / n /?] Command line prompt (PROMPT) [filo] GRUB menu.lst filename (MENULST_FILE) [hda3:/boot/grub/menu.lst] Timeout for loading menu.lst (MENULST_TIMEOUT)  Use MD5 passwords in menu.lst? (USE_MD5_PASSWORDS) [Y / n /?] * * Drivers * IDE DISK support (IDE_DISK) [Y / n /?] IDE disk poll delay (IDE_DISK_POLL_DELAY)  Extra delay for SATA (SLOW_SATA) [N / y /?] PCMCIA CF (Epia) support (PCMCIA_CF) [N / y /?] new USB Stack (USB_NEW_DISK) [Y / n /?] USB Stack (obsolete?) (USB_DISK) [N / y /?] NAND Flash support (FLASH_DISK) [N / y /?] PCI support (SUPPORT_PCI) [Y / n] Scan all PCI busses (PCI_BRUTE_SCAN) [N / y /?] Sound Support (SUPPORT_SOUND) [N / y] * * Filesystems * EXT2 filesystem (FSYS_EXT2FS) [Y / n] FAT (MSDOS) filesystem (FSYS_FAT) [Y / n] JFS (FSYS_JFS) [N / y] Minix filesystem (FSYS_MINIX) [N / y] ReiserFS (FSYS_REISERFS) [Y / n] XFS (FSYS_XFS) [N / y] ISO9660 filesystem (FSYS_ISO9660) [Y / n] El Torito bootable CDROMs (ELTORITO) [Y / n /?] Compressed RAM filesystem (CRAMFS) (FSYS_CRAMFS) [N / y] Squash filesystem (FSYS_SQUASHFS) [N / y] * * Loaders * Standard Linux Loader (LINUX_LOADER) [Y / n /?] Windows CE Loader (WINCE_LOADER) [N / y /?] Artec Loader (ARTEC_BOOT) [N / y /?] * * Debugging & Experimental * Enable experimental features (EXPERIMENTAL) [N / y /?] DEBUG_ALL (DEBUG_ALL) [N / y] DEBUG_ELFBOOT (DEBUG_ELFBOOT) [N / y] DEBUG_ELFNOTE (DEBUG_ELFNOTE) [N / y] DEBUG_SEGMENT (DEBUG_SEGMENT) [N / y] DEBUG_SYS_INFO (DEBUG_SYS_INFO) [N / y] DEBUG_BLOCKDEV (DEBUG_BLOCKDEV) [N / y] DEBUG_VFS (DEBUG_VFS) [N / y] DEBUG_FSYS_EXT2FS (DEBUG_FSYS_EXT2FS) [N / y] DEBUG_PCI (DEBUG_PCI) [N / y] DEBUG_LINUXLOAD (DEBUG_LINUXLOAD) [N / y] DEBUG_IDE (DEBUG_IDE) [N / y] DEBUG_ELTORITO (DEBUG_ELTORITO) [N / y] Developer Tools (DEVELOPER_TOOLS) [Y / n /?]
Obviously, not all of the above options actually are needed. For instance, you don't need XFS, JFS or Minix support if your system boots off an ext2/ext3 partition. Once you've gotten everything running, you can come back and switch off the options you don't need, which will reduce the size of the coreboot image.
Notice the following line near the top of Listing 2:
GRUB menu.lst filename (MENULST_FILE) [hda3:/boot/grub/menu.lst]
My test EPIA-M II system has OpenSUSE 11.0 installed and uses the GRUB bootloader. I chose to include GRUB's interface support inside FILO, and this is the place to specify the location of GRUB's menu file. If you don't plan to use the GRUB interface (for instance, if your Linux distribution uses LILO for booting), you need to specify the correct line to load the kernel and initrd, as shown in Listing 3.
Listing 3. If your distribution works with LILO, you can switch off the GRUB interface in FILO.
* * FILO Configuration * * Interface Options * Use GRUB like interface (USE_GRUB) [Y / n /?] n Autoboot a command line after timeout? (USE_AUTOBOOT) [Y / n] Kernel filename and parameters (AUTOBOOT_FILE) ↪[hda1:/boot/vmlinuz root=/dev/hda3 console=tty0 ↪console=ttyS0, 115200] Time in seconds before booting (AUTOBOOT_DELAY) 
After setting the FILO's configuration parameters, compile FILO by running make again. The compiled loader is placed here: filo/build/filo.elf.
At this point, you've prepared the payload. Now, you need to generate a coreboot image. First, let's take a look at the config file that is used during the coreboot build (Listing 4):
$ cd coreboot-v2/targets/via/epia-m $ vi Config.lb
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide