Coreboot at Your Service!
Both coreboot v2 and v3 allow you to use the QEMU emulator for doing all the above steps without worrying about bricking your hardware. Using an emulator also is handy when you want to develop a new payload or re-implement some feature of coreboot.
The steps for configuring and compiling coreboot for an emulated system are similar to those for the EPIA-M:
$ cd coreboot-v2/ $ ./buildtarget emulation/qemu-x86 $ cd emulation/qemu-x86/qemu-x86/ $ make
Before you can run the emulator, you need to to have a copy of a Video ROM/BIOS patched for use with QEMU, such as the one for Cirrus Logic card (www.coreboot.org/images/0/0d/Vgabios-cirrus.zip). Download the file, unzip it in the current directory and then run QEMU:
$ qemu -L . -hda /dev/zero
The latest version of coreboot (v3) doesn't include support for many motherboards yet, but anyone can evaluate coreboot v3 with an emulated system (Figure 4).
So, what are the major differences that distinguish coreboot v3 from the previous releases? First, the configuration mechanism is greatly revised. In previous releases, you had to edit configuration files manually. Now, you configure coreboot just as you configure the Linux kernel—using make menuconfig or make xconfig. Second, the coreboot image itself is nothing but a LAR archive. LAR is a coreboot-specific archiver. It allows you to add, edit and delete payloads in a single step; there's no need to recompile the entire image. Third, the process for producing the code has been simplified and is much more elegant than before. Fourth, the use of ROMCC has been dropped, and all C code now is compiled with gcc. Fifth, there is a growing community and improved documentation on the Web site, as well as feedback from some silicon companies.
So, let's take a look at coreboot v3. Get the source code from the repository and configure it:
$ svn co svn://coreboot.org/repos/trunk/coreboot-v3 $ make menuconfig ... $ make
Once this completes, the coreboot image is ready and can be found in build/coreboot.rom. To view the contents of coreboot.rom, you can use the LAR archiver (Listing 6):
$ build/util/lar/lar -l build/coreboot.rom
Listing 6. Output of LAR Archiver (Coreboot Image Contents)
normal/option_table (932 bytes @ 0x50); loadaddress 0x0 entry 0x0 normal/initram/segment0 (420 bytes @ 0x450); loadaddress 0x0 entry 0x0x40 normal/stage2/segment0 (194,780 bytes, zeroes compressed to 1 bytes @ 0x650); loadaddress 0x0xd7b0 entry 0x0x2000 normal/stage2/segment1 (34560 bytes, lzma compressed to 18320 bytes @ 0x6b0); loadaddress 0x0x2000 entry 0x0x2000 normal/stage2/segment2 (6076 bytes, lzma compressed to 356 bytes @ 0x4e90); loadaddress 0x0xbff4 entry 0x0x2000 normal/payload/segment0 (183,984 bytes, zeroes compressed to 1 bytes @ 0x5050); loadaddress 0x0x318e0 entry 0x0x19000 normal/payload/segment1 (100,552 bytes, lzma compressed to 78196 bytes @ 0x50b0); loadaddress 0x0x19000 entry 0x0x19000 bootblock (20480 bytes @ 0x3b000) Total size = 119314B 116KB (0x1d212)
As you can see, coreboot.rom is really just an archive file, so it can be “disassembled” and “reassembled”. Compiling from scratch is not required.
Most contemporary, proprietary BIOSes contain a BIOS setup program, where you can configure different settings, ranging from RAM parameters to the boot strategy. Currently, there is no such thing available for coreboot, but to illustrate the flexibility of coreboot, let's examine bayou.
Bayou was developed by AMD and contributed to the coreboot project last year. Bayou is a payload that itself is a container for further payloads, thereby allowing coreboot to choose among payloads at boot time via a menu. For instance, you could include a memtest payload, a FILO payload and even a tint payload (tint is a Tetris clone). As an example, let's build bayou with a tint payload.
To build tint, get the source and patch it:
$ wget http://ftp.debian.org/debian/pool/main/t/tint/ ↪tint_0.03b.tar.gz $ tar xfvz tint_0.03b.tar.gz $ cd tint-0.03b $ svn export svn://coreboot.org/repos/trunk/payloads/ ↪external/tint/libpayload_tint.patch $ patch -p1 < libpayload_tint.patch $ make
Then, get the bayou payload:
$ svn co svn://coreboot.org/repos/trunk/payloads/bayou $ cd bayou
Edit the bayou configuration file (bayou.xml), and add the required payloads (Listing 7).
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide