| View previous topic :: View next topic |
| How scared are you of proprietary BIOSs and Intel ME / AMD PSP? |
| Unfazed: I have nothing to hide so I have nothing to fear. |
|
0% |
[ 0 ] |
| Meh: I like big companies keeping me safe. |
|
18% |
[ 2 ] |
| Somewhat concerned: ME/PSP feels like a mystery box within my CPU. |
|
9% |
[ 1 ] |
| Moderately worried: The autonomy of ME/PSP gives me tech shivers. |
|
9% |
[ 1 ] |
| Rather spooked: I swear I've seen my computer glow bright green at night. |
|
0% |
[ 0 ] |
| Utterly petrified: Is impossible to have privacy on a modern computing machine |
|
63% |
[ 7 ] |
|
| Total Votes : 11 |
|
| Author |
Message |
arvamircea
Tux's lil' helper
Joined: 21 May 2022
Posts: 109
Location: Swadlincote
|
 Posted: Wed Dec 20, 2023 3:28 pm Post subject: Libreboot / Coreboot how hard is it to make a BIOS? |
 |
|
Hello sorry if I am ignorant but,
Why do projects like LIbreboot have so few supported hardware?
I am a noob I'm not saying I am able to make a BIOS by myself but surely is not that hard to make one right? Especially because I assume you can copy and paste a lot of the code from one BIOS to another. At the end of the day the BIOS is just a simple program that checks that all hardware is ok then gives the computer to the OS.
For example, Framework laptops. Lots of support from the manufacturer and lots of people/developers using it, but no one is working on a libre BIOS for it. |
|
| Back to top |
|
 |
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1528
Location: Richmond Hill, Canada
|
| Posted: Wed Dec 20, 2023 3:55 pm Post subject: |
|
|
It actually not very simple 
You can try take any off shelf PC and take a Linux source code tree, try to configure (as in make menuconfig) you will know how hard it is to make it right the first time. You most likely get boot panic first build due to not able to find root disk, then second build not able to find network, third build not able to graphic display right.
It is hard because every hardware are different and you need quick long experience to know how to initialize/power on a peripherals.
Modern Linux actually cannot boot without BIOS provided ACPI (or Device Tree) |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55015
Location: 56N 3W
|
| Posted: Wed Dec 20, 2023 3:58 pm Post subject: |
|
|
arvamircea,
Once upon a time, | Quote: | | At the end of the day the BIOS is just a simple program that checks that all hardware is ok then gives the computer to the OS. |
was true but not for a long time.
Much of the hardware bring up for PCI and DRAM involves a lot of trial and error at every start.
Its often referred to as 'training'.
Until this DRAM training is complete the CPU cannot use any RAM.
Until the PCI training is complete, the PCI cannot be used ... and so on.
If that's not bad enough ... it gets worse. Almost all of the data needed to do the training in hidden behind NDAs, so is not available to open source software development.
Everything has to be reverse engineered. That's hard.
The firmware is usually digitally signed too. Part of the startup in to check the signature.
To add to the interest, after testing you new firmware code and finding that it doesn't work, debug is difficult.
No video output ...
Then, howe do you get control of the hardware to have another go?
You may have just trashed the firmware and left the system 'bricked'.
That means doing what manufacturers do during test of a new system. Program it via the JTAG interface.
Of course, how to do that is locked behind an NDA.
If the firmware EEPROM is in a socket, it can be removed and reprogrammed outside of the system but than getting rarer.
All in all, its a slow process.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
arvamircea
Tux's lil' helper
Joined: 21 May 2022
Posts: 109
Location: Swadlincote
|
| Posted: Wed Dec 20, 2023 4:12 pm Post subject: |
|
|
Hmmm,
Ok it might be harder then I thought, but not impossible.
Is a goal of mine to one day help the FOS (free and open source) world. Look forward to more libre BIOSes in a few decades when I become more knowledgeable.  |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3553
|
| Posted: Wed Dec 20, 2023 6:56 pm Post subject: |
|
|
> Look forward to more libre BIOSes in a few decades when I become more knowledgeable
How 'bout alternative architectures?
There are ARM and RISC-V already. It looks like the interest in them was growing within the FOSS community. It's been a while since I played with creating my own system image for ARM (it was a banana pi), so maybe the documentation available has been improved in the meantime, but I had a hard time finding out how to use uboot with my kernel and the piece of hardware at hand, what entry point should I set, which parameters affect what etc, and actually I still don't know how that boot process works and why it was so much more difficult than isolinux on x86.
Man, I wish I had a decent guide actually explaining where all the strings and buttons are, what the magic numbers mean, and how all the pieces are tied to each other. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20589
|
| Posted: Thu Dec 21, 2023 5:05 am Post subject: |
|
|
Somewhat to Moderate. I don't recall any practical security issues regarding criminal enterprise. That's the primary, or it least immediate concern.
In the bigger picture, I also have concerns about the implication behind forced compliance from state actors. Using vulnerabilities (actual or intentional) to obtain information that is then used to get evidence from traditional sources seems like a Bad Thing to me.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
Leonardo.b
Guru
Joined: 10 Oct 2020
Posts: 308
|
| Posted: Sat Dec 23, 2023 7:23 am Post subject: |
|
|
| I've seen HP laptops with automatic remote diagnostic and online firmware upgrades in UEFI menu. |
|
| Back to top |
|
|
arvamircea
Tux's lil' helper
Joined: 21 May 2022
Posts: 109
Location: Swadlincote
|
|
| Back to top |
|
|
pa4wdh
l33t
Joined: 16 Dec 2005
Posts: 914
|
| Posted: Tue Dec 26, 2023 10:53 pm Post subject: |
|
|
I don't like to closedness of all those BIOS/UEFI stuff. You can make your OS as secure as you can, but if the lowest level (BIOS/UEFI) is compromised you simply can't trust your hardware.
| Quote: | | How 'bout alternative architectures? |
I like RISC-V a lot, and i specifically like the implementation on the Sifive Hifive Unmatched (https://www.sifive.com/boards/hifive-unmatched). The software that is similar to BIOS/UEFI in the x86 world is actually stored on an SD card. This also means "BIOS" updates are easily done from any OS that can write to an SD card and risk free, if something goes bad you can simply re-write the SD card with another PC or swap it with an other SD card with a known working version. And of course it's all completely open source.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world
My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3553
|
| Posted: Wed Dec 27, 2023 9:44 pm Post subject: Re: Extremely good read |
|
|
Quite frankly it reads like an opinion piece ("UEFI is better than BIOS", ) where dude is shitting on the old ways of doing things just because he got a new, shiny toy.
He also gets a bunch of facts about the old system wrong (e.g. "BIOS does not understand partitions so MBR is the only possible entry point" like active flag didn't exist).
Finally skips the reasoning and just claims proving a point, so we (readers) are forced to subconsciously accept the assertion as a fact: "The concept of some undefined amount of empty space at the start of a disk being 'where bootloader code lives' is a pretty crappy design, as we saw above". No, we didn't see that above. The correct size of EFI partition is equally undefined, so you solved nothing, and still made things more complex by adding a filesystem to the mix.
And I'm only like 10% into this text so far.
Dunno, maybe I am nitpicking, but seriously, BIOS has one job: hand the wheel over to the user-supplied code. There's nothing wrong with "bootstrap code starts at a well known address 0x00"
I know, I know, "SecureBoot"... Unfortunately, the on-board memory chip can be replaced too. Creating a truly tamper-proof hardware ain't easy, though I've seen people try. E.g. Dell servers with intrusion detection sensors, logging incidents whenever someone opened their cases.
| Quote: | | I like RISC-V a lot, and i specifically like the implementation on the Sifive Hifive Unmatched (https://www.sifive.com/boards/hifive-unmatched). The software that is similar to BIOS/UEFI in the x86 world is actually stored on an SD card. |
So, basically, back to "bootstrap code starts at well known address" 
Anyway... Yeah, I definitely prefer the approach where hardware does not have any builtin code. Makes "surprise mechanics" more difficult to hide, and the whole thing is pretty much unbrickable. |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1528
Location: Richmond Hill, Canada
|
| Posted: Wed Dec 27, 2023 10:47 pm Post subject: Re: Extremely good read |
|
|
| szatox wrote: |
Quite frankly it reads like an opinion piece ("UEFI is better than BIOS", ) where dude is shitting on the old ways of doing things just because he got a new, shiny toy.
He also gets a bunch of facts about the old system wrong (e.g. "BIOS does not understand partitions so MBR is the only possible entry point" like active flag didn't exist).
Finally skips the reasoning and just claims proving a point, so we (readers) are forced to subconsciously accept the assertion as a fact: "The concept of some undefined amount of empty space at the start of a disk being 'where bootloader code lives' is a pretty crappy design, as we saw above". No, we didn't see that above. The correct size of EFI partition is equally undefined, so you solved nothing, and still made things more complex by adding a filesystem to the mix.
And I'm only like 10% into this text so far.
Dunno, maybe I am nitpicking, but seriously, BIOS has one job: hand the wheel over to the user-supplied code. There's nothing wrong with "bootstrap code starts at a well known address 0x00"
I know, I know, "SecureBoot"... Unfortunately, the on-board memory chip can be replaced too. Creating a truly tamper-proof hardware ain't easy, though I've seen people try. E.g. Dell servers with intrusion detection sensors, logging incidents whenever someone opened their cases.
| Quote: | | I like RISC-V a lot, and i specifically like the implementation on the Sifive Hifive Unmatched (https://www.sifive.com/boards/hifive-unmatched). The software that is similar to BIOS/UEFI in the x86 world is actually stored on an SD card. |
So, basically, back to "bootstrap code starts at well known address"
Anyway... Yeah, I definitely prefer the approach where hardware does not have any builtin code. Makes "surprise mechanics" more difficult to hide, and the whole thing is pretty much unbrickable. |
I think the article is reasonable actual beside author's opinion. My guess is that the author is too young to know when the entire machine have only 16KB memory the MBR size of 512 bytes is consider good size chunk used for only once in the entire boot cycle.
I am trying to imaging that if we take author's opinion into account, and try to place a today's EFI firmware into 1987's PC how much will it be costed and how long will it take to complete the setup to providing the EFI specified services. And I wonder what is the point of all the EFI specification then, because there isn't many boot device you can choose (tape and floppy?) |
|
| Back to top |
|
|
pa4wdh
l33t
Joined: 16 Dec 2005
Posts: 914
|
| Posted: Thu Dec 28, 2023 10:50 am Post subject: Re: Extremely good read |
|
|
| szatox wrote: |
| Quote: | | I like RISC-V a lot, and i specifically like the implementation on the Sifive Hifive Unmatched (https://www.sifive.com/boards/hifive-unmatched). The software that is similar to BIOS/UEFI in the x86 world is actually stored on an SD card. |
So, basically, back to "bootstrap code starts at well known address"
Anyway... Yeah, I definitely prefer the approach where hardware does not have any builtin code. Makes "surprise mechanics" more difficult to hide, and the whole thing is pretty much unbrickable. |
Somewhat, but i think it's a bit more sophisticated.
There is a small ROM on the board which just contains the functions to access the SD card and load the rest there (ZSBL). In the SD card there is a GPT partition table and it looks for two specific UUID's to find out which partitions to load for SBI and u-boot (SPL).
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world
My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
