Announcement

Collapse
No announcement yet.

Coreboot Ported To A Newer Intel Server Board From Supermicro

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Coreboot Ported To A Newer Intel Server Board From Supermicro

    Phoronix: Coreboot Ported To A Newer Intel Server Board From Supermicro

    The German-based 9elements Cyber Security has ported Coreboot to another newer Intel server motherboard...

    http://www.phoronix.com/scan.php?pag...L-Supermicro-B

  • #2
    How does that work? Isn't the IME, or at least parts of it, necessary for everything to function as expected? The blogpost doesn't seem to mention which specific blobs they opened or are still using to function.

    Comment


    • #3
      Originally posted by oxwivi View Post
      How does that work? Isn't the IME, or at least parts of it, necessary for everything to function as expected? The blogpost doesn't seem to mention which specific blobs they opened or are still using to function.
      From the commit:

      [...]
      ## Required proprietary blobs
      - [Intel FSP2.0]
      - Intel ME
      ## De-blobbing
      - [Intel FSP2.0] can not be removed as long as there is no free replacement
      - Intel ME can be cleaned using me_cleaner (~4.5 MB more free space)
      [...]

      Comment


      • #4
        Originally posted by oxwivi View Post
        How does that work? Isn't the IME, or at least parts of it, necessary for everything to function as expected? The blogpost doesn't seem to mention which specific blobs they opened or are still using to function.
        It works like all post-Socket 775 boards with Coreboot support.

        They opened nothing because Intel would drop bombs on them, they added support to Coreboot using the Intel vendor blobs for board initialization, and a severely neutered IME blob with all non-critical-for-boot-stuff removed.

        This is still a very useful thing because a very big source security bullshit issues is the vendor's UEFI firmware and its lack of quality, vendor backdoors and ability to update when a vulnerability is found. Coreboot firmware does not have any of it, you can have it load a UEFI payload, but that's a very cut-down and opensource UEFI version whose job is just to boot an OS.

        Comment


        • #5
          If I remember correctly, the FSP alone is smart enough to boot up the board and load a OS.
          All coreboot does here is to call the right things in that package.

          Intel also has its own fork of coreboot called the slim or slim bootloader https://slimbootloader.github.io/

          Comment


          • #6
            Typo: DDDR4

            Comment


            • #7
              Originally posted by oxwivi View Post
              How does that work? Isn't the IME, or at least parts of it, necessary for everything to function as expected? The blogpost doesn't seem to mention which specific blobs they opened or are still using to function.
              Yeah, only libreboot disables Intel ME but it only works in older mobos and laptops.

              Comment


              • #8
                Originally posted by ServerGarbage View Post
                Yeah, only libreboot disables Intel ME but it only works in older mobos and laptops.
                Libreboot is just a Coreboot configured to not install blobs. Which is why it does not work beyond a certain point where some blobs become mandatory for board init, and the real ME appears (the ME that was just a secondary thing you could remove by deleting its firmware was an inferior first-gen thing for some socket 775 boards afaik).

                Comment


                • #9
                  Originally posted by starshipeleven View Post
                  Libreboot is just a Coreboot configured to not install blobs. Which is why it does not work beyond a certain point where some blobs become mandatory for board init, and the real ME appears (the ME that was just a secondary thing you could remove by deleting its firmware was an inferior first-gen thing for some socket 775 boards afaik).
                  Wasn't there also an intermediate generation where the BOOT chunk was signed separately from the ME kernel, so you could clean it enough to make it turn off the watchdog reset and then crash?

                  Comment


                  • #10
                    Originally posted by Alexmitter View Post
                    If I remember correctly, the FSP alone is smart enough to boot up the board and load a OS.
                    All coreboot does here is to call the right things in that package.
                    Mostly correct, but FSP can only load from flash so they use u-boot as a bootloader for the "bareback" setups as the OS is usually not in the flash chip.

                    Comment

                    Working...
                    X