A Dream Come True: Running Coreboot On A Modern, Retail Desktop Motherboard

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • arQon
    replied
    "Incomplete" is potentially just a minor inconvenience. "Unable to use XMP" though is quite a significant hurdle (given how half-assed JEDEC is), as is not being able to boost the CPU.

    Still, this is *huge* progress for Coreboot, and now that MSI has gone down this road at all, I think there's a strong likelihood that their plan is to migrate as much of their product to it as possible, unless this "pilot" attempt turns out to be disastrous.

    Leave a comment:


  • pietrushnic
    replied
    Originally posted by JacekJagosz View Post

    First, someone needed to fund it. There hasn't really been an interest like that so far. Then people writing that firmware would need to get support from Intel/AMD so they are actually provided the necessary firmware.
    pietrushnic said above said not many people could achieve that.
    And third, there are a lot of legal problems doing that. So the only company that can do Coreboot needs to be experienced and have connections, and have enough funding to do all that.
    JacekJagosz thanks. This is precisely why. I wonder what industry your working in. Also it would be great to have you and other Phoronix Community members interested in open-source firmware at our quarterly vPub which we hope to host somwhere in August.

    Leave a comment:


  • pietrushnic
    replied
    Originally posted by pokazene_maslo View Post
    One feature that I would like to see implemented is TCG OPAL/TCG Enterprise pre-boot authentication. There are HDDs/SSDs that support hardware level encryption. For example Crucial MX300/MX500 SSDs support TCG OPAL. Implement a feature to configure groups of connected drives and then during system boot-up enter password to unlock a group of HDDs/SSDs.
    pokazene_maslo (nice nickname) yes, we see this feature request second time. Do you think you can add it to our tracker? In that way others can vote for it as well as discuss potential release candidates. If you cannot can I quote you in the issue tracker?

    Leave a comment:


  • pietrushnic
    replied
    Originally posted by zerocool456 View Post
    Honestly - this Dasharo is.. complicated.
    zerocool456 would you mind to elaborate why? Something more precise would help us improve Dasharo.

    Originally posted by zerocool456 View Post

    You are packaging open-source code into somewhere else - and not properly upstream the code back to upstream repos.
    zerocool456 please let me know which code is not properly upstreamed? Let's discuss preceise concerns not general objections.

    Originally posted by zerocool456 View Post
    This is fragmentation of the landscape, instead of supporting the project.
    zerocool456 so, what would be corrrect business model behind open-source firmware in your opinion. Creating downstream distribution is well known model Xen has XenServer and XCP-ng, Linux many distributions including commercial ones

    Originally posted by zerocool456 View Post
    However it is nice to have it - I would wish you drop the whole Dasharo effort - or at least upstream it properly.
    zerocool456 why? How this would help 3mdeb contribute more to open-source firmware ecosystem?

    Originally posted by davidhendricks View Post

    A couple of points here:
    1. Dasharo is one of many distributions that include coreboot. coreboot itself basically just does lowlevel hardware initialization which alone is not enough to make a product to sell to customers. It's analogous to the Linux kernel being distributed as part of Fedora, Ubuntu, RHEL, SLES, etc. with varying levels of customization and support. System76, Purism, Starlabs, etc. do similar things where they package coreboot with other components which are tailored for their products and customers.

    2. 3mdeb employees are quite active upstream, as you can see on the upstream review system (and git log if you're inclined to look): https://review.coreboot.org/q/author...edby:3mdeb.com
    davidhendricks thank you. We belive open-source firmware needs more distributions, so end users and their customers can pick one that work for them.

    Leave a comment:


  • davidhendricks
    replied
    Originally posted by zerocool456 View Post
    Honestly - this Dasharo is.. complicated. You are packaging open-source code into somewhere else - and not properly upstream the code back to upstream repos. This is fragmentation of the landscape, instead of supporting the project.

    However it is nice to have it - I would wish you drop the whole Dasharo effort - or at least upstream it properly.
    A couple of points here:
    1. Dasharo is one of many distributions that include coreboot. coreboot itself basically just does lowlevel hardware initialization which alone is not enough to make a product to sell to customers. It's analogous to the Linux kernel being distributed as part of Fedora, Ubuntu, RHEL, SLES, etc. with varying levels of customization and support. System76, Purism, Starlabs, etc. do similar things where they package coreboot with other components which are tailored for their products and customers.

    2. 3mdeb employees are quite active upstream, as you can see on the upstream review system (and git log if you're inclined to look): https://review.coreboot.org/q/author...edby:3mdeb.com

    Leave a comment:


  • JacekJagosz
    replied
    Originally posted by M1kkko View Post
    Can somebody explain to me why it's seemingly so difficult to design and create a coreboot compatible motherboard? Out of all the PC motherboard vendors, not one ships a motherboard that comes with Coreboot out of the box. Not even in the enthusiast or enterprise segments. Why?
    First, someone needed to fund it. There hasn't really been an interest like that so far. Then people writing that firmware would need to get support from Intel/AMD so they are actually provided the necessary firmware.
    pietrushnic said above said
    Second, because over the years we were able to build relation with silicon vendors gaining access to documentation, support channels and even source code of critical components (at this point without right of redistributing it in source form, just binary
    not many people could achieve that.
    And third, there are a lot of legal problems doing that. So the only company that can do Coreboot needs to be experienced and have connections, and have enough funding to do all that.

    Leave a comment:


  • M1kkko
    replied
    Can somebody explain to me why it's seemingly so difficult to design and create a coreboot compatible motherboard? Out of all the PC motherboard vendors, not one ships a motherboard that comes with Coreboot out of the box. Not even in the enthusiast or enterprise segments. Why?

    Leave a comment:


  • pietrushnic
    replied
    Originally posted by zir_blazer View Post
    Currently testing with a 12600K with no dGPU. It can install Windows 11 with no issues (Secure Boot + fTPM).



    The performance difference is rather simple to explain: Dasharo is using Intel specified power limits. PL1 and PL2 are 125W/150W, respectively. When using MSI stock Firmware, loading default options put it in Water Cooling mode (I don't know if with non-K like Phoronix 12400 it works the same way).

    Boxed Cooler PL1 241W PL2 241W Current Limit 280A
    Tower Air Cooler PL1 288W PL2 288W Current Limit 512A
    Water Cooler PL1 4096W PL2 4096W Current Limit 512A

    So by default, your Power Limiters are essencially unlimited. And even the lowest Boxed Cooler option would put it at 241W/241W - you would need to manually input 125W/150W to make the comparison fair. That is part of the set of tricks that is used to cheat in Motherboard performance differences, whereas Dasharo is plain, dull, stock.
    TechPowerUp reviewed a 12900K with different Power Limiters and the difference between 125W/241W vs 241W/241W was around 8%, which would be around the performance deficit I see in the 12600K.

    There are certain features which after confirming with 3mdeb I know that are or aren't enabled:

    Resizeable Bar is theorically supported but not enabled because they don't have any compatible card in the lab to actually test it.
    HPET is supposedly disabled by default, but I didn't checked this one myself.
    There seems to be a featured called TME (Total Memory Encryption) that is partially enabled, but seems misconfigured. It is supposed to carry a performance penalty if actually using, and for comparison, it is disabled on MSI stock Firmware:

    x86/tme: enabled by BIOS
    x86/tme: Unknown policy is active: 0x2
    x86/mktme: No known encryption algorithm is supported: 0x4
    x86/mktme: enabled by BIOS
    x86/mktme: 15 KeyIDs available

    I tested DPC Latency on Dasharo with Latencymon but didn't compared it to stock Firmware. And it is rather hard to test consistently. On idle, it seems to hovers from 10-30 Microseconds.
    zir_blazer thank you for testing and explaining why things are off for Dasharo.

    Originally posted by zir_blazer View Post
    There is something really off about certain POST/boot times. I used a USB Flash Drive made with Ventoy to have multiple ISOs on it, and there is a strange 10-15 seconds delay from loading Ventoy Boot Loader before getting Arch Linux or Ubuntu one. This is instant on MSI stock Firmware. Phoronix also reports a Systemd Total Boot Time (Test: Kernel) that is more than two times slower than MSI stock. That is literally THE only obscene bug I found, the other one is where the POST slowed down to a 5x slower crawl after a warm reset while booting W11 install ISO which I didn't tried to reproduce, but fixed after a power cycle.
    I assume there is not Dasharo issue to track that? Would you mind if I will copy this text to Github to root cause? I suppose proprietary USB stack maybe optimized in comparison to what we get from plain UEFI/EDKII.

    Leave a comment:


  • pokazene_maslo
    replied
    One feature that I would like to see implemented is TCG OPAL/TCG Enterprise pre-boot authentication. There are HDDs/SSDs that support hardware level encryption. For example Crucial MX300/MX500 SSDs support TCG OPAL. Implement a feature to configure groups of connected drives and then during system boot-up enter password to unlock a group of HDDs/SSDs.

    To this day I'm unaware of any home user grade motherboard that supports this kind of hardware level HDD/SSD encryption.

    I'm very enthusiastic about having an option to have at least partially open-source motherboard firmware. Especially when we are living in a world where some computer manufacturers (I'm looking at you HP) implement firmware white-lists that prevent you from installing different Wi-Fi cards like on my old HP Compaq 6720s laptop.

    Thanks!

    Leave a comment:


  • zerocool456
    replied
    Honestly - this Dasharo is.. complicated. You are packaging open-source code into somewhere else - and not properly upstream the code back to upstream repos. This is fragmentation of the landscape, instead of supporting the project.

    However it is nice to have it - I would wish you drop the whole Dasharo effort - or at least upstream it properly.

    Leave a comment:

Working...
X