7784e099fb
Updating from commit id 09fcd218: 2024-02-23 06:42:12 +0000 - (Makefile: Test compiler for -Wincompatible-function-pointer-types) to commit id b6f44e62: 2024-07-01 04:30:14 +0000 - (futility: updater: Increase try count from 8 to 10) This brings in 58 new commits: b6f44e62 futility: updater: Increase try count from 8 to 10 cfc87db2 OWNERS: Add czapiga eabf5784 OWNERS: Remove twawrzynczak and quasisec f8af818e host: Add stub implementation for pkcs11 key aaf4ecbb crossystem: Add support for Panther Lake gpiochip de89c5cd make_dev_ssd: allow ptracers to write proc/mem ffc9cc15 utility: Add vbnv_util.py for debugging b6174bdb futility: show: Print keyblock signature size and data size 6e39c99f Android: Add support for doing zipalign before doing apksigner ead73381 futility: flash: Enhance WP status reporting by adding more instructions c3368084 futility: modify private key validation to work for both local and cloud c22d72f8 futility: flash: Correct the output syntax of 32bit hex f423ae13 crossystem: Drop support for tried_fwb and fwb_tries fc5488c7 futility: flash: Correct the allowlist of options 16dede85 Revert "futility: Split load_firmware_image() into two functions for AP and EC" ded07831 futility: Try to load ecrw versions regardless of image type 7a685705 futility: Refactor code for --manifest f5ad0856 futility: Add more checks for incompatible arguments 05659d33 futility/updater_manifest: Warn about inconsistent RW versions 6720827b futility: Support ecrw version for --manifest daae7e56 futility: Split load_firmware_image() into two functions for AP and EC 40c77bba futility: Warn about inconsistent RW_FWID_A and RW_FWID_B versions c168ac8e tests/futility/data: Update bios_geralt_cbfs.bin with swapped ecrw 512648ae host/lib: Add cbfstool_file_exists() and cbfstool_extract() e37e6511 sign_official_build: add missing info keyword 2c0758b4 sign_official_build: loem support for firmware 016f6149 scripts/image_signing/swap_ec_rw: Always add ecrw.* as raw CBFS file b26c700a scripts/image_signing/swap_ecrw: Support ecrw.version 2e8d1003 tlcl: Add const qualifier to TlclTakeOwnership arguments 96b8674c host: stop installing unused image signing scripts 8da83c43 Android: Handle update certs using for hardcoded certs 4ca60534 scripts/image_signing: Add swap_ec_rw d30d6b54 make_dev_ssd: Remove logic choosing editor value 4cc5d090 futility/dump_fmap: Fix error message prefix for '-x' e7062a58 futility/dump_fmap: Exit with error if specified section is not found 4489dd09 scripts: Remove newbitmaps directory 8dcc82b0 host/lib/cbfstool: Redesign cbfstool_get_config_value() API 856fd693 Android: Hack for now to let things silently fail instead of erroring 28845c97 sign_uefi: Handle case where the crdyshim key does not exist 201244c3 sign_uefi_unittest: Refactor in preparation for more tests 702f8b53 tests: Add tests for cbfstool_get_config_value() 52a21327 Android: Add support for gcloud KMS in android signing 3310c49f tests/futility/test_update.sh: Use unique test names for IFD tests 493f7afc sign_gsc_firmware: add support for Nightly target 5c307cad keycfg: more consistent typo fix 11e4f60b image_signing: Add missing arg in sign_uefi_kernel 37c730d8 keycfg: handle arrays appropriately in key_config 59c37697 sign_uefi: Add detached crdyboot signature b66926e2 sign_uefi: Refactor the is-pkcs11 function for reuse 94aa8b80 image_signing: Pass crdyshim private key to sign_uefi.py 0ac99bcb sign_uefi: Stop signing crdyboot files with sbsign 6f6a6432 vboot_reference-sys: replace denylist with allowlist 73ebd8f8 vboot_reference-sys: add vboot_host pkg-config fallback 476282ef make_dev_ssd: Skip firmware validity checks on nonchrome 9330a65a vboot_reference: Add support for allowing overlayfs 48c8833f sign_official_build: remove cloud-signing aa70bb19 create_new_keys.sh: add --arv-root-uri 38d1af69 sign_official_build: Dedup calls to sign_uefi.py Change-Id: I14aaf1e1e230107e7bae60195c7e4684bf5a0533 Signed-off-by: Felix Singer <felixsinger@posteo.net> Reviewed-on: https://review.coreboot.org/c/coreboot/+/83295 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
coreboot README
coreboot is a Free Software project aimed at replacing the proprietary firmware (BIOS/UEFI) found in most computers. coreboot performs the required hardware initialization to configure the system, then passes control to a different executable, referred to in coreboot as the payload. Most often, the primary function of the payload is to boot the operating system (OS).
With the separation of hardware initialization and later boot logic, coreboot is perfect for a wide variety of situations. It can be used for specialized applications that run directly in the firmware, running operating systems from flash, loading custom bootloaders, or implementing firmware standards, like PC BIOS services or UEFI. This flexibility allows coreboot systems to include only the features necessary in the target application, reducing the amount of code and flash space required.
Source code
All source code for coreboot is stored in git. It is downloaded with the command:
git clone https://review.coreboot.org/coreboot.git.
Code reviews are done in the project's Gerrit instance.
The code may be browsed via coreboot's Gitiles instance.
The coreboot project also maintains a mirror of the project on github. This is read-only, as coreboot does not accept github pull requests, but allows browsing and downloading the coreboot source.
Payloads
After the basic initialization of the hardware has been performed, any desired "payload" can be started by coreboot.
See https://doc.coreboot.org/payloads.html for a list of some of coreboot's supported payloads.
Supported Hardware
The coreboot project supports a wide range of architectures, chipsets, devices, and mainboards. While not all of these are documented, you can find some information in the Architecture-specific documentation or the SOC-specific documentation.
For details about the specific mainboard devices that coreboot supports, please consult the Mainboard-specific documentation or the Board Status pages.
Releases
Releases are currently done by coreboot every quarter. The release archives contain the entire coreboot codebase from the time of the release, along with any external submodules. The submodules containing binaries are separated from the general release archives. All of the packages required to build the coreboot toolchains are also kept at coreboot.org in case the websites change, or those specific packages become unavailable in the future.
All releases are available on the coreboot download page.
Please note that the coreboot releases are best considered as snapshots of the codebase, and do not currently guarantee any sort of extra stability.
Build Requirements and building coreboot
The coreboot build, associated utilities and payloads require many additional tools and packages to build. The actual coreboot binary is typically built using a coreboot-controlled toolchain to provide reproducibility across various platforms. It is also possible, though not recommended, to make it directly with your system toolchain. Operating systems and distributions come with an unknown variety of system tools and utilities installed. Because of this, it isn't reasonable to list all the required packages to do a build, but the documentation lists the requirements for a few different Linux distributions.
To see the list of tools and libraries, along with a list of instructions to get started building coreboot, go to the Starting from scratch tutorial page.
That same page goes through how to use QEMU to boot the build and see the output.
Website and Mailing List
Further details on the project, as well as links to documentation and more can be found on the coreboot website:
You can contact us directly on the coreboot mailing list:
https://doc.coreboot.org/community/forums.html
Copyrights and Licenses
Uncopyrightable files
There are many files in the coreboot tree that we feel are not copyrightable due to a lack of creative content.
"In order to qualify for copyright protection in the United States, a work must satisfy the originality requirement, which has two parts. The work must have “at least a modicum” of creativity, and it must be the independent creation of its author."
https://guides.lib.umich.edu/copyrightbasics/copyrightability
Similar terms apply to other locations.
These uncopyrightable files include:
- Empty files or files with only a comment explaining their existence. These may be required to exist as part of the build process but are not needed for the particular project.
- Configuration files either in binary or text form. Examples would be files such as .vbt files describing graphics configuration, .apcb files containing configuration parameters for AMD firmware binaries, and spd files as binary .spd or text *spd*.hex representing memory chip configuration.
- Machine-generated files containing version numbers, dates, hash values or other "non-creative" content.
As non-creative content, these files are in the public domain by default. As such, the coreboot project excludes them from the project's general license even though they may be included in a final binary.
If there are questions or concerns about this policy, please get in touch with the coreboot project via the mailing list.
Copyrights
The copyright on coreboot is owned by quite a large number of individual developers and companies. A list of companies and individuals with known copyright claims is present at the top level of the coreboot source tree in the 'AUTHORS' file. Please check the git history of each of the source files for details.
Licenses
Because of the way coreboot began, using a significant amount of source code from the Linux kernel, it's licensed the same way as the Linux Kernel, with GNU General Public License (GPL) Version 2. Individual files are licensed under various licenses, though all are compatible with GPLv2. The resulting coreboot image is licensed under the GPL, version 2. All source files should have an SPDX license identifier at the top for clarification.
Files under coreboot/Documentation/ are licensed under CC-BY 4.0 terms. As an exception, files under Documentation/ with a history older than 2017-05-24 might be under different licenses.
Files in the coreboot/src/commonlib/bsd directory are all licensed with the BSD-3-clause license. Many are also dual-licensed GPL-2.0-only or GPL-2.0-or-later. These files are intended to be shared with libpayload or other BSD licensed projects.
The libpayload project contained in coreboot/payloads/libpayload may be licensed as BSD or GPL, depending on the code pulled in during the build process. All GPL source code should be excluded unless the Kconfig option to include it is set.
The Software Freedom Conservancy
Since 2017, coreboot has been a member of The Software Freedom Conservancy, a nonprofit organization devoted to ethical technology and driving initiatives to make technology more inclusive. The conservancy acts as coreboot's fiscal sponsor and legal advisor.