coreboot (formerly LinuxBIOS)

Main article: Open Source

coreboot (formerly LinuxBIOS) is a free embedded software project for a number of PCs approved by the Free Software Foundation. The goal of the project is to replace the proprietary and closed BIOS and UEFI systems used by most personal computers with a lightweight one designed exclusively for loading and running modern 32-bit and 64-bit coreboot operating systems^[1].

2022: coreboot 4.17

On June 5, 2022, it became known that the release of the CoreBoot 4.17 project was published, within the framework of which a free alternative to proprietary firmware and BIOS is being developed. The project code is distributed under the GPLv2 license. 150 developers took part in the creation of the version, who prepared more than 1300 changes.

coreboot

As reported, major changes include the following:

• Addressed a vulnerability (CVE-2022-29264) that manifests itself in CoreBoot releases 4.13 to 4.16 and allows systems with AP (Application Processor) to execute code at the SMM (System Management Mode) level, higher priority (Ring-2) than hypervisor mode and zero protection ring, and with unlimited access to all memory. The problem was caused by an incorrect call to the SMI handler in the smm_module_loader module.
• Added support for 12, motherboards 5 of which are used on devices Chrome OS with or on. servers Google Among the non-Google boards:
  • Clevo L140MU / L141MU / L142MU

• * Dell Precision T1650
• * HP Z220 CMT Workstation
  • Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000) и Lite Mk IV (N5030).

• Support for Google Deltan and Deltaur motherboards has been discontinued.
• Added payload coreDOOM, which allows you to run the DOOM game from Coreboot. The project uses the doomgeneric code ported to libpayload. Coreboot linear framebuffer is used for output, and WAD files with game resources are downloaded from CBFS.
• Updated SeaBIOS payload components 1.16.0 and iPXE 2022.1.
• Added SeaGRUB mode (GRUB2 on top of SeaBIOS), which allows GRUB2 to use SeaBIOS-provided callback calls, for example, to access equipment that cannot be accessed from payload GRUB2.
• Added protection against the SinkHole attack, which allows you to execute code at the SMM (System Management Mode) level.
• Built-in ability to generate static memory page tables from assembly files is implemented, without the need to call third-party utilities.
• You can write debug information to the CBMEMC console from SMI handlers when using DEBUG_SMI.
• The CBMEM initialization handler system has been changed, instead of the * handlers bound to stages, two CBMEM_CREATION_HOOK handlers _CBMEM_INIT_HOOK proposed (used at the initial stage that creates cbmem) and CBMEM_READY_HOOK (used at any stages at which cbmem is already created).
• PSB ( Platform Secure Boot) support has been added, activated by processor PSP (Platform Security Processor) to verify BIOS integrity by. digital signature
• Added native implementation of FSP data Debug Handler.
• TPM-specific TIS functions (TPM Interface Specification) have been added for reading and writing directly from the TPM (Trusted Platform Module) registers - tis_vendor_read () and tis_vendor_write ().
• Added support for intercepting null pointer exchange through debug registers.
• The definition of i2c devices is implemented, optimizing work with boards equipped with touchpads or touch screens from different manufacturers.
• Added the ability to save time data in a format suitable for generating FlameGraph graphs that clearly demonstrate how much time is spent at different stages of launch.
• An option has been added to the cbmem utility to add time from user space to the cbmem "timestamp" table, which makes it possible to reflect events in cbmem at the stages performed after CoreBoot.

In addition, we can note the publication by the OSFF (Open-Source Firmware Foundation) of an open letter to Intel, which proposes to make Firmware Support Package (FSP) more modular and start publishing documentation related to Intel SoC initialization. The lack of FSP code significantly complicates the creation of open source firmware and prevents the promotion of Coreboot, U-Boot and LinuxBoot projects on Intel hardware. Previously, a similar initiative was crowned with success and Intel opened the code for the firmware requested by the community of the PSE (Programmable Services Engine) block.

Notes