diff --git a/README.md b/README.md index 34c2ec6..dccd98c 100644 --- a/README.md +++ b/README.md @@ -33,9 +33,9 @@ On my own machines, I have a pile of big ugly bash scripts for `/linuxrc` (i.e. Current (all require a 16mbyte flash chip): -* [KGPE-D16 motherboards](https://www.coreboot.org/Board:asus/kgpe-d16) (amd64): target `kgpe` -* [AM1-I motherboards](https://www.msi.com/Motherboard/AM1I/Specification) (amd64): target `am1i` -* [Samsung XE513c24](https://www.samsung.com/us/computing/chromebooks/12-14/xe513c24-k01us-xe513c24-k01us/) "[gru-kevin](https://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/rockchip/rk3399-gru-kevin.dts)" Chromebook Plus (arm64): target `kevin` +* [KGPE-D16 motherboards](https://www.coreboot.org/Board:asus/kgpe-d16) (amd64): target `kgpe` ([notes](doc/platform/kgpe/notes.md)) +* [AM1-I motherboards](https://www.msi.com/Motherboard/AM1I/Specification) (amd64): target `am1i` ([notes](doc/platform/am1i/notes.md)) +* [Samsung XE513c24](https://www.samsung.com/us/computing/chromebooks/12-14/xe513c24-k01us-xe513c24-k01us/) "[gru-kevin](https://github.com/torvalds/linux/blob/master/arch/arm64/boot/dts/rockchip/rk3399-gru-kevin.dts)" Chromebook Plus (arm64): target `kevin` ([notes](doc/platform/kevin/notes.md)) Planned: diff --git a/doc/fallback.md b/doc/fallback.md index d694a3d..1e0177f 100644 --- a/doc/fallback.md +++ b/doc/fallback.md @@ -18,3 +18,14 @@ In the past, upstream coreboot had something called a [fallback mechanism](https - Could not support flash-chip-level write protection of the `fallback` image (only), due to the images not being aligned on a power-of-two byte boundary. The ownerboot normal/fallback mechanism arose out of a desire to address these issues. + +### Future Work + +[This page](https://www.devever.net/~hl/secureboot) has some interesting ideas on how to write protect +the "normal" image except beween power-on and kexec. This means +that only the ownerboot kernel/userspace can write to the flash. +This provides a more secure implementation of the "only the BIOS can +upgrade the BIOS" restriction (which is actually a software +restriction implemented in the SMM, which can be vulnerable to +compromise). + diff --git a/doc/platform/am1i/notes.md b/doc/platform/am1i/notes.md new file mode 100644 index 0000000..cdbd169 --- /dev/null +++ b/doc/platform/am1i/notes.md @@ -0,0 +1 @@ +# am1i: platform-specific notes diff --git a/doc/platform/kevin/notes.md b/doc/platform/kevin/notes.md new file mode 100644 index 0000000..e9b7eeb --- /dev/null +++ b/doc/platform/kevin/notes.md @@ -0,0 +1 @@ +# kevin: platform-specific notes diff --git a/doc/platform/kgpe/notes.md b/doc/platform/kgpe/notes.md new file mode 100644 index 0000000..adc0a66 --- /dev/null +++ b/doc/platform/kgpe/notes.md @@ -0,0 +1,22 @@ +# kgpe: platform-specific notes + +## quirks + +### hang during boot if vga enabled + +If the system hangs on startup before attempting to boot the +ownerboot Linux kernel, and the last few messages you see on the +console look like the following, try disabling the on-board VGA +output (move jumper `VGA_SW1` to the two pins closest to the pci +slots): + +``` +... +PCI: 00:14.1 10 <- [0x0000003030 - 0x0000003037] size 0x00000008 gran 0x03 io +PCI: 00:14.1 14 <- [0x0000003048 - 0x000000304b] size 0x00000004 gran 0x02 io +PCI: 00:14.1 18 <- [0x0000003038 - 0x000000303f] size 0x00000008 gran 0x03 io +PCI: 00:14.1 1c <- [0x000000304c - 0x000000304f] size 0x00000004 gran 0x02 io +PCI: 00:14.1 20 <- [0x0000003010 - 0x000000301f] size 0x00000010 gran 0x04 io +PCI: 00:14.2 10 <- [0x00f0404000 - 0x00f0407fff] size 0x00004000 gran 0x0e mem64 +PCI: 00:14.3 a0 <- [0x00f0410000 - 0x00f0410000] size 0x00000001 gran 0x00 mem +```