Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 63ad72db6c2a93c15f9498b985b83413c6190cfc
commit63ad72db6c2a93c15f9498b985b83413c6190cfc[log] [tgz]
authorJulius Werner <jwerner@chromium.org>Tue Nov 28 19:33:17 2023 -0800
committerFelix Held <felix-coreboot@felixheld.de>Thu Nov 30 15:08:50 2023 +0000
tree11d52fcdccea387daa76f9ee77e8b6f5a1905b55
parenta9a8b5e36c8655409baf79070988047dca30b157 [diff]
Update vboot submodule to upstream main

Updating from commit id f2b01bf0:
2023-10-27 Julius Werner   firmware: Undeprecate VB2_RECOVERY_FW_GET_FW_BODY

to commit id ba7fd22d:
2023-11-27 Julius Werner   Makefile: Always link libdl

This brings in 54 new commits:
ba7fd22d Makefile: Always link libdl
1b30d195 sign_official_build: sign_update_payload with pkcs11
ca7a1427 sign_firmware: support loem key config
a9623573 sign_official_build: add keys to default key config
d41497dc sign_official_build: support loem key config
da2450db sign_official_build: support sign with .vbprik2 files
ee326142 getversion: Make reproducible
8aaf9e32 futility: fix a typo in help message of `read`
9ce505f4 futility: Fix incorrect warning about signing length
23a0ce4e scripts: add lib/keycfg.sh
2e34330b Makefile: Fix firmware build for FIRMWARE_ARCH=arm64
fd5937d1 tests/futility/test_show_and_verify: Add test cases for invalid data key
00aa0626 futility/cmd_vbutil_kernel: Drop --pad option for --verify
c661ab76 futility/cmd_show: Drop --pad option
c70511d7 tests/futility/test_show_and_verify: Add test cases for kernel vblocks
c9100f46 signer: Use compression flags stored in the metadata file
f1f3076f vboot: Add vb_keyb_from_private_key
c39a2fc1 host: support signing with pkcs11 key for vbprik2
c6d44076 vboot: merge reading function of vb2/vb21 private key
6b8e759f vboot: replace custom prefix "pkcs11" to "remote"
481440d0 futility: Prefer to flash over CCD instead of C2D2
1244c06f futility/cmd_dump_fmap: Print an error if FMAP header not found
cab69289 futility/cmd_show: Fix parseable output for kernel preamble flags
71a03dc6 futility/cmd_show: Make preamble parseable output consistent
bdac62a4 futility/cmd_show: Make 'show' return 0 for invalid kernel body
135df2d7 futility/cmd_show: Show parseable "keyblock::valid" for valid keyblock
37f37fcd futility/cmd_show: Fix output for firmware body signature
79c244ff tests/futility/test_show_and_verify: Add test cases for bios_brya_mp.bin
d4b6560f signer: Update mkfs.erofs pcluster value to 32K
f79a2432 futility/cmd_sign: Fix a space in usage text
a307fcb5 futility: updater: rename --ccd to --ccd_without_servod
6b9f66d3 futility: updater: Fix malloc overflow due to broken keyblock
a94a784c updater: update: Support multiple Servos without --servo_port
25875bef tests/futility: Add test cases for VBOOT_CBFS_INTEGRATION
5f8e3973 futility/cmd_show: Fix typo "metatadata"
9d30a01f futility: Trim trailing spaces in kernel config
c59794a6 sign_uefi: Support signing via pkcs11
68d4aa4b sign_uefi: Skip private key check if it's a pkcs11 URI
6b9d624b sign_uefi: Pass each key path separately
483f65e4 sign_official_build.sh: properly show errors on loem issues
516ee7bc sign_uefi: Use named args instead of positional
0eec8e25 vboot_reference-sys: Switch from Command to bindgen::Builder
46f5aab8 image_signing: support multiple release names
f13af139 sign_official_build: Sudo invocation within bits of android signing
3f165374 futility: updater: Add optional serial number argument to --ccd
64379cc6 sign_official_build: add --debug flag
7160bf9f 2lib: Fix relocation issue when compiling locally with musl libc
0e27cdff vboot_reference-sys: Add vboot_host.h
2c82e73c Override use_apksigner FLAGS
b43469c7 futility/cmd_show: Support --publickey FW_VBLOCK
0eb4da96 tests/futility: Update kern_preamble.bin as kernel_part.bin
68a03355 tests/futility: Move test_show_vs_verify.sh into test_show_and_verify.sh
8daf1474 tests/futility: Move 'futility show' tests to a separate file
34190e3d futility: Exit with error when metadata hash verification not supported
967aa462 firmware/2lib: Fix function comment for vb2api_get_firmware_size()

Change-Id: I58b231d53f433a396b1ea8cd4e0ddc49a310e385
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79313
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Uwe Poeche <uwe.poeche@siemens.com>
1 file changed
tree: 11d52fcdccea387daa76f9ee77e8b6f5a1905b55
  1. 3rdparty/
  2. configs/
  3. Documentation/
  4. LICENSES/
  5. payloads/
  6. spd/
  7. src/
  8. tests/
  9. util/
  10. .checkpatch.conf
  11. .clang-format
  12. .editorconfig
  13. .gitignore
  14. .gitmodules
  15. .gitreview
  16. .mailmap
  17. AUTHORS
  18. COPYING
  19. gnat.adc
  20. MAINTAINERS
  21. Makefile
  22. Makefile.inc
  23. README.md
  24. toolchain.inc
README.md

coreboot README

coreboot is a Free Software project aimed at replacing the proprietary firmware (BIOS/UEFI) found in most computers. coreboot performs the required hardware initialization to configure the system, then passes control to a different executable, referred to in coreboot as the payload. Most often, the primary function of the payload is to boot the operating system (OS).

With the separation of hardware initialization and later boot logic, coreboot is perfect for a wide variety of situations. It can be used for specialized applications that run directly in the firmware, running operating systems from flash, loading custom bootloaders, or implementing firmware standards, like PC BIOS services or UEFI. This flexibility allows coreboot systems to include only the features necessary in the target application, reducing the amount of code and flash space required.

Source code

All source code for coreboot is stored in git. It is downloaded with the command:

git clone https://review.coreboot.org/coreboot.git.

Code reviews are done in the project's Gerrit instance.

The code may be browsed via coreboot's Gitiles instance.

The coreboot project also maintains a mirror of the project on github. This is read-only, as coreboot does not accept github pull requests, but allows browsing and downloading the coreboot source.

Payloads

After the basic initialization of the hardware has been performed, any desired "payload" can be started by coreboot.

See https://doc.coreboot.org/payloads.html for a list of some of coreboot's supported payloads.

Supported Hardware

The coreboot project supports a wide range of architectures, chipsets, devices, and mainboards. While not all of these are documented, you can find some information in the Architecture-specific documentation or the SOC-specific documentation.

For details about the specific mainboard devices that coreboot supports, please consult the Mainboard-specific documentation or the Board Status pages.

Releases

Releases are currently done by coreboot every quarter. The release archives contain the entire coreboot codebase from the time of the release, along with any external submodules. The submodules containing binaries are separated from the general release archives. All of the packages required to build the coreboot toolchains are also kept at coreboot.org in case the websites change, or those specific packages become unavailable in the future.

All releases are available on the coreboot download page.

Please note that the coreboot releases are best considered as snapshots of the codebase, and do not currently guarantee any sort of extra stability.

Build Requirements and building coreboot

The coreboot build, associated utilities and payloads require many additional tools and packages to build. The actual coreboot binary is typically built using a coreboot-controlled toolchain to provide reproducibility across various platforms. It is also possible, though not recommended, to make it directly with your system toolchain. Operating systems and distributions come with an unknown variety of system tools and utilities installed. Because of this, it isn't reasonable to list all the required packages to do a build, but the documentation lists the requirements for a few different Linux distributions.

To see the list of tools and libraries, along with a list of instructions to get started building coreboot, go to the Starting from scratch tutorial page.

That same page goes through how to use QEMU to boot the build and see the output.

Website and Mailing List

Further details on the project, as well as links to documentation and more can be found on the coreboot website:

https://www.coreboot.org

You can contact us directly on the coreboot mailing list:

https://doc.coreboot.org/community/forums.html

Copyrights and Licenses

Uncopyrightable files

There are many files in the coreboot tree that we feel are not copyrightable due to a lack of creative content.

"In order to qualify for copyright protection in the United States, a work must satisfy the originality requirement, which has two parts. The work must have “at least a modicum” of creativity, and it must be the independent creation of its author."

https://guides.lib.umich.edu/copyrightbasics/copyrightability

Similar terms apply to other locations.

These uncopyrightable files include:

  • Empty files or files with only a comment explaining their existence. These may be required to exist as part of the build process but are not needed for the particular project.
  • Configuration files either in binary or text form. Examples would be files such as .vbt files describing graphics configuration, spd files as binary .spd or text *spd*.hex representing memory chip configuration.
  • Machine-generated files containing version numbers, dates, hash values or other "non-creative" content.

As non-creative content, these files are in the public domain by default. As such, the coreboot project excludes them from the project's general license even though they may be included in a final binary.

If there are questions or concerns about this policy, please get in touch with the coreboot project via the mailing list.

Copyrights

The copyright on coreboot is owned by quite a large number of individual developers and companies. A list of companies and individuals with known copyright claims is present at the top level of the coreboot source tree in the 'AUTHORS' file. Please check the git history of each of the source files for details.

Licenses

Because of the way coreboot began, using a significant amount of source code from the Linux kernel, it's licensed the same way as the Linux Kernel, with GNU General Public License (GPL) Version 2. Individual files are licensed under various licenses, though all are compatible with GPLv2. The resulting coreboot image is licensed under the GPL, version 2. All source files should have an SPDX license identifier at the top for clarification.

Files under coreboot/Documentation/ are licensed under CC-BY 4.0 terms. As an exception, files under Documentation/ with a history older than 2017-05-24 might be under different licenses.

Files in the coreboot/src/commonlib/bsd directory are all licensed with the BSD-3-clause license. Many are also dual-licensed GPL-2.0-only or GPL-2.0-or-later. These files are intended to be shared with libpayload or other BSD licensed projects.

The libpayload project contained in coreboot/payloads/libpayload may be licensed as BSD or GPL, depending on the code pulled in during the build process. All GPL source code should be excluded unless the Kconfig option to include it is set.

The Software Freedom Conservancy

Since 2017, coreboot has been a member of The Software Freedom Conservancy, a nonprofit organization devoted to ethical technology and driving initiatives to make technology more inclusive. The conservancy acts as coreboot's fiscal sponsor and legal advisor.