FreeBSD and Coreboot

Shawn Webb shawn.webb at hardenedbsd.org
Mon May 27 15:18:58 UTC 2019 

Hey Eric,

My response is inline.

On Mon, May 27, 2019 at 11:13:46AM -0400, Eric McCorkle wrote:
> Hello everyone,
> 
> I'm through enough of my job change that I can start working on FreeBSD
> again.  One thing I've had on my list to examine is using FreeBSD with
> coreboot, so I wanted to put out a call for anyone who has done work on
> this, or knows anything about it.
> 
> Here is what I know:
> 
> * Coreboot _can_ boot kernels directly, but this requires two things: 1)
> you must flash your BIOS every time you update a kernel, 2) the kernel
> must be able to work without the usual device initialization that the
> BIOS does.
> 
> * Coreboot has two significant payload options beyond a kernel: Seabios
> and GRUB (supposedly Tianocore EFI is an option, but it apparently
> doesn't really work).
> 
> * Scrounging the coreboot wiki seems to produce some conflicting
> information.  One page claims that the FreeBSD kernel can boot directly
> as a coreboot payload; another claims GRUB or Seabios to be the only
> options.
> 
> * The PC Engines boards evidently use coreboot, and I've heard multiple
> reports of them running FreeBSD systems without a problem.  I don't know
> whether they use GRUB or Seabios.  (Aside: I'm thinking about ordering
> some of these boards for my own use, so I'm generally interested in how
> well they function with FreeBSD)

I own several PC Engines APU boards. They definitely use Coreboot as
maintained by these peeps: https://twitter.com/3mdeb_com

The Coreboot for the APU boards uses Seabios.

> 
> 
> My plan is roughly this:
> 
> * Refurbish the GRUB port, get it working again in QEMU (possibly on one
> of my machines), also possibly push a patch to GRUB to use the keybufs
> mechanism to pass in GELI keys.
> 
> * Get coreboot with GRUB/Seabios booting FreeBSD in QEMU
> 
> * Possibly create a coreboot port (uncertain how this would work, since
> Coreboot has its own extensive config menu)
> 
> * Hold my breath and test it out on real hardware (I have a Librem 13 r1
> for this purpose)
> 
> * Possibly try getting the FreeBSD kernel to work as a coreboot payload.
> 
> 
> Here's what I don't know/what would be useful knowledge for me:
> 
> * Anyone else who's been experimenting/working on coreboot support, and
> what they found
> 
> * Any working examples of using Coreboot with FreeBSD
> 
> * Down the road, anything about adapting the FreeBSD kernel to work with
> a new boot platform (ie. low level details about how to set it up in
> memory on a bare-metal system and start execution)
> 

Reach out to 3mdeb (feel free to CC me, if you'd like). See what
they'd like help with. There's certainly a lot more work that could be
done.

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera at is.a.hacker.sx
GPG Key ID:          0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20190527/1b1724ad/attachment.sig>

More information about the freebsd-current mailing list