1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
Tutorial, part 1: Starting from scratch
===========================================
This tutorial will guide you through the process of setting up a working
coreboot toolchain. In same cases you will find specific instructions
for Debian (apt-get), Fedora (dnf) and Arch Linux (pacman) based package
management systems. Use the instructions according to your system.
To test the toolchain and make sure it works, we will build coreboot for
an emulated system provided by QEMU. This allows you to get familiar
with the general process of configuring and building coreboot without
needing to flash any hardware.
**IMPORTANT:**
**Do not attempt to flash the coreboot ROM built here to a real board**
coreboot is board specific, so a ROM built for one board model (such as
the QEMU emulation boards) cannot be expected to work on a different
board. You must reconfigure coreboot for your board and rebuild the ROM
before flashing it to a physical system.
**Note: Summaries of each of the steps are at the end of the document.**
Download, configure, and build coreboot
---------------------------------------
### Step 1 - Install tools and libraries needed for coreboot
Debian based distros:
`sudo apt-get install -y bison build-essential curl flex git gnat
libncurses-dev libssl-dev zlib1g-dev pkgconf`
Arch based distros:
`sudo pacman -S base-devel curl git gcc-ada ncurses zlib`
Redhat based distros:
`sudo dnf install git make gcc-gnat flex bison xz bzip2 gcc g++
ncurses-devel wget zlib-devel patch`
### Step 2 - Download coreboot source tree
```Bash
git clone https://review.coreboot.org/coreboot
cd coreboot
```
### Step 3 - Build the coreboot toolchain
Please note that this can take a significant amount of time. Use `CPUS=`
to specify number of `make` jobs to run in parallel.
This will list toolchain options and supported architectures:
```Bash
make help_toolchain
```
Here are some examples:
```Bash
make crossgcc-i386 CPUS=$(nproc) # build i386 toolchain
make crossgcc-aarch64 CPUS=$(nproc) # build Aarch64 toolchain
make crossgcc-riscv CPUS=$(nproc) # build RISC-V toolchain
```
Note that the i386 toolchain is currently used for all x86 platforms,
including x86_64. For this tutorial we only need the i386 toolchain.
Also note that you can possibly use your system toolchain, but the
results are not reproducible, and may have issues, so this is not
recommended. See step 5 to use your system toolchain.
### Step 4 - Build the payload - coreinfo
```Bash
make -C payloads/coreinfo olddefconfig
make -C payloads/coreinfo
```
### Step 5 - Configure the build
#### Configure your mainboard
```Bash
make menuconfig
```
Do the next steps in the menu:
```Text
select 'Mainboard' menu
Beside 'Mainboard vendor' should be '(Emulation)'
Beside 'Mainboard model' should be 'QEMU x86 i440fx/piix4'
select < Exit >
```
These should be the default selections, so if anything else was set, run
`make distclean` to remove your old config file and start over.
#### Optionally use your system toolchain (Again, not recommended)
```Text
select 'General Setup' menu
select 'Allow building with any toolchain'
select < Exit >
```
#### Select the payload
```Text
select 'Payload' menu
select 'Payload to add (SeaBIOS) --->'
choose 'An ELF executable payload'
select 'Payload path and filename'
enter 'payloads/coreinfo/build/coreinfo.elf'
select < Exit >
select < Exit >
select < Yes >
```
#### Check your configuration (optional step):
```Bash
make savedefconfig
cat defconfig
```
There should only be 9 lines (or 10 if you're using the system
toolchain):
```Text
CONFIG_CBFS_SIZE=0x00400000
CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
CONFIG_I2C_TRANSFER_TIMEOUT_US=500000
CONFIG_CONSOLE_QEMU_DEBUGCON_PORT=0x402
CONFIG_POST_IO_PORT=0x80
CONFIG_PAYLOAD_ELF=y
CONFIG_PAYLOAD_FILE="payloads/coreinfo/build/coreinfo.elf"
```
Note that this may differ depending on the revision of the coreboot
source you are building from and should not be taken as the required
contents of defconfig.
### Step 6 - Build coreboot
```Bash
make
```
At the end of the build, you should see:
`Built emulation/qemu-i440fx (QEMU x86 i440fx/piix4)`
This means your build was successful. The output from the build is in
the `build` directory. `build/coreboot.rom` is the full rom file.
Test the image using QEMU
-------------------------
### Step 7 - Install QEMU
* Debian: `sudo apt-get install -y qemu-system`
* Arch: `sudo pacman -S qemu`
* Redhat: `sudo dnf install qemu`
### Step 8 - Run QEMU
Start QEMU, and point it to the ROM you just built:
```Bash
qemu-system-x86_64 -bios build/coreboot.rom -serial stdio
```
You should see the serial output of coreboot in the original console
window, and a new window will appear running the coreinfo payload.
Summary
-------
### Step 1 summary - Install tools and libraries needed for coreboot
Depending on your distribution you have installed the minimum additional
software requirements to continue with downloading and building
coreboot. Not every distribution has the tools, that would be required,
installed by default. In the following we shortly introduce the purpose
of the installed packages:
* `build-essential` or `base-devel` are the basic tools for building software.
* `git` is needed to download coreboot from the coreboot git repository.
* `libncurses-dev` or `ncurses` is needed to build the menu for 'make menuconfig'
* `m4, bison, curl, flex, zlib1g-dev, gcc, gnat` and `g++` or `clang`
are needed to build the coreboot toolchain. `gcc` and `gnat` have to be
of the same version.
* `libssl-dev, pkgconf` are needed to build coreboot image (Step 6).
In particular, `libcrypto` provided by `libssl-dev` package.
If you started with a different distribution or package management
system you might need to install other packages. Most likely they are
named slightly different. If that is the case for you, we'd like to
encourage you to contribute to the project and submit a pull request
with an update for this documentation for your system.
### Step 2 summary - Download coreboot source tree
This will download a 'read-only' copy of the coreboot tree. This just
means that if you made changes to the coreboot tree, you couldn't
immediately contribute them back to the community. To pull a copy of
coreboot that would allow you to contribute back, you would first need
to sign up for an account on gerrit.
### Step 3 summary - Build the coreboot toolchain.
This builds one of the coreboot cross-compiler toolchains for X86
platforms. Because of the variability of compilers and the other
required tools between the various operating systems that coreboot can
be built on, coreboot supplies and uses its own cross-compiler toolchain
to build the binaries that end up as part of the coreboot ROM. The
toolchain provided by the operating system (the 'host toolchain') is
used to build various tools that will run on the local system during the
build process.
### Step 4 summary - Build the payload
To actually do anything useful with coreboot, you need to build a
payload to include into the rom. The idea behind coreboot is that it
does the minimum amount possible before passing control of the machine
to a payload. There are various payloads such as grub or SeaBIOS that
are typically used to boot the operating system. Instead, we used
coreinfo, a small demonstration payload that allows the user to look at
various things such as memory and the contents of the coreboot file
system (CBFS) - the pieces that make up the coreboot rom.
Usually, the coreboot build system automatically builds the payload
selected in the "Payload to add" menu and sets it as the default payload
(also known as the "primary payload"). Such payloads are able to boot an
operating system and may be able to load another payload. Although
coreinfo can be found in the "Secondary Payloads" menu, in which case it
would be handled automatically, it is not available as a primary payload
since it cannot load an OS or another payload. Secondary payloads must
be loaded from other primary or secondary payloads and will not be run
when coreboot hands off execution after initializing hardware. Thus, to
get coreinfo to run as if it were a primary payload, it must be manually
built and explicitly set as the primary payload using the "ELF
executable payload" option.
### Step 5 summary - Configure the build
This step configures coreboot's build options using the menuconfig
interface to Kconfig. Kconfig is the same configuration program used by
the linux kernel. It allows you to enable, disable, and change various
values to control the coreboot build process, including which
mainboard(motherboard) to use, which toolchain to use, and how the
runtime debug console should be presented and saved. Anytime you change
mainboards in Kconfig, you should always run `make distclean` before
running `make menuconfig`. Due to the way that Kconfig works, values
will be kept from the previous mainboard if you skip the clean step.
This leads to a hybrid configuration which may or may not work as
expected.
### Step 6 summary - Build coreboot
You may notice that a number of other pieces are downloaded at the
beginning of the build process. These are the git submodules used in
various coreboot builds. By default, the _blobs_ submodule is not
downloaded. This git submodule may be required for other builds for
microcode or other binaries. To enable downloading this submodule,
select the option "Allow use of binary-only repository" in the "General
Setup" menu of Kconfig This attempts to build the coreboot rom. The rom
file itself ends up in the build directory as 'coreboot.rom'. At the end
of the build process, the build displayed the contents of the rom file.
### Step 7 summary - Install QEMU
QEMU is a processor emulator which we can use to show the coreboot boot
process in a virtualised environment.
### Step 8 summary - Run QEMU
Here's the command line instruction broken down:
* `qemu-system-x86_64`
This starts the QEMU emulator with the i440FX host PCI bridge and PIIX3
PCI to ISA bridge.
* `-bios build/coreboot.rom`
Use the coreboot rom image that we just built. If this flag is left out,
the standard SeaBIOS image that comes with QEMU is used.
* `-serial stdio`
Send the serial output to the console. This allows you to view the
coreboot boot log.
|