Tech Over Tea - Unlocking The Power Of Coreboot | Elly
Episode Date: December 27, 2024Today we have Elly on the show from the Coreboot project to talk about Coreboot development, the value of Coreboot and everything you need to know to know if it makes sense for you. ==========Support ...The Channel========== ► Patreon: https://www.patreon.com/brodierobertson ► Paypal: https://www.paypal.me/BrodieRobertsonVideo ► Amazon USA: https://amzn.to/3d5gykF ► Other Methods: https://cointr.ee/brodierobertson ==========Guest Links========== Github: https://github.com/ellyq 9Elements: https://9elements.com/ ==========Support The Show========== ► Patreon: https://www.patreon.com/brodierobertson ► Paypal: https://www.paypal.me/BrodieRobertsonVideo ► Amazon USA: https://amzn.to/3d5gykF ► Other Methods: https://cointr.ee/brodierobertson =========Video Platforms========== 🎥 YouTube: https://www.youtube.com/channel/UCBq5p-xOla8xhnrbhu8AIAg =========Audio Release========= 🎵 RSS: https://anchor.fm/s/149fd51c/podcast/rss 🎵 Apple Podcast:https://podcasts.apple.com/us/podcast/tech-over-tea/id1501727953 🎵 Spotify: https://open.spotify.com/show/3IfFpfzlLo7OPsEnl4gbdM 🎵 Google Podcast: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy8xNDlmZDUxYy9wb2RjYXN0L3Jzcw== 🎵 Anchor: https://anchor.fm/tech-over-tea ==========Social Media========== 🎤 Discord:https://discord.gg/PkMRVn9 🐦 Twitter: https://twitter.com/TechOverTeaShow 📷 Instagram: https://www.instagram.com/techovertea/ 🌐 Mastodon:https://mastodon.social/web/accounts/1093345 ==========Credits========== 🎨 Channel Art: All my art has was created by Supercozman https://twitter.com/Supercozman https://www.instagram.com/supercozman_draws/ DISCLOSURE: Wherever possible I use referral links, which means if you click one of the links in this video or description and make a purchase we may receive a small commission or other compensation.
Transcript
Discussion (0)
Good morning, good day, and good evening.
I'm your host, Brady Robertson, and this has been a mess of technical difficulties today.
We went from Discord to Jitsi, back to Discord.
Turns out it wasn't the...
No, initially it was your webcam's problem.
And then it turns out the Discord also has some tech issues.
So then now we're here.
We're on Jitsi.
This way you should always have backups.
Anyway, that's not what we're here to talk about.
We're supposed to be talking about Corbood.
So how about you introduce yourself and then we can get basically straight into it.
Okay.
So hi, I'm Ellie.
You might know me from my work done on Chromebooks. Like,
for the past three years, we mainlined most x86 systems. I also do some stuff with postmarket
OS recently, a little bit of Fedora. And also right now we're starting to work on Arm.
And before I start I should say that all any opinions you might hear are
completely my own. Despite my affiliation with any projects or
companies that I may work for, All opinions are my own and are not representative of, you know,
any stance of the project or the company.
Fair enough, fair enough.
I guess before we get into anything more technical,
at a high level, what is Corboot?
Like, what does it actually do on your system and
i guess from there we can go into why someone might want to use it
right so core boot is mostly just doing the hardware initialization part
uh before intel skydake rolled around where they introduced so-called Intel FSP. It's most of the hardware
initialization was mostly done in core boots, like up to, I think even recently one of my colleagues,
Angel Pons, reverse, I think they might have reverse engineered it, I'm not sure. But basically
everything except for memory synchronization, which was done in a sub-block, was open.
So now, because of the complexity of x86 systems mostly, although it's also the case with ARM, which we'll maybe get into later.
Intel and AMD provided with so-called firmware support package,
which is basically a very slimmed down version of EDK2 platforms
that you can only get under very strict NDA.
So, Corbett is basically loading FSP, which is doing the hardware initialization,
and Corboud is telling it to configure, let's say, hey, you should set this parameter,
like let's say this amount of VRAM, or you should set the memory controller to those settings or voltages. But basically, you almost never see core boot
unless you hook up the serial output and enable debug, because when core boot is done with
initialization in the hardware, it passes control to so-called payload. So back in the day we use CBIOS as a payload, which provide you with BIOS calls, so you can boot Windows XP or something.
You also have Linux boot, which basically Linux kernel is used to initialize framebuffer and so on. And like on Chromebooks or
X86, sorry,
776, it's using
EDK2,
very slimmed down version of EDK2
called UEFI payload.
So when you, for instance,
I know that you own one of
the Chromebooks, so when you press the power
button, when the screen comes on,
that's not core boot at this point, that's already EDK2.
So there's one term you used in there that I probably should find for people. What is FSB?
Ah, FSB. It's so called firmware support package. So you get...
Okay, okay, okay.
Yeah, there you go.
Yeah.
So on some platforms, it's three binaries.
On some platforms, it's two because Corbett is doing like...
When Corbett starts, it first needs to initialize the bare minimum in, I believe it was in CPU
cache.
Then it needs to initialize the memory, and then everything
else like, I think, inter-app controllers and whatnot.
Of course, there are more to this, depending on the system you're using, because, well,
let's say on Intel side of things for now to make it simple to understand. So when Corbett first starts, it starts loading either
FSPG, which is temporary RAM initialization. And then it's calling, I believe, I actually forgot,
so I will have to check. But I think first is FSPM, which is initializing the memory controller,
which is initializing the memory controller, it's training the DRAM, and then it's initializing the, like in secondary CPU cores and so on, it's FSPS, which is FSP, like FSPT stands
for FSP Temporary RAM Initialization, FSPM, FSP Memory Initialization, and FSPS, Silicon
Initialization. So that's how it's done on x86
currently. So because companies like Intel don't want to have their code and they're using to
initialize the platforms publicly available.
They just give you the binaries that are, you can find them on their GitHub,
not for every CPU family, but for most of them.
And you can basically control them via the API.
So when we look at a regular system, like you just buy some motherboard, just, you know,
whatever it is. So this is using a standard UEFI and my understanding is core boot is sort of taking
the place of that system. Exactly. So when you buy a mainboard or laptop these days,
it will come with firmware from one of the companies.
One of them is American Megatrend,
and another one is InsideH2O.
From what I know,
both companies are getting so-called platform reference code.
Sometimes it's FSP, sometimes it differs.
But basically they get like an EDK tool from vendors like Intel or AMD.
And then they add their own modules for like when you go into UEFI,
when you get like MSI or Gigabyte or Asus,
different vendors, they have their own setup programs.
But under the hood, it's all just EDK2 basically.
Right.
So they usually like brand it their own way.
So it looks like their own thing, but under the hood,
it's either one of these two companies.
Yes, exactly.
A fun example of this is that on the the steam deck
they have a very very i don't know why they've done it like this but the um the uefi they have
is very minimally branded so it's got like uh inside h2o like all over like the all over it
but like if you go buy like a gigabyte board or something like that you you know you anyone who's gone into the UEFI or on an older
system on the BIOS um would have seen the way they handle it in like their own I guess whatever
skin they want to apply to it effectively yes so um I think the two companies that I know from the top of my head using Inside H2O is Valve on the Steam Deck and also Framework.
Okay.
Yes.
But from what I recognize, all the major mainboard vendors, all of them are using AMI.
like main board vendors, all of them are using AMI.
So when we look at the Corboot project,
why would someone actually want to go and use Corboot?
And there's separate reasons why a company might want to go and take their device and get Corboot working on it,
get Corboot ported to it.
But if somebody was to go and buy, you know, people like to go and buy old thinkpads for example and they like to chuck core
boot on it what benefit would someone actually get from going and using core boot yeah so that's an
excellent question like first from the top of my head i would say is the security because after, let's say, I think four or five years when
AMI no longer supports the platform, of course, if you have a business vendor like Lenovo
or HP, they usually have longer support contracts for the workstations and so on.
But usually when that time runs out or sometimes even earlier, like three years,
or if you buy like a main board from like less known company, let's say you're buying like OEM,
like Medium, something like that, it's likely you will never get updates. And because all of that
is usually based on a very old code base, you get security vulnerabilities.
Like you saw logo fail, fixie fail, all of that was fixed in AppStream Indicator a long time ago.
But firmware development when it comes to like proprietary firmware is still a complete mess.
Like there is no git, there is nothing.
It's just they get like a package from a vendor like EMI or inside H2O.
Like let's say two or four engineers are working on the firmware and then they test it and
they say, okay, we're good to go.
Let's go to production
and then when it comes to time to update it and they're like okay like stuff broke what's wrong
why is it not working you know so oftentimes like you saw a fiasco with uh i think asus last year
when they had issue with blowing up cpus and so on. I don't think I remember this one actually.
I believe it was AM5, they didn't have proper protection mechanism in place.
Oh, yeah, okay.
AMD's new Ryzen 7000 protesters are currently being affected by a bug within the BIOS
yes thank you Dexerto
we've moved it past the BIOS
already
causing him to burn a O
okay yeah that's
that's a problem
or like
when this year when
you saw the Intel CPUs
getting damaged
in order to fix
that you need to update the microcode
but then it requires
the vendors to
deploy the update
and all users
have to update their firmware
with spoiler alert almost nobody
does even though they should
yeah I've only updated the...
I've only updated once, I think.
And that's because for some reason I started having weird boot issues.
I don't know what it was, but it seemed to have been linked to some need to update i did the update and everything was fine
but besides that i don't think i've ever gone out of my way to do so yeah so let's uh that's the
real problem like you have all the security vulnerabilities microcode updates in case of AMD, for instance, AGESA updates.
And people don't update their systems.
And sometimes, for instance, right now in front of me, I have Ryzen 7000 ThinkPad.
And the reason why I switched to Sway
yesterday, literally, is that I'm having weird, random lockups with my GPU.
Like, either it
resets my GPU, or
it's just straight up
freezing. Also,
Wi-Fi card, if I suspend
the laptop and resume it,
it works with one megabits per second.
And if I hibernate
my laptop and then resume it,
the Wi-Fi completely drops off the bus.
All right.
And it's a modern machine that's still supported.
It's literally been bought two months ago on the newer firmware.
And we know that AMD fixed some bugs with GPU in the newer AGESa.
But now, because I cannot do anything with the firmware,
I have to wait for Lenovo to push update.
So, yeah.
So it's sort of the, if you want to look at it more,
I guess a similar example right if you look at the
way that especially
more so in the past with Android ROMs
where you'd have these different vendors
that all controlled when
your phone actually got an update
and then you might have a phone
that's a year old and it's like yeah we just don't want to
support anymore like enjoy
enjoy all the security issues have fun
it's not our problem now
so it's the same sort of idea there yeah so in defense we will um do on a bit of um
of attention here that is actually often uh fault of like qualcomm or mediatek
like right here i have a vr ar headset from company called Links in France, right?
Okay.
It is currently shipping to backers on Kickstarter.
It has Qualcomm XR2 SoC, which is like, what, three years old maybe?
Four years old?
And it will likely not get another android update which is currently android 12
because uh qualcomm apparently will not support that soc anymore and
so device that is currently shipping to users uh that i know the xr2 is being used by I think like HitDisc in their new release VR headset
it's stuck
on kernel 4.19
well
wait is 4.19
what is the bottom of the
kernel support range
is 4.19 dropped already I don't remember
I think
no 4.19 is the? I don't remember. I think...
No, 4.19 is the next one to be dropped.
Yes.
Now, whether it's actually running
an updated version of 4.19,
that's another question.
I really doubt it would be.
Yeah, so that's also another problem,
is that the way Android is written,
you have all the custom patches from like vendors and it's 4.19,
but it's not 4.19, you know.
Right, right.
Right, it might as well just be something that's no longer supported
with how out of date it very likely is.
Yep, exactly.
Yeah.
Yeah.
You know.
OEMs.
We love them.
It's great.
Yep.
So.
Here's one thing.
If we get like some sidetrack,
I'm going to just try that one again.
If we go down some sidetrack,
that's totally fine.
And if we don't talk about Corbett for like 20 minutes,
totally fine by me.
But one thing I did want to get into regarding Corbett
is we talked about like why someone might want to go
and actually install core boot
on their own system
but from the perspective
of like a system 76
or a company that wants to
sell devices that are core booted
why might they want to go
and do so
right so right now
in the EU I'm not sure if the allow already passed
or it will it will be soon uh i think uh it was called digital sovereignty or something like this
uh basically requires uh like i'm not sure about the requirements, but I know that there is a certain time that devices
have to be supported for.
And if the company doesn't care about the device after, say, five years or something,
they should release the source code so that people who are still using those devices,
because, spoiler alert, my phone is three years old.
It's still perfectly fine.
So if a device is no longer supported, they should be able to stay safe,
stay up to date as much as possible,
and not be forced to upgrade the device just because
it doesn't receive security or feature updates from the vendor. So by going with the open source
route, when you publish the code, it's all GPL2. Often when you're a system vendor,
when you publish the code, of course you still have
to test it sometimes, but if you open source it, then community can help you or even maintain
the systems on the road.
The best example I would say is PC Engines APU 2. I think it's a very old system, about a decade old,
used as a router.
And I know that 3MDEP is currently still supporting
the core bootport on those systems.
So that people who bought PC Engines back in the day,
they can still use it and be up to date.
Okay, no, that's fair.
That's fair. So, it's...
How would I say?
I guess it's just the same
general benefit of most
of the FOSS world, right? Where if people
have a reason
to keep using something, they have the
ability to keep it alive
as opposed to the vendor decides well you know it's just e-waste now and buy something new
effectively yep i mean prime example here would be what i have on my desk currently. So this is a 2015 15-inch MacBook Pro which Apple
no longer supports, however it down as quietly as possible.
You know, so, of course, Apple EFI is not very great,
but you can install Linux on this and still have decent performance.
I mean, it has four generation Core i7.
It has 16 gigabytes of RAM and I installed
I think 500GB NVMe
in it.
It's 1920x
1200 I think or no.
It was like a scalar solution.
But it's still a very nice
machine to use.
I could do most of my work
on this machine.
Apple dropped support for it.
I mean, I think it's still getting like security updates,
but will not get any more after, I think, the next two years.
I'm surprised they're still supporting it at all.
Wow.
Yeah.
You know, for all the criticism that Apple might get,
deservedly so,
I will say that they do tend to give their devices
a fairly long support period.
That is true.
Like, I think that on average,
they have like, what, six years for iPhones?
And I think six to eight years for
macbooks which realistically speaking uh after like a decade of using a system it's it's not
that the system doesn't last is that you don't last with the system because the software is
getting more and like heavier and heavier, right? Right, right.
Well, there's also a lot of MacBooks that don't survive
six to eight years.
Especially if they're...
Well, Chromebooks are a good example of this as well.
If they're used in a school environment,
it is very unlikely a lot of them
are going to survive
that amount of time.
I was at a school that had laptops i
that that was already a thing when i was going through school and uh yeah there's a lot of people
that don't treat them well we'll say throwing them uh you know especially well my school it was
it was really bad because we had macbooks so they were throwing thousand dollar
bricks around and like it's one thing if you're throwing around like a cheap 200 dollar chrome
book but look there are some people that have literally zero respect for anything that they
are given yes uh unfortunately i can i can agree with that, because sometimes we get teenagers on our Discord related to Chromebooks who literally are posting themselves destroying the school property and stuff, and we're like, why? why why why yeah um if you want to install linux on a chromebook please please make sure it is
your own chromebook do not especially if it's one of the um if it's one of the older ones that
actually did require like physical intervention to to go and unlock it like please don to go and unlock it. Like, please don't go and start bridging pins
and soldering things on an old Chromebook
unless you actually own it.
Yes, that's the big problem we have
is that you see teenagers fucking in and be like,
oh, I want to install Windows on my school Chromebook.
And we're like, no, don't do it.
So don't mess with school property. You will get trouble yeah i that that reminds me of a um i had someone on
the other week who does like malware research and things like that and he has a bunch of people
joining his discord asking if there are ways that
they can circumvent proctoring browsers it's like no don't yes there are ways you can get around it
but just do your exams like just don't try to get around people monitoring you doing these things. It's going to go a lot worse for you if they catch you.
Yeah.
And considering how
logging and
all the monitoring software in schools work,
because I've seen
Google's management
console and whatnot,
they will know.
Because they can literally see Chrome OS
Dmask and other logs in the console.
They just have to request it from the device,
but they will know if you mess with it.
Yeah.
I get why people want to,
but, you know,
same with the Chrome.
I get why you might want to go and install windows on it or install
linux on it or whatever you want to do with it but like just don't just just just don't
yeah i mean i get it i mean i was a teenager once and you know doing something that you're
not supposed to like you, like being a hacker,
like hacking your phone or something.
It is pretty cool,
especially when you're a teenager.
But don't do this on the school's property, right?
Chill.
It was the same back when I worked for IBM.
I was given a MacBook and I was told,
no, if you have a MacBook, you
cannot install Linux on it. So I knew that it was a company property. If I would mess
with it, I would get in trouble because you also have all the contracts in place to make
sure that it's compliant, blah, blah, blah, blah. So, you know, if you need something else,
use a virtual machine or use your own hardware.
Or if you want to have fun, have fun in non-destructive ways.
There are things you can mess with
that aren't going to ruin the machine.
Yes.
I mean, to be fair to Chromebooks,
at least with Chromebooks, if you have Suzy cable or
this thing, you can actually recover from flash fairly easily.
Yeah.
So this is probably not something you will see publicly.
This is Google Servo V4. Mostly, I haven't
been able to get it to work with
TI50 devices,
but on
CR50 with one USB-C
you will get access to
like an Ethernet port
and video output. Pretty cool.
That is pretty cool.
Well, I guess we can talk a bit.
I do want to actually do some more.
And this is the original one that you cannot really buy anymore.
We have like four in the office.
Oh, yeah.
I do definitely want to do more stuff with the...
So I bought the Chromebook like two or three months ago.
I was getting ready to do stuff and then i got distracted by other things i want to do a um you know how people do those like switch
to linux videos i want to do one switch to chrome os just to just just because i think it would be
funny but i keep putting that video off so because i'm putting that video off i'm putting off
messing around with the chromebook and chucking linux onto things like
that um but okay for anyone who actually is interested in going ahead and uh and doing that
like how for anyone who has no idea what they're doing firstly if if they want to buy a Chromebook and they want to stick Linux on it,
what should they be looking for with that? And once they've got something,
sort of what do you do with it? How do you even start to get anything that's usable?
Right. So we have documentation at docs.truetrapbook.com.
Yeah, this name is a mouthful, but that was Coolstar's idea.
So basically we go over through unlocking the Red Protect, which on most TI or CR50 devices is either disconnect the battery, boot with a USB-C power adapter that
supports 15-volt power delivery mode, or if you have a cable you can just do this without opening
the device. There is an exception to this, being Intel Jasper Lake platforms.
On Intel Jasper Lake platforms, you need to open the device
and find the jumper, and not all of them have it.
There is a trick you can do.
Like, do I have anything with SPI chip that I can show?
Probably not on hand, but when you have the SPI chip, you have eight legs.
Let's say you have chip select, MISO, write protect, ground, VCC, hold, MOSC, and clock.
If you bridge pins 3 and pin 8,
that is bright protect and VCC,
while the system is running,
you can run a flash rom in the loop
with bright protect disabled,
and then you get rid of the bright protection
without using anything but a paper clip.
But then again, you need to know hardware and how to do that, right?
But once you get over that, you flash the firmware and basically grab, as long as it's x86 because ARM is still a work in progress.
You basically grab distribution like OpenSUSE, Fedora, Arch,
anything that is fairly recent.
It has to have at least kernel 6.6.
So as long as it has the kernel 6.6 or newer,
and there is an exception to that rule.
If you have Ryzen 7000, Mendocino.
You need kernel 6.8 to have properly working audio.
But other than that, as long as you use up-to-date distro,
then stuff mostly works.
And post-install, you have to do two steps.
One, if you have Intel Tiger Lake,
which is 11th generation or newer,
like 11, 12, 13, I think 14th gen,
you need to get a workaround
to load kernel modules in appropriate order.
I still haven't had time to fix this bug.
It basically comes down to...
You have in 11th generation Intel introduced
so-called Intel PMC MOOCs or something like that.
Basically, when the Linux loads,
it wants to load the cross-ec-type-c, which is an embedded controller module first.
And that prevents the PMC MOOCs first, then cross EC Type-C, then USB-C will work correctly.
And then you also need the sound operand firmware, basically firmware blobs, which on most distributions should be installed by default, but not all
of them do.
And from a tree, and his nickname is weird tree thing on Gita and stuff.
You basically have to get UCM, which is also use case manager config files. It basically tells us and Linux how to use
and how to configure the sound card.
Then once that you have those two things done,
you reboot and basically everything should be working.
Should be.
Yeah, I mean, sometimes you will get into edge cases
where you get platform that we haven't really worked on.
Like, you know, we have some people who buy, like,
brand new 14, 15-gen machines and, you know.
And considering we support over 250 machines at the moment,
it can be a bit challenging for people.
Right, right. So if you want to have a
better experience you're you're better off finding something that is on the supported list and going
with that but hey if you want to have a bit of a journey and see what happens um you know there
are new crew it's always being made i mean that's basically how I first got into, like, proper Linux kernel development.
Because back in 2022, I bought a Chromebook that wasn't supported.
And while trying to flash beta firmware from Matt, I broke it.
So I jumped onto this part. And we started talking. We started working on the patches, I broke it. So I jumped onto Discord and we started talking.
We started working on the patches, getting it working.
And before I knew it, you know, people started reaching out to me.
Hey, you know, I have this hardware I don't need.
Do you want it to add support and stuff?
And, you know.
It just went from there. and, you know... I would say
yeah, I mean,
if you just want to start working
with either
kernel or firmware development,
I think that's a great place to start.
So,
before we...
I think yesterday or something, you said you were going to have a pile
of Chromebooks. Do you actually have those with you?
Yes. I think yesterday or something you said you were gonna have a pile of Chromebooks. Do you actually have those with you? Yes
Okay, which one you want to see the first, uh, whatever whatever you want to grab
So the first one one on top of the last is the lightest one
This is Kohaku. It's a 10 generation
uh samsung Galaxy Chromebook. It has a very nice 4K AMOLED screen.
I'm not gonna let it boot because it will take a moment.
And I will have to type in my Lux password. But it's actually very nice. It has
stylus. Yep. However, as a part of the project, we usually find a lot of
of design flaws in the hardware. In this case, you see this machine is so thin, it's fanless.
It's a 10 generation fanless Core i5. As you can imagine, it runs pretty hot.
It runs so hot that it destroys the trackpad and the backlight circuit.
Does it... wait, is that like a problem with it running too hot under Linux or does it do that under
Chrome OS as well? Yep. It also does it on Chrome OS. Like, people running Chrome OS were reporting that their trackpads stopped working
were reporting that their trackpad stopped working.
And after sending it to Samsung,
they replaced the top case with trackpad and stuff.
Oh my God.
Okay.
Yeah. Oh, yeah.
I put in the Samsung Galaxy Chromebook O
and the first thing is overheating.
I see.
Why is my Chromebook so hot?
I think my Chromebook is overheating.
How to overheat a Chromebook?
I don't know why you'd want to know that.
Yeah, okay. It sounds like this is a
badly designed device.
Yep, and it
keeps going.
This is Eldrate HP, let me double check that.
HP Chromebooks x360 14c, which is 11th generation. And it tends to lock up for random, you know, and not all of them do. And we found that most likely the cause of the overheating is that here you have like
a round trips that are covered with heat shield.
Right.
And it's very close to the CPU. So we still are trying to debug this because only me and the other developer have the same
problem with this machine.
But if you install the heat shield as it is by default, you see that embedded controller
is reporting external press hot asserted,
and either your system slows down to a crawl,
because it starts to throw through,
or it just freezes.
Right.
Well, at least it's not melting the trackpad.
Yes.
Although I have to say that battery life on this is pretty decent.
According to reviews, it was like six, seven hours in Chrome OS.
Mine has 80% of the battery life left.
And under Linux, it's lasting eight hours.
That's pretty impressive.
Yeah.
And later, I can hook it up to the HDMI
and show you a thing you can do that people usually
don't think they can do on the Chromebooks.
This one is one of the ARM ones.
I got it from a person who saw my talk on the Chaos Communication Congress.
If I boot it up, it should boot into Fedora.
I'm still working on firmware and I think the battery might be dead.
Not a very good live demo.
But basically we're working on that.
We're at the point where most stuff works.
Video output is not working,
but there is no standardized way to boot Linux on them yet.
So I'm working on U-Boot, which will provide EFI capable payload.
It's kind of like what Asahi Linux does, except instead of chain loading,
in our case, we will just take core boot, which will do
hardware initialization, load U-boot, which will enable the frame buffer, and so on, and
then just boot into Linux kernel, like systemd boot, whatever.
And I have another one.
But wait, there is more. So this is crane. This is, I don't know what to do with it.
That's a cute one. Yep. It's a tablet. And okay. I think I also forgot to charge it and something is stuck to the magnet.
I forgot to charge it, but basically I have a post-market OS running on it.
And the nice part about Chromebooks, the modern ones, is that if you have so-called USiPen,
Universal Stylus Initiative.
You can use one pen on all of them.
I know that I think Tuxedo and some other vendors also adopted that technology.
So it's like $20, yeah, like $20 stylus.
You get like pen pressure, you don't get the tail but you can actually
draw with it. That's cool. I can grab what I have up here. One of the ones is really dumb.
I don't know if I've shown on the podcast before.
This is how long I've had it sitting on the shelf for.
There's dust on it. This is the long I've had it sitting on the shelf for. There's dust on it.
This is the normal one.
This is the CX5501.
I don't remember what generation this was.
It looks like it has 16x10 screens.
Yeah.
That's the sensible one that's gonna do normal things
oh I showed this on a stream
this is the
shitbox this is the
what is it like 2012
pixel book or whatever it was
something just
Haswell Chromebook
that's basically
e-waste but it's funny and I wanted to buy oh
I told link was Ivy Bridge
Was Ivy Bridge maybe was I may actually might have been Ivy Bridge. Yeah, I don't I don't
Yeah, like I know it's Ivy Bridge yeah, yeah, yeah, yeah, yeah
Yeah, no, it's Ivy Bridge.
Yeah, yeah, yeah.
Yeah.
So I also have, you could say,
a sheetbox here with a bunch of stuff on it.
This is so-called HANA.
I stole Wi-Fi antennas from it for the project.
It's a MediaTek 8173 with PowerVR GPU.
All right. And yeah, to say that it's causing a lot of grief will be an understatement. It's a shame because it is a decently fast still.
But with the PowerVR on my mind, like I got to work somehow. But it's just, no, it's just not worth it.
Mhm.
Yeah, so I don't have any more.
But I do have one more, or rather two more devices running
Corbwood, which this one is currently
being reviewed
on Garryt.
It's like Intel N100, which is Alder Lake N with four 2.5 gigabit ethernet ports. I just slapped cheap 16 gigabyte DDR5 stick in it, 1 terabyte NVMe and Wi-Fi 6 card.
And for like 200 euros, you get pretty nice passive firewall.
That's cool.
And the funniest one by far will be this piece of junk.
Okay.
Okay.
You might have seen tech reviewers reviewing this mainboard last year.
It is a Chinese main board with laptop CPU.
Oh, it's that one.
That's running engineering sample, a laptop CPU
on a desktop main board.
I have two of them.
This one is the one with the engineering sample.
And in the next, I think, three weeks, we should be releasing core boot 2411 with support for this main port.
I had it working since March in my main desktop, and it's rock stable.
So that's just a fun one.
Is there any reason why that one's being worked on?
It's just like, might as well do it.
Yeah, so I bought it because I thought,
hmm, it would be funny if someone ported Corbett to this weird mainboard
with engineering sample laptop CPU, you know.
And I did, and the performance is pretty decent because for about 160
euro, I got a main board that has similar performance to core i5 13th generation.
Okay.
And the main board itself for like 13th generation costs about as much.
So it's a win for me.
And also the only mainboard in Core Boot 3 with DDR4 XMP support. As of time of, you know, all talking, you
still have to enable it, but because enabling XMP by default is not something I want to
do, because for instance, the RAM sticks I have at home are kind of damaged. I lost the receipt, so I cannot return them to the store.
But if I enable XMP, they just spew the data corruption.
So, yeah, that's why I don't enable XMP.
Yeah, it's probably the best then.
Yeah, it's probably the best then.
So on that topic, when you have a device, whether it's that, whether it's something more sensible,
and you want to sit down and port Coreboot to it, what is that process like? Where do you start and what does porting core boot even involve?
Right, so first is the very important step to check if your system does not have Intel
Boot Guard. It is very similar to like blowing if use on like CPUs and phones, or AMD also has a platform secure boot on Ryzen Pro CPUs, which prevents
you, like once manufacturer deploys the firmware and boots it for the first time in the factory,
it blows the ethos in the platform controller hub.
And then from that point onward, if you would modify the firmware that will invalidate the vendor signature, it will not boot.
No matter what you try.
There is an exception to that.
I really hope I will pronounce their name correctly.
But MeetCookery found an exploit for six, seven, and eight,
I think, also generation CPUs, which allow you to bypass
Intel BootGuard because it's done in the management engine.
And I know they're currently working, I think,
on ThinkPad T480.
But since this is an exploit, it is a very
dicey topic.
Right, right, right.
So, let's talk about
desktop mainboards first, right?
So,
from the moment you connect the power supply
and if you want
to press the power button
and so on,
you have this, let's call it the microcontroller called
super io if you're building pcs you might have seen that name from like companies like ite or
nuvoton usually around the pc express slots when you give it a five volt power, it powers on, loads its own firmware usually and it's basically
controlling stuff like front panel, like buttons and LEDs, it controls fan like PWM,
It monitors temperatures from the system, voltages. It's also, if you have PS2 or other systems like LPT or RS232,
that's all in the same package, the controller.
That's why it's called SuperIO, because it integrates all of that functionality.
Then when you press the power button, it sends, basically starts the boot process.
When platform controller hub starts, in case of Intel, it loads the management engine.
It checks the signature if the boot guard is enabled, and then it starts loading the host firmware.
and then it starts loading the host firmware.
So the first thing you need to have to port core boot to desktop mainboard is a data sheet for the super I.O. or embedded controller
to know which logical device numbers it has.
You need to know which registers you can configure.
If you're lucky, you can just create a dummy driver that will work.
But you will likely not get file control and stuff working. Then you have to need to have like if you boot the system, like you need to disable
secure boot, you need to boot Linux with IOMM Relaxed, which allows you to access some,
you know, registers and stuff.
So I think the first thing is that you need to grab like Dmask, of course, LSPCI, LSUSB, then run SuperIO2.
And I'm in the process of writing new porting guides. So when that's ready, then I will just let people refer to that. But basically you grab all the information.
You also need to dump, if you have IGPU, you need to dump VBIOS, which in case of Intel is called
video BIOS tables. It basically tells which outputs are enabled, if it should enable hotplug detect and all of that.
You also need to grab HDAudioVerbs, which is basically telling the codec which outputs are
enabled. And of course GPIO. GPIO is very important and you really shouldn't mess with them if you don't have much experience.
You can adapt them from the currently running firmware, but it's very important that if,
for instance, GPIOs are configured as output or as input, you don't switch them because
you can damage your mainboard by switching GPIOs if they're configured in a different way.
So the first thing I would recommend is looking if someone already ported
coreboot to similar platform. Like in my case, for that erroring board, I based my port on System76 ORIP-8 because it was the only platform in Corbut with Tiger Lake H,
which is like almost the desktop level chip, but it's still mobile.
So from there, I looked at how they configured FSP, how they wrote the device tree and so on so on so i started writing it by basically cleaning the device tree cleaning
all the specifics to a system 76 embedded controller and you know some gpu configuration
one thing before you keep going out what is the device tree right so in core boot boot it's not the same as u-boot for instance.
You get...
Maybe I could actually show you how that looks.
Maybe that would be easier.
Because it's nice to have visual representation.
The question is can I start the screen sharing. Let's say, use operating system settings.
But,
okay.
Okay.
All right.
Oh, that actually works, wow.
Yeah, but I will ask you to blur at my,
the Jitsi when you will be doing editing.
Like above the Jitsi my tabs that are open.
Oh, that's fine.
So let me make it bigger for others because we have like 4k screens here.
So let's go to projects.
projects, personal, maybe if I can close this, yes, use yourself but hopefully that's fine. Corbuts, let's go to Vim, source, mainboard, airing, yes, Tiger Lake device tree. So you import this line which is if
we go to source I think it will be in SOC Intel Tiger Lake.
So basically this imports that path and then if you look at the...
You have so-called chipset-bch.cb. And you see that it looks very similar.
It basically just shows you which devices are default state are off or on, which you
can enable by doing overwrite in device tree.
And for instance, here you see that I'm configuring it to have power limits 45109, which is default.
But on my system, I have, I think, 60 by 120, which gives it more performance.
PMC routing, like I said, this is how you configure the IGPU, you configure certain ports, and if you want to have like data channel
and hot plug detect. And then this is actually the trial and error part if you
don't have schematics for your system, is that you have to populate like every
PCIe slot in your system. Of course, because when you install the card,
FSP usually remaps root ports. So the best way I found it to do is to install everything on,
like populate every PCI Express slot on the system, grab LSPCI, and then for instance, if we do,
let's say, ls-pci-ppp-n.
But of course, this is an AMD system, so it will be a bit different.
Or maybe if I have any logs here that I can show. I So, yes. There we go.
Yes, so you scroll to PCI Express and for instance here you see PCI Express bridges
and sometimes it's just, for instance, this Alder Lake, so some systems don't have it
like in the Linux, it doesn't recognize them yet, but basically this is like PCIe root And then if you look again at the...
So, for instance, if you see enable root port 1,
that's equivalent, let's say, 1c.1.
Then you can find that information in device 3.
But again, this is... Unfortunately, if you don't have schematics,
that's trial and error.
So good luck.
Right.
Yes.
But other than that, it's fairly simple.
You just enable devices here, which you need, like HD audio.
And here you have the SuperIO chip that I mentioned, which controls,
like for instance here, I only implemented basics for the serial console.
So if you plug in the serial cable to here, we can get the serial output.
That's basically when you're doing board bring up,
it's the only way you can
get useful information. And by doing that, I can stop sharing the screen. Yeah. So when,
yeah, so when you have, once you have like device tree, then you have to dump GPIOs and run them through Intel P2M,
which takes the raw dump of GPIO and exports it to the list that Corboud or other people
can understand them.
Usually it's not perfect.
Usually you have to do some tweaking because,
for instance, on laptops and Chromebooks, for instance, the GPIOs can be switched on or off
depending on what you're doing on the system, like the audio amplifiers and the video outputs
that can be controlled via ACPI.
So sometimes you have to adjust them, but mostly they should work. So you have the, let's say you have the device tree, then you have to,
like, if you don't, if you're not porting to the laptop I would say the ACPI
should be fairly sane sometimes you need to do some tweaking but it should be
sane then HGA verbs which is basically setting up the HGA verbs to tell the
audio codec which outputs to enable and which inputs,
like the ping configuration.
And then in ROM stage you enable stuff like how much video memory you want and so on. compilation, come back to here, make and configure.
And allow. Okay. And then when you are going to
compile core boot, you have this lovely setup.
So here it's basically you're configuring the compilation options, which compression
you want to set and so on.
In the main board you select your vendor and main board as well as the size of the ROM
chip which should be populated by default by a config that you wrote.
Then in the chipset you have more options for like, say, if you want to disable the
IGPU, you can do this from here.
Or the InterruptControllers. controllers. And here you also have to include binaries. Intel Flash descriptor is like,
I would say, it's kind of complicated to explain if you are not in the know, but it basically has like a phtraps.
It configures stuff like which SPI chips are supported and so on.
Let's leave it at this because we could get into the rabbit hole.
Here you have to add a management engine firmware,
which if you're porting a main board, you need to know that you cannot include the management
engine blob that you dumped from your main board, because it will have specific configuration for
that main board and it will likely not boot on another person's board. The way to do this is to
for on another person's port. The way to do this is to get BIOS update from the vendor and extract it from there, because then you get clean management engine region that you
can include. If your vendor does not provide you with the firmware package, it's best to just skip them and just flash the BIOS region.
And of course here you have power management, how you want to do display initialization.
Here you include the VBIOS or SMM store, which is NVRAM essentially,
you can enable stuff like TPM here.
This is console.
If you're debugging or if you want to have, for instance, on this firewall,
if you want to run the system headless, you can just enable serial.
And that way, it will just print the serial.
And you can change the boot config and such without having to connect the monitor and keyboard and so on.
I can show this later if you'd like.
SMBIOS is nothing interesting. Right, and here's the payload.
Right, so in the payload you basically will see which payload you want to choose.
Like you can select to grab Linux boot, which is like a Linux kernel, CBIOS, which is a legacy BIOS payload, UBoot or EDK2, which is like UEFI basically. And then you configure options like if you
want to build, say like if you want to generate a release build which is like
production ready or if you have any issues with, I don't know, like PCI Express
devices or something, then you can select the release build.
And then options like if you want like escape key, the logo, if you want the secure boot, PXE, so on. And then in debugging you can basically choose what you want to have in the CPFS and in the serial output. Then when you're done, you just go make...
I'm not going to use2, because it's another
payload, but even on like, ancient system, it wouldn't take that long to build.
Like maybe two to four minutes on like Haswell system.
And once that is done, maybe we can let it run when we're talking.
Once it's done, you get core boot ROM that you can flash onto the system and then just
basically start testing if everything works, if you have made any mistakes, if you find any bugs in corebot, because sometimes
not everything is implemented or tested. And basically it's rinse and repeat. If you made
any mistakes, then you have to reflash the firmware. Now the good thing is that if you're
flashing the firmware and you just made some very tiny changes,
then FlashROM will do a diff so you don't have to wait that long. If you're working
on the firmware in a professional sense, you likely will get something called EM100, which is like FPGA-based SPI emulator. I have a box of them over here, but I'm too lazy
to get them. So you get a box that you connect to USB, you upload the firmware image to the
emulator, and that takes like two seconds. So if you need to do any iterations, just
push the new firmware, you reboot
the platform, and it's pretty quick. Well, if you don't have it, then you just have to
update the chip and reiterate, but it's still not that much of a problem. And then you basically
go from there. You do debugging, you try to boot Linux, maybe Windows, because Windows is...
The one thing that Windows is good at is complaining about XDPI errors.
Right, right.
So if you have made any mistakes, then Windows will likely do blue screen of death or something,
and you know that you have XDPI problem.
Okay. and you know that you have a CPI problem.
Okay. And that's basically build image. If we do build slash core boot dot rom,
you see that we will have 16 megabytes file
and that's basically the entire SPI image.
Right. Well, when it comes to laptops, it's more complicated because embedded
controller is like super IO with extra steps because it also controls stuff like battery battery charging, USB mixing, and sensors. For instance, the funny bug that I found with
Eldritch that I have is that I noticed that my laptop would sometimes just wake up when
I had it in my backpack. And I found that when I was running to the tram and I pulled my laptop out
on the tram and suddenly it was in a sleep mode anymore. I found that if you shake the laptop too
much, for some reason the embedded controller thinks that you opened the lid
and the rest was the laptop from suspense.
Okay.
That's
clearly like a
hardware design fault then.
No, because
it wasn't doing this on Chrome OS.
It's just the quirks
that you find when you're working on
firmware development. So yeah, you have battery charging, sensors, a bunch of other stuff.
What else? I cannot think from the top of my head.
The interesting part is that, for instance, the keyboards on laptops, like embedded controller
usually...
Well, sometimes it's called the keyboard controller as well, because it basically takes inputs
from the keyboard matrix and it's usually emulating the PS2 keyboard on the host side.
So it takes the inputs from the keyboard matrix and when like Linux or Windows puts it says,
oh it's 80 keyboard so it's PS2. So it's like, you know, well it's not that much different from PS2 on the desktops, because on SuperIO you also have PS2 controller, but it's basically a smaller package and more functionality.
I don't even know how long you talked for there about the morning process i was trying to i was like is there a point like i can jump in and
like add like maybe like say something and he's going going going going going
no that's that's totally fine i've said this to plenty of people the more the guest talks the
less that i have to talk which is always nice i. I'd much rather that than people who I have to, like,
prompt to say every little word.
So if you can talk for 30 minutes about the warning process,
that's all good with me.
So when you're in the compilation step there,
it seemed like it was basically, like,
every little thing that you might want to enable
or disable there was just like a little toggle there for pretty much everything you wanted
yep because uh that's the i think uh well it depends on who you ask but i think that's the
one of the biggest problems of core boot why not so many people choose to use it,
is that when you choose everything at the build time, if you want to change configuration,
you have to refresh the firmware, which is good if you have a server farm where you want to
have the same configuration across the board. But if you're a user who wants to go,
have the same configuration across the board. But if you're a user who wants to go,
like when you have the UEFI, you go and change
one setting that you want.
And we don't really have that in core boots, which I would say
pushes people off because they're like, oh, I
want this thing to change this thing.
Oh, I have to recompile and reflash firmware.
Like, screw that.
So there are ways to fix this.
Like, you can, for instance, set, like, FSP parameters to say,
oh, if the CMOS setting in this position is this,
then configure this as that.
Then you can either write an EDK2 application
or do it from Linux to write to CMOS
and switch the settings.
But because this project is mostly used by engineers,
no one really bothers to do that.
So that's the reason i think why so many people still stick to like um ami or edk2 because it just offers more user-friendly interface
well actually i was going to ask you about the uh the limitations of core boot and i guess that
sort of leads perfectly into it.
So if there is anything else that you might want to add to that,
then, yeah, go into that, I guess.
Yeah, like, the biggest limitation is that, like I said,
it's not very user-friendly.
We have documentation, but it really needs refactoring.
We have partial documentation on x86, but it's not great in my opinion.
And when it comes to R or RISC-V, there is basically no documentation. So, you know, I've seen some work being done on Ampere side of things,
and it's kind of frustrating that you get basically like binary blob, like on x86,
you get binary blob that is under NDA. And if you want to initialize the platform,
it's basically like a giant blob that is starting and then passing to the bootloader. Then
what's the point at this point? What's the point of having core boot? If you can just load the
payloads directly from the firmware provided by the vendor. But I think it needs more work
and I'm hoping that the documentation I'm in the process of writing will help
more people learn and bring more contributors because people here
in the project are very friendly and they are willing to
share their knowledge.
It's just that engineers being the engineers, no one really has time or motivation to write
documentation.
Right, right.
Yeah, that's a problem regardless of where you exist in the tech stack whether it's at the the level of like you know
firmware development or at the level of desktop development documentation writers are special
kinds of people and you should respect everyone who wants to dedicate all their time to writing
documentation because they are a very rare breed of course and i do appreciate it like
i think last week i've met a person writing arch wiki and documentation for arch and i was like
you know great job like no matter which distribution series you you essentially
go to either gentle or arch wiki to get the information you need yeah I'm
definitely not the kind of person who likes to write
documentation but
I've spoken to some people that
do I don't understand them
I don't get them at all
but hey
you know you do you I'm not a
designer either but you know
if that's your thing,
more power to you, I guess.
I mean, that's also a way to contribute, right?
Like if you maybe are just starting with coding and such,
if you just hang out, if you write documentation,
by proxy you also learn, right?
Because you have to
document all the process, you need to understand the code at least to some point. So in my
opinion, it's a really good way to start actually learning how to do this development, right? Like, because most of the knowledge is unfortunately, you know, stuck in
our heads.
And if you have
the knowledge in your head, you can do
that. But then someone comes around
and they're like, oh, I want to do this.
And you see them struggle
and you're like, okay, give me that.
I'm gonna do this for you, you know.
So, yeah. That's just not really a scalable solution. I'm going to do this for you, you know.
That's just not really a scalable solution.
True, true.
Unless you want to spend all of your day just helping people and never actually getting anything productive done.
Yep, I can definitely relate to that.
So one thing I want to ask about is the relationship between core boot and then these like community
images that exist.
So things like LibreBoot, DeSharo, things like that.
Like how does that relationship sort of i guess play out right so you have like um
excuse me you have like um quote-unquote the corporate distributions like the shadow like um
sorry like um mr chromebooks like uh like the shadow mr chromebooks uh Sorry, like Mr. Chromebox, like Dasharo, Mr. Chromebox, LibreBoot, so on.
And basically how that works is that because CoreBoot is GPL2,
they have their own forks focusing on like,
Dasharo is focusing on like user friendliness.
LibreBoot is focusing on
getting rid of all the binary blobs.
I think recently they started doing stuff with Haswell
and such.
Basically what they're doing in their projects.
I feel like Lero and or Michał Szygowski hanging out in the spaces like IFC and basically
they just say, okay, we've done that in the project.
Do you guys want this upstream?
Or they just push it upstream and let us review the code.
So they basically contribute code. So, you know, they basically contribute code.
Sometimes
they do it,
I would say,
better than other times,
but generally they do contribute
the code back, which is great to see.
So, you mentioned
it's like a distribution
of Corby. Like, obviously, the term distribution is commonly used in the context of Linux distro.
But what do you mean by distribution in this context?
Yeah.
So those projects basically take, like, Corby tree.
They, like, drop their patches on top of, like, if it's not in the upstream, for instance, I think
two years ago, core boots dropped support for AMD 14, 15, 16 generation of CPUs, which
is like FM2 or AM3, basically like a decade old stuff.
There wasn't a good reason for this,
just no one wanted to move them forward to the new resource allocator,
but no one worked on it, so it's been dropped.
But in some of the forks that you might have,
they still maintain support for those platforms
because they have user base and they
just care more about those platforms. Then you have like focusing on user experience, like you
have heads, which is focusing on security. You have LibreBoot, which is CBIOS plus Grub, I believe,
which is cbios plus grub, I believe, which is basically getting rid of all the binary blobs. Then you have Dash Arrow from 3M-Dev, which is focusing on user-friendlyness.
So you can, when you buy like a new custom laptop or something, you can go to EDK2 and change, like, if you want to
enable, like, resizable bar
support and that kind of stuff.
Like you would on the AMI firmware.
Right.
Okay. So,
you've mentioned a lot that
Core Boot is
kind of, I guess, unapproachable for a lot of people
because, you know, lack of documentation, all of this stuff.
But if you are someone who is a non-technical user, maybe you didn't install core boot yourself,
but you buy a laptop that has been core booted whether it's system 76 or anyone else
that might provide them is there any reason why like a non-technical user would care about core
boot or is it really something that only you know people who want to get into the weeds of stuff actually are gonna even think about
yeah so i would say it's mostly uh how much you care about security and uh you know and how much
you trust the firmware that your uh system came with like a lot of people don't care but then
again a lot of people just buy a
Windows laptop from the store and that's what they use. And that's up to them. But if you're
a technical person, let's say, if you are running Linux, then I would say there are
plenty of reasons. For instance, on the shelf, I have the MSI main board that 3M deported coreboots to.
And when you put Linux on it, it spews a lot of ACPI errors.
Mostly works, but sometimes it's buggy.
but sometimes it's buggy. And if you check kernel source for Linux, you see that acpi.c has a lot of quirks like, on this system, disable this interrupt controller because...
Or sometimes you put the system and you get IRQ9 nobody cared or something like that.
IRQ9 nobody cared or something like that. So a lot of vendors simply don't test their
firmware that well, I would say. They care about Windows and that's it. But if it works with Linux, then that's basically up for Linux community to take care of it, right?
So for instance, every vendor has their own
embedded controller firmware, like Lenovo framework.
Well, framework is using Chrome OS embedded controller,
but like Lenovo, like ASUS WMI,
Windows Management Interface.
All of that has like ACPI specific works
to control stuff like fan speed.
Backlight is mostly done standard,
but like fan speed, like custom features,
like one of my friends has Asus Zephyrus
with like a LED display on the lid.
So that's all done by SPI, right?
By SPI calls, you set the, basically you set the commands, let's say.
And a lot of times it gets a lot of reverse engineering, even like Windows drivers and
so on to get it working.
So if you buy a laptop with core boot and you use Linux,
it's basically guaranteed that it will work because people who develop core boot are pretty much always using Linux.
So basically it's putting, well, let's say,
So basically it's putting, let's say, UFI that is being done by vendors like AMI
and then put on mainboards like MSI.
That's mostly targeted towards Windows.
It's best tested on Windows and with core boot.
If you buy a mainboard with core boot or laptop with core boot
or if you install core boot yourself,
then it's pretty much guaranteed that it
will work as it should with linux without you know any quirks with like fan speed and so on
well any quirks unless we're talking chromebooks which are just weird
Well, I mean, at this point, it mostly works.
We don't have HWmon driver, but you can control the fan using EFU tool and you can, you know, the temperature monitoring works.
Like automatic fan control should work over DPTF, right?
Or if you have an AMD system, then it should be done via embedded
controller, but it's mostly working just fine. The very nice thing about Chromebooks is the
audio. The laptop that I have in front of me, it is a brand new machine that did cost like
1500 euro.
And the audio on it is so terrible, I literally cannot listen to the speakers.
And if you connect the headphones, it's not even better.
Sorry.
But then you grab like elderly that I have here and the speakers sound pretty good.
Like I could even make it better because we can still throw DSP tuning in user space, but because we have a DSP on those systems, then the speakers
sound a lot better than they do on most X86 laptops.
So one thing that I don't know how I hadn't come up yet, but what is your, like sort of,
I guess we kind of touched on this a bit before. But what is your background in Linux, in programming, getting involved in the Core Boot Project,
and just generally how you got to where you are now?
So I would say that I started maybe around 2016, maybe 2017.
At the time I was using ThinkPad T420, I would say.
And I wasn't really satisfied with the performance of the integrated GPU.
Because at the time I think I was still in college, yes.
Or high school, whatever you want to call it.
And as one does, I was carrying that laptop to school
and I used to slack off on the back of the class,
playing games like Schoolgirls or Life is Strange.
But once I upgraded my display to 1600 by 900 the HD 3000 iGPU on Sandy Bridge was no longer
enough. So I've read that with core boot you could replace the CPU with a third generation which had much better iGPU.
And I basically tore apart the laptop.
I flashed it.
Well, I bricked it a few times at first,
as one does, but I eventually did get it working and it was pretty much flawless.
Then I was like, wow, you know, that's really interesting.
Then I bought a super cheap AMD platform was like, I think it was like from a company called
Medion, but it's like MSI OEM. Again, I could grab it from the shop, but I'm too lazy to get up.
shop, but I'm too lazy to get up. But I basically ported core boots to that. I learned how to do it.
I never did finish it because I had issues with AMD GPU initialization, but at the time I was still, like, I would think I was 19 at the time but after that I didn't have much time and I basically
kind of left the scene. It wasn't until 2021 when I was working for IBM and I was really, really bored maintaining legacy systems like AX and Solaris and that
kind of stuff.
And I looked at the pricing of Chromebooks, I was like, oh, damn, that is really cheap.
And I saw that they weren't supported.
I was like, maybe I can work on that. And then I think two months later, I really wanted to get it working because at the
time I lived in a city called Katowice, which is not super close, but it's kind of close to Ukraine.
And you know what happened in February of 2022?
And everyone went into the state of panic, like, you know, we will have to pack, we will have to
run. So I was really glad that I bought Chromebook and I wanted to get it working. So the motivation
was sky high. And, you know, I basically spent, I think, two weeks straight just working on Corbett and Linux on that
laptop. I got it working, it was perfect, and then suddenly we started getting more
and more people interested in the project. So we started getting more hardware, more
people, and that's basically how I started, you know, I found that audio wasn't working at all on
the, I think, Skylake and Neewer, because that's when Google started using smart sound
technology, which is basically AVS slash SOF, audio, speech and send open firmware.
And no one really cared about getting that to work.
So first we got Corbuth with EDK2.
We patched the ACPI.
We talked to folks at Intel who helped us
debug the stuff, who updated the firmware builds, and so on.
And eventually, we started upstreaming that stuff
and started getting more people interested, more hardware,
more work, and the ball started rolling.
So I would say before 2022, I mostly had experience with just hacking stuff like reverse engineering,
like let's say USB drivers or like messing with like Arduino, Raspberry Pi, that kind
of stuff. But it really wasn't until I got into Chromebooks related stuff
that I got interested in proper kernel development.
And again, I don't have many patches in Linux upstream,
mostly because upstreaming is a pain in the ass,
thanks to having to make your patches and then they
retread on patchwork for months but it's mostly been okay. Then we had to work with distributions
like with Fedora and other to actually enable the modules for the audio and it's been fun. Then I would say
for the past year and a half, like most x86 stuff is working and last year we started working on
ARM. However, this year I really haven't done much because last year I moved to France and I
found that I had celiac disease.
So as you can imagine, if you cannot find gluten-free food, you will have a lot of health
issues which I suffered.
So this year for me was pretty quiet. But then about two months ago, as you know, I moved to Germany.
I started working for Nine Elements, working on firmware,
more like a professional level.
So that's where I am right now.
So going back even even further so you saw the story on a ThinkPad t420 going back like much further than that
when did you first gain an interest in Linux and an interest in programming
because most people don't just suddenly appear on a Sandy Bridge system in 2017.
Yeah, so I've been using Linux for 16 years at this point which makes me feel old.
Do you remember what your first distro was
ubuntu 804 lts okay you know that gnome 2 running on pentium 3 with uh um nvidia like fx 5200 i
remember i think and uh you know it was it was something different, not like Windows XP or Windows 98. You boot up
Linux and you're like, oh, you can do so much stuff here. Back then, of course, gaming wasn't
that great because we didn't have DXDK and stuff. But you could still run some stuff.
Like I remember that
back in 2013,
I was carrying like a Turion 64 laptop.
It was a very heavy beast
that was overheating all the time.
So I had it running Gen 2, as well as those in high school.
And
yeah, I used it to play like Minecraft and World of Warcraft.
But
at some point the laptop died because, course it was overheating and that was the era of
you know the substrates not being done correctly. So at one point it just died and I had to replace
it. Well it wasn't surprising that it died because I got it for a super cheap price and i just
revived it by uh blowing the um hot air from the hair dryer onto the gpus as well as one yeah as As one does, I guess.
Yeah, so basically that's how I got the laptop for about an equivalent of $25 back in 2013, right?
You know, if that thing does anything, I think that's money well spent.
I mean, it worked for a year, so it was pretty nice to have a laptop, you know.
So yeah. And after that it died and I saved some money. And at that point, I remember for my,
after I think I turned 16, my brother said, hey, why don't you come over to the UK and you can do some summer jobs, you can save some money. So when I lived there for like two months, I saw the ThinkPad
T420 on eBay for, I would say £140. And it was brand new, it was just decommissioned and
it was never used.
So I got brand new laptop for 140, which was great.
And that thing served me well.
I think I would say, yeah, until 2019.
So again, for 140, I got five years out of it.
It was pretty nice.
Yeah. That's pretty nice. Yeah.
That's a pretty good deal.
It's not the fastest of machines, sure.
But, you know, it's cheap and it works.
And that's all that matters.
Yeah.
And, I mean, those systems had a really nice keyboard and I mean back then before you know like before when you like okay I don't want to
sound pretentious but like before we like Wayland before all the new stuff we got like those older machines especially before like everything was electron those machines were so pretty fast like you
didn't need to have uh like 16 gigabytes of ram to have discord running yeah the uh the electron
app problem i get from a developer perspective why electron is really popular like you're if
you're building like if you have your application as a website already
and then you want it to be cross-platform and every single developer on your team is a web
developer you know i get it i i do i just don't like it me neither like i don't remember i don't Me neither. I'm not sure if you remember IMs like Pidgin, for instance. Back in the day,
you would have a Pidgin or other kind of IM that had plugins for popular services.
plugins for popular services and you installed the plugin, you logged in with your credentials and basically it had all the API implemented.
Oh.
So back in, like, you know, I'm Polish, so back in Poland, back before Facebook Messenger came and Google Hangouts, RIP by the way.
We used something called Gadoogado, which was kind of like equivalent of AAM in America, I would say.
It was a very simple protocol, kind of like XMPP. So you had a very simple program that you could even run on Windows 98 and you could
talk to people, like send messages and so on. And that took like, what, one megabyte of RAM?
So now imagine if these days days like Discord wouldn't be
No using third party clients is against
The OS like imagine if they just
Opened the API
That would be nice
That would be nice well that's one of the things
I like about
The way Twitch does their chat system
Their chat system is just IRC
Like you can just connect to it from any
IRC client. It's obviously
the way they do their emotes, you know,
they, you want to, you want
those to be rendered nicely as well, so you want to have
a custom IRC client. Sure, that's
fine, but, like, the backend protocol,
nothing special about it.
You don't need to reinvent the wheel.
Like, I don't think
there is a functional reason
why the Discord chat system couldn't just be IRC on the back end,
if they actually wanted it to be.
True, true.
There is a plugin for Pidgin, like I mentioned,
and unfortunately, it works, but it's not that well-maintained.
So technically, you could use it in Pigeon. I've
seen some people who are like still using Windows XP for fun who are using Discord over Pigeon
because it's still supported. So like it clearly can be done and it will reduce e-waste a lot.
a lot it's like
well that's one of the things that
I've
people are weird
about the way they
like to criticize certain things like the
us he linux project like why would you care
about apple devices or
the whole
getting linux on chromebooks
why would you care about chromebooks
but these devices exist.
Like, they're not going to suddenly just stop existing
and everyone's going to use these nice devices
that are, like, open.
You can just, like, hack on them.
So if these devices are out there,
I think it's a good thing that there are people
who want to go and whether it's they're doing it
because they want to revive the devices and keep them alive for years in the future whether it's
because they just have a device and they just wanted it to work whether it's because you know
they just think they're cool i i like there are people out here that are actually making these
devices more usable than they were before and usable for a lot longer than they
would have been before yes of course and also it helps people in less i would say fortunate
situations like we had a lot of people from um i think south africa it was like they're going
through energy crisis right now like They have a lot of issues with
power grid. And so the economy is taking a downturn, but because the Chromebooks are
so cheap and they're pretty much everywhere as an e-waste and they have good battery life,
having a Chromebook for those people, even from 2015, it can get them through the entire day on battery
when they don't have power in their homes.
So, you know, one of the reasons
what keeps me going in the project
is that, you know,
helping people who wouldn't have access to
like technology to learn otherwise
have something that they can use i haven't even thought of it from that perspective but
yeah no that actually does make a lot of sense as well um
because i i know i always thought about it from like the perspective of like the desktop systems
but yeah i guess there would be a lot of people who would use laptops with intermittent power as well and
i don't know why that why i'd never thought of that i actually don't know why i'd never thought
of that yeah because especially when you have those sorry i keep bumping my mic that's all good
don't worry about it uh like especially when you have to slow power devices, which last like 12 hours on battery,
right? You can easily get like a power bank charged when you have power. So you get a
Chromebook that lasts you 12 hours on battery, and then you have a power bank, which will last you
another 12 hours or so. And then you get 24 hours without the but
Need for you know having to plug in into the power outlet, right?
Hmm But there's also just the fact that like, you know it these there's some really cool devices out there
I like obviously that that's cool as well. But there's also just some really cool devices out there right like obviously that that's cool as well but there's also just some really cool devices out there and you know people have had this interest in getting old think pads
and all that for for a long time and i get it right like you know especially the older ones
there's a bunch of add-ons you can get onto them you can like attach a giant battery to the back they're really cool devices but as you've
like showed this is like there's some really cool chromebooks out there as well obviously there's a
lot of them which are you know the ones that are designed to go to a school and they are just you
know they they they make them as cheaply as possible just because they know they're going to get damaged.
But what we have as Chromebooks now
aren't just what existed then.
Like, there has become this actual, like, laptop market
in the Chromebook space as well.
Like, we're really far past what you had on this thing, which was
like 32 gigabytes of internal storage. Like you can get like actual usable amounts of storage,
usable amounts of RAM with these devices now. And because people don't really, you know,
consider them in the same way as they do with with think
pads you can get some pretty crazy deals on them as well mm-hmm and the nice part
is that if you if you get like 11 12 13 generation anything with core I like
core i3 core i5 core i7 all the system now, even if they ship with UFS module,
because previously it was EMMC, but now they ship with UFS module,
you can remove the UFS module, install NVMe drive,
and flash the custom firmware, and then all of a sudden,
for instance, my laptop came with 128 gigabytes SSD.
then for instance my laptop came with 128 gigabytes SSD but as of right now I think I have
Samsung 980 in it one terabyte
that's a pretty good upgrade yeah so I mean and also the performance right maybe I'll say as I said maybe I can show you what you can do on the Chromebooks.
Because, like you said, the nice part about...
Well, besides the one that melts when you have it on.
Yeah, I mean, but the nice part about the...
It's called Education Edition.
Because they are designed to go to schools,
they are regularized.
Like, around the screen and around the palm
rest.
Usually you have a very thick rubber coating.
So if you drop it on the floor, it's not gonna break. I will need my HDMI capture to show this.
Unfortunately, unlike some older systems, on those ones, you will only get the video output once the on the external monitor you will only get the video output once the
linux kernel will do mode setting because if you if i would want to enable video output on
external display in the firmware i will have to edit the video bios tables
edit the video BIOS tables. Of course, because this doesn't have HDMI, I will need to use a dock.
And I will likely also need the power, which... Oh, I actually prepared something for once. Nice.
So we get the power. We get the HDMI.
Then we go on.
We see if it works.
I mean, there is no reason why it shouldn't.
You know, live demos.
Yes. Okay. It boots.
Mm-hmm.
And also the interesting part about this one is that one of my friends got it from eBay.
Okay.
So, like, it came with broken screen, which so it means that I don't have touchscreen.
However, my friend got this 11th generation Chromebook for 20 pounds. Wow. Okay.
Because you know, who cares about a broken Chromebook, right?
So let me see if I will be able to do the video capture here.
Which video device will it connect to? That is the question.
Yes, because I have seven video for Linux things right now.
Do I want to know why you have seven?
I don't know. I know that three of them is the internal camera.
And I think another two are the Windows Hello cameras in my laptop.
Oh, that makes sense.
Okay.
Then fourth is the camera that I'm using right now.
I don't know what's on fifth and seventh,
but it looks like video six is the input I'm looking for.
So I have a very bad habit of saying my password out loud.
So.
OK. okay i don't want to be too loud, even though I'm the only one in the office.
And I could pass through audio through HDMI, but I don't think we will need that for the
demo.
That's fine.
That's fine.
Yeah.
So let's just...
Because I have 1% of batteries, I have to be quick with the dock. So let's just...
I have 1% of batteries, I have to be quick with the dock.
Okay.
One second.
What happened to my display now?
Ah, okay.
So I did F11.
All right. So I'm going to enter the mode and I'm just going
to share my screen.
Okay.
So you will see yourself for a second. I don't want to mess around with the webcam
input.
Fair enough. OK, so let's see. Displays.
The question is, did I grab the working HDMI cable?
Because as you can imagine, when you're moving to the different country, sometimes you might
get the broken cable.
Right.
Okay, looks like that actually was not the right sync.
So video seven, maybe.
Yes.
No, interesting. Just a check. Yes, that's the live demo, right?
Oh, absolutely.
Okay.
So input for...
Oh, okay.
So...
Okay.
So...
Okay.
So...
Okay.
So...
Okay.
So...
Okay.
So...
Okay.
So... Okay. So... Okay. So... Okay, so input for...
Or I can do...
Okay.
So we just... Okay, so we have two of them.
And I think this will be the correct one, but now the question is...
Will this HDMI cable work? If it doesn't it's
not a big deal. I mean I can just go and grab another one because it would be really cool to actually show it, but again, I can also show this via
the webcam.
It's not a problem.
It's just, like you said, it's the live demo.
Yeah.
So let's quit out of that.
And I'm going to stop the screen sharing.
Okay.
So instead, I'm just going to hold my laptop up.
So, so you know, all those people that say, Oh, you know, the Chromebooks are slow, they're useless.
Before Google introduced a steam on Chrome OS, which is still in beta, by the way.
We were the first ones to actually run proper games on it.
So since this is an 11th gen system,
let me just...
It will be much easier when it actually launches.
This is still a modern game, right?
So the question is if I'm connected to the Wi-Fi,
because I don't think I use this system here.
I'm not sure if this can.
I'm not sure if this came.
And did I forget the, no, I did remember to bring this.
So like I said, this is the 11th gen and I think everything is working except for the fingerprint, right?
Mm-hmm.
And there is actually someone who is writing the fingerprint driver for those devices.
Oh, that's cool.
Yeah.
Like, I think it's a merge request open on free desktop libfpinitd.
So I'm following this development because at some point I said, okay, at some point
I will look into that, but I just did not have time.
Sure.
So let's just go to...
Okay.
So one second.
Like you said, live demos, right?
Yeah.
Looks like this game does not like hot plugging
the controller.
Then we'll know.
OK. hot plugging the controller, the more you know. Okay.
So, so we go through all this Oreo again,
but again, I want to show it because,
and people will be like, oh, you can do that.
So, I mean, of course it would be better if we had
the HDMI capture, but I should have tested the...
If my HDMI cable wasn't broken.
And this is kind of crusty right now in the menu.
But once you get to the gameplay, then again, this is mostly when it's loading assets, so,
because this is a Core i3 model, so on Core i5 it will be better.
But like, maybe you will be able to see.
Oh, yep, yep, yep.
It's pretty smooth.
Of course, it is low settings, but it is in 1080p.
So this is the modern game running on iGPU.
That's actually kind of impressive.
Yeah.
I was like, you know, maybe this will probably not work, but I was curious.
And initially I had issues with Proton not being able to use the sound card for some reason.
Let me clear it.
Okay, how do I kill this game?
So initially I had issues with Proton not being able to use audio,
but I found that I had old UCM configuration on the system.
So when I updated my UCM config,
that to have what we have in the repo, it just worked.
That's always good.
It just works.
That's the best state for things to be in.
Yes.
So, you know, of course, this still could do some work.
But again, considering this is the project that we maintain
like four people in our free time, I think we're doing pretty well.
Yeah.
Well, on that note, we probably should be ending this off. Oh, okay.
We've just gone past the two hour mark.
Hmm. Is there anything else we should cover?
Like, we went through like porting process. how is the platform initialization stuff.
Maybe I should just add that AMD is currently working on OpenCL, which will replace AGESA.
And it will be a much better experience overall because then what is currently closed on Intel
side in FSP will be open source. However, because they cannot release platform, sorry,
the memory initialization code, they will have to move it to PSP. AMD has equivalent of management engine called platform security processor, which is a really
tiny ARM core that is running all the firmware.
So basically the way they will do it is that upon the powering the system, the boot ROM
will boot the PSP. It will initialize the memory.
And then it will, basically when the memory initialization on PSP is done,
then it will reset the x86 cores from reset.
And then you get all the firmware that will be using OpenSIL.
the firmware that will be using OpenCell.
Because a lot of companies these days don't develop their own memory controllers.
So I don't know which one is it,
but I think they bought the DDR5 controller from Synopsys.
So that's why there's that concern
that they cannot open source it,
so they have to hide
it somewhere and they're working on it.
So I think that it should be ready for 2026.
That's the roadmap.
So if anyone is interested in details, I could recommend, I believe his name was Paul Grimes from AMD,
gave a talk at Open Source Filmware Conference this year about that.
So hopefully, you know, that's better for us, like more open SQL initialization,
more transparency. So fingers crossed.
more transparency, so fingers crossed.
So if people want to get involved in core boot, they want to go and use core boot, all that stuff, where can they go to find that?
Well, we have community split between IRC.
I think we also had matrix room, but I'm not active there. We have Discord,
but then again, Discord being Discord, it's not great for being a resource. I would say
probably the best place for now is still IRC or, you know, if they just want to hang out and ask us how can they do thing X, then also on our
Truth or Book Discord we have a channel of topic development, which no one really uses.
But if you have any code boot related questions, if you are unsure if you can do something,
then you can ping us there.
And if not, then, you know, there's some people are active on coreboot's Discord these days,
so probably someone will respond.
It's just that you have people from all the different time zones, and sometimes it might take a while for people to get back to you.
Right, right. Is there anything else you'd want to direct people to or?
I mean, not really. If you're interested in meeting developers, then of course we are
at FOSDEM every year. We have our own dev room. I think some people are going to FOSDEM
Asia as well. We have open source human conference, but that's more business oriented and then also we are present at conferences like you know
next month there is a chaos communication congress
in hamburg in germany so we will have our own
assembly so if you're there just feel free to pop in
talk to us don't, we don't bite.
This is the part where you plug your employer if they need Corbu consultation work.
Yeah, I mean, sure.
If you would like, if you are like a board vendor or system vendor, you can send an email
to Christian or, you know,
they contact at Nine Elements and, you know.
Well, is there anything else you want to mention
or can I do my outro and then we just, we can sign off?
Well, it was kind of chaotic,
but I think we covered everything we wanted to say.
Definitely chaotic.
We could, in theory, talk about Qualcomm stuff, but let's not get into ARM at this point because
it is very much a work in progress so well we can certainly talk
about more stuff in the future there's there's no reason why we can't do a second episode at some
point yeah sure and uh hopefully that time it is not going to be well hopefully uh next time we
don't have a hour delay before we can start recording you know that'll definitely be an improvement yep i mean i will do my best to get the camera sorted like i think to be fair half the problem
was discord so i i don't think you take the full blame for that one yeah yeah true true
so as for me my main channel is Brody Robertson.
I do Linux videos there six days a week.
I've got the gaming channel, Brody on Games,
probably still streaming Kingdom Hearts 3 and Black Myth Wukong,
so check that out.
I've got the React channel, Brody Robertson Reacts,
where I just upload stream clips.
And if you listen to the audio version of this,
you can find the video version on YouTube at Tech Over Tea. If you'd like listen to the audio version of this you can find the video version on youtube at tech over t if you'd like to find the audio version uh it's going to be on pretty
much every audio podcast platform there is an rss feed so put it in your favorite app and you're
good to go i will give you the final word how do you want to end off the show
i'm not good at interesting outros but you but for anyone who went through the entire episode,
I would like to thank you. It was definitely a bit chaotic, but then again, hopefully people will
find some value in those two hours that we spent talking about the project and semi-related
stuff.
Yeah.
You know, that works.
Okay.