A Hardware enthusiast view on the usefulness of open source Firmwares like Coreboot

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

zir_blazer

Active Member
Dec 5, 2016
355
128
43
A Hardware enthusiast view on the usefulness of open source Firmwares like Coreboot

I took my time to write the linked Wall of Text® with the purpose of educating/influencing Hardware enthusiasts communities about the need to push for open source Firmwares, and perhaps with even more luck, Motherboards with open Hardware designs. These are my personal thoughts and nearly all the input I have on this matter. If you read it, you will know almost as much as I do about it.

You will notice that there is a major difference regarding my approach and nearly everyone else that you have read talking about this matter previously. I'm not of the "INTEL ME/AMD PSP VIOLATES MY PRIVACY!1!1!1" and "THE NSA AND USA GOVERMENT ARE SPYING ON ME!" crowd. I have an actual agenda regarding functional issues where I think that an open source Firmware could kick propietary Firmware butt, and I cover it with enough detail as to drive that point.
 

i386

Well-Known Member
Mar 18, 2016
4,220
1,540
113
34
Germany
I think the bios/uefi in my systems at home are overloaded with options and I'm working with that kind of stuff almost daily.
I don't want to think about people who would have to test and support the configurations...
 

zir_blazer

Active Member
Dec 5, 2016
355
128
43
Almost two weeks ago FOSDEM 2021 hosted a virtual conference room for Firmware-related talks. The one that I was most interesed in was "Open Source Firmware status on AMD platforms 2021", covering the topics mentioned here. There are PDF slides and video available. Phoronix also did an article about the subject.


Talk highlights:
- AMD AGESA v9 can be currently directly integrated with TianoCore (edk2) to produce a mostly open source UEFI implementation, albeit the AGESA part remains closed sourced. Implementing it this way is unrelated to Coreboot.
- AMD hired a few Coreboot engineers that are implementing support for Cezanne and Majolica (I don't know what this one is, maybe a Dali successor?) upstream. Probably for Chromebooks.
- He mentioned the previous talk from Coreboot founder Ronald Minnich (Now currently at Google) about pure open source support of EPYC Rome in oreboot (The talk "pure open source on an AMD Zen" from this video). The problem is that while he managed to boot a Rome with no binary blobs, it only has pretty much CPU, RAM, and low speed interfaces like Serial Port for console. The PCIe Root Complex and anything that depends on it aren't available yet, so it is far from production ready because a lot of major features still aren't supported, albeit it is still amazing that it can boot Linux on its current state.
- AMD also did some work on OpenBMC to support their reference EPYC platform. In a previous conference there was a talk by an AMD engineer about this.
- 3mdeb worked on an AGESA v9 + TianoCore port for the DFI GH960 (Ryzen Embedded V1000) in a DFI COM332-B COM Express Type 6 Carrierboard, which they plan to upstream on a few months and may be the first non-Chromebook Zen platform to get an open source Firmware (Albeit it is not Coreboot).
- They also mentioned their side project Dasharo (There is a Twitter where they mentioned my guide, heh), that is as of yet a bit hard to describe, but I interpret it as if they want to provide IBV (Independent BIOS Vendor)-level Firmware services based on Coreboot for continuous mainteinance and build testing of Motherboards using it.


@Patrick
Since you are considered a sort of seer in the industry, what is your point of view about this? I find highly surprising that some cloud providers are actually deploying Coreboot but the rest of the industry (Mainly everything consumer facing) does not care at all.

I got tired of planned obsolecense, where a perfectly fine, high quality Motherboard suddently becomes far less interesing due to not supporting new features that are Software-only and could be implemented via Firmware updates, but no Motherboard vendor would do that because their business is selling more Motherboards, not proper mainteinance of existing ones. So I want to push the idea of open source Firmware, to remove control of that from the Motherboard vendors.
 
  • Like
Reactions: pietrushnic

ullbeking

Active Member
Jul 28, 2017
506
70
28
45
London
I'm highly interested and involved in coreboot and Libreboot, as well as OpenBMC. I've got a lot of hardware that runs coreboot and am very keen to share notes with anybody else who is interested. Presently I'm unbricking the BMC on my Talos II (as well as building a few NAS'es), but I have several X9SCM-F's that I will be corebooting, plus building NAS from an X11SSH-CTF in a few months.

My ideal would be to port coreboot and OpenBMC to the A1SRi-2758F and X10SDV and X11SDV series boards. These are currently my favorite home servers.

Edit: In fact, I have quite a few Lenovo X200, X220, and X230 (plus T-versions, etc) that I have Librebooted or corebooted. In my workflow, I use these laptops as, more of less, thin clients to powerful servers where the real work is done.
 

ullbeking

Active Member
Jul 28, 2017
506
70
28
45
London
This Thread makes me think it is a good moment to bump this one.

Just image if Supermicro decided to drop the ball on X9 series users and tell them "you're on your own". More water for this windmill then, heh.
Often, coreboot is actually better than the stock BIOS.

Remember, though!! Make an image of the stock BIOS and update the EC (if appropriate) while still on stock firmware before flashing coreboot.
 
  • Like
Reactions: pietrushnic

zir_blazer

Active Member
Dec 5, 2016
355
128
43
Presently I'm unbricking the BMC on my Talos II
If you have a Talos II, you would surely be interesed in reading this.



Often, coreboot is actually better than the stock BIOS.
Can you give more concrete examples of things where Coreboot is significantly better? I have a lack of first-hand experience.

I know that it can theorically do everything than the stock BIOS does better than it, but in most cases, the Ports are incomplete in some way or another because it involves heavy reverse engineering to implement every Motherboard feature. So is pretty much a win/lose situation, where Coreboot may do several things better than stock (Because it either implements features the stock BIOS doesn't has, fix bugs, does it faster, etc), but may miss propietary features that are hard to reverse engineer and include.
 
  • Like
Reactions: pietrushnic

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
@zir_blazer so here is my unpopular take, and it applies to Coreboot, but also the Talos II platform.

I wanted IBM Power 9, so I just bought IBM LC621's. They do not have all of the open features of the Talos II, but you power it on, and it works.

The same sort of behavior is happening with OpenBMC/ Coreboot more broadly. The hyper-scale community has teams of engineers to work on this, but most other organizations do not. If you have 20 servers, but you need 1/4 of a person-year to get everything set up, that is a cost of say $1000/ server and then the question is how much extra value did you get.

I know that is a strange way to think about it, but until OEMs start supporting it as a primary platform, outside of enthusiasts/ hyper-scale it is very hard to get adoption.

Back to the Power9, I have heard many stories of the Talos II. I 100% was planning on getting one. Then I basically got offered IBM branded systems for less than the Talos II and the question was lower hardware cost, lower setup costs, versus something cool to tinker with.

We have plenty to tinker with. I have not shared this publicly before, but we are going to do a Cooper Lake series before Milan/ Ice launches. Very expensive to do, but very interesting.
 

zir_blazer

Active Member
Dec 5, 2016
355
128
43
I know that is a strange way to think about it, but until OEMs start supporting it as a primary platform, outside of enthusiasts/ hyper-scale it is very hard to get adoption.
I agree with this. Without the direct help of an OEM providing open documentation like schematics for GPIO and such, you simply drop the ball on the Coreboot developers that have to reverse engineer everything with no vendor help. It is even more time and effort to do so. I think than open source Firmware will also be dependent on a from-scratch Motherboard design that trying to make an existing ASUS/Gigabyte/whatever Motherboard look good.

But this is also a chicken-and-egg scenario. If there is no demand, then no OEM will do it, with the problem being that most people either don't know or don't care so there isn't even a sleeping demand for such product. And that is what I want to change, that people at least gets interesed in such option.
 
  • Like
Reactions: pietrushnic

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
The same thing happens with the BMC chips themselves. I sometimes ask vendors "why do you use Aspeed over another vendor" and the most common answer is "it works and it is priced competitively." Until either side of that equation changes, everything will continue on as-is.
 

pietrushnic

New Member
Feb 22, 2022
1
5
3
Poland
3mdeb.com
Dear ServeTheHome,
I'm Piotr Król CEO of 3mdeb. I just want to let you know that I would be glad to answer all questions related to Dasharo open-source firmware distribution, and I'm definitely open to suggestions what we should include in the firmware to make it attractive for STH audience.

I think the bios/uefi in my systems at home are overloaded with options and I'm working with that kind of stuff almost daily.
I don't want to think about people who would have to test and support the configurations...
@i386 I agree. Back in the days I worked as Intel Software BIOS Engineer and I saw how BIOS setup menu is tested for reference BIOS. Please believe me reference BIOS has way more options than typical vendor include. Probably 95% of combinations of options are not bootable. IMHO this is a trivial way to improve quality and trigger a lot of bugs. Unfortunately as everywhere QA teams are understaffed and without sufficient budget. We expressed many times our concerns about fragmentation of open-source firmware validation. From 3mdeb and Dasharo perspective we have even open-source hardware project related like Remote Testing Environment

- 3mdeb worked on an AGESA v9 + TianoCore port for the DFI GH960 (Ryzen Embedded V1000) in a DFI COM332-B COM Express Type 6 Carrierboard, which they plan to upstream on a few months and may be the first non-Chromebook Zen platform to get an open source Firmware (Albeit it is not Coreboot).
It happens to have hidden legal consequences. We have that code, but it is far from working as expected. It would require partner or sponsor to move that forward. So for now we were not able to publish that code.

- They also mentioned their side project Dasharo (There is a Twitter where they mentioned my guide, heh), that is as of yet a bit hard to describe, but I interpret it as if they want to provide IBV (Independent BIOS Vendor)-level Firmware services based on Coreboot for continuous mainteinance and build testing of Motherboards using it.
@zir_blazer I'm really surprised how well you interpreted things back in the days. Today it is more clear that Dasharo is open-source firmware distribution. I'm trying to explain it as the same thing for open-source firmware as Debian/Ubuntu/Red Hat is for Linux. More information in documentation.

The same sort of behavior is happening with OpenBMC/ Coreboot more broadly. The hyper-scale community has teams of engineers to work on this, but most other organizations do not. If you have 20 servers, but you need 1/4 of a person-year to get everything set up, that is a cost of say $1000/ server and then the question is how much extra value did you get.
@Patrick this is exactly the reason why open-source firmware vendors have to work on products that will change this paradigm. Let's say that work can be outsourced to company that has products working out of the box. Of course server market is problematic because supply chain is protected, and new players are not very welcome, but we see signs of change. Because of that we think about getting traction on other markets like laptops, workstation and what we think is very attractive TinyMiniMicro.

I know that is a strange way to think about it, but until OEMs start supporting it as a primary platform, outside of enthusiasts/ hyper-scale it is very hard to get adoption.
Agree, but as @zir_blazer mentioned this is chicken and egg problem. There is need for product which will prove to OEMs, who already operate on low margins, that will provide additional revenue streams. We believe there is place for Firmware as a Service (BTW Microsoft invention with Project Mu) as well as firmware based products e.g. seamless OS/application deployment, advances security, vertical application firmware profiles etc.

The same thing happens with the BMC chips themselves. I sometimes ask vendors "why do you use Aspeed over another vendor" and the most common answer is "it works and it is priced competitively." Until either side of that equation changes, everything will continue on as-is.
My knowledge of BMC market is not so extensive, but what I know is that AMI definitely partner with Aspeed and use their reference designs to enable most important features. More to that AMI is top IBV and has very, very close relation with silicon vendors, thanks to that they're getting more and way earlier than anyone else. Obviously this creates advantage that can't be beat by outsider without years of experience. We have to start with small OEM and provide enough value for them, so they will continue to invest in open-source firmware environment, that way we can change whole environment, but it would not be overnight revolution, but rather years of evolution. I believe we move quite well in correct direction, but all this recent mess with supply chain issues and USA vs China make things rather closing than opening. What can be opportunity as in Chinese 危機.