Msi dasharo upstream #1995
Msi dasharo upstream #1995
Conversation
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Matthew Drobnak <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
9cdd697 to
7546d7b
Compare
|
See table below for artefacts ready to be tested. I have tested
In the future, we can create variants supporting USB keyboard and HOTP if the community requires. Future issues that need addressing are:
@tlaurion this is good to merge IMO, |
| /bin/flashprog -p internal --fmap -i COREBOOT -i FMAP -r /tmp/cbfs-init.rom \ | ||
| && CBFS_ARG=" -o /tmp/cbfs-init.rom" \ | ||
| || echo "Failed reading Heads configuration from flash! Some features may not be available." | ||
| fi | ||
|
|
||
| # Load individual files | ||
| cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"` | ||
| cbfsfiles=`cbfs -t 50 -l $CBFS_ARG 2>/dev/null | grep "^heads/initrd/"` |
There was a problem hiding this comment.
@Tonux599 what happens when calling cbfs on MSI platform? What is the issue that needs this workaround?
There was a problem hiding this comment.
If my understanding is correct, the cbfs util reads the cbfs from a location in memory. If a flash is >16M then either:
- Coreboot doesn't map CBFS's larger than 16M into memory. Or,
cbfsdoesn't have the ability to read a region in memory larger than 16M.
Not sure what it is, but the above workaround is from dasharo's release. Effectively, it uses flashprog to read the flash chip (taking 10s of seconds), and then having the cbfs util read from the resulting file.
Edit: and calling cbfs as normal results in an invalid header magic error (presumably because it's reading garbage).
There was a problem hiding this comment.
Edit: and calling cbfs as normal results in an invalid header magic error (presumably because it's reading garbage).
Yes that's why I ask because novacustom boards have spi chips of 32mb and don't need that workaround.
There was a problem hiding this comment.
Edit: and calling cbfs as normal results in an invalid header magic error (presumably because it's reading garbage).
Yes that's why I ask because novacustom boards have spi chips of 32mb and don't need that workaround.
Ah yes, whilst the flash for those boards are 32M I presume the CBFS size is <=16M. These boards need a bigger CBFS so we can fit the ROMHOLE in at a specific location (which allows the rom to be flashed from a usb port on the back).
@miczyg1 am I correct?
There was a problem hiding this comment.
Indeed. cbfs utility only works for cbfs size or flash size <=16MB. Otherwise you need to dump whole flash to make CBFS parsing work...
There was a problem hiding this comment.
@Tonux599 that deserves a new issue to be tracked/fixed/resolved under Heads and then osresearch/flashtools. After which this thread can be resolved yes, cross-linking those for traceability. Using flashrom/flashprog is a hack here.
There was a problem hiding this comment.
@miczyg1 random thought, could we not have a 16MB CBFS on the 32MB flash and just write the ROMHOLE to where it belongs on the flash? Presuming the ROMHOLE is somewhere past the the first 16MB.
There was a problem hiding this comment.
@Tonux599 you can't do that. heads paylaod is ~8MB in size, it will not fit neither above nor belwo ROMHOLE if CBFS/coreboot is just 16MB. The ROMHOLE fixed address i just that unfortunate, that it cannot be workarounded. By forcefully writing the ROMHOLE you will corrupt the CBFS and make the image unbootable most likely.
There was a problem hiding this comment.
@miczyg1 Thanks. Trying to wrap my brain around this but think I'm getting there. Presumably it collides with the ROMHOLE is because the CBFS (and bootblock) needs to be placed at the end of the 32MB flash chip?
Also trying to look into a fix for the cbfs utility to read the whole CBFS mapped into memory. @miczyg1 is the whole 32MB mapped into memory or just the top 16MB? Having looked at some cbmem logs it looks like FLASH with size 0x2000000 is mapped @ 0xfe000000.
Just trying to work out if this is a limitation in the cbfs utility or coreboot.
There was a problem hiding this comment.
Presumably it collides with the ROMHOLE is because the CBFS (and bootblock) needs to be placed at the end of the 32MB flash chip?
Exactly.
@miczyg1 is the whole 32MB mapped into memory or just the top 16MB?
Just the top 16MB of the BIOS region.
Having looked at some cbmem logs it looks like FLASH with size 0x2000000 is mapped @ 0xfe000000.
IIRC flashrom prints that, but it is actually bogus info. The MMIO area 0xfe000000 - 0xff000000 has a lot of chipset-specific MMIO (LAPIC, IOAPIC, TXT, TPM and a lot more), so flash can't be mapped there.
The remaining part of the flash is mapped at a separate base address configured in the SPI controller. See details here: https://github.com/coreboot/coreboot/blob/main/src/soc/intel/common/block/fast_spi/mmap_boot.c
(the EXT_BIOS_WIN). Here is base address the programming to the SPI controller PCI space: https://github.com/coreboot/coreboot/blob/main/src/soc/intel/common/block/fast_spi/fast_spi.c#L361
So the cbfs utility would have to look at this PCI register in SPI controllers that support this feature.
|
Thanks so much for this PR! Testing it on my z790p pro DDR5 and it works great (I enabled USB keyboards) |
Did you have any issues setting the whole thing up or were there any hoops i would try it on my device but the last thing i wanna do is reflash my board with a programmer because the firmware ripped it apart |
|
@Hexdigest123 what TPM module are you using? |
Maybe. Added it to a TODO on first post. Will do some testing on my custom branch first, but might leave it to the future as currently this PR has about 2 months of stability testing going for it. |
It uses whatever is here https://github.com/Dasharo/dasharo-blobs/tree/main/msi Of-course, your OS may update it anyway on boot. |
I bought this mainboard and I'm not sure, but I believe it should have a TPM 2.0 MSI MS-4462 (9672) module. |
I can't see on that product page that it ships with a TPM installed? Where you using Dasharo's Heads before and was it working? Can you check to see if the TPM is installed to the motherboard? The errors in your screenshot show that the TPM can't be found by the kernel. So either it's not installed, or something else is wrong that is hiding it. |
I haven't used Heads before. I used Coreboot with UEFI before, and that might actually be the problem. To be honest, I didn't expect someone to figure out the newest version. Do I need to buy and install the new TPM onto the board? |
Ah right. You'll need the "MS-4462" TPM module for TOTP to work and for the boot to be measured. You don't need to solder it, there is a header on the board. Maybe just double check to see if one is installed and there isn't something else going on here. |
I checked it and no there is non sry for wasting your time im gonna order it real quick but from my last experience it may take some time like a few days maximum a week though everything else you made seemed to work |
The problem I addressed was the degradation issue in the Raptor Lake (13th/14th gen) CPUs from Intel. Someone mentioned that Heads didn't include the necessary microcode, and from what I've seen in the blobs, there is a patch, "0x12" that contains some updates but not for my CPU, at least from what I've been able to find online. |
|
Hi, so i tried it with the TPM Module installed and everything works fine i resetted the tpm and chose what to boot my OS also works fine as far as i am aware. |
Testing this now, v0.9.3 seems to be running well without issue. Will update this PR soon-ish. |
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
|
Artefacts for v1.1.5 / v0.9.3. |
hi thanks for your work I wanted to test but I can't access the files after 30 days. Can you share it again, please? |
Hi @headsx0fng, I've updated that comment with re-built artefacts. |
@headsx0fng : please share which rom/platform was tested in your upcoming test results. |
Thank you very much for your prompt response. I wanted to test it with the MSI Z790P DDR5 motherboard. I will mention it. |
|
@Tonux599 what is satisfactory point for merge here? |
I'm happy with it being merged any time. We've had tests for the Z790-P DDR5 but not the others. I would like to keep them in but as I think a big one is the workaround for >32M flash. But that's beyond me currently. Not sure if you have a direct line to @osresearch to see if he could resolve in https://github.com/osresearch/flashtools |
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
@Tonux599 I don' have a direct line to @osresearch. I opened osresearch/flashtools#10 (comment) |
|
I see microcode uodate PR was merged upstream. |
Yeah, apparently new Dasharo version soon for these boards. Will update then. Best hold off on this PR until then. 🙂 |
Please hit me up if you need someone to test it really appreciate your work and until now everything works fine |
Replaces #1962
This is based on Dasharo's coreboot instead of coreboot 25.03.
This is draft for the moment, I'll be testing MSI Pro Z790-P DDR5 on Thursday 28th. I'll un-draft post testing.
It should work, as I have been using my custom fork https://github.com/Tonux599/heads/tree/my-custom-msi_z790p_ddr5 for awhile now without issue. However, that fork is not suitable for most as I've customised it for my own uses (like forcing XMP, disabling hyperthreading, etc).
@mblanqui @Hexdigest123 can you test on your boards?
Need to do some commit cleanup pre-merge also.
TODO: