FOSDEM is the biggest free and non-commercial event organized by and for the community. Its goal is to provide Free and Open Source developers a place to meet. No registration necessary.


Interview: Carl-Daniel Hailfinger

Carl-Daniel Hailfinger will give a talk about "coreboot - The last frontier: Laptops" at FOSDEM 2012.

Could you briefly introduce yourself?

I'm Carl-Daniel Hailfinger, one of the core developers of coreboot and the lead developer of flashrom. Both projects are a hobby of mine since 2006. By day I work in the IT security field. In the past, I've worked in Linux kernel development, the best known aspect of it was reverse engineering the binary only nForce network driver which served as basis for the forcedeth Linux driver. Back in the early 2000s, downloading hundreds of megabytes of OpenOffice and Linux kernel update packages with a slow modem motivated me to invent RPMdeltas, which evolved into the DeltaRPMs we enjoy today. The firmware of the early OLPC XO models was something I contributed to as well. I enjoy low level programming, reverse engineering and attack/defense in IT security.

What will your talk be about, exactly?

We coreboot developers are proud to present the first working mainstream laptop here at FOSDEM. This talk will briefly introduce coreboot goals and current project status, and then jump right into a rollercoaster ride through laptop architecture (main processor and embedded controllers), x86 early initialization, coreboot architecture, reverse engineering, hardware debugging, and how to write coreboot support for a laptop. You'll get to know the various technical (no debug hardware available, ...) and non-technical (no datasheets, ...) roadblocks and how to overcome them. Whether you just want to understand how coreboot works and buy supported hardware or you want to port and install coreboot to your own hardware, this talk will give you all the info to get started.

What do you hope to accomplish by giving this talk? What do you expect?

My hope is to make more developers aware of coreboot+flashrom and to recruit a few more users and possibly even some developers. FOSDEM is pretty unique in this respect: Visitors do ask smart and hard questions, sometimes they are able to establish contact with developers inside hardware manufacturers, and quite a few want to use coreboot or even add support for their own hardware. A talk at FOSDEM is expected to drill down to low-level technical issues and provide high-level overviews at the same time, and the audience won't just sit there and listen, they'll challenge the speaker. Given my past experience, I expect us to get lots of attention through multipliers visiting FOSDEM, quite a few new users and maybe one or two new developers.

How difficult is it to install coreboot on your own system and why would one go through this hassle?

If your system is already on our list of supported systems, installing coreboot is quite easy. You download the source code, let our crossgcc script build a known working toolchain, configure coreboot to select the correct target board, run make, insert a new flash chip in your mainboard, write the compiled coreboot image to the new flash chip with flashrom, poweroff and poweron again. That's it. Your mainboard is now running coreboot. We recommend to send a short mail to the coreboot mailing list (or tell us on IRC) about what you're trying to do, that will help you select the right settings for coreboot configuration. If your mainboard is not supported completely or not at all, you'll have to dive into the code.

Why would you want to use coreboot? Simple!

  • Speed: Poweron to OS in <500 ms (instead of waiting for a glacier to melt with BIOS/EFI, just check with a stop watch how slow that is)
  • Infinite customization: Possible with payloads in the flash chip (run IBM ROM BASIC from ROM, require a Tetris high score instead of a boot password, encrypt+authenticate the whole disk including bootloader, run a Linux distribution directly from the flash chip without needing disk or network)
  • Security: You know which code is running on your CPU without fear of backdoors (most modern laptops have a trojan horse in the BIOS/EFI)
  • Free Software / Open Source (GPLv2)

There are even more reasons, just stop by at our booth and/or listen to the coreboot talk.

What information and skills do you need to port coreboot to not already supported hardware you own and which roadblocks do you have to overcome?

You should know C and have some basic understanding of how x86 hardware works. You need working code for the processor and chipset of your mainboard before you can move on to adding support for the mainboard itself. If the processor and chipset are already supported, adding support for your mainboard is a matter of days (desktop boards) or weeks (laptops). Most mainboard info you need can be reverse engineered rather easily if you don't have docs.

However, if there is no working code for your processor and/or chipset, you have to find the right datasheets with full register descriptions and programming info, especially for processor init and RAM enabling. Adding support for a new processor family or chipset takes at least half a year full-time if you're an experienced developer. Having access to a fast logic analyzer is definitely helpful, as is a contact inside the company whose devices you're trying to support.

The biggest roadblock usually are datasheets or rather the lack thereof. If there are datasheets you can get, they are often missing crucial information. The datasheets for OS device driver writers are useless because all the interesting info is missing unless you're extremely lucky. Some datasheets fail to mention errata which cause boot failures if you follow the docs. Sometimes the vendors don't even know that their docs have bugs. Good (usable) datasheets usually have >1000 pages full of tables and mention all the funny errata, but reading them is not always easy. Sometimes datasheets don't exist and the only hardware documentation is some secret vendor source code which is published as binary blob only.

Laptops have one big additional roadblock: The embedded controller (EC) handles poweron, battery charging, backlight and other hardware functions and is essentially a second computer within the laptop. The EC and the processor+chipset interact in various undocumented ways and often even the laptop vendor has no idea how everything works together. Simply ignoring the EC is not possible, but sometimes you can get by with sniffing the host<->EC communication with a logic analyzer and replaying crucial parts of it (watchdog disabling, RAM poweron, backlight control) until you have figured out the exact meaning of everything.

Which new coreboot features will we see this year?

Coreboot is almost entirely driven by volunteers, so new features apart from hardware support are hard to predict. That said, I expect new AMD hardware to be supported pretty much the instant it is available on the market, and laptops are now a much stronger focus of coreboot. There are rumors that a major company will ship affordable laptops with coreboot in spring/summer 2012, but that's not official yet. Some users with considerable purchasing power to have requested coreboot support for a completely authenticated boot chain for protection against malware and I expect such code to be written this year.

AMD is a well known contributor to coreboot, can you tell us more about which other hardware manufacturers are supporting coreboot and what their reasons are?

Our website has a list of hardware manufacturers and value-added resellers supporting coreboot. Mentioning only a subset of them would be unfair to the others. The reasons for supporting coreboot are as diverse as the devices in which coreboot is used: Entertainment system vendors value boot speed because their customers demand instant-on. In fact, pretty much every manufacturer mentions boot speed as one of the reasons to use coreboot. Real-time system vendors value low and predictable latency for industrial control and live video/audio processing, made possible by SMM avoidance. Firewall vendors value source code availability for their security-conscious customers, especially if those customers want to audit everything. Server vendors in the datacenter space focus on the performance benefits of optimally configured processors and chipsets as well as shorter boot times for reduced downtime. The licensing of coreboot and the lack of royalty payments are also a big reason for coreboot usage.

Have you enjoyed previous FOSDEM editions?

Absolutely yes! A big thank you to the FOSDEM staff for organizing and running this conference.

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.