Coreboot + Qubes :: Best Practises / Coreboot docs page
96 views
Skip to first unread message
799
Mar 17, 2018, 3:09:56 PM3/17/18
to qubes...@googlegroups.com
Hello,
I had Coreboot running on my X230 with Qubes 3.2 + Windows Dualboot and reflashed to stock room before installing Qubes 4.
Now I want to reinstall Coreboot without using Dualboot, thereof I have more options regarding 2nd payload.
Question:
What is the best configuration to run Coreboot and Qubes?
Seabios or Grub and are there any special options which might make sense?
Some information has been provided in
But I'd like to see a special page in the documentation and would be willing to contribute or create to such a page.
Should I use Seabios or Grub?
[799]
Rusty Bird
Mar 17, 2018, 6:18:46 PM3/17/18
to 799, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
799:
(might be the default now), and completely disable dynamic loading of
any dubious option ROMs:
$ build/cbfstool build/coreboot.rom add-int -i 0 -n etc/pci-optionrom-exec
That's incompatible with graphical mode GRUB, but you can simply
change GRUB_TERMINAL_OUTPUT from "gfxterm"[1] to "console"[2] in
/etc/default/grub and rerun 'grub2-mkconfig -o /boot/grub2/grub.cfg'.
IMO it actually looks better - no blindingly bright blue light at
night, and fewer font changes during startup. I've been meaning
(forever) to open a pull request to make this the default...
You might also enjoy HEADS[3].
Rusty
1. https://image.ibb.co/jGvCCx/grub_gfxterm.png
2. https://image.ibb.co/mbnsCx/grub_console.png
3. https://github.com/osresearch/heads
-----BEGIN PGP SIGNATURE-----
iQJ7BAEBCgBmBQJarZQ6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfSKUP+NrPMBRzFqbxr7ciUg/Qnh9m
5ykQ4unpLU9CfiAotMDo7xJdjEZA7lwTeloVtsPL1GeVPTpYuFbkX2rxjSUQAb7H
JSWUxTZOU2YjNjQfOz+W/Wnb0uHK9G8a5h2Pf9v8lEW5/Z3iGeTeOiSSjSc6OJjw
Nn9ycrr2m6PvcM14OZ5DqnISdKKogUZBz+9TemhPVgSogA1RpsB9GRHgUcDermgs
D7T62f2Bs79suOMwRDM/IZ6f4MNvsSF1pFSN+xE3JOpivx+xfAgBlc///vsz7dM2
05hqyVLoeCs6qHwe2PtbBlHfLdfPVoaC/kwQRDV8Obj9hP4/CFnQkRDyvN1dnwDi
lV27YYcuWE0lgfsuRW9PwAySzyxEa4OYyDNDEJYW20lB8eTYsusDJAxxiM0X+Ba9
pxf1FQwRoX7C4yjHU1tWb97cTPOMif07O8a5AFod9FPAwmUcwdPC/X/H3eU2CsaP
UP5NEK81Wx1avWdTIBuvrbuPZe5Dj0dwTk0Z5TC5hbKUMYxczDLuFnh/1TnViSRo
4pOUNfXx4Blg4elUrTXASOnPQnZA5X2snVhkQrmqi3nAyRztzTK6x++OqvjlF+q3
T8YiSg66Ssi3iXUFiZlEerCfzpe0Wc+kyvVXh9sM0NhwBs6hErLpmSlLD3785Bxr
P5Lc8JEJpNcnac70K0c=
=L0qD
-----END PGP SIGNATURE-----
Hash: SHA512
799:
> Seabios or Grub and are there any special options which might make sense?
SeaBIOS is nice. You can build it with CONFIG_SEABIOS_VGA_COREBOOT=y
(might be the default now), and completely disable dynamic loading of
any dubious option ROMs:
$ build/cbfstool build/coreboot.rom add-int -i 0 -n etc/pci-optionrom-exec
That's incompatible with graphical mode GRUB, but you can simply
change GRUB_TERMINAL_OUTPUT from "gfxterm"[1] to "console"[2] in
/etc/default/grub and rerun 'grub2-mkconfig -o /boot/grub2/grub.cfg'.
IMO it actually looks better - no blindingly bright blue light at
night, and fewer font changes during startup. I've been meaning
(forever) to open a pull request to make this the default...
You might also enjoy HEADS[3].
Rusty
1. https://image.ibb.co/jGvCCx/grub_gfxterm.png
2. https://image.ibb.co/mbnsCx/grub_console.png
3. https://github.com/osresearch/heads
-----BEGIN PGP SIGNATURE-----
iQJ7BAEBCgBmBQJarZQ6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfSKUP+NrPMBRzFqbxr7ciUg/Qnh9m
5ykQ4unpLU9CfiAotMDo7xJdjEZA7lwTeloVtsPL1GeVPTpYuFbkX2rxjSUQAb7H
JSWUxTZOU2YjNjQfOz+W/Wnb0uHK9G8a5h2Pf9v8lEW5/Z3iGeTeOiSSjSc6OJjw
Nn9ycrr2m6PvcM14OZ5DqnISdKKogUZBz+9TemhPVgSogA1RpsB9GRHgUcDermgs
D7T62f2Bs79suOMwRDM/IZ6f4MNvsSF1pFSN+xE3JOpivx+xfAgBlc///vsz7dM2
05hqyVLoeCs6qHwe2PtbBlHfLdfPVoaC/kwQRDV8Obj9hP4/CFnQkRDyvN1dnwDi
lV27YYcuWE0lgfsuRW9PwAySzyxEa4OYyDNDEJYW20lB8eTYsusDJAxxiM0X+Ba9
pxf1FQwRoX7C4yjHU1tWb97cTPOMif07O8a5AFod9FPAwmUcwdPC/X/H3eU2CsaP
UP5NEK81Wx1avWdTIBuvrbuPZe5Dj0dwTk0Z5TC5hbKUMYxczDLuFnh/1TnViSRo
4pOUNfXx4Blg4elUrTXASOnPQnZA5X2snVhkQrmqi3nAyRztzTK6x++OqvjlF+q3
T8YiSg66Ssi3iXUFiZlEerCfzpe0Wc+kyvVXh9sM0NhwBs6hErLpmSlLD3785Bxr
P5Lc8JEJpNcnac70K0c=
=L0qD
-----END PGP SIGNATURE-----
799
Mar 18, 2018, 8:38:26 AM3/18/18
to qubes...@googlegroups.com
Hello Rusty,
Rusty Bird <rust...@net-c.com> schrieb am Sa., 17. März 2018, 23:18:
SeaBIOS is nice. You can build it with CONFIG_SEABIOS_VGA_COREBOOT=y
(might be the default now), and completely disable dynamic loading of
any dubious option ROMs:
$ build/cbfstool build/coreboot.rom add-int -i 0 -n etc/pci-optionrom-exec
When do I need to run this?
After I
799
Mar 18, 2018, 8:45:07 AM3/18/18
to qubes...@googlegroups.com
Sorry, last Email send in advance while writing...
Hello Rusty,
Rusty Bird <rust...@net-c.com> schrieb am Sa., 17. März 2018, 23:18:
SeaBIOS is nice. You can build it with CONFIG_SEABIOS_VGA_COREBOOT=y
(might be the default now), and completely disable dynamic loading of
any dubious option ROMs:
$ build/cbfstool build/coreboot.rom add-int -i 0 -n etc/pci-optionrom-exec
When do I need to run this? After building my Coreboot ROM?
Can't this option be included in the Coreboot or SeaBIOS menuconfig?
That's incompatible with graphical mode GRUB, but you can simply
change GRUB_TERMINAL_OUTPUT from "gfxterm"[1] to "console"[2] in
/etc/default/grub and rerun 'grub2-mkconfig -o /boot/grub2/grub.cfg'.
I am already using the console setting in my grub installation.
Can I still boot from a USB stick which has graphical boot enabled?
You might also enjoy HEADS.
https://github.com/osresearch/heads
Thanks, looks very interesting, but as far as I understand I don't need Seabios when I am running Heads?
Is somebody already using heads? From the website it seems that it is not that easy to install and maybe still under development?
[799]
Rusty Bird
Mar 18, 2018, 5:47:26 PM3/18/18
to 799, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
799:
Hash: SHA512
799:
> > $ build/cbfstool build/coreboot.rom add-int -i 0 -n etc/pci-optionrom-exec
>
> When do I need to run this? After building my Coreboot ROM?
Yes, see payloads/external/SeaBIOS/seabios/docs/Runtime_config.md for
>
> When do I need to run this? After building my Coreboot ROM?
a list of cbfs options.
> Can't this option be included in the Coreboot or SeaBIOS menuconfig?
SeaBIOS menuconfig) should be equivalent.
> I am already using the console setting in my grub installation.
> Can I still boot from a USB stick which has graphical boot enabled?
installer boot screen (isolinux) is somewhat garbled.
> > You might also enjoy HEADS.
> > https://github.com/osresearch/heads
>
> Thanks, looks very interesting, but as far as I understand I don't need
> Seabios when I am running Heads?
> Is somebody already using heads? From the website it seems that it is not
> that easy to install and maybe still under development?
HEADS myself yet.
Rusty
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJart5cXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrf1aQP+wU1fmTESwGkdUvT1Tzyrnyr
TVKH4hmo7zRv2WXeot12PbfLr/MUsiUkiHLA36u5M1k3HlZasi0wwrMllDNEJnaj
Neq6BtRZE+Dl2OYcMoksjT40deAWYzf4Kct3s6BK93RlsnrkoTSZ4QbJwRxSi0HJ
CZ4lxsW1ucVT6oAieVu7Ol1W8nRXPcrR0BvHKQ2qJGkfC2x8oMOZlLdNLB5hO8Dl
mqye+9V5la+jneVg/8z0PR8UVU/09n8+TmYp3w6isX0VHabv2fpXNQXjiF4gf5nz
uoTl+7/4nXpA81JMUk6CLl0HOnJhlRo0dcG/DaB2J/bSfGk7ADOzHBWrQ1ETifuy
8RLp6Hh0VZU69+BG409hCGte4pzObAjQEjkPYkruSqGLUny6YRGmtwiU/yiLrghV
WfiGW1zIes73NvymEW99Y4/IIy77xKq7HOR+54L5N/pXDOCLKDdslJRlEpYdlhIo
Vmmb58FidYuJ1aJMq45CDuzhFaLLj+DTklENQaUj3VRNZrAIA32aCPrfymabDSSQ
BDqqWge3+kdJi8NhPUJs4ljIK5a6I8942LOG8uUuvX9WXV4731y2DZwTMort0igT
OCjLNy28RGFDMKqSLJj+PVqdpTZNiT1VoNh9m+HstTjTf4mS8h2L51QrWIuKSfwf
yd8R4lXm5Suw6LtUOFlv
=4djs
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages