A few days ago the 9elements developers released by posting on your blog, the news of the porting of the CoreBoot code to the Supermicro X11SSH-TF server motherboard.
The changes are already included in the core code base of CoreBoot and will be included in the next major release. Supermicro X11SSH-TF is the first server motherboard based on the latest generation Intel Xeon processor to be used with CoreBoot.
The reason why the CoreBoot port was made to the board, in the words of the developers:
The development of closed source firmware has been the de facto standard for the electronics industry since its inception.
That didn't change even as open source took off in other areas. Now, with changing use cases and stringent security requirements, it's more important than ever to take open source firmware development to the next level.
On the motherboard we can mention some of its characteristics which are:
- LGA1151, compatible with Intel Xeon E3-1200 v5 processor; Supports 3th generation Intel Core i6 / Pentium / Celeron processors; Supports up to 80W TDP
- Chipset: Intel C236
- Memory: 4x DDR4-2133 / 1866/1600 288-pin DIMM slots, ECC, unbuffered, 64GB maximum capacity
- Slots: 1x PCI-Express 3.0 x8 slot, 1x PCI-Express 3.0 x4 slot (runs at x2)
- SATA: 8x SATA3 ports, support RAID 0, 1, 5, 10
- Form factor: MicroATX, 9.6 x 9.6 inches / 24.4 x 24.4 cm
For those who are still unaware of CoreBoot, you should know that this is an open source alternative to the traditional Basic I / O System (BIOS) that was already on MS-DOS 80s PCs and replacing it with UEFI (Unified Extensible).
CoreBoot it is also a free proprietary firmware analog and is available for full verification and auditing. CoreBoot is used as base firmware for hardware initialization and boot coordination.
Including graphics chip initialization, PCIe, SATA, USB, RS232. At the same time, the binary FSP 2.0 (Intel Firmware Support Package) components and the binary firmware for the Intel ME subsystem, which are required to initialize and launch the CPU and chipset, are integrated into CoreBoot.
It is true that CoreBoot is not very popular yet, but it is important to note that this project has attracted the attention of many and even the NSA, since at the end of June this year.
This security agency assigned some developers to support the project (although this movement was not very well seen by many).
Although leaving this part aside, with this we can measure a little about the great importance that the project is beginning to gain.
About porting CoreBoot to X11SSH-TF
Work took place together with VPN provider Mullvad as part of the system transparency project, with the goal of improving the security of the server infrastructure and getting rid of proprietary components whose status cannot be controlled
To start the operating system the developers proposed to use SeaBios or linuxboot (UEFI-based application Tianocore is not supported due to incompatibility with the Aspeed NGI graphics subsystem, it only works in text mode).
As well as adding board support to CoreBoot, the project participants also implemented support for TPM (Trusted Platform Module) 1.2 / 2.0 based on Intel ME and prepared a driver for ASPEED 2400 SuperI / O controller, which performs the functions of BMC (Baseboard Management Controller).
To remotely control the board, the IPMI interface provided by the BMC AST2400 controller is provided, but to use IPMI, the original firmware must be installed on the BMC controller.
Besides the verified download functionality was also implemented and the superiotool utility added AST2400 support and inteltool the Intel Xeon E3-1200 support.
Finally They also mention that Intel SGX (Software Guard Extensions) is not supported yet due to stability issues.
Without a doubt this is a step for the CoreBoot implementation I continued making my way, as it is many developers that will catch their attention and they will follow in the footsteps of the 9elements developers.