so I’m here to talk about core billet on the wrist v I had a couple I had a really good question this morning called why do you even want to bother with Corbin can’t we just start the colonel and that’s what I thought when I started this project in 1999 I had systems that I could you know get the firmware to get the hardware working in about 100 instructions in 1999 and you know that hardware is all about the stuff that’s outside the CPU so all the talks this morning we’re kind of about this CPU this risk v the stuff that’s outside the CPU now takes about a billion instructions to get right on a Chromebook which is about as simple an x86 chipset as you’re going to imagine so we’ve gone from 100 to a billion you know in 12 years Moore’s law in Reverse maybe things get worse so this is really about the stuff that has to run before your kernel can even do anything and in the early days of Linux BIOS which is what this was called when I started it I thought I’ll just put Linux and flash in or work so I learned the hard way that wasn’t right but I never expected I would be in a billion instructions before that could work so we’re gonna talk about what firmware is what core boot is why we’d like to have it on the rest 5 and then you know history and structure and lessons learned and I’m gonna try and focus me on status and lessons learned so I may skip a few slides but they’re in the slide deck so you should be able to see them and I’m gonna start with the PC even though you know there was firmware before the PC it’s just that nobody really realized it and firmware in the 1974 PC era was the bottom half year operating system so you had this ROM this gigantic a kilobit ROM on your motherboard and it had entry vectors and your operating system would call it and so the operating system had an abstracted floppy disk and it would call things in this in this part and that implemented the real floppy disk so I could run on an insider and Altair or anything I wanted to same floppy different hardware but the abstraction was maintained on the motherboard that’s why you could run CPM on all those different 8080 you know based in CATV systems and it sucked you know it was really slow there’s no easy bug fix path you’ve got your board you really you’re probably not gonna reprogram that EEPROM and it was an SMP capable none of this really mattered back then but it started to matter later fortunately by 1990 we had wonderful buses well you know a little bit later we had wonderful buses like PCI and we could do this fire-and-forget where we’ve just the BIOS would set up the bootloader and disappear right so once your kernel was running the BIOS was completely out of the picture and all the BIOS really needed for something like Linux or BSD was setup the stuff there kernels can’t do anything and that get gone and Linux files is one example of that Linux BIOS has only function was to get the hardware ready for a kernel and then start the kernel and then disappear this is great right you could you can boot a complex server know the Linux in like three seconds that’s what we did it while salamis where I did a lot of this work in the early days and we built fully up HPC systems based on this model and you know we’ve progressed a lot because in 2015 on those I have the run EFI I can do the same thing in three hundred seconds so you know again it’s not a factor of a lot but it’s still a couple orders of magnitude star wars-themed right because Star Wars so 2005 one things kind of went in the wrong direction from my point of view so our kernels in ring zero so we were stuck for a ring numbering so we said oh well hypervisors ring minus one well unfortunately the firmware doesn’t go away anymore on those platforms it’s still there it’s there when you press a button to turn the thing off it’s kind of always with you unfortunately and it sucks it still sucks right it’s kind of slow if you’re on an x86 like an auntie or an intel AMD x86 64 when you hit the power button and it goes into this sort of firmware management mode all the four stop that one which is kind of insane if you have a machine with a lot of course you might want to have and if you’re on a machine like a knight a Neum like lawrence livermore head on one cluster well you know you might have two processors and or this sort of maintenance mode stuff that’s running in as we call it ring – – and it’s not SMP safe and then your nodes crash every time two things happen to enter that and they would enter it if you got a double ECC you know incorrectly CC fault so I like this model I wish it had not come back it has come back and it’s even be pushed now forearm v8 so why don’t I like persistent firmware it’s another attack vector that’s been demonstrated time and time again in the last few years it’s indistinguishable from a persistent embedded threat because is this stuff is running you know what it’s doing is an exploit maybe or is it not an exploit you really can’t tell and I don’t think it’s necessary in an open-source world so my preference is fire-and-forget as opposed to it’s always with you and if you look at the low risk machine

I think the minion cores are actually ideal for that right so all the things we do today is like a management engine in the intel case or an embedded controller in your laptop these weird separate out-of-band processors running code that you don’t have any control over in my view go to low risk and look at those minion cores and those things are your maintenance things and they’re running actually kernel threads and those maintain your platform so you know fire-and-forget from my point of view is what you want so where does coreboot come into this this is a gplv2 bios replacement we started at los alamos in 1999 it began as Linux BIOS because the original model for the first couple years is you actually embed Linux and flash some people still do that and you know you start your kernel and in the HPC case we use Linux to boot the real Linux that ran on the supercomputer we renamed into core boot in 2007 because Sun and Microsoft said they didn’t want to work with a product that had Linux in the name and I said oh we’ll start using it if you take that Linux name out of it so we took the Linux name out of it and never used it anyway what are you gonna do it’s mostly C with a very small amount of assembly and a CPI source language we use pay config and K build its builds in about 10 seconds for risk 5 I just have to tested that again this morning and it’s got this high level organization in the source tree that’s around the block diagram so I’ll show you that in a minute it is very very definitely not a bootloader it’s designed to either load a kernel from flash or load a bootloader from flash but we very very carefully restrict what it does to doing almost nothing and getting out of the way this is sort of a diagram of how things can boot in core boots so you see coreboot there and three payloads either philo which is a lie low with all the BIOS calls removed this thing called C BIOS which is a box miles free written in C so if you ever wonder what C BIOS means the s EE a means a letter C as in written in C and depth-charge which is a what we use on Chromebooks for what we call verified boot so there we see booting Linux Windows and Chrome OS so why bother why do this well Courbet is actually a rapidly becoming a standard and a lot of consumer hardware all the Chrome OS any chrome Westing ever see since 2012 runs core boot which means half of all the educational devices in the US it turns out we’ve got a really good verified boot solution so you can guarantee your booting what you should have been booting it’s all signed at every level it’s really well worked out we’ve got a nice recovery and update model so there’s a million Chromebooks out there and we need to do an update of the firmware we can actually do that safely that’s worked very well now for several years and I see that as being very good for an internet of things and maybe one internet of thing you can think about is the new router that Google released a few months ago so I see it as open source firmware for other source CPU I started the port in October 2014 that was mainly toolchain utilities the RISC five guys did a fantastic job on getting the tool chain working well for us first qmu boot was about six weeks later in between me starting and me ending it and went off on travel and did a bunch of other things so really it could have really been done in about a week and I’ll break down sort of what the tasks were in a few slides they came out with a nice privileged model last year about May or June and I had a great intern from Stanford who spent two months getting that up and got it all working again in September so that was changed everything tool chain I mean there wasn’t a single thing that didn’t change with that change the first port runs on qmu the Commun doesn’t do the privilege model yet so the second port runs on Spike looking forward to getting that qmu back you’ve got to use the 5.2 version at TCC but I think the really important thing is the risk 5 support went up in 11 you know November 2014 there is not a of the 5,000 commits that’s been made the coreboot since then that’s allowed to break that that support in other words work risk 5 is the first class citizen nobody gets to break it just cuz they want to add some feature to arm right it’s there and it’s well supported and that was really important to make sure that happens so every time the commit goes into the corporate repo there’s a full bill done of all targets in the Corbeau tree which is about 250 300 of them now one of those is risk 5 and it has to work so the basic structure so all the source top-level source starts in a directory called source not surprisingly and you kind of start from the main board and work your way down so there’s source main board emulation and emulation as a vendor type spike risk fee is an instance of a board from the vendor emulation you know normally in B source main board Google or source main board Samsung they’ll be grouped emulation in one thing that point that actually imports a thing from the source system-on-chip directory source SOC we call UCB the vendor in this case risk v that points to an architecture directory

search source arch risk 5 and then arrest is common code so it’s kind of three directories that are specific to risk 5 and the rest is just Corbett this is what it looks like sort of drilling down a little bit this is the emulations by Christie you can see there’s just like and generally not a lot there if you dot C files and Spike util is sort of how we talked to spike to do things like serial i/o system-on-chip there’s almost nothing there at all it’s just some glue this would grow a lot bigger when we get to real Hardware I’m hoping we’re gonna do this year and this is where a lot of the meat of this thing is search our source arch risk 5 notice we have stuff in there like exception handling you can see include arts accept into add H the very early assembly code which is usually about 10 lines on these ports the rest of it is C and that’s kind of about it one of the things we do when we start because the the alignment traps kind of came and went as we were doing this project we actually force a couple traps to make sure our exception handling is working so part of the startup is to deliberately cause a trap to happen make sure we catch a we can continue and that’s been handy because again sometimes exceptions on alignments would come and go and we had to make sure they continue to work if they came back so all the c4 this target is ten thousand lines of code all the rest five sources about nine hundred lines of code I’m discounting see not H the port effort is in those files you soul and the rest was unchanged no F being honest we had we had PowerPC and alpha working in 2001 that was kind of fell by the wayside and we picked up some 32-bit isms and some byte ordering problems which we fix so you know the rest is unchanged functionally there were probably 10 or 20 instances of none clean this and sort of 64-bit isms and that sort of thing alright so there’s always this question of QA you’ve got a board you’ve got a port you think it runs you’re not sure at all times that it runs what do you do about that the federal office for information security in Germany actually runs and you can go and check it out that website the BSI actually a couple of years ago when they started fielding systems with their armed forces in Afghanistan decided that they could not risk having laptops that ran binary blobs and firmware that they didn’t have control over and they essentially said that from now on when we field stuff it’s going to run coreboot so that’s been there for about eight eight nine years now that’s resulted in some very interesting discussions and interactions with Intel as you can guess but each time that’s come away with you know coreboot all of the source base firmware winning anyway they’ve set up a number of hardware test stations that can they can automatically flash so they can do a build flash reboot check serial outputs all the way up to linux all the way up to running regression tests in linux and making sure that everything still works that’s really a very powerful thing to have and they basically have said that as soon as I’ve got risk five Hardware that I can tell them how to buy from wherever I buy it they’re gonna set up a test stand for risk five and are willing to do multiple of these so essentially the German government has said that they will be happy to validate risk five hardware running coreboot for us and linux so you can see the information on the test and is from a company called wrapped our engineering that kind of makes their living doing core boot so my reasoning here so you’re gonna do a system you need firmware we’ve talked about the architecture this morning and specific cpus but firmware is about the stuff that’s not the cpu that stuff is always complicated it always has bugs linux actually doesn’t know how to turn this stuff on because it’s generally not dropped into a system with this stuff off so linux for example can actually configure non configured PCI interfaces correctly it’s one of the first things I learned in 2000 so you’re really kind of I view it as a necessary evil I want it to be gone when I’m done booting that’s the model I believe in you know maybe there is some stuff that has to persist what I would argue that is if you need something to persist sort of in this very high level protection ring which I guess is ring 3 on risk 5 I always get them backwards you know the most privileged ring that should be something your kernel installs in that or or provides to that in some way I don’t really want to left there by firmware because I can’t tell if it’s an attack or not I think it should be something I own but anyway if you’re going to do a system you need firmware if you’re gonna do firmware might as well be coreboot this is my biased view but if you do that you get a free hardware test and and you don’t have to pay for it german government will pay for it that’s kind of a neat thing you know if anyway if you can ever spend someone else’s money don’t ask questions just do it so status we did two ports of the few weeks work the guy got from Stanford didn’t know you know firmware from a whole underground of course he was a smart guy so he kind of ramped up but he had to do a lot of work and he

had to he wasn’t afraid to dig but it was still point and effort we booted a team you in the first court the second court needs to once spiked the Linux it had to do additional stuff right so up the paging set up the privilege levels do the transition to the outer privilege level for Linux that kind of stuff that all works and that can’t be made the break right that’s part of the tree you don’t get to break it because you want some feature in your viii whatever okay you can’t break risk five that’s kind of the rule all right so there’s a couple of lessons we’ve learned over the last 16 years which I wanted to throw out because we’ve got a lot of good systems builders here you know there are various arms give me a boot time SRAM it’s really nice 348 K or whatever on some of these arms one thing that’s really key is make sure if you can that it’s kind of somewhere known that helps a lot even more importantly please don’t alias it by Dean Ram once the RAM is up so it’s kind of nice to have it there even if you turn on DRAM and various some of these various arm stocks do that on the x86 we have RAM learning you know we can build ran out of cash that’s called caches Ram but as soon as you turn memory on that’s that memory kind of vanishes and that’s painful so if there’s way to do it this way like your arms do that’d be great I just had this discussion with Tim I think he’s not totally in agreement with me on this but just give me a serial port right just please just bring out one pin it can be the worst serial cord in the universe okay it can be fixed at some baud rate 115 to make it miserable for me he’s kind of halfway convinced I don’t want that you know I don’t want that but I can’t quite convince myself I don’t I can’t recommend more strongly that you just given me this thing it can be all applet even right applet only is fine but this stays a huge amount of time and bring up I mean literally could save months and bring up runtime functions that you trap to for whatever reason in my opinion or the end of kernel and is why I’m so excited about the minion course because to me they seem like the ideal way to solve this problem not everyone in a corporate community agrees with that by the way there’s a friend of mine who implemented the system management mode important and he argues as being all the time about this firmware tables always need translation my kernel so as long as we’re starting clean they do we can start a little cleaner than we have make them text not binary so there was a table and the various Intel processors called the nd table and it was a binary table and I had a version in it there our first nicely two versions in that table 1.1 and 1.4 no one ever moved beyond that because it’s friggin impossible it seems a binary table once you’ve got enough code new wilderness right just make them text the colonel is going to interpret them anyway and and think in terms of you know your this is gonna be C code not assembly code parsing a table don’t spend a lot of effort making it easy to parse it in assembly it’s wasted time a CPU I spent a lot of effort to make things easily parcel assembly and nobody cares the open firmware trees not bad actually some work I’ve been doing recently two different operating systems projects we decided it with Jason because Jason works and is dead simple in anything can parse it mass drum ever all these arms have mass grounds they got a full USB stack inside I can’t totally convinced myself that’s a good idea but it’s there but maybe you don’t want to do that right maybe you want to think about some way to load a new BIOS image that doesn’t involve a USB stick and maybe involves some kind of lower complexity protocol like SPI or something if you’re gonna do a board throw some Network Hardware on there and make it a really dead simple network tip because the testing requires it so maybe the first board you do this is a huge problem with with tion map a bunch of t I own that boards did not have a network chip on them they wanted you to put a USB stick in for network that made testing just a ton harder so throw an RTL 18 169 or a ton 111 on there for your first iteration or just some kind of simple NIC that let’s just why are you into a test and easily oh don’t cheap panel inspire flash part size probably nobody’s gonna like this suggestion but man just just plan for a big damn flash part you will not regret it you will regret it if you plan for four Meg I can guarantee you that eight sounds big until you really need to put some stuff in there just just go for something big this is a funny one okay I’ve just about enough time to tell the story for the past 38 years or so there’s been an i/o port on PCs port 80 you just you just appreciate bits out to it right and and normally there’s nothing there to receive it it goes to arrow and actually the card that receives it is designed that way to never respond to an but it grabs it in displace it in to hex digits anyone who’s seen a motherboard with the two hex digits on it that that rotate and changed value as you turn it on that’s the post code that was

inspired by the unnamed frames believe it or not every i/o chip built for the last 38 years knows that if like you go to 80 and it doesn’t respond just it’s okay it’s good we will not blow up and explode accept Intel’s Cave Creek chipset so the eleventh instruction and coreboot is opposed to port 80 of an 11 the kind of Sam here in the Intel cave treat chips that immediately resets and blows up and dies if you do that because nothing responded in port 80 so think really really really hard about your IO chipsets what they’re gonna do in the early going okay when the system’s not really up it was an easy mistake to make and and Intel got it right except in that one chipset for like many many years but it’s a warning that I thought I’d throw out there so risk 5 needs firmware we’ve got open source run reported today we’ve got a port of the new privileged model it’s the same firmware used in millions of consumer and embedded systems laptops tablets routers there’s a lot of places it’s use people don’t know about like the I Robot pack thought uses it that’s the one that goes out and gets blown up by minds which is preferable and getting people blown up by minds it’s in digital TVs it’s just it’s I you know if I wanted to go out and hunt down people who were violating a GPL I guess I could but I don’t care but it’s many many places we’ve got this really good verified boot model courtesy of Chrome OS and he’s update models despite a lot of efforts by people the verified boot I think it’s not even broken once my thinking and it was a bug that somebody inserted in a script and that’s about it I was trying to make sure I didn’t write over I don’t think I did any questions hi so John masters Red Hat yeah I was one of the people that pushed for all those things on on v8 that you didn’t like ok and so so but I think the point I wanted to make and just maybe give you a chance to have a response to is that it does depend on the target audience so when we are talking about on v8 and talk about servers and my perspective with risk five is very similar I am very interested to see options for stable platforms that exist so that if there is going to be a mainstream pre-built precompiled operating systems that run for many years of the kind that we see on servers in the mainstream we do need to have some of these stable platforms we do need to have things like SMI we do need to know and you and I both know that this is I should say that core be demonstrated the first open source SMN yeah I’d have to say of all the things I really feel strongly about that’s the one I feel least strongly about okay so let’s agree that different different target markets and maybe we should just you know make sure we can address both is what I’m trying to say okay thank you hi Sam I’ve no particular corporate affiliation so you mentioned that the purpose of core boot is to bootstrap whatever host OS you’re running and then get out of the way that’s the early goal and I just blanked on your name John is pointed out and it’s true for Chromebooks we we can’t because we have to okay so that partially answers my question then because I was going to say why so much code if it’s just load and then disappear but yeah thank you now the 10k for risk five we don’t leave anything behind but it’s just that there’s a lot of generic pieces and you get compiled in one of those pieces is the thing that uncompress is the payload because the relative bandwidth difference between Flash and RAM is high enough that compression has always been a good good thing to do so there’s an LCM a decompressed stuff in there yeah Frank parent here does core boot address pcie enumeration and store off things to give to the the OS one of boots yeah in fact so my very first version Linux file side end enumerate PCIe cuz I said Linux will enumerate PCI first thing that happens first food Linux come up and says there’s no PCI devices here and that’s when I learned the hard way that I was gonna have to do it so yeah we do all the PCI enumeration and all this great set up and we can actually even run option roms if you enable that we actually will flip and I hate that everyone hates to do this but we will flip the 8086 move run the option ROM and return so yeah we we pretty much do everything the main thing we don’t do nowadays is leave behind a bunch of interrupt handlers classic BIOS interrupt handlers turns out c miles will do that if you want so we even have

that option in some cases we do not handle this correctly actually I just found this out a little while ago we do a lousy job with 64-bit bars cuz you just haven’t had any of them lately we started out as a server firmware thing but the vendors you know I think especially Intel when they decided they wouldn’t let anyone know how quick pass worked we ended up being kind of a laptop tablet embedded thing and there just hasn’t been any real need for 64-bit bars there so that I just hit this last week and realized goodness said ten years and we still didn’t get around to fixing that so it it’s going to get done but it hasn’t been done yet hi I’m Matt Weatherford from University of Washington I’m just wondering if you could say a little more about the recovery and update model oh that’s actually kind of interesting because it’s a philosophical thing that came with Chrome OS so in chrome hardware there’s a screw that locks down the right protect for the top to mega flash and basically in the very early going in a very very very first step and it’s gotten a little earlier each time there’s thing called the boot clock that that kind of looks in the right of a part of flash and makes a decision about whether there’s a firmware image that should run in there instead of them wanting to read only but the read-only is always read-only unless you crack the case open and remove that screw and so the result is that the update is to the right a little harder flash and then and in coreboot will run the firmware net writable part of flash fits there and if it passes the signature test otherwise it’ll fall back to the read-only part so that’s the model this is very different model from pretty much every other firmware which tries to make it possible to update all a flash but every time somebody’s trying to make that work they’ve been exploited so the decision was that the read-only part was essentially forever read-only and if you ever took the screw out then we basically throw up a screen that says you know what we don’t know your state then we can’t pretend to boot protected the OS image but we’ll go ahead and continue to be