Msi dasharo upstream #1995
Msi dasharo upstream #1995
Conversation
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Matthew Drobnak <[email protected]> Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
Tonux599
force-pushed
the
msi-dasharo-upstream
branch
from
9cdd697 to
7546d7b
Compare
|
See table below for artefacts ready to be tested. I have tested
In the future, we can create variants supporting USB keyboard and HOTP if the community requires. Future issues that need addressing are:
@tlaurion this is good to merge IMO, |
| /bin/flashprog -p internal --fmap -i COREBOOT -i FMAP -r /tmp/cbfs-init.rom \ | ||
| && CBFS_ARG=" -o /tmp/cbfs-init.rom" \ | ||
| || echo "Failed reading Heads configuration from flash! Some features may not be available." | ||
| fi | ||
|
|
||
| # Load individual files | ||
| cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"` | ||
| cbfsfiles=`cbfs -t 50 -l $CBFS_ARG 2>/dev/null | grep "^heads/initrd/"` |
There was a problem hiding this comment.
@Tonux599 what happens when calling cbfs on MSI platform? What is the issue that needs this workaround?
There was a problem hiding this comment.
If my understanding is correct, the cbfs util reads the cbfs from a location in memory. If a flash is >16M then either:
- Coreboot doesn't map CBFS's larger than 16M into memory. Or,
cbfsdoesn't have the ability to read a region in memory larger than 16M.
Not sure what it is, but the above workaround is from dasharo's release. Effectively, it uses flashprog to read the flash chip (taking 10s of seconds), and then having the cbfs util read from the resulting file.
Edit: and calling cbfs as normal results in an invalid header magic error (presumably because it's reading garbage).
There was a problem hiding this comment.
Edit: and calling cbfs as normal results in an invalid header magic error (presumably because it's reading garbage).
Yes that's why I ask because novacustom boards have spi chips of 32mb and don't need that workaround.
There was a problem hiding this comment.
Edit: and calling cbfs as normal results in an invalid header magic error (presumably because it's reading garbage).
Yes that's why I ask because novacustom boards have spi chips of 32mb and don't need that workaround.
Ah yes, whilst the flash for those boards are 32M I presume the CBFS size is <=16M. These boards need a bigger CBFS so we can fit the ROMHOLE in at a specific location (which allows the rom to be flashed from a usb port on the back).
@miczyg1 am I correct?
There was a problem hiding this comment.
Indeed. cbfs utility only works for cbfs size or flash size <=16MB. Otherwise you need to dump whole flash to make CBFS parsing work...
There was a problem hiding this comment.
@tlaurion happy if I resolve this conversation?
There was a problem hiding this comment.
@Tonux599 that deserves a new issue to be tracked/fixed/resolved under Heads and then osresearch/flashtools. After which this thread can be resolved yes, cross-linking those for traceability. Using flashrom/flashprog is a hack here.
There was a problem hiding this comment.
@miczyg1 random thought, could we not have a 16MB CBFS on the 32MB flash and just write the ROMHOLE to where it belongs on the flash? Presuming the ROMHOLE is somewhere past the the first 16MB.
There was a problem hiding this comment.
@Tonux599 you can't do that. heads paylaod is ~8MB in size, it will not fit neither above nor belwo ROMHOLE if CBFS/coreboot is just 16MB. The ROMHOLE fixed address i just that unfortunate, that it cannot be workarounded. By forcefully writing the ROMHOLE you will corrupt the CBFS and make the image unbootable most likely.
There was a problem hiding this comment.
@miczyg1 Thanks. Trying to wrap my brain around this but think I'm getting there. Presumably it collides with the ROMHOLE is because the CBFS (and bootblock) needs to be placed at the end of the 32MB flash chip?
Also trying to look into a fix for the cbfs utility to read the whole CBFS mapped into memory. @miczyg1 is the whole 32MB mapped into memory or just the top 16MB? Having looked at some cbmem logs it looks like FLASH with size 0x2000000 is mapped @ 0xfe000000.
Just trying to work out if this is a limitation in the cbfs utility or coreboot.
|
Thanks so much for this PR! Testing it on my z790p pro DDR5 and it works great (I enabled USB keyboards) |
Did you have any issues setting the whole thing up or were there any hoops i would try it on my device but the last thing i wanna do is reflash my board with a programmer because the firmware ripped it apart |
Looks like it should be @Hexdigest123 please use |
Signed-off-by: Thomas Clarke <[email protected]>
|
@tlaurion re discussion above, would you like me to create usb keyboard variants? That would double the number of board configs though. |
Im using the msi_z790p_ddr5 and thanks for the clarification |
I am not sure about this. People coming to Heads, having a board that permits ps2 keyboard but deciding to use USB? USB hid being a security risk, is there anything justifying usage of USB keyboard vs ps2? If so, what about we enable it in config by default, and warn the user to deactivate it through config for additional security? Otherwise I don't have anything against it per se, but we might at some point hit some limitations through CircleCI for free tier build time but we ar not there yet. |
If |
|
Looks like Dasharo literally just released new versions for the MSI boards, so will update sometime. https://docs.dasharo.com/variants/msi_z690/releases/#v115-2025-09-18 non-LTS so may not be as stable though. |
All laptop boards now build and ship usb hid, but don't load it by default unless configured so. config-gui.sh documents this as code. |
1 similar comment
All laptop boards now build and ship usb hid, but don't load it by default unless configured so. config-gui.sh documents this as code. |
Both based on coreboot 24.12. As general advice, use make coreboot helpers to save in defconfig format, remove config lines there that should not be overriden, and then use helper to save back in oldconfig format. @Tonux599 do you plan on bumping coreboot version soon? Mostly all boards but NV4x seem to have been bumped, which heads share for buildstack for most boards. |
As said in prior comment, the idea here was to have users use ps2 when supported (or on-board keyboards for laptops) to enable us keyboard once per options config override or at build time (board config), letting the default be safer (ps2 safer then us for keyboards in regard of rubber ducky). I would like to read a good justification to change this first, from a real use case that would justify usb keyboard when ps2 is available from motherboard connector @Hexdigest123 ? Why do you prefer usb to ps2? |
I think USB support from the pre-built images isn't strictly necessary, but I prefer it because I'm not going to buy a PS/2 keyboard just to use my USB keyboard. Having the option to turn it on and build it myself is fine with me. I'm just glad someone did the heavy lifting of upgrading Heads to the newest version, and a big thanks again. I'm in the process of flashing the ROM onto my board and will give you an update. |
|
Before i switch over to the firmware for more then just a few tests does it have the new microcode for 14th Gen Intel CPU's so its not getting fried? |
|
I switched my firmware, and from what I can tell, the startup works just fine. However, I'll need a PS/2 keyboard, which I'll buy tomorrow, since the "CONFIG_REQUIRE_USB_KEYBOARD=y" flag didn't work for some reason. I'll be back for the full test. |
The PR that made things configurable, usb hid module included by default, while not loaded unless configured by user was #1838 Init: Calling enable _usb from etc/functions : So either Or
In board config should work @Hexdigest123. If exported variables in board config don't match what code expects, the driver won't be loaded by enable_usb and usb hid won't be there so usb keyboard won't work. Edit: Export requirements missing under https://github.com/linuxboot/heads/blob/master/doc/config.md |
|
Hi, I just tried out your fork. It seems I'm doing something wrong because it's not working at all (basic setup, booting into an OS). Here is some output that might help. I tried the following:
|
|
@Hexdigest123 what TPM module are you using? |
Maybe. Added it to a TODO on first post. Will do some testing on my custom branch first, but might leave it to the future as currently this PR has about 2 months of stability testing going for it. |
It uses whatever is here https://github.com/Dasharo/dasharo-blobs/tree/main/msi Of-course, your OS may update it anyway on boot. |
I bought this mainboard and I'm not sure, but I believe it should have a TPM 2.0 MSI MS-4462 (9672) module. |
I can't see on that product page that it ships with a TPM installed? Where you using Dasharo's Heads before and was it working? Can you check to see if the TPM is installed to the motherboard? The errors in your screenshot show that the TPM can't be found by the kernel. So either it's not installed, or something else is wrong that is hiding it. |
I haven't used Heads before. I used Coreboot with UEFI before, and that might actually be the problem. To be honest, I didn't expect someone to figure out the newest version. Do I need to buy and install the new TPM onto the board? |
Ah right. You'll need the "MS-4462" TPM module for TOTP to work and for the boot to be measured. You don't need to solder it, there is a header on the board. Maybe just double check to see if one is installed and there isn't something else going on here. |
I checked it and no there is non sry for wasting your time im gonna order it real quick but from my last experience it may take some time like a few days maximum a week though everything else you made seemed to work |
The problem I addressed was the degradation issue in the Raptor Lake (13th/14th gen) CPUs from Intel. Someone mentioned that Heads didn't include the necessary microcode, and from what I've seen in the blobs, there is a patch, "0x12" that contains some updates but not for my CPU, at least from what I've been able to find online. |
|
Hi, so i tried it with the TPM Module installed and everything works fine i resetted the tpm and chose what to boot my OS also works fine as far as i am aware. |
Testing this now, v0.9.3 seems to be running well without issue. Will update this PR soon-ish. |
Signed-off-by: Thomas Clarke <[email protected]>
Signed-off-by: Thomas Clarke <[email protected]>
|
Artefacts for v1.1.5 / v0.9.3. |
Replaces #1962
This is based on Dasharo's coreboot instead of coreboot 25.03.
This is draft for the moment, I'll be testing MSI Pro Z790-P DDR5 on Thursday 28th. I'll un-draft post testing.
It should work, as I have been using my custom fork https://github.com/Tonux599/heads/tree/my-custom-msi_z790p_ddr5 for awhile now without issue. However, that fork is not suitable for most as I've customised it for my own uses (like forcing XMP, disabling hyperthreading, etc).
@mblanqui @Hexdigest123 can you test on your boards?
Need to do some commit cleanup pre-merge also.
TODO: