 Welcome to the talk news from the Corbett land at this year's all system go first question who of you Uses Corbett already Okay, that's I think we're three hands. So none not for so it could be more people so those of you who have been in the talk before that was like heaven because the Speaker said on this STM device if you set a pin Reset a jumper then the boot lock is disabled and all your code is executed and you have the full control of the device and This proprietary firmware and today's devices. This is very hard for compute and consumer devices and Yeah, that's why I think Corbett is quite important Just a few words to myself Yeah, I studied math here in Berlin and I like free software and I'm active in Corbett since 2005 but Yeah, I'm mainly a user but also Support the community a little bit All right. So what happened a Long time ago in July this year The commit which you see there was tagged as release photo time and Yeah, it was actually like two months late. I'd say the Cobb project tries to release Do a do a release every six months and But it's just like a checkpoint in the comet history it doesn't give Yeah, any guarantees. Let's say it's of course there are Some things are tested beforehand, but it's yeah, just the comet which is named with a number some stats So they're actually quite a lot of authors a comet authors like almost 200 Yeah, there were a lot of changes and Yeah, also quite a lot of new contributors 11,000 lines of course codes were added and 5,000 lines of comments Because of the time I just will be touching some small topics and the first one is the sea environment boot block there was an old way to boot or to build a core boot for devices and that was related to how The older processors were laid out that there were not a lot of the second level cash for example and our level one cash and that GCC also was not able to build the boot block and That's why like in the early 2000 Eric Biedermann. He wrote a separate compiler for core boot which built the boot block in the beginning So and then people said okay with new processors and GCC evolved We can actually we actually want to use GCC because wrong and CC had several Disadvantages and Some constructs were not supported and yeah GCC is much more well tested of course and so Alexander Kanyuk he started to To change the environment by allowing the boot block to be To to run a sea environment when and the boot where the boot block gets built with The rest was GCC. So that's a modern way to boot and so it's a big task to Convert the current boards maybe to this new method and for example for arm which came to Corbett much later as a support that was already possible. So that's mainly a big task for x86 so Yeah, just it won't be as technical as in the talk before but and that you just see some That you know where to look and if you're interested. So there's this Yeah, Wallace assembler Thing and code which sets up The device in the beginning so it can run in the end the Yeah The the boot block so it jumps to boot block pre see entry after it goes Yeah, after it sets up the processor this way and these include files and for example and For QEMU where it's not a hard problem to set up rum It then calls boot block see entry pissed So several as I said several boards were converted and these were mainly internships and Yeah, that's so much and that's a big task now because I will come to it later. It's a hard requirement for the future Yeah, regarding what there were a lot of new boards also added Google does a lot of Chromebook Developments and releases new versions for this of course, but There's also now a quite current server boards Supported I think This is Hasmo so super micro X10 SLM plus F and Also because it's kind of similar after this Oh, sorry after the 410 release the super micro X 11 was Was Release which is a carbonic server board. So of course it's now again a hard Decision because AMD released epics and so on. So nobody wants until anymore, but you don't get called with this Epic so as always, it's a complicated word world Yeah for system on chips AMD Picasso Was added which is going to be used in Chromebooks and also an arm Qualcomm processor and I just wanted to go into AMD a little bit As with the inter management engine, they also have a platform security processor, which is an auxiliary processor I think it's an arm ship and Yeah, it's Actually quite powerful and before the actual Processor is taken out of reset It does a lot of things and it's I think it's been there for like seven or eight years But now it also happens that for future AMD systems this This platform security processor will for example also initialize and the memory. Yeah, which is kind of a new thing It has a little bit to do with how AMD probably Positions itself in the future also with arm devices and so on so that they Takes the devices more part, but that also is quite new. So That's a run initialization is not run on the main processor. So that's kind of new and that also Yeah, give some The corporate project now also has to think about how to adapt to this because yeah You don't run you don't start from flesh, but you start from DRM for example so some things components have to be adapted and Yeah, and that's also quite of hard. I mean I come to this in the blob section later, but Rum initialization is quite complex. So it's on the one hand Only the vendor more or less knows how to do it But on the other hand also to fix box and so on and in the spirit of free software actually the corporate project actually wants to have a Also the code for how to initialize the run. So Yeah, it's and it's a new problem and because Now we more or less would also need to somehow write the firmware for the PSP, but of course it's signed and so on Yeah, so That's for that. We will see how it works But I come to this later There were also some devices removed because Certain requirements which we set for boards or standards were not Met and that's a geo LX. I think it's now 15 years old or so. It wasn't old AMD processor Which actually had a its own kind architecture, but I think it could emulate x86 So it was quite interested interesting and it was also supported by coboot and Quite popular and routers or embedded boards One example is the PC engines Alex boards, which were used for routers for example This year we had three Google summer of code projects. So thank you Google for that So a lot of co verity. So coboot is integrated in co verity and the static analyzer from some US University or so it's our company and they Yeah, so one project tried to fix all these and co verity box then Yeah, the QEM you are 64 support and port To to create that's one was one project and the G draw is a program from the NSA. I think which they Which is kind of like Nah, either pro certain disassembler Project and One student worked on adding support First for coboot images, of course, but it's on the one hand not so interesting because we have a lot of source for that but Also to add a little bit support that you can load you if I images I think and then be able more or less to reverse Engineers So the next release for 11 is planned for October, but as I said the only reason Important stuff is more or less. It's just a tag and afterwards a certain criteria or dedication which were Announced at least six months earlier are applied So these are the new criterias as I said all boards have to support the environment boot block and Yeah the car global migration and so car Is cash as rum and the variable which are stored in there needs to be moved to the next stages and So we can for example use timestamps which you measure in the ROM stage can also be Moved or seen in in the ROM stage and later on you can read them out Yeah, so And maybe I forgot to say for example for C environment boot block is of course gives gives a little bit Gives a lot of advantages for example all this stuff which Google does with verified boot They have their own verified boot implementation V boot to and so they measure certain They make hash thumbs of certain parts and to verify that These the stuff has hasn't been altered and this is for example, just possible for see environment boot block And so all ports which support this would automatically profit from the other infrastructure So that's yeah quite nice But the downside is for example the current server boards, which is also already seven Eight years old, but which is the most powerful x86 boards and currently available in Corbett without any blobs Besides microcode that's the aces KGP D 16 and This in the current situation will be dropped Yeah Yeah, so also what happened there is now more less in established conference for firmware development It's the open-source firmware conference and it took place in This year in California at the Google and Facebook campus and yeah San Francisco and San Jose so Sunny valley, I think or Sunny Vale and Last year it happened in Bonn, so it was in Europe and then hope next year it will be again in in Europe and Yeah, it's quite established now because For the Deppin visa visa Zau Lin his nickname from nine elements. He is quite Communicative and motivated and he gets a lot of projects together and so that's quite cool to have Also like officer projects come together and to talk about Roadmaps and goals and for example core boot Linux boot tie on a core open BMC U boot PT boot, which is a boot program for power PCs and For example the firmware update project was also there which is Richard Hughes and which On current laptops or devices. Let's you update your ufi firmware with the UEFI capsule technique Just from the Linux user space, which is a cool thing they were all there and they cooperate now and The talks were recorded so but not published yet, so I'm looking forward to them because I I wasn't able to go to the yes Yeah on the meeting this it was announced that for this server board if people are interested to keep support that the community can Raise funds and the 3M bit company which is in Poland Would be willing to maintain this port So Some ongoing work Which is happening There's a new media tech chip which is also something to look for because they get more powerful and get even more viable alternatives for x86 Which is always good to have then some Person started to work on a core boot port for power PC 64 Which you might have heard which currently uses host boot she boot and petite boot and These are currently used for example Of course on servers, but they are also now workstation boards from rector engineering The tailors and blackbird you might have heard of it. So it's a yeah desktop workstation board Which you can get and Currently on power also you heard that the isa is now put under a free license and the power foundation Open power foundation is now part of the Linux foundation So it's actually quite open now and also good alternative and Hopefully it would put some pressure on the x86 people Yeah risk 5 is still also Supported some people work on this so they are quite disappointed that there also is now a system management mode and risk 5 and Yeah, the integration of the AMD PSP processor is quite a challenge also, yeah with binary blobs Let's say I come to it later. So The result of the open firmware conference is that now people also work on the fw and firmware update utility integration This is not directly related to core boot, but to firmware in general kx. Like is now able to boot Microsoft windows There's a gee good sum of code project was there, which is very nice It is clearly nox and they work on booting quickly They got a colonel now and on the Linux plumber's conference. They talked about 300 milliseconds corner execution time Which is nice to have of course They also need a fast firmware because even if your Linux system your Linux system boots in One second and your firmware like on my Dell boots in 10 seconds, then that's Yeah, not good So I hope that they are Will get a lot of stuff upstream and all people will profit from it and there's also now a firmware project Which is called all boot which is and firmware implementation and rust and they Have a goal that they don't allow any binary blobs so to the end I want to talk about some ongoing issues like Blobs, so it causes a lot of hassle and actually work which actually would be better to put into working world working code instead of Thinking about glue codes or wonder why this blob doesn't do as what do you expect? And so there's a lot of time kind of wasted. I think a Lot of stuff gets a little bit better because now the Binary switch are published are better documented and The ABI is not broken that often and so on But it also causes some license and licensing issues there Corbett is TPL. So if the platform Initialization code binary called spec into Corbett. Is it a violation? Is it not so? current state is it's not but It's issues. You actually don't want to deal with right so We will see how this will develop Yeah, there's For example early on AMD and they contributed documentation for epic and so on the Beers kernel developer guides. They have not been published to my knowledge or as are not as complete So you cannot actually implement on a free firmware Changes of course are hard to review if you don't have the documentation and you cannot write code Yeah, and then of course, there's yeah, normal community issues that are in all other projects also Also the problems which you have in the next kernel like a lot of developers are not employed in companies and work on new products and they Often cannot share that they work on the new products and because they of NDA they cannot release it and So they implement something and then when they are allowed to push it upstream the community has a lot of Sometimes a lot of complaints and want to something to be rewritten so in a lot of often We would like to have these company developers engage with the public community More often and write to the mailing list for example to discuss certain architectural decisions Yeah, but that's also sometimes the same with Linux drivers So, yeah, I'm at the end just as a quick note because today was a climate strike and so on and also Leonard's talk with The home directory and the problems with suspend to rum. I advocate again I don't like suspend to rum if firmware would be possible if your system would cold boot in like one second Nobody would need to suspend to rum. Yeah, and you would find other solutions to preserve the state You wouldn't have to worry about what is in the in the rum and you would use the normal mechanisms You would reduce complexity. Yeah, and they call boot is always still needed like on this laptop With the P store mechanism where you can Store crash dumps and you if I variables for example if I just found out that it was enabled and then it was All these variables was written that I was wondering why my system now the firmware took 25 seconds instead of 10 seconds to boot And it was because all these variables were there and them is a buck in the del firmware that it reads all these variables Without any need. Okay, so that's in the end Thank you for your attention and if you have any questions go ahead You mentioned the boot on arm systems a bit. Can you expand a little bit on what sort of devices you've been targeting? Has it been single board computers has been servers? There's really nothing in the middle. Um, I think both so mainly the Chromebooks Which are like laptop devices so embedded stuff, but I think there was this KVM Um, I think 2 or X1, I think too too, okay But there were some problems with KVM because of the arm trusted firmware Releases and they didn't maintain it. So I think they removed the board now But there was support and I think Facebook even sponsored the nine elements company to do the support But I you can come afterwards. I I can look it up. Yeah Do you know why support for the Alex board was removed? Yeah, because nobody worked on I need to look up which special requirement was there But it was I think Also had to do with car migration. So you actually couldn't see the timestamps from the boot block and I have to look it up what requirement it was but Yeah, nobody maintained it But that's of course also a valid question I mean the firmware still worked right and you can still check it out and build it But of course, you don't have all the new features, but it's at certain point I think it's a valid question if there are no maintainers If you can remove these boards and you can of course still boot the old firmware, right? But sorry, I don't know the specific reason I can look up the comment and tell you Thank you Paul. Yeah, thank you