|
| 1 | +# Dasharo Trustworthy Computing |
| 2 | + |
| 3 | +[https://dasharo.com/](https://dasharo.com/) |
| 4 | + |
| 5 | +Talos II support in coreboot |
| 6 | + |
| 7 | +## v0.1.0 |
| 8 | + |
| 9 | +### Release Changelog |
| 10 | +\ |
| 11 | +**Added:** \ |
| 12 | +* Building skiboot image |
| 13 | +* Including skiboot as payload |
| 14 | + |
| 15 | +**Known issues:** |
| 16 | +* Only one CPU core is started |
| 17 | + |
| 18 | +### Release statistics |
| 19 | + |
| 20 | +TBD |
| 21 | + |
| 22 | +### Hardware configuration |
| 23 | + |
| 24 | +Configuration with a single IBM POWER9 64bit CPU is supported.\ |
| 25 | +Dual CPU setup not supported currently. |
| 26 | + |
| 27 | +Following RAM configurations were tested and are proved to be properly initialized. |
| 28 | +<pre> |
| 29 | +MCS0, MCA0 |
| 30 | + DIMM0: <a href=https://www.samsung.com/semiconductor/dram/module/M393A2K40CB2-CTD>1Rx4 16GB PC4-2666V-RC2-12-PA0</a> |
| 31 | + DIMM1: not installed |
| 32 | +MCS0, MCA1 |
| 33 | + DIMM0: <a href=https://www.crucial.com/memory/server-ddr4/mta9asf1g72pz-2g6j1>1Rx8 8GB PC4-2666V-RD1-12</a> |
| 34 | + DIMM1: not installed |
| 35 | +MCS1, MCA0 |
| 36 | + DIMM0: <a href=https://www.samsung.com/semiconductor/dram/module/M393A4K40CB2-CTD>2Rx4 32GB PC4-2666V-RB2-12-MA0</a> |
| 37 | + DIMM1: not installed |
| 38 | +MCS1, MCA1 |
| 39 | + DIMM0: <a href=https://mis-prod-koce-homepage-cdn-01-blob-ep.azureedge.net/web/static_file/12701730956286135.pdf>2Rx8 16GB PC4-2666V-RE2-12</a> |
| 40 | + DIMM1: not installed |
| 41 | +</pre> |
| 42 | + |
| 43 | +All 3 major DRAM vendors are supported, namely Samsung, Micron and Hynix. |
| 44 | + |
| 45 | +### Download the latest firmware |
| 46 | + |
| 47 | +#### Release binaries |
| 48 | +TBD links |
| 49 | + |
| 50 | +Verifying SHA256 sum |
| 51 | + |
| 52 | +Building binary using source code: |
| 53 | + |
| 54 | +### How to build and use it |
| 55 | + |
| 56 | +#### Environment preparation |
| 57 | + |
| 58 | +In order to build coreboot, we use docker container. So in order to setup |
| 59 | +environment, ensure that: |
| 60 | + |
| 61 | +1. You have docker installed as described on |
| 62 | + [docker site](https://docs.docker.com/engine/install/) for your Linux distro. |
| 63 | + |
| 64 | +2. When you have the docker installed pull the container: |
| 65 | + |
| 66 | + ``` |
| 67 | + docker pull docker.pkg.github.com/3mdeb/coreboot/coreboot-sdk |
| 68 | + ``` |
| 69 | + |
| 70 | +In order to start from a common point, flash the original OpenPOWER firmware |
| 71 | +for Talos II. |
| 72 | + |
| 73 | +1. Log into the BMC via SSH: |
| 74 | + |
| 75 | + ``` |
| 76 | + ssh root@<BMC_IP> |
| 77 | + ``` |
| 78 | + |
| 79 | +2. Download the stock firmware image: |
| 80 | + |
| 81 | + ``` |
| 82 | + wget https://cloud.3mdeb.com/index.php/s/canxPx5d4X8c2wk/download -O /tmp/flash.pnor |
| 83 | + ``` |
| 84 | + |
| 85 | +3. Flash the firmware: |
| 86 | + |
| 87 | + ``` |
| 88 | + pflash -E -p /tmp/flash.pnor |
| 89 | + ``` |
| 90 | + |
| 91 | + > You will see warning like `About to erase chip !` and |
| 92 | + > `WARNING ! This will modify your HOST flash chip content !`. When the |
| 93 | + > `Enter "yes" to confirm:` prompt appears, type `yes` and press enter. |
| 94 | +
|
| 95 | + At the end of the process (it may take several minutes) you should have |
| 96 | + something like this: |
| 97 | + |
| 98 | + ``` |
| 99 | + About to program "/tmp/flash.pnor" at 0x00000000..0x04000000 ! |
| 100 | + Programming & Verifying... |
| 101 | + [==================================================] 100% ETA:0s |
| 102 | + ``` |
| 103 | + |
| 104 | +4. * Log into the BMC GUI at https://<BMC_IP>/. \ |
| 105 | + Make sure to use `https`. |
| 106 | + * Enter the Server power operations |
| 107 | + `https://<BMC_IP>/#/server-control/power-operations` and invoke |
| 108 | + warm reboot. |
| 109 | + * Then move to Serial over LAN remote console |
| 110 | + `https://<BMC_IP>/#/server-control/remote-console` to observe |
| 111 | + whether the platform is booting. |
| 112 | + |
| 113 | +#### Buidling coreboot image |
| 114 | + |
| 115 | +In order to build coreboot image, follow the steps below: |
| 116 | + |
| 117 | +1. Clone the coreboot repository: |
| 118 | + |
| 119 | + ``` |
| 120 | + git clone [email protected]:3mdeb/coreboot.git -b TBD_BRANCH_NAME |
| 121 | + # or HTTPS alternatively |
| 122 | + git clone https://github.com/3mdeb/coreboot.git -b TBD_BRANCH_NAME |
| 123 | + ``` |
| 124 | + `talos_2_support_ramstage` - ramstage devlopment branch - merge requests should go here.\ |
| 125 | + `squashed_talos_2_support` - upstream branch, can be regularly pushed with force.\ |
| 126 | + `talos_2_support` - legacy branch for bootblock and romstage release - as of today nothing should be pushed here. |
| 127 | + |
| 128 | +2. Get the submodules: |
| 129 | + |
| 130 | + ``` |
| 131 | + cd coreboot |
| 132 | + git submodule update --init --checkout |
| 133 | + ``` |
| 134 | + |
| 135 | +3. Start docker container (assuming you are already in coreboot root |
| 136 | + directory): |
| 137 | + |
| 138 | + ``` |
| 139 | + docker run --rm -it -v $PWD:/home/coreboot/coreboot -w /home/coreboot/coreboot docker.pkg.github.com/3mdeb/coreboot/coreboot-sdk /bin/bash |
| 140 | + ``` |
| 141 | + |
| 142 | +4. When inside of the container, configure the build for Talos II: |
| 143 | + |
| 144 | + ``` |
| 145 | + make menuconfig |
| 146 | + ``` |
| 147 | + |
| 148 | + * Navigate to the **Mainboard** submenu. |
| 149 | + * As a **Mainboard vendor** select `Raptor Computing Systems`. |
| 150 | + * Select Exit and then navigate to the **Payload** submenu. |
| 151 | + * In **Add a payload** select `skiboot`. |
| 152 | + * Save the configuration and exit. |
| 153 | + |
| 154 | +  |
| 155 | +  |
| 156 | + |
| 157 | + |
| 158 | +5. Start the build process of coreboot inside the container: |
| 159 | + |
| 160 | + ``` |
| 161 | + make |
| 162 | + ``` |
| 163 | + |
| 164 | +#### Running the coreboot on Talos II |
| 165 | + |
| 166 | +1. At the end of build process you should see `Built raptor-cs/talos-2 (Talos II)`. |
| 167 | + Copy the result binary from `<coreboot_dir>/build/coreboot.rom.signed.ecc` to the BMC |
| 168 | + (assuming in the coreboot root directory): |
| 169 | + |
| 170 | + ``` |
| 171 | + scp build/bootblock.signed.ecc [email protected]:/tmp/bootblock.signed.ecc |
| 172 | + scp build/coreboot.rom.signed.ecc [email protected]:/tmp/coreboot.rom.signed.ecc |
| 173 | + ``` |
| 174 | + |
| 175 | +2. Backup the HBB partition (for faster later recovery) by invoking this |
| 176 | + command on BMC: |
| 177 | + |
| 178 | + ``` |
| 179 | + pflash -P HBB -r /tmp/hbb.bin |
| 180 | + ``` |
| 181 | + |
| 182 | +3. Flash the binary by replacing HBB partition (execute from BMC): |
| 183 | + |
| 184 | + ``` |
| 185 | + pflash -e -P HBB -p /tmp/bootblock.signed.ecc |
| 186 | + pflash -e -P HBI -p /tmp/coreboot.rom.signed.ecc |
| 187 | + ``` |
| 188 | + |
| 189 | + Answer yes to the prompt and wait for the process to finish. |
| 190 | + |
| 191 | +4. Log into the BMC GUI again at https://<BMC_IP>/.\ |
| 192 | + Enter the Server power operations (https://<BMC_IP>/#/server-control/power-operations) and invoke warm reboot.\ |
| 193 | + Then move to Serial over LAN remote console (https://<BMC_IP>/#/server-control/remote-console)\ |
| 194 | + Wait for a while until coreboot shows up: |
| 195 | + |
| 196 | + TBD asciicast |
| 197 | + |
| 198 | +5. Enjoy the coreboot running on Talos II. |
| 199 | + |
| 200 | +> **Optional:** In order to recovery the platform quickly to healthy state, flash |
| 201 | +> the HBB partition back with: \ |
| 202 | +> `pflash -e -P HBB -p /tmp/hbb.bin` |
0 commit comments