Port SeaBIOS PCI oprom extraction in ram + measurement + load into coreboot
Closed this issue · 1 comments
tlaurion commented
Chainloading seabios -> linux payload would not be desired since seabios would actually lower security model.
What is desired is seabios extraction of oprom in ram, measuring it then loading it.
Discussed under https://matrix.to/#/!rsKWMJGPMsyPTTjXuh:matrix.org/$tfmbWeuklG258ig33TJMsVSdTvOosR7DvdodjyD_y9I?via=matrix.org&via=nitro.chat&via=fedora.im
Originally posted by @tlaurion in #1752 (comment)
tlaurion commented
Wokstations support with variable dGPU : SeaBIOS chainloading of Heads needed
- coreboot oprom pci extraction + loading exists, but is not providing VBIOS: SeaBIOS does.
- coreboot/SeaBIOS seperation of duties prohibit coreboot by ideology from providing VBIOS implementation: SeaBIOS does and is said to do it well.
- SeaBIOS does more then extract oprom from PCI+loads it, it implements VBIOS dGPU implementation for which oprom IRQ polling results in functional graphic handling.
- Without VBIOS implementation in firmware provided by SeaBIOS (free or proprietary), oprom alone gives variable dGPU support.
- So Hypothesis here is that SeaBIOS should be used to chainload Heads payload instead of trying to implement VBIOS+oprom loading inside of coreboot. But to do so well, SeaBIOS should hebable TPM measured boot and read oprom in ram, measure it, extend TPM PCR and then load oprom+offer VBIOS free implementation so IRQ polling is functions.
Traces of discussions (only accessible by current members of D16 club):
- Discussion happened under https://matrix.to/#/!OkpUfvLEYpLyALVvaW:dodoid.com/$Oeai4eu3okikozVksCyW-4ML2DghNBr2fYI9oBcuV5c?via=dodoid.com&via=matrix.org&via=envs.net
- Failed previous PoC resulted by a Kconfig setting missing, this one: https://matrix.to/#/!OkpUfvLEYpLyALVvaW:dodoid.com/$jg0G2adlj6WKaGvjiE-egCqCjmL7AyDqRLBTl6tdxds?via=dodoid.com&via=matrix.org&via=envs.net
- Some failed resulting experiments branches to be revisited in next PoC iteration