Libreboot 20240504 released!

Leah Rowe

4 May 2024


Return to index

Article published by: Leah Rowe

Date of publication: 4 May 2024

Do not use the 20240504 release. This changelog is still provided as reference, but there were problems with this release. Please instead use the Libreboot 20240612 release.

Introduction

Libreboot is a free/open source BIOS/UEFI replacement on x86 and ARM, providing boot firmware that initialises the hardware in your computer, to then load an operating system (e.g. Linux/BSD). It is specifically a coreboot distribution, in the same way that Debian is a Linux distribution. It provides an automated build system to produce coreboot ROM images with a variety of payloads such as GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy to use as possible for non-technical users. From a project management perspective, this works in exactly the same way as a Linux distro, providing the same type of infrastructure, but for your boot firmware instead of your operating system. It makes use of coreboot for hardware initialisation, and then a payload such as SeaBIOS or GNU GRUB to boot your operating system; on ARM(chromebooks), we provide U-Boot (as a coreboot payload).

Libreboot provides many additional benefits such as fast boot speeds, greater security and greater customisation, but the primary benefit is software freedom. With use of GRUB in the flash, you can make use of many advanced features such as the ability to boot from an encrypted /boot partition and verify kernel GPG signature at boot time.

If you’re fed up of the control that proprietary UEFI vendors have over you, then Libreboot is for you. Although many would agree that it is a major step forward for most users, it’s actually a very old idea. Old is often better. It used to be that computers were much more open for learning, and tinkering. Libreboot implements this old idea in spirit and in practise, helping you wrest back control.

Unlike the hardware vendors, Libreboot does not see you as a security threat; we regard the ability to use, study, modify and redistribute software freely to be a human right that everyone must have, and the same is true of hardware. Your computer is your property to use as you wish. Free Software protects you, by ensuring that you always have control of the machine.

This new release, Libreboot 20240504, released today 4 May 2024, is a major new release of Libreboot. The previous stable release was Libreboot 20230625 released on 25 June 2023, and the previous testing release was Libreboot 20240225 released on 25 February 2024. Extreme care has been taken with this release, but it adds a host of new features such as USB3 support in the GRUB payload, and a slew of mainboard fixes. Read on to learn more.

The main purpose of this release has been to fix bugs. A lot more work will now go into Libreboot for another release in the summer of 2024.

Hardware supported in this release

This release supports the following hardware:

Servers (AMD, x86)

Desktops (AMD, Intel, x86)

Laptops (Intel, x86)

Laptops (ARM, with U-Boot payload)

New mainboard added

This release adds support for the following mainboard:

Dell Latitude laptops: S3 resume fixed

Nicholas Chin sent in a patch just before the release, fixing suspend/resume on sandy bridge and ivy bridge Dell laptops. According to him, resume on open is still broken and therefore disabled, but pressing the power button works.

Work done since Libreboot 20230625

To know the full set of differences between Libreboot 20230625 and Libreboot 20240405, first you must read the changelogs of those interim testing releases. They are, in order: Libreboot 20231021, 20231101, 20231106, 20240126 and 20240225.

The following log will now acount for changes since Libreboot 20240225, from most recent descending to very earliest commits. The most interesting changes are highlighted in bold:

Exact git log (versus Libreboot 20240225)

The following is an exact log of commits in the Git repository, on the master branch, relative to the previous January 2024 release. There are 99 changes:

* ae9e7389 Libreboot 20240504 release 
* d3aeb2c7 config/git: importer newer documentation 
* 5bf25eac coreboot: update latitude release status 
* 7a955a4c d510mo and d945gclf: disable for release 
* 7e799e1f nb/haswell: lock policy regs when disabling IOMMU 
* d9c0346a build/roms: more useful status warnings 
* 98587029 deprecate MRC 9020MT/SFF (NRI 9020 is default now) 
* d839bfa1 mark 9020 sff/mt stable for release 
* a9bc6b25 mark lenovo x301 as stable for release 
*   6e61052a Merge pull request 'coreboot/default: Add patches to fix S3 on SNB/IVB Latitudes' (#208) from nic3-14159/lbmk:latitude-fix-s3 into master 
|\  
| * 67ddd3f2 coreboot/default: Add patches to fix S3 on SNB/IVB Latitudes 
|/  
* 780e03fe remove x220edp/x230edp (keep regular x220/x230) 
* b379186a update hp machines to status=stable for release 
* 6e7b5c0b Enable WiFi on HP EliteBook 8560w (GPIO config) 
*   99617796 Merge pull request 'Implemented failsafe options at boot and inside menus for enabling/disabling serial, spkmodem and gfxterm' (#203) from livio/lbmk:failsafe into master 
|\  
| * 3e86b3ab Implemented failsafe options at boot and inside menus for enabling/disabling serial, spkmodem and gfxterm 
* | 2d207c54 coreboot/x301: set release=n (will re-test) 
* | 64ae2ddd update/release: purge test/lib/strlcat.c in u-boot 
* | 748b2072 mark x4x boards ready for release 
* | 9caff263 err.sh: update copyright info 
* | 7db2ae0b update/release: say when an archive is being made 
* |   cd9685d1 Merge pull request 'dell-flash-unlock: Remove dependency on GNU Make' (#207) from nic3-14159/lbmk:dell-flash-unlock-updates into master 
|\ \  
| * | a5cb6376 dell-flash-unlock: Remove dependency on GNU Make 
|/ /  
* |   4bf3da31 Merge pull request 'Fixed QEMU x86 target's SMBIOS informations' (#205) from livio/lbmk:qemux86_fix into master 
|\ \  
| * | 707d7ce7 Fixed QEMU x86 target's SMBIOS informations 
| * | d654a3e5 Fixed QEMU x86 target's SMBIOS informations 
| |/  
* |   a18cd7f1 Merge pull request 'Fixed boot selection menu' (#204) from livio/lbmk:livio_290424 into master 
|\ \  
| * | b4d27d0c Fixed boot selection menu 
| |/  
* |   05c3f493 Merge pull request 'dell-flash-unlock-updates' (#206) from nic3-14159/lbmk:dell-flash-unlock-updates into master 
|\ \  
| * | 61f66a46 dell-flash-unlock: Update README for BSD 
| * | 5e2e7611 dell_flash_unlock: Add support for FreeBSD 
| * | 61dbaf94 dell_flash_unlock: Set iopl level back to 0 when done 
| * | 355dffb7 dell_flash_unlock: Fix ec_set_fdo() signature 
| * | 6fe2482f dell-flash-unlock: Remove unnecessary includes for NetBSD 
| * | b737a24c dell-flash-unlock: Remove memory clobber from inline assembly 
* | | 5c3d81ff correct dell latitude status for release 
* | | 6dfd8c70 update release status for HP machines 
* | | 50f6943c set gru bob/kevin stable for release 
* | | df5e3216 set dell latitudes stable for release 
* | | 7e7c3c23 mark i945 machines as stable for release 
* | | 310378c9 build/roms: simplified list handling 
* | | 5003e02b build/roms: if release, allow all non-broken roms 
* | | dbe259ef build/roms: always display warnings 
* | | 0e2c56be build/roms: reduce indentation in skip_board() 
* | | 91927760 build/roms: simplified status handling 
* | | 230f68fd build/roms: simplified seagrub handling 
|/ /  
* | 515185a7 build/roms: support SeaGRUB *with menu enabled* 
* | a88a8281 update/trees: simplified defconfig copying 
* | 55204dc4 option.sh: don't use nproc (not portable) 
* | 71f8e653 eDP configs (x230/x220): don't release 
* | a5c7cc1a fix target.cfg files on dell latitudes 
* | d923d314 use mirrorservice.org for iasl downloads 
* | 714d4b3e update/release: disable status checking 
* | e614f906 build/roms: tell the user how to ignore status 
* | f22305fb update macbook21/x60/t60 status 
* | 6c4f07b3 allow disabling status checks during builds 
* | ad7e3966 update 9020 sff/mt release status 
* | 3ace925e update more board statuses before release 
* | e7619225 Set status=unstable on dell latitudes 
* | 1fd9ba9a declare ivy/sandy thinkpads stable for release 
* | 5218bfb0 declare gm45 thinkpads stable for release 
* | b99ebe05 kcma-d8/kgpe-d16: mark as tested(unstable) 
* |   e5cc3e55 Merge pull request 'dell-flash-unlock: add NetBSD support' (#194) from linear/lbmk:master into master 
|\ \  
| * | e119ffa5 dell-flash-unlock: add NetBSD support 
* | | c0b4ba2e build/roms: update help, pertaining to status 
* | | d88783b7 build/roms: let "list" specify status types 
* | | b6014a65 erroneous return 
* | | ce7fd754 build/roms: report status when building images 
* | | a2f42353 i945: switch boards to 20230625 coreboot revision 
* | | 64177dbb exports variables from err.sh, not build 
* | | a5082de4 GRUB: bump to today's latest revision 
* | | ddfe71a3 9020 sff/mt: actually enable the TPM (by default) 
* | | 2d7debd3 9020 sff/mt: add tpm enable patch from mate kukri 
* | | 08859bb4 lbmk: export TMPDIR from err.sh, not build 
* | | f5f2c58a build/roms: add missing deletion of tmp file 
* | | 02e4c0b2 hp820g2: allow building, but don't do release ROMs 
* | | ed0678ae haswell: only provide NRI-based ROMs in releases 
* | | f5035e32 9020 sff/mt: fix bad gpio read on hwm patch 
* | | 523f1df9 w541 libremrc: disable tseg stage cache 
* | | c557e9e0 haswell nri: set 8MB CBFS on thinkpads (fix S3) 
* | | ac7ce930 add 9020sff/mt configs using haswell NRI 
* | | 9e3b217c update coreboot/haswell (NRI) 
* | | 6da91df6 add mate's patch for 9020 sff/mt fan controls 
* | | 83195489 enable grub payload on libremrc w541/t440p 
* | | e9c591a5 add t440p/w541 configs using broadwell mrc 
* | | 4134a883 add 9020 sff/mt targets that use broadwell mrc 
* | | f7283fa1 grub xhci support 
* | | 5cb17795 fix sata slots on dell 9020 sff and mt 
* | | 33277897 allow users to specify number of build threads 
* | | 6ebab10c safer, simpler error handling in lbmk 
| |/  
|/|   
* |   6b11f1b0 Merge pull request 'config: Add Dell Latitude E5420' (#191) from nic3-14159/lbmk:latitude-ports into master 
|\ \  
| * | 036bf2c6 config: Add Dell Latitude E5420 
* | |   457a7037 Merge pull request 'util: Import autoport with Haswell patches' (#195) from nic3-14159/lbmk:autoport-fork into master 
|\ \ \  
| |_|/  
|/| |   
| * | 8cba2370 util: Import autoport with Haswell patches 
|/ /  
* |   c578fe56 Merge pull request 'Use proper autolink' (#192) from eo/lbmk:master into master 
|\ \  
| |/  
|/|   
| * 98caceb1 Use proper autolink 
|/  
* 665840b2 coreboot/dell9020*_12mb: Disable IOMMU by default 
* 944cafa2 coreboot/haswell: make IOMMU a runtime option 
* db074b78 enable serial console on fam15h boards 

You may find archives of this release, by looking at the Libreboot download page. Support is available on IRC or Reddit if you need help.

Disabled boards

Libreboot’s build system can be configured to exclude certain boards in release archives, while still permitting them to be re-built.

All of the following boards have been disabled in the build system:

HP EliteBook 820 G2, because refcode cannot be inserted reproducibly yet. This is what enables the gigabit ethernet on the machine (it’s a Broadwell machine so still needs MRC). A future release will fix this, and there are three viable ways: execute an uncompresed refcode instead, or use tar reproducibly (impossible to guarantoo on the host so tar and xz would have to be compiled by lbmk), or: replace the blob. None of the possible solutions are fully viable, so lbmk will support this board but ROM images for it will be excluded in releases (at least for the time being)

D510MO and D945 images not included either, due to lack of testing. (820 G2 is believed to be stable and has been tested repeatedly)

All other boards have ROM images in this release.

eDP mods (ThinkPad X230/X220)

The x230edp_12mb and x220edp_8mb targets were removed, but the x230_12mb and x220_8mb targets were retained. Only the original nitrocaster mod (for eDP) is reliable in my experience, and it’s unknown what you get with the various knockoffs available on aliexpress. Delete the board from Libreboot, to reduce the maintenance burden. Use an older Libreboot revision if you want these boards. They will probably not be re-added to Libreboot, unless Nitrocaster re-opens and/or a professional/reliable alternative appears(the alternatives as of today are all assumed to be rubbish).

The nitrocaster store seems to be out of business at this time of writing, and these modded boards are uncommon enough as it is, making testing extremely challenging; testing on multiple machines is desirable, but most people who do these mods don’t want to then mess with their hardware afterward.

The good news is that coreboot has mainlined X230 eDP support, so you will always have that option readily available. The other bad news with this mod is the knockoff gear generally has poor documentation (Nitrocaster has very good documentation), and people frequently have problems, either by their own fault or by virtue of the product; the eDP-based targets are therefore a liability to the Libreboot project.

That is all.

Errata

See: https://codeberg.org/libreboot/lbmk/issues/216

This bug has been fixed in lbmk.git, and the fix will be included in the next release, but it wasn’t caught in the 20240504 release.

The bug is quite serious, and it was previously decided that documentation should be written warning about it (in docs/install/). The bug was only triggered on Intel Sandybridge hardware (e.g. ThinkPad X220) and was never reported on other boards, but there’s no way to fully know; what is known is that the offending patch that caused the bug has been removed; namely, xHCI GRUB patches, which are now only provided on Haswell and Broadwell hardware (where the bug has not occured). Therefore, we know that the bug will no longer occur.

The next release will exclude xHCI support on machines that don’t need it, and a mitigation is in place that makes SeaBIOS the primary payload, to prevent effective bricks in the future; the bug was in GRUB, but if SeaBIOS is the first payload then the machine remains bootable even if a similar bug occurs.

It is now the default behaviour, in the next release, that certain images contain a bootorder file in CBFS, making SeaBIOS try GRUB first, but you can still press ESC to access the SeaBIOS boot menu if you want to directly boot an OS from that. This, and the other change mentioned above, will guarantee stability. GRUB is no longer the primary payload, on any mainboard.

However, it was later decided to put this release in the testing directory instead; it was initially designated as a stable release.

All ROM images for the 20240504 release have been removed from rsync, but the source tarball remains in place.

You are advised to use the 20240225 release, or the next release after 20240504.

A new audit has been conducted, marked complete as of 9 June 2024, fixing this and many issues; a new true stable release will be made available some time in June 2024.

Markdown file for this page: https://libreboot.org/news/libreboot20240504.md

Subscribe to RSS for this site

Site map

This HTML page was generated by the Untitled Static Site Generator.