Booting up the coreboot firmware alternative
Distro Walk – coreboot
Coreboot is an open source firmware alternative with an emphasis on speed and simplicity.
In the next few years, how you boot a computer could change drastically. A firmware alternative known as coreboot [1] is well on the way to becoming readily available, and it is likely to become more popular as development accelerates. For one thing, coreboot is a giant leap forward for open hardware. Just as importantly, on hardware where it can be implemented, coreboot boots three to four times faster than the familiar BIOS or UEFI, and, depending on how it is configured, sometimes even faster.
Originally known as LinuxBIOS, coreboot was founded in 1999 at Los Alamos National Laboratory, the research and development facility best known for its role in the development of the atomic bomb. Today, coreboot's major contributors include manufacturers such as AMD and SiS, and motherboard vendors such as MSI, as well as various participants in the Google Summer of Code.
Supported CPU architectures include x86-64, ARM, ARM64, and RISC-V, as well as AMD's Geode and other software-on-a-chip platforms. In addition to Linux, coreboot directly supports BSD, OpenBSD, and Windows 2000 or later. You can also use coreboot indirectly with other operating systems specified in the payload. In addition, coreboot has inspired a number of spin-off projects, such as the Libreboot distribution [2] and librecore [3], which places a heavy emphasis on software freedom and non-x86 architectures. As these lists show, coreboot is supported across a wide spectrum of hardware and developed by an alliance of academics, manufacturers, and community members. Although reverse engineering is sometimes required, in a growing number of cases, coreboot developers can get schematics directly from manufacturers.
Developers have long recognized the growing need for a new firmware solution. According to the coreboot site, the size of a BIOS once averaged about 100KB but the average size is now closer to 8MB, and it almost certainly contains obsolete and redundant code, which seriously slows boot time. By contrast, the coreboot site claims [4] that "For desktops and laptop machines, coreboot can frequently boot to the start of the operating system in under a second. For servers, it can cut minutes off of the boot time." Not only that, but coreboot is designed to meet modern security standards, and, being smaller than a conventional BIOS, it provides a smaller target for security breaches. Yet another advantage is that, in keeping with open source tenets, "The architecture of coreboot is designed to have an unbrickable update process. Updating firmware should be no more dangerous than installing your favorite app on your mobile phone" [4]. In every way, coreboot is a timely overhaul of the conventional concept of computer firmware.
How Coreboot Works
Coreboot is designed to provide the absolute minimum of instructions to launch a modern operating system. The minimum structure means that coreboot must be modified for each chipset and motherboard it supports, which delays progress but tends to increase efficiency.
Coreboot runs in five required stages plus an optional stage on x86 machines [5] (shown in timeline form in Figure 1):
- bootblock: The first stage is written in assembly language and is intended to set up the C environment used for the rest of the coreboot process. Tasks include initializing the Cache-as-RAM, which uses the CPU cache as memory for the heap and stack space required by the C environment. On x86 systems, the bootblock stage also switches the CPU from 16-bit real mode to 32-bit protected mode.
- verstage: An optional stage that starts the root of trust if verified boot is used.
- romstage: Prepares the system to access DRAM directly.
- postcar: Tears down the Cache-as-RAM memory and loads the ramstage.
- ramstage: Initializes hardware, including PCI, on-chip, and graphics devices, trusted platform modules, and the CPU. Initialization tables are prepared for the operating system, and hardware and firmware are locked down.
- payload: Loads a chunk of software carried in firmware storage that initializes the process of launching the operating system. Two commonly used payloads are SeaBIOS, an implementation of the x86 BIOS, and TianoCore, an open source version of UEFI. The GRUB2 bootloader can also serve as a coreboot payload. Given coreboot's speed, long-time Linux users might be bemused to find that it is impossible to read the output of the boot process as it happens. They will need instead to open
/var/log/boot.log
.
Figure 1 also illustrates how the coreboot stages fit within the stages of the EDK II cross-platform firmware specification.
System76: A Sample Implementation
According to Wikipedia, computers with coreboot are available, including some x86-based Chromebooks, and from One Laptop per Child, Minifree (formerly Gluglug), PC Engines, Purism, System76, and Star Labs. Most of these computers are laptops, and some are refurbished, but the list has grown steadily over the past few years.
My hands-on experience with coreboot comes from a recently purchased Darter Pro from System76. In the past few years, System76 has emerged as a major manufacturer of Linux computers. Originally, System76 shipped its computers with a standard BIOS. However, gradually, it has been switching to coreboot for its laptops. As of March 2023, all of its six laptop models use coreboot. No official word yet of when coreboot will come to the company's desktops, servers, and minis, but a reasonable guess is that it is only a matter of time.
After the traditional BIOS (Figure 2) and UEFI implementations, coreboot on the Darter Pro comes as something of a shock. The BIOS of an earlier version of the Darter Pro had 38 top-level items, including specifications, as well as support settings for Secure Boot, Thunderbolt 3, and virtualization. By contrast, the current Darter Pro coreboot menu shown in Figure 3, which is accessed by holding down the Esc key at start-up, is a radical simplification.
System76's coreboot adoption seems a work in progress, so perhaps more items will be added in the months to come. The GitHub development pages seem at the least to keep that possibility open. However, this implementation of the firmware offers only the information that users are most likely to want, and not all of that can be changed. If System76's coreboot menu is compared with coreboot's build configuration (Figure 4), you can see that System76 chooses relevance and simplicity in its coreboot build.
Much of the usual information in the BIOS is available in System76 Open Firmware, along with instructions on how to customize the firmware and flash it – as well as suggestions on how to recover if things go wrong. Control of hardware such as the keyboard, fan, and battery is available through System76 Open EC Firmware (Embedded Controller), sometimes in the form of keyboard shortcuts and sometimes in the form of desktop applications. Other implementations of coreboot will differ to some degree; Purism's Librem 14 laptop [6], for instance, is advertised as having "Disabled the Intel Management engine" and "Less binary blob firmware," with an emphasis on security. But no matter what the priorities are, the ultimate goal of a coreboot implementation is to provide a simpler, more efficient way to start a computer.
Welcome to the Revolution
Coreboot faces serious obstacles. Too often, it has to work around proprietary code, which takes time and sometimes compromises the project's open source philosophy. Perhaps, too, the conservatism of corporations favors the established structure of BIOS and UEFI, for no better reason than its familiarity. Probably, though, the greatest obstacle is the fact that every chipset and motherboard requires its own implementation. Still, the use of separate payloads eases that restriction and has led to another advantage: well-organized, clear, and complete documentation, both in the project itself [7] and among early retailers such as System76.
Coreboot's natural advantages are so obvious that to predict its future dominance is far from rash. Just to see a computer boot at a fraction of the time you expect, or to realize how easy flashing firmware can be, is enough to make a believer out of the most cynical. One way or the other, expect to hear more about coreboot in the near future.
Infos
- coreboot: https://coreboot.org/
- Libreboot: https://libreboot.org/
- librecore: https://firmwaresecurity.com/tag/libreboot/
- Advantages for end users: https://www.coreboot.org/users.html
- coreboot architecture: https://doc.coreboot.org/getting_started/architecture.html
- Purism's Librem 14: https://puri.sm/products/librem-14/
- Documentation: https://doc.coreboot.org/getting_started/index.html
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.