Breaking News! AMD is open sourcing the API for the x86 bootloader

j4k3@lemmy.world to Technology@beehaw.org – 216 points –
community.amd.com

I think this means we will eventually see a fully open source Coreboot/Libreboot soon. Someone correct me if I am wrong please!

the openSIL github repo

I'm not clear about where this API sits relative to the AMD Platform Security Processor.

found via this post: https://lemmy.world/post/134243

18

You are viewing a single comment
View all comments

What exactly does this mean? Like, I'm familiar with open source software, but I'm not super familiar with the x86 bootloader stuff, so I'm not sure what benefits we get from this.

When you power on a computer, before any software (any operating system) has a chance to run, there's "firmware" (kind of similar to software, except stored directly in the motherboard) that has to get things going (called "Platform Initialization"). Generally the two jobs of the Platform Initialization firmware: (1) to detect (and maybe initialize) some hardware; and (2) to find the operating system and boot the operating system.

We have a standard interface for #2 now, which is called UEFI. But for #1, it's always been sort of a mysterious black box. It necessarily has to be different for every chipset/every motherboard. Manufacturers never really saw much reason to open source it. The major community-driven open source project at doing #1 is called "coreboot". Due to the fact that it requires a new implementation for every chipset/motherboard and they are generally not documented (and may require some reverse-engineering of the hardware), coreboot has very very limited support.

So what AMD is open sourcing here is a collection of 3 C libraries which they will be using in all of their firmware, going forward. These libraries are not chipset/motherboard-specific (you still need custom code for each motherboard) and do not implement UEFI (you would still need to implement UEFI/bootloader on top of it), but they're helper functions that do a lot of what's needed to implement firmware. I just took a cursory look through the source code, but I saw a lot of code in there for detecting RAM DIMMs (how much RAM, what kind of RAM, etc.), which is useful code.

The fact that AMD is going to use this in their own firmware, and also make it available for coreboot under an MIT licence, means that coreboot may* have a much easier time in the future supporting AMD motherboards.

* we will see

But wouldn't opening up such an important (from what I understand) part of a computer to everyone mean that malicious actors have a much easier time doing malicious stuff? I understand (and support) that enthusiasts will have many more options when presented with the actual code to a program. Nonetheless, I can't help but feel like if you give everyone a tour and show them how their super secure door locks work, including how to break them open, then those that want to break in, will be very happy about it and the security system quickly becomes useless.

Please feel free to correct me on wherever I am wrong. I tried reading through the article, but I only understand a fraction of it.

I'm only have a vauge understanding but I'll give it a shot.

x86 is a CPU architecture. ARM, PowerPC, RISC are other types A CPU architecture is like a standardized set of instructions.

Here's a horrible attempt an analogy based on buildings. Let's say there's only 2 types of buildings on earth:

Type A buildings are very tall and use an elevator to go up many floors. Each floor has just one room.

Type B buildings have a very very long hallway branching off into many rooms but just one floor.

If you wanted to tell someone how to retrieve an item from a Type A building you'd say something like "Take the elevator to floor 3. Grab box 01. Take the elevator to floor 4 and leave it there."

Obviously this wouldn't work in a type B building since there is no elevator. You'd tell the person to walk down the hallway until they reached room 03, grab box 01 and walk to room 04 and drop it off.

That's a very very very very simplified version of how different CPU architectures work. They each have their own "instruction set" based on how they're set up. The x86 architecture is used in most laptop and desktop computers. The new Apple Macs use ARM, as do most smartphones.

Now, a bootloader is the thing that handles everything from when you see your laptop's (or desktop motherboard manufacturer's) logo on your screen to when you see the spinny circle of Windows 10. It handles loading the operating system from a location on disk into the correct place on the computer. So far this step has been secret and proprietary.

The libreboot project is a project to make an open source version but it mostly only works on pre-2008 laptops. This is because post 2008 Intel started asking for a password from the bootloader that only Intel had, making it impossible to put your own bootloader in. Coreboot is a much more limited version of this, whose main focus is to remove a part of the Intel bootloader called Intel Management Engine. The Intel ME has access to your computers hardware unrestricted by the operating system.

I'm not sure what open sourcing their bootloader means for us as a community. If we can finally have libreboot working on AMD x86 computers or if there are many more hurdles along the way.