WIP: some progressed and refactoring
This commit is contained in:
parent
312b458ec5
commit
cfd5194fbc
10
Makefile
10
Makefile
|
@ -1,6 +1,7 @@
|
||||||
.PHONY: clean distclean all force_update
|
.PHONY: clean distclean all force_update
|
||||||
|
.DELETE_ON_ERROR: $(DOC).pdf
|
||||||
|
|
||||||
XELATEX=xelatex -shell-escape
|
XELATEX=xelatex -shell-escape -interaction=nonstopmode
|
||||||
DOC=hardware_init_review
|
DOC=hardware_init_review
|
||||||
|
|
||||||
all: $(DOC).pdf
|
all: $(DOC).pdf
|
||||||
|
@ -9,7 +10,7 @@ clean:
|
||||||
rm -rf *.log *.bak *.out *.xml *.gz *.aux *.bcf *.blg
|
rm -rf *.log *.bak *.out *.xml *.gz *.aux *.bcf *.blg
|
||||||
|
|
||||||
distclean: clean
|
distclean: clean
|
||||||
rm -rf *.bbl *.pdf *.toc $(DOC).bibready
|
rm -rf *.bbl *.lof *.lol *.pdf *.toc $(DOC).bibready
|
||||||
|
|
||||||
$(DOC).bibready:
|
$(DOC).bibready:
|
||||||
$(XELATEX) $(DOC).tex
|
$(XELATEX) $(DOC).tex
|
||||||
|
@ -18,7 +19,10 @@ $(DOC).bibready:
|
||||||
$(DOC).bbl: $(DOC).bibready bibliographie.bib
|
$(DOC).bbl: $(DOC).bibready bibliographie.bib
|
||||||
biber $(DOC)
|
biber $(DOC)
|
||||||
|
|
||||||
$(DOC).pdf: $(DOC).bbl $(DOC).tex
|
$(DOC).aux:
|
||||||
|
$(XELATEX) $(DOC).tex
|
||||||
|
|
||||||
|
$(DOC).pdf: $(DOC).bbl $(DOC).aux *.tex listings/*
|
||||||
$(XELATEX) $(DOC).tex
|
$(XELATEX) $(DOC).tex
|
||||||
|
|
||||||
force_update: $(DOC).toc
|
force_update: $(DOC).toc
|
||||||
|
|
|
@ -966,3 +966,11 @@ note = "[Online; accessed 17-August-2024]"
|
||||||
year={2017},
|
year={2017},
|
||||||
publisher={Open Source Press}
|
publisher={Open Source Press}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@manual{coreboot_mem_management,
|
||||||
|
title = {Coreboot Memory Management and Payload Allocation},
|
||||||
|
author = {{Coreboot Project}},
|
||||||
|
year = 2024,
|
||||||
|
url = {https://doc.coreboot.org/memory-map.html},
|
||||||
|
note = {Accessed: 2024-08-17}
|
||||||
|
}
|
|
@ -375,7 +375,6 @@
|
||||||
\field{howpublished}{\url{https://www.asus.com/Commercial-Servers-Workstations/KGPE-D16/HelpDesk_Manual/}}
|
\field{howpublished}{\url{https://www.asus.com/Commercial-Servers-Workstations/KGPE-D16/HelpDesk_Manual/}}
|
||||||
\field{note}{Accessed: 2024-07-05}
|
\field{note}{Accessed: 2024-07-05}
|
||||||
\field{title}{Asus KGPE-D16 Mainboard Documentation and User Manuals}
|
\field{title}{Asus KGPE-D16 Mainboard Documentation and User Manuals}
|
||||||
\true{nocite}
|
|
||||||
\endentry
|
\endentry
|
||||||
\entry{BashunVladimir2013Tytb}{inproceedings}{}
|
\entry{BashunVladimir2013Tytb}{inproceedings}{}
|
||||||
\name{author}{4}{}{%
|
\name{author}{4}{}{%
|
||||||
|
@ -586,6 +585,33 @@
|
||||||
\range{pages}{13}
|
\range{pages}{13}
|
||||||
\keyw{Computer science}
|
\keyw{Computer science}
|
||||||
\endentry
|
\endentry
|
||||||
|
\entry{coreboot_mem_management}{manual}{}
|
||||||
|
\name{author}{1}{}{%
|
||||||
|
{{hash=9d0db915bc81244c5474dc57d9fb132a}{%
|
||||||
|
family={{Coreboot Project}},
|
||||||
|
familyi={C\bibinitperiod}}}%
|
||||||
|
}
|
||||||
|
\strng{namehash}{9d0db915bc81244c5474dc57d9fb132a}
|
||||||
|
\strng{fullhash}{9d0db915bc81244c5474dc57d9fb132a}
|
||||||
|
\strng{bibnamehash}{9d0db915bc81244c5474dc57d9fb132a}
|
||||||
|
\strng{authorbibnamehash}{9d0db915bc81244c5474dc57d9fb132a}
|
||||||
|
\strng{authornamehash}{9d0db915bc81244c5474dc57d9fb132a}
|
||||||
|
\strng{authorfullhash}{9d0db915bc81244c5474dc57d9fb132a}
|
||||||
|
\field{sortinit}{C}
|
||||||
|
\field{sortinithash}{4d103a86280481745c9c897c925753c0}
|
||||||
|
\field{labelnamesource}{author}
|
||||||
|
\field{labeltitlesource}{title}
|
||||||
|
\field{note}{Accessed: 2024-08-17}
|
||||||
|
\field{title}{Coreboot Memory Management and Payload Allocation}
|
||||||
|
\field{year}{2024}
|
||||||
|
\true{nocite}
|
||||||
|
\verb{urlraw}
|
||||||
|
\verb https://doc.coreboot.org/memory-map.html
|
||||||
|
\endverb
|
||||||
|
\verb{url}
|
||||||
|
\verb https://doc.coreboot.org/memory-map.html
|
||||||
|
\endverb
|
||||||
|
\endentry
|
||||||
\entry{intel_acpi_spec}{book}{}
|
\entry{intel_acpi_spec}{book}{}
|
||||||
\name{author}{1}{}{%
|
\name{author}{1}{}{%
|
||||||
{{hash=42af28f239d9ce2a4d0f9a032741150e}{%
|
{{hash=42af28f239d9ce2a4d0f9a032741150e}{%
|
||||||
|
|
Binary file not shown.
|
@ -1,3 +1,13 @@
|
||||||
|
% -*- coding: utf-8 -*-
|
||||||
|
% Copyright (C) 2024 Adrien 'neox' Bourmault <neox@gnu.org>
|
||||||
|
%
|
||||||
|
% Permission is granted to copy, distribute and/or modify this document
|
||||||
|
% under the terms of the GNU Free Documentation License, Version 1.3
|
||||||
|
% or any later version published by the Free Software Foundation;
|
||||||
|
% with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
|
||||||
|
% A copy of the license is included in the section entitled "GNU
|
||||||
|
% Free Documentation License".
|
||||||
|
|
||||||
\input{packages.tex}
|
\input{packages.tex}
|
||||||
|
|
||||||
% setup things
|
% setup things
|
||||||
|
@ -80,8 +90,7 @@
|
||||||
are analyzed to demonstrate the complexity and importance of firmware in
|
are analyzed to demonstrate the complexity and importance of firmware in
|
||||||
achieving optimal system performance.
|
achieving optimal system performance.
|
||||||
Furthermore, this document explores the relationship between firmware and
|
Furthermore, this document explores the relationship between firmware and
|
||||||
hardware virtualization, discussing how modern firmware supports and enhances
|
hardware virtualization. Security considerations and future trends in
|
||||||
virtualized environments. Security considerations and future trends in
|
|
||||||
firmware development are also addressed, emphasizing the need for continued
|
firmware development are also addressed, emphasizing the need for continued
|
||||||
research and advocacy for free software-compatible hardware.
|
research and advocacy for free software-compatible hardware.
|
||||||
|
|
||||||
|
@ -443,7 +452,7 @@
|
||||||
slot sharing. For storage, the mainboard provides
|
slot sharing. For storage, the mainboard provides
|
||||||
several SATA ports. Networking capabilities are enhanced by integrated dual
|
several SATA ports. Networking capabilities are enhanced by integrated dual
|
||||||
gigabit Ethernet ports, which provide high-speed connectivity essential for
|
gigabit Ethernet ports, which provide high-speed connectivity essential for
|
||||||
data-intensive tasks and network communication \cite{ASUS_kgpe_d16_manual}.
|
data-intensive tasks and network communication \cite{asus_kgpe_d16_manual}.
|
||||||
Additionally, the board is equipped with various peripheral interfaces,
|
Additionally, the board is equipped with various peripheral interfaces,
|
||||||
including USB ports, audio outputs, and other I/O ports, ensuring compatibility
|
including USB ports, audio outputs, and other I/O ports, ensuring compatibility
|
||||||
with a wide range of external devices. \\
|
with a wide range of external devices. \\
|
||||||
|
@ -675,292 +684,351 @@
|
||||||
|
|
||||||
\section{General structure of coreboot}
|
\section{General structure of coreboot}
|
||||||
|
|
||||||
The firmware of the ASUS KGPE-D16 is crucial in ensuring the proper functioning
|
The firmware of the ASUS KGPE-D16 is crucial in ensuring the proper
|
||||||
and optimization of the mainboard's hardware components. For this to be done
|
functioning and optimization of the mainboard's hardware components.
|
||||||
efficiently, \textit{coreboot} is organized in different stages (fig.
|
For this to be done efficiently, \textit{coreboot} is organized in
|
||||||
\ref{fig:coreboot_stages}) \cite{coreboot_docs}.
|
different stages (fig. \ref{fig:coreboot_stages}) \cite{coreboot_docs}.
|
||||||
|
|
||||||
\begin{figure}[H]
|
\begin{figure}[H]
|
||||||
\centering
|
\centering
|
||||||
\includegraphics[width=0.9\textwidth]{
|
\includegraphics[width=0.9\textwidth]{
|
||||||
images/fig9_coreboot_stages.png}
|
images/fig9_coreboot_stages.png}
|
||||||
\caption{\textit{coreboot}'s stages timeline, by \textit{coreboot} project (CC BY-SA 4.0, 2009)}
|
\caption{\textit{coreboot}'s stages timeline, by
|
||||||
|
\textit{coreboot} project (CC BY-SA 4.0, 2009)}
|
||||||
\label{fig:coreboot_stages}
|
\label{fig:coreboot_stages}
|
||||||
\end{figure}
|
\end{figure}
|
||||||
|
|
||||||
Being a complex project with ambitious goals, \textit{coreboot} decided early on
|
|
||||||
to establish an file-system-based architecture for its images (also called ROMs).
|
|
||||||
This special file-system is CBFS (which stands for coreboot file system).
|
|
||||||
The CBFS architecture consists of a binary image that can be interpreted as a
|
|
||||||
physical disk, referred to here as ROM. A number of independent components, each
|
|
||||||
with a header added to the data, are located within the ROM. The components are
|
|
||||||
nominally arranged sequentially, although they are aligned along a predefined
|
|
||||||
boundary (fig. \ref{fig:coreboot_diagram}). \\
|
|
||||||
|
|
||||||
Each stage is compiled as a separate binary and inserted into the CBFS with
|
|
||||||
custom compression. The bootblock stage is usually not compressed, while the
|
|
||||||
ramstage and the payload are compressed with LZMA.
|
|
||||||
Each stage loads the next stage at a given address (possibly decompressing it
|
|
||||||
in the process). \\
|
|
||||||
|
|
||||||
|
Being a complex project with ambitious goals, \textit{coreboot} decided
|
||||||
|
early on to establish an file-system-based architecture for its images
|
||||||
|
(also called ROMs). This special file-system is CBFS (which stands for
|
||||||
|
coreboot file system). The CBFS architecture consists of a binary image
|
||||||
|
that can be interpreted as a physical disk, referred to here as ROM. A
|
||||||
|
number of independent components, each with a header added to the data,
|
||||||
|
are located within the ROM. The components are nominally arranged
|
||||||
|
sequentially, although they are aligned along a predefined boundary
|
||||||
|
(fig. \ref{fig:coreboot_diagram}). \\
|
||||||
|
|
||||||
\begin{figure}[H]
|
Each stage is compiled as a separate binary and inserted into the CBFS
|
||||||
\centering
|
with custom compression. The bootblock stage is usually not compressed,
|
||||||
\includegraphics[width=0.8\textwidth]{
|
while the ramstage and the payload are compressed with LZMA. Each stage
|
||||||
images/fig8_coreboot_architecture.png}
|
loads the next stage at a given address (possibly decompressing it in
|
||||||
\caption{\textit{coreboot} ROM architecture (CC BY-SA 4.0, 2024)}
|
the process). \\
|
||||||
\label{fig:coreboot_diagram}
|
|
||||||
\end{figure}
|
Some stages are relocatable and can be placed anywhere in the RAM.
|
||||||
|
These stages are typically cached in the CBMEM for faster loading times
|
||||||
|
during wake-up. The CBMEM is a specific memory area used by the
|
||||||
|
\textit{coreboot} firmware to store important data structures and logs
|
||||||
|
during the boot process. This area is typically allocated in the
|
||||||
|
system's RAM and is used to store various types of runtime information
|
||||||
|
that it might need to reference after the initial boot stages. \\
|
||||||
|
|
||||||
|
In general, \textit{coreboot} manages main memory through a structured
|
||||||
|
memory map (fig. \ref{tab:memmap}), allocating specific address ranges
|
||||||
|
for various hardware functions and system operations. The first 640KB
|
||||||
|
of memory space is typically unused by coreboot due to historical
|
||||||
|
reasons. Graphics-related operations use the VGA address range
|
||||||
|
and the text mode address ranges. It also reserves the higher for
|
||||||
|
operating system use, ensuring that critical system components
|
||||||
|
like the IOAPIC and TPM registers have dedicated address spaces.
|
||||||
|
This structured approach helps maintain system stability and
|
||||||
|
compatibility across different platforms.
|
||||||
|
Payloads are typically loaded into high memory, above the reserved areas
|
||||||
|
for hardware components and system resources. The exact memory location
|
||||||
|
can vary depending on the system's configuration, but generally,
|
||||||
|
payloads are placed in a region of memory that does not conflict with
|
||||||
|
the firmware code or the reserved memory map areas, such as the ROM
|
||||||
|
mapping ranges. This placement ensures that payloads have sufficient
|
||||||
|
space to execute without interfering with other critical memory regions
|
||||||
|
allocated \cite{coreboot_mem_management}.
|
||||||
|
|
||||||
|
\begin{table}[ht]
|
||||||
|
\makebox[\textwidth][c]{%
|
||||||
|
\begin{tabular}{
|
||||||
|
|>{\centering\arraybackslash}p{0.35\textwidth}
|
||||||
|
|>{\centering\arraybackslash}p{0.5\textwidth}|}
|
||||||
|
\hline
|
||||||
|
\texttt{0x00000 - 0x9FFFF}
|
||||||
|
& Low memory (first 640KB). Never used. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xA0000 - 0xAFFFF}
|
||||||
|
& VGA graphics address range. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xB0000 - 0xB7FFF}
|
||||||
|
& Monochrome text mode address range.
|
||||||
|
Few motherboards use
|
||||||
|
it, but the KGPE-D16 does. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xB8000 - 0xBFFFF}
|
||||||
|
& Text mode address range. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xFEC00000}
|
||||||
|
& IOAPIC address. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xFED44000 - 0xFED4FFFF}
|
||||||
|
& Address range for TPM registers. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xFF000000 - 0xFFFFFFFF}
|
||||||
|
& 16 MB ROM mapping address range. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xFF800000 - 0xFFFFFFFF}
|
||||||
|
& 8 MB ROM mapping address range. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xFFC00000 - 0xFFFFFFFF}
|
||||||
|
& 4 MB ROM mapping address range. \\
|
||||||
|
\hline
|
||||||
|
\texttt{0xFEC00000 - DEVICE MEM HIGH}
|
||||||
|
& Reserved area for OS use. \\
|
||||||
|
\hline
|
||||||
|
\end{tabular}}
|
||||||
|
\caption{\textit{coreboot} memory map}
|
||||||
|
\label{tab:memmap}
|
||||||
|
\end{table}
|
||||||
|
|
||||||
Some stages are relocatable and can be placed anywhere in the RAM. These stages
|
|
||||||
are typically cached in the CBMEM for faster loading times during
|
|
||||||
wake-up. The CBMEM is a specific memory area used by the
|
|
||||||
\textit{coreboot} firmware to store important data structures and logs during the
|
|
||||||
boot process. This area is typically allocated in the system's RAM and is used to
|
|
||||||
store various types of runtime information that it might need to reference
|
|
||||||
after the initial boot stages.
|
|
||||||
|
|
||||||
\subsection{Bootblock stage}
|
\subsection{Bootblock stage}
|
||||||
|
|
||||||
The bootblock is the first stage executed after the CPU reset.
|
|
||||||
The beginning of this stage is written in assembly language, and its main task is
|
|
||||||
to set everything up for a C environment. The rest, of course, is written in C.
|
|
||||||
This stage occupies the last 20k (fig. \ref{fig:coreboot_diagram}) of the image
|
|
||||||
and within it is a main header containing information about the ROM, including
|
|
||||||
the size, component alignment, and the offset of the start of the first CBFS
|
|
||||||
component in the ROM.
|
|
||||||
This block is a mandatory component as it also contains the entry point of the
|
|
||||||
firmware. \\
|
|
||||||
|
|
||||||
Upon startup, this stage is responsible for the initial hardware setup, which
|
|
||||||
involves identifying and configuring the CPU. This process is particularly
|
|
||||||
significant for AMD Family 10h/15h processors, where the firmware sets up the
|
|
||||||
Bootstrap Processor (BSP) and executes the necessary initialization routines:
|
|
||||||
using the BSP, it enables the processor's cache, a small but fast type of memory
|
|
||||||
that stores frequently accessed data, improving overall system speed by reducing
|
|
||||||
data access time. However, the cache is there used as memory since DDR DIMMs are
|
|
||||||
not available yet. This is done by programming the Memory Type Range
|
|
||||||
Registers (MTRRs), which define how different ranges of system memory are
|
|
||||||
accessed such as whether they are cacheable or non-cacheable, used to optimize
|
|
||||||
memory performance on normal operation \cite{BKDG}.
|
|
||||||
The firmware will then set the stack pointer, allocate memory for the BSS, and
|
|
||||||
decompress and load the next stage. On x86 platforms, this process also includes
|
|
||||||
updating the CPU microcode, initializing the timer, and transitioning from 16-bit
|
|
||||||
real mode to 32-bit protected mode. The bootblock is responsible for
|
|
||||||
loading the romstage, or the verstage if verified boot is enabled
|
|
||||||
\cite{coreboot_docs}.
|
|
||||||
|
|
||||||
\subsection{Romstage}
|
|
||||||
|
|
||||||
The purpose of the romstage is the early initialization of peripherals,
|
|
||||||
particularly system memory. The firmware also configures the Advanced
|
|
||||||
Programmable Interrupt Controller (APIC), responsible in handling interrupts
|
|
||||||
correctly across multiple CPUs, particularly in systems that use Symmetric
|
|
||||||
Multiprocessing (SMP).
|
|
||||||
In this phase, \textit{coreboot} sets up the APIC to manage interrupt routing,
|
|
||||||
which includes configuring the Local APIC on each processor and the IOAPIC, part
|
|
||||||
of the southbridge, for routing interrupts from peripherals to the appropriate
|
|
||||||
CPUs.
|
|
||||||
Lastly, it sets up the routing for HyperTransport (HT)
|
|
||||||
technology, a high-speed communication protocol used for data exchange between
|
|
||||||
the processor and the northbridge, ensuring that data flows smoothly
|
|
||||||
between these components. \\
|
|
||||||
|
|
||||||
Memory training and optimization are key functions of the firmware. During this
|
The bootblock is the first stage executed after the CPU reset. The
|
||||||
process, the firmware adjusts memory settings, such as timings, frequencies, and
|
beginning of this stage is written in assembly language, and its
|
||||||
voltages, to ensure that the installed memory modules operate efficiently and
|
main task is to set everything up for a C environment. The rest, of
|
||||||
stably. This step is crucial for achieving optimal performance, especially when
|
course, is written in C. This stage occupies the last 20k
|
||||||
dealing with large amounts of RAM for a large amount of CPU cores, as
|
(fig. \ref{fig:coreboot_diagram}) of the image and within it is a
|
||||||
supported by the KGPE-D16. We will dive into this topic later on. \\
|
main header containing information about the ROM, including the
|
||||||
|
size, component alignment, and the offset of the start of the first
|
||||||
|
CBFS component. This block is a mandatory component as it also
|
||||||
|
contains the entry point of the firmware. \\
|
||||||
|
|
||||||
|
\begin{figure}[H]
|
||||||
|
\centering
|
||||||
|
\includegraphics[width=0.8\textwidth]{
|
||||||
|
images/fig8_coreboot_architecture.png}
|
||||||
|
\caption{\textit{coreboot} ROM architecture
|
||||||
|
(CC BY-SA 4.0, 2024)}
|
||||||
|
\label{fig:coreboot_diagram}
|
||||||
|
\end{figure}
|
||||||
|
|
||||||
|
Upon startup, this stage is responsible for the initial hardware
|
||||||
|
setup, which involves identifying and configuring the CPU. This
|
||||||
|
process is particularly significant for AMD Family 10h/15h
|
||||||
|
processors, where the firmware sets up the Bootstrap Processor
|
||||||
|
(BSP) and executes the necessary initialization routines: using
|
||||||
|
the BSP, it enables the processor's cache, a small but fast type
|
||||||
|
of memory that stores frequently accessed data, improving overall
|
||||||
|
system speed by reducing data access time. However, the cache is
|
||||||
|
there used as memory since DDR DIMMs are not available yet. This is
|
||||||
|
done by programming the Memory Type Range Registers (MTRRs), which
|
||||||
|
define how different ranges of system memory are accessed such as
|
||||||
|
whether they are cacheable or non-cacheable, used to optimize memory
|
||||||
|
performance on normal operation \cite{BKDG}. The firmware will then
|
||||||
|
set the stack pointer, allocate memory for the BSS, and decompress
|
||||||
|
and load the next stage. On x86 platforms, this process also
|
||||||
|
includes updating the CPU microcode, initializing the timer, and
|
||||||
|
transitioning from 16-bit real mode to 32-bit protected mode. The
|
||||||
|
bootblock is responsible for loading the romstage, or the verstage
|
||||||
|
if verified boot is enabled \cite{coreboot_docs}. \\
|
||||||
|
|
||||||
|
\subsection{Romstage}
|
||||||
|
|
||||||
|
The purpose of the romstage is the early initialization of
|
||||||
|
peripherals, particularly system memory. The firmware also
|
||||||
|
configures the Advanced Programmable Interrupt Controller (APIC),
|
||||||
|
responsible in handling interrupts correctly across multiple CPUs,
|
||||||
|
particularly in systems that use Symmetric Multiprocessing (SMP).
|
||||||
|
In this phase, \textit{coreboot} sets up the APIC to manage
|
||||||
|
interrupt routing, which includes configuring the Local APIC on each
|
||||||
|
processor and the IOAPIC, part of the southbridge, for routing
|
||||||
|
interrupts from peripherals to the appropriate CPUs. Lastly, it sets
|
||||||
|
up the routing for HyperTransport (HT) technology, a high-speed
|
||||||
|
communication protocol used for data exchange between the processor
|
||||||
|
and the northbridge, ensuring that data flows smoothly between these
|
||||||
|
components. \\
|
||||||
|
|
||||||
|
Memory training and optimization are key functions of the firmware.
|
||||||
|
During this process, the firmware adjusts memory settings, such as
|
||||||
|
timings, frequencies, and voltages, to ensure that the installed
|
||||||
|
memory modules operate efficiently and stably. This step is crucial
|
||||||
|
for achieving optimal performance, especially when dealing with large
|
||||||
|
amounts of RAM for a large amount of CPU cores, as supported by the
|
||||||
|
KGPE-D16. We will dive into this topic later on. \\
|
||||||
|
|
||||||
\subsection{Ramstage}
|
\subsection{Ramstage}
|
||||||
|
|
||||||
The ramstage performs the general initialization of all peripherals, including
|
The ramstage performs the general initialization of all peripherals,
|
||||||
the initialization of PCI devices, on-chip devices, the TPM (if not done by
|
including the initialization of PCI devices, on-chip devices, the TPM
|
||||||
verstage), graphics (optional), and the CPU (setting up the System Management
|
(if not done by verstage), graphics (optional), and the CPU (setting up
|
||||||
Mode). After this initialization, tables are written to inform the payload or
|
the System Management Mode). After this initialization, tables are
|
||||||
operating system about the existence and current state of the hardware. These
|
written to inform the payload or operating system about the existence
|
||||||
tables include ACPI tables (specific to x86), SMBIOS tables (specific to x86),
|
and current state of the hardware. These tables include ACPI tables
|
||||||
coreboot tables, and updates to the device tree (specific to ARM). Additionally,
|
(specific to x86), SMBIOS tables (specific to x86), coreboot tables,
|
||||||
the ramstage locks down the hardware and firmware by applying write protection to
|
and updates to the device tree (specific to ARM). Additionally, the
|
||||||
boot media, locking security-related registers, and locking SMM (specific to
|
ramstage locks down the hardware and firmware by applying write
|
||||||
x86). \\
|
protection to boot media, locking security-related registers, and
|
||||||
|
locking SMM (specific to x86).
|
||||||
Effective resource allocation is essential for system stability, particularly in
|
Effective resource allocation is essential for system stability,
|
||||||
complex configurations involving multiple CPUs and peripherals. The firmware
|
particularly in complex configurations involving multiple CPUs and
|
||||||
manages resource allocation, resolving any conflicts between hardware components
|
peripherals. This stage manages initial resource allocation, resolving
|
||||||
to prevent resource contention and ensure smooth operation. \\
|
any conflicts between hardware components to prevent resource contention
|
||||||
|
and ensure smooth operation and security, which is a major
|
||||||
|
concern in modern systems. This includes support for IOMMU, which is
|
||||||
|
crucial for preventing unauthorized direct memory access (DMA) attacks,
|
||||||
|
particularly in virtualized environments.
|
||||||
|
|
||||||
Power management is another critical aspect managed by the firmware. Through the
|
\subsubsection{Advanced Configuration and Power Interface}
|
||||||
Advanced Configuration and Power Interface (ACPI), the firmware can adjust the
|
|
||||||
power states of various components, optimizing energy consumption across the
|
|
||||||
system. This not only reduces power usage but also minimizes heat generation,
|
|
||||||
which is vital for maintaining system longevity and efficiency. \\
|
|
||||||
|
|
||||||
Security is a major concern in modern systems, and the KGPE-D16’s firmware
|
The Advanced Configuration and Power Interface (ACPI) is a critical component
|
||||||
includes features designed to protect the system from unauthorized access and
|
of modern computing systems, providing an open standard for device
|
||||||
maintain the integrity of its operations. This includes support for IOMMU, which
|
configuration and power management by the operating system (OS). Developed in
|
||||||
is crucial for preventing unauthorized direct memory access (DMA) attacks,
|
1996 by Intel, Microsoft, and Toshiba, ACPI replaced the older Advanced Power
|
||||||
particularly in virtualized environments.
|
Management (APM) standard with more advanced and flexible power management
|
||||||
|
capabilities\cite{intel_acpi_spec}.
|
||||||
|
At its core, ACPI is implemented through a series of data structures and
|
||||||
|
executable code known as ACPI tables, which are provided by the system firmware
|
||||||
|
and interpreted by the OS. These tables describe various aspects of the system,
|
||||||
|
including hardware resources, device power states, and thermal zones. The ACPI
|
||||||
|
Specification outlines these structures and provides the necessary
|
||||||
|
standardization for interoperability across different platforms and operating
|
||||||
|
systems\cite{acpi_os_support}. These tables are used by the OS to perform
|
||||||
|
low-level task, including managing power states of the CPU, controlling the
|
||||||
|
voltage and frequency scaling (also known as Dynamic Voltage and Frequency
|
||||||
|
Scaling, or DVFS), and coordinating power delivery to peripherals. \newline
|
||||||
|
|
||||||
|
The ACPI Component Architecture (ACPICA) is the reference implementation of
|
||||||
|
ACPI, providing a common codebase that can be used by OS developers to
|
||||||
|
integrate ACPI support. ACPICA includes tools and libraries that allow for the
|
||||||
|
parsing and execution of ACPI Machine Language (AML) code, which is embedded
|
||||||
|
within the ACPI tables\cite{acpi_programming}. One of the key tools in ACPICA
|
||||||
|
is the Intel ACPI Source Language (IASL) compiler, which converts ACPI Source
|
||||||
|
Language (ASL) code into AML bytecode, allowing firmware developers to write
|
||||||
|
custom ACPI methods\cite{intel_acpi_spec}.
|
||||||
|
The triggering of ACPI events is managed through a combination of hardware
|
||||||
|
signals and software routines. For example, when a user presses the power
|
||||||
|
button on a system, an ACPI event is generated, which is then handled by the
|
||||||
|
OS. This event might trigger the system to enter a low-power state, such as
|
||||||
|
sleep or hibernation, depending on the configuration provided by the ACPI
|
||||||
|
tables\cite{acpi_os_support}. These power states are defined in the ACPI
|
||||||
|
specification, with global states (G0 to G3) representing different levels of
|
||||||
|
system power consumption, and device states (D0 to D3) representing individual
|
||||||
|
device power levels. \\
|
||||||
|
|
||||||
|
The ASUS KGPE-D16 mainboard, which is designed
|
||||||
|
for server and high-performance computing environments, utilizes ACPI for
|
||||||
|
managing its power distribution across multiple CPUs and attached peripherals.
|
||||||
|
ACPI is integral in controlling the power states of various components, thereby
|
||||||
|
optimizing performance and energy use. Additionally, the firmware on the
|
||||||
|
KGPE-D16 uses ACPI tables to manage system temperature and fan speed, ensuring
|
||||||
|
reliable operation under heavy workloads\cite{asus_kgpe_d16_manual}.
|
||||||
|
|
||||||
|
\subsubsection{System Management Mode}
|
||||||
|
|
||||||
|
System Management Mode (SMM) is a highly privileged operating mode provided by
|
||||||
|
x86 processors for handling system-level functions such as power management,
|
||||||
|
hardware control, and other critical tasks that must be isolated from the OS
|
||||||
|
and applications. Introduced by Intel, SMM operates in an environment separate
|
||||||
|
from the main operating system, offering a secure and controlled space for
|
||||||
|
executing sensitive operations\cite{uefi_smm_security}. \\
|
||||||
|
|
||||||
|
SMM is triggered by a System Management Interrupt (SMI), which is a
|
||||||
|
non-maskable interrupt that causes the CPU to save its current state and switch
|
||||||
|
to executing code stored in a protected area of memory called System Management
|
||||||
|
RAM (SMRAM). SMRAM is a specialized memory region that is isolated from the
|
||||||
|
rest of the system, making it inaccessible to the OS and preventing tampering
|
||||||
|
or interference from other software\cite{heasman2007}. Within SMM, the
|
||||||
|
firmware can execute various low-level functions that require direct hardware
|
||||||
|
control or need to be protected from the OS. This includes tasks such as
|
||||||
|
thermal management, where the system monitors CPU temperature and adjusts
|
||||||
|
performance or power levels to prevent overheating, as well as power management
|
||||||
|
routines that enable efficient energy usage by adjusting power states based on
|
||||||
|
system activity\cite{offsec_bios_smm}.
|
||||||
|
One of the critical security features of SMM is its role in managing firmware
|
||||||
|
updates and handling system-level security events. Because SMM operates in a
|
||||||
|
privileged mode that is isolated from the OS, it can securely apply firmware
|
||||||
|
updates and respond to security threats without being affected by potentially
|
||||||
|
compromised system software\cite{domas2015}. However, the high privilege level
|
||||||
|
and isolation of SMM also present significant security challenges. If an
|
||||||
|
attacker can compromise SMM, they gain full control over the system, bypassing
|
||||||
|
all security measures implemented by the OS\cite{cyber_smm_hack}. \\
|
||||||
|
|
||||||
|
The ASUS KGPE-D16 mainboard utilizes SMM to
|
||||||
|
perform critical management tasks that need to be isolated from the operating
|
||||||
|
system. For example, SMM is used to monitor and manage system health by
|
||||||
|
responding to thermal events and adjusting power levels to maintain system
|
||||||
|
stability. SMM operates independently of the main operating system, allowing it
|
||||||
|
to perform sensitive tasks securely.
|
||||||
|
\textit{coreboot}, an open-source firmware project, supports SMM, but its
|
||||||
|
implementation
|
||||||
|
is typically minimal compared to traditional BIOS/UEFI systems.
|
||||||
|
In \textit{coreboot}, SMM initialization involves setting up the System Management
|
||||||
|
Interrupt (SMI) handler and configuring System Management RAM (SMRAM), the
|
||||||
|
memory region where SMM code executes\cite{brown2003linuxbios}. The extent of
|
||||||
|
SMM support in \textit{coreboot} can vary significantly depending on the hardware
|
||||||
|
platform and the specific requirements of the system. \textit{coreboot}'s design
|
||||||
|
philosophy emphasizes a lightweight and fast boot process, delegating more
|
||||||
|
complex management tasks to payloads or the operating system itself
|
||||||
|
\cite{reinauer2008coreboot}.
|
||||||
|
|
||||||
|
One of the key challenges with implementing SMM in \textit{coreboot} is ensuring
|
||||||
|
that
|
||||||
|
SMI handlers are configured correctly to manage necessary system tasks without
|
||||||
|
compromising security or performance. \textit{coreboot}'s approach to SMM is
|
||||||
|
consistent
|
||||||
|
with its overall goal of providing a streamlined and efficient firmware
|
||||||
|
solution, leaving more intricate functionalities to be handled by subsequent
|
||||||
|
software layers\cite{mohr2012comparative}.
|
||||||
|
|
||||||
\subsection{Payload}
|
\subsection{Payload}
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
|
|
||||||
\begin{listing}[H]
|
\begin{listing}[H]
|
||||||
\begin{adjustwidth}{0.5cm}{0.5cm}
|
\begin{adjustwidth}{0.5cm}{0.5cm}
|
||||||
\inputminted{c}{listings/test.c}
|
\inputminted{c}{listings/test.c}
|
||||||
\end{adjustwidth}
|
\end{adjustwidth}
|
||||||
\caption{\textit{Example Python functions}}
|
\caption{\textit{Example C code}}
|
||||||
\label{lst:python_code}
|
\label{lst:c_code}
|
||||||
\end{listing}
|
\end{listing}
|
||||||
|
|
||||||
We saw that in (lst. \ref{lst:python_code}).
|
We saw that in (lst. \ref{lst:c_code}).
|
||||||
|
|
||||||
\section{Advanced Configuration and Power Interface}
|
\section{AMD Platform Security Processor and Intel Management Engine}
|
||||||
|
|
||||||
The Advanced Configuration and Power Interface (ACPI) is a critical component
|
The AMD Platform Security Processor (PSP) and Intel Management Engine (ME) are
|
||||||
of modern computing systems, providing an open standard for device
|
embedded subsystems within AMD and Intel processors, respectively, that handle
|
||||||
configuration and power management by the operating system (OS). Developed in
|
a range of security-related tasks independent of the main CPU. These
|
||||||
1996 by Intel, Microsoft, and Toshiba, ACPI replaced the older Advanced Power
|
subsystems are fundamental to the security architecture of modern computing
|
||||||
Management (APM) standard with more advanced and flexible power management
|
platforms, providing functions such as secure boot, cryptographic key
|
||||||
capabilities\cite{intel_acpi_spec}.
|
management, and remote system management\cite{amd_psp_overview}.
|
||||||
At its core, ACPI is implemented through a series of data structures and
|
The AMD PSP is based on an ARM Cortex-A5 processor and is responsible for
|
||||||
executable code known as ACPI tables, which are provided by the system firmware
|
several security functions, including the validation of firmware during boot
|
||||||
and interpreted by the OS. These tables describe various aspects of the system,
|
(secure boot), management of Trusted Platform Module (TPM) functions, and
|
||||||
including hardware resources, device power states, and thermal zones. The ACPI
|
handling cryptographic operations such as key generation and storage. The PSP
|
||||||
Specification outlines these structures and provides the necessary
|
operates independently of the main x86 cores, which allows it to execute
|
||||||
standardization for interoperability across different platforms and operating
|
security functions even when the main system is powered off or compromised by
|
||||||
systems\cite{acpi_os_support}. These tables are used by the OS to perform
|
malware\cite{amd_psp_overview}. The PSP's isolated environment ensures that
|
||||||
low-level task, including managing power states of the CPU, controlling the
|
sensitive operations are protected from threats that could affect the main OS.
|
||||||
voltage and frequency scaling (also known as Dynamic Voltage and Frequency
|
|
||||||
Scaling, or DVFS), and coordinating power delivery to peripherals. \newline
|
|
||||||
|
|
||||||
The ACPI Component Architecture (ACPICA) is the reference implementation of
|
Similarly, the Intel Management Engine (ME) is a dedicated microcontroller
|
||||||
ACPI, providing a common codebase that can be used by OS developers to
|
embedded within Intel chipsets that operates independently of the main CPU.
|
||||||
integrate ACPI support. ACPICA includes tools and libraries that allow for the
|
The ME is a comprehensive subsystem that provides a variety of functions,
|
||||||
parsing and execution of ACPI Machine Language (AML) code, which is embedded
|
including out-of-band system management, security enforcement, and support for
|
||||||
within the ACPI tables\cite{acpi_programming}. One of the key tools in ACPICA
|
Digital Rights Management (DRM) \cite{intel_csme}. The ME's firmware runs on an
|
||||||
is the Intel ACPI Source Language (IASL) compiler, which converts ACPI Source
|
isolated environment that allows it to perform these tasks securely, even when
|
||||||
Language (ASL) code into AML bytecode, allowing firmware developers to write
|
the system is powered off. This capability is crucial for enterprise
|
||||||
custom ACPI methods\cite{intel_acpi_spec}.
|
environments where administrators need to perform remote diagnostics, updates,
|
||||||
The triggering of ACPI events is managed through a combination of hardware
|
and security checks without relying on the main OS. \newline
|
||||||
signals and software routines. For example, when a user presses the power
|
|
||||||
button on a system, an ACPI event is generated, which is then handled by the
|
|
||||||
OS. This event might trigger the system to enter a low-power state, such as
|
|
||||||
sleep or hibernation, depending on the configuration provided by the ACPI
|
|
||||||
tables\cite{acpi_os_support}. These power states are defined in the ACPI
|
|
||||||
specification, with global states (G0 to G3) representing different levels of
|
|
||||||
system power consumption, and device states (D0 to D3) representing individual
|
|
||||||
device power levels. \newline
|
|
||||||
|
|
||||||
\textbf{ASUS KGPE-D16 Example}: The ASUS KGPE-D16 mainboard, which is designed
|
The Intel ME, however, has been a source of controversy due to its deep
|
||||||
for server and high-performance computing environments, utilizes ACPI for
|
integration into the hardware and its potential to be exploited if
|
||||||
managing its power distribution across multiple CPUs and attached peripherals.
|
vulnerabilities are discovered. Researchers have demonstrated ways to hack into
|
||||||
ACPI is integral in controlling the power states of various components, thereby
|
the ME, potentially gaining control over a system even when it is powered off
|
||||||
optimizing performance and energy use. Additionally, the firmware on the
|
\cite{blackhat_me_hack}. These concerns have led to calls for greater
|
||||||
KGPE-D16 uses ACPI tables to manage system temperature and fan speed, ensuring
|
transparency and security measures around the ME and similar subsystems.
|
||||||
reliable operation under heavy workloads\cite{ASUS_kgpe_d16_manual}.
|
When comparing Intel ME and AMD PSP, the primary difference lies in their scope
|
||||||
|
and functionality. Intel ME offers more extensive remote management
|
||||||
|
capabilities, making it a more comprehensive tool for enterprise environments,
|
||||||
|
while AMD PSP focuses more narrowly on core security tasks. Nonetheless, both
|
||||||
|
play critical roles in ensuring the security and integrity of modern computing
|
||||||
|
systems. \newline
|
||||||
|
|
||||||
\section{System Management Mode}
|
The ASUS KGPE-D16 mainboard does not include the AMD Platform Security
|
||||||
|
Processor (PSP) nor the Intel ME.
|
||||||
System Management Mode (SMM) is a highly privileged operating mode provided by
|
|
||||||
x86 processors for handling system-level functions such as power management,
|
|
||||||
hardware control, and other critical tasks that must be isolated from the OS
|
|
||||||
and applications. Introduced by Intel, SMM operates in an environment separate
|
|
||||||
from the main operating system, offering a secure and controlled space for
|
|
||||||
executing sensitive operations\cite{uefi_smm_security}. \newline
|
|
||||||
|
|
||||||
SMM is triggered by a System Management Interrupt (SMI), which is a
|
|
||||||
non-maskable interrupt that causes the CPU to save its current state and switch
|
|
||||||
to executing code stored in a protected area of memory called System Management
|
|
||||||
RAM (SMRAM). SMRAM is a specialized memory region that is isolated from the
|
|
||||||
rest of the system, making it inaccessible to the OS and preventing tampering
|
|
||||||
or interference from other software\cite{heasman2007}. Within SMM, the
|
|
||||||
firmware can execute various low-level functions that require direct hardware
|
|
||||||
control or need to be protected from the OS. This includes tasks such as
|
|
||||||
thermal management, where the system monitors CPU temperature and adjusts
|
|
||||||
performance or power levels to prevent overheating, as well as power management
|
|
||||||
routines that enable efficient energy usage by adjusting power states based on
|
|
||||||
system activity\cite{offsec_bios_smm}.
|
|
||||||
One of the critical security features of SMM is its role in managing firmware
|
|
||||||
updates and handling system-level security events. Because SMM operates in a
|
|
||||||
privileged mode that is isolated from the OS, it can securely apply firmware
|
|
||||||
updates and respond to security threats without being affected by potentially
|
|
||||||
compromised system software\cite{domas2015}. However, the high privilege level
|
|
||||||
and isolation of SMM also present significant security challenges. If an
|
|
||||||
attacker can compromise SMM, they gain full control over the system, bypassing
|
|
||||||
all security measures implemented by the OS\cite{cyber_smm_hack}. \newline
|
|
||||||
|
|
||||||
\textbf{ASUS KGPE-D16 Example}: The ASUS KGPE-D16 mainboard utilizes SMM to
|
|
||||||
perform critical management tasks that need to be isolated from the operating
|
|
||||||
system. For example, SMM is used to monitor and manage system health by
|
|
||||||
responding to thermal events and adjusting power levels to maintain system
|
|
||||||
stability. SMM operates independently of the main operating system, allowing it
|
|
||||||
to perform sensitive tasks securely.
|
|
||||||
\textit{coreboot}, an open-source firmware project, supports SMM, but its
|
|
||||||
implementation
|
|
||||||
is typically minimal compared to traditional BIOS/UEFI systems.
|
|
||||||
In \textit{coreboot}, SMM initialization involves setting up the System Management
|
|
||||||
Interrupt (SMI) handler and configuring System Management RAM (SMRAM), the
|
|
||||||
memory region where SMM code executes\cite{brown2003linuxbios}. The extent of
|
|
||||||
SMM support in \textit{coreboot} can vary significantly depending on the hardware
|
|
||||||
platform and the specific requirements of the system. \textit{coreboot}'s design
|
|
||||||
philosophy emphasizes a lightweight and fast boot process, delegating more
|
|
||||||
complex management tasks to payloads or the operating system itself
|
|
||||||
\cite{reinauer2008coreboot}.
|
|
||||||
|
|
||||||
One of the key challenges with implementing SMM in \textit{coreboot} is ensuring
|
|
||||||
that
|
|
||||||
SMI handlers are configured correctly to manage necessary system tasks without
|
|
||||||
compromising security or performance. \textit{coreboot}'s approach to SMM is
|
|
||||||
consistent
|
|
||||||
with its overall goal of providing a streamlined and efficient firmware
|
|
||||||
solution, leaving more intricate functionalities to be handled by subsequent
|
|
||||||
software layers\cite{mohr2012comparative}.
|
|
||||||
|
|
||||||
\section{AMD Platform Security Processor and Intel Management Engine}
|
|
||||||
|
|
||||||
The AMD Platform Security Processor (PSP) and Intel Management Engine (ME) are
|
|
||||||
embedded subsystems within AMD and Intel processors, respectively, that handle
|
|
||||||
a range of security-related tasks independent of the main CPU. These
|
|
||||||
subsystems are fundamental to the security architecture of modern computing
|
|
||||||
platforms, providing functions such as secure boot, cryptographic key
|
|
||||||
management, and remote system management\cite{amd_psp_overview}.
|
|
||||||
The AMD PSP is based on an ARM Cortex-A5 processor and is responsible for
|
|
||||||
several security functions, including the validation of firmware during boot
|
|
||||||
(secure boot), management of Trusted Platform Module (TPM) functions, and
|
|
||||||
handling cryptographic operations such as key generation and storage. The PSP
|
|
||||||
operates independently of the main x86 cores, which allows it to execute
|
|
||||||
security functions even when the main system is powered off or compromised by
|
|
||||||
malware\cite{amd_psp_overview}. The PSP's isolated environment ensures that
|
|
||||||
sensitive operations are protected from threats that could affect the main OS.
|
|
||||||
|
|
||||||
Similarly, the Intel Management Engine (ME) is a dedicated microcontroller
|
|
||||||
embedded within Intel chipsets that operates independently of the main CPU.
|
|
||||||
The ME is a comprehensive subsystem that provides a variety of functions,
|
|
||||||
including out-of-band system management, security enforcement, and support for
|
|
||||||
Digital Rights Management (DRM) \cite{intel_csme}. The ME's firmware runs on an
|
|
||||||
isolated environment that allows it to perform these tasks securely, even when
|
|
||||||
the system is powered off. This capability is crucial for enterprise
|
|
||||||
environments where administrators need to perform remote diagnostics, updates,
|
|
||||||
and security checks without relying on the main OS. \newline
|
|
||||||
|
|
||||||
The Intel ME, however, has been a source of controversy due to its deep
|
|
||||||
integration into the hardware and its potential to be exploited if
|
|
||||||
vulnerabilities are discovered. Researchers have demonstrated ways to hack into
|
|
||||||
the ME, potentially gaining control over a system even when it is powered off
|
|
||||||
\cite{blackhat_me_hack}. These concerns have led to calls for greater
|
|
||||||
transparency and security measures around the ME and similar subsystems.
|
|
||||||
When comparing Intel ME and AMD PSP, the primary difference lies in their scope
|
|
||||||
and functionality. Intel ME offers more extensive remote management
|
|
||||||
capabilities, making it a more comprehensive tool for enterprise environments,
|
|
||||||
while AMD PSP focuses more narrowly on core security tasks. Nonetheless, both
|
|
||||||
play critical roles in ensuring the security and integrity of modern computing
|
|
||||||
systems. \newline
|
|
||||||
|
|
||||||
\textbf{ASUS KGPE-D16 Example}: The ASUS KGPE-D16 mainboard does not include
|
|
||||||
the AMD Platform Security Processor (PSP) or the Intel ME.
|
|
||||||
|
|
||||||
\chapter{Memory initialization and training algorithms [WIP]}
|
\chapter{Memory initialization and training algorithms [WIP]}
|
||||||
|
|
||||||
|
@ -1080,9 +1148,18 @@
|
||||||
|
|
||||||
\newpage
|
\newpage
|
||||||
|
|
||||||
\chapter*{\rlap{GNU Free Documentation License}}
|
% List of figures
|
||||||
|
\addcontentsline{toc}{chapter}{List of Figures}
|
||||||
|
\listoffigures
|
||||||
|
\newpage
|
||||||
|
|
||||||
|
% List of figures
|
||||||
|
\addcontentsline{toc}{chapter}{List of Listings}
|
||||||
|
\listoflistings
|
||||||
|
\newpage
|
||||||
|
|
||||||
|
\chapter*{\center\rlap{GNU Free Documentation License}}
|
||||||
\addcontentsline{toc}{chapter}{GNU Free Documentation License}
|
\addcontentsline{toc}{chapter}{GNU Free Documentation License}
|
||||||
\begin{center}
|
|
||||||
|
|
||||||
Version 1.3, 3 November 2008
|
Version 1.3, 3 November 2008
|
||||||
|
|
||||||
|
@ -1097,12 +1174,12 @@
|
||||||
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
of this license document, but changing it is not allowed.
|
of this license document, but changing it is not allowed.
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\bf\large Preamble}
|
|
||||||
\end{center}
|
\bigskip\bigskip{\bf\large Preamble}\bigskip
|
||||||
|
|
||||||
|
|
||||||
The purpose of this License is to make a manual, textbook, or other
|
The purpose of this License is to make a manual, textbook, or other
|
||||||
functional and useful document ``free'' in the sense of freedom: to
|
functional and useful document ``free'' in the sense of freedom: to
|
||||||
|
@ -1126,9 +1203,9 @@ whether it is published as a printed book. We recommend this License
|
||||||
principally for works whose purpose is instruction or reference.
|
principally for works whose purpose is instruction or reference.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 1. APPLICABILITY AND DEFINITIONS\par}
|
\bigskip\bigskip{\Large\bf 1. APPLICABILITY AND DEFINITIONS\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
This License applies to any manual or other work, in any medium, that
|
This License applies to any manual or other work, in any medium, that
|
||||||
contains a notice placed by the copyright holder saying it can be
|
contains a notice placed by the copyright holder saying it can be
|
||||||
|
@ -1219,9 +1296,9 @@ implication that these Warranty Disclaimers may have is void and has
|
||||||
no effect on the meaning of this License.
|
no effect on the meaning of this License.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 2. VERBATIM COPYING\par}
|
\bigskip\bigskip{\Large\bf 2. VERBATIM COPYING\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
You may copy and distribute the Document in any medium, either
|
You may copy and distribute the Document in any medium, either
|
||||||
commercially or noncommercially, provided that this License, the
|
commercially or noncommercially, provided that this License, the
|
||||||
|
@ -1237,9 +1314,9 @@ You may also lend copies, under the same conditions stated above, and
|
||||||
you may publicly display copies.
|
you may publicly display copies.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 3. COPYING IN QUANTITY\par}
|
\bigskip\bigskip{\Large\bf 3. COPYING IN QUANTITY\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
If you publish printed copies (or copies in media that commonly have
|
If you publish printed copies (or copies in media that commonly have
|
||||||
|
@ -1278,9 +1355,9 @@ Document well before redistributing any large number of copies, to give
|
||||||
them a chance to provide you with an updated version of the Document.
|
them a chance to provide you with an updated version of the Document.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 4. MODIFICATIONS\par}
|
\bigskip\bigskip{\Large\bf 4. MODIFICATIONS\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
You may copy and distribute a Modified Version of the Document under
|
You may copy and distribute a Modified Version of the Document under
|
||||||
the conditions of sections 2 and 3 above, provided that you release
|
the conditions of sections 2 and 3 above, provided that you release
|
||||||
|
@ -1396,9 +1473,9 @@ give permission to use their names for publicity for or to assert or
|
||||||
imply endorsement of any Modified Version.
|
imply endorsement of any Modified Version.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 5. COMBINING DOCUMENTS\par}
|
\bigskip\bigskip{\Large\bf 5. COMBINING DOCUMENTS\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
You may combine the Document with other documents released under this
|
You may combine the Document with other documents released under this
|
||||||
|
@ -1423,9 +1500,9 @@ in the various original documents, forming one section Entitled
|
||||||
and any sections Entitled ``Dedications''. You must delete all sections
|
and any sections Entitled ``Dedications''. You must delete all sections
|
||||||
Entitled ``Endorsements''.
|
Entitled ``Endorsements''.
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 6. COLLECTIONS OF DOCUMENTS\par}
|
\bigskip\bigskip{\Large\bf 6. COLLECTIONS OF DOCUMENTS\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
You may make a collection consisting of the Document and other documents
|
You may make a collection consisting of the Document and other documents
|
||||||
released under this License, and replace the individual copies of this
|
released under this License, and replace the individual copies of this
|
||||||
|
@ -1439,9 +1516,9 @@ License into the extracted document, and follow this License in all
|
||||||
other respects regarding verbatim copying of that document.
|
other respects regarding verbatim copying of that document.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 7. AGGREGATION WITH INDEPENDENT WORKS\par}
|
\bigskip\bigskip{\Large\bf 7. AGGREGATION WITH INDEPENDENT WORKS\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
A compilation of the Document or its derivatives with other separate
|
A compilation of the Document or its derivatives with other separate
|
||||||
|
@ -1462,9 +1539,9 @@ Otherwise they must appear on printed covers that bracket the whole
|
||||||
aggregate.
|
aggregate.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 8. TRANSLATION\par}
|
\bigskip\bigskip{\Large\bf 8. TRANSLATION\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
Translation is considered a kind of modification, so you may
|
Translation is considered a kind of modification, so you may
|
||||||
|
@ -1486,9 +1563,9 @@ its Title (section~1) will typically require changing the actual
|
||||||
title.
|
title.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 9. TERMINATION\par}
|
\bigskip\bigskip{\Large\bf 9. TERMINATION\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
You may not copy, modify, sublicense, or distribute the Document
|
You may not copy, modify, sublicense, or distribute the Document
|
||||||
|
@ -1517,9 +1594,9 @@ reinstated, receipt of a copy of some or all of the same material does
|
||||||
not give you any rights to use it.
|
not give you any rights to use it.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 10. FUTURE REVISIONS OF THIS LICENSE\par}
|
\bigskip\bigskip{\Large\bf 10. FUTURE REVISIONS OF THIS LICENSE\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
The Free Software Foundation may publish new, revised versions
|
The Free Software Foundation may publish new, revised versions
|
||||||
|
@ -1542,9 +1619,9 @@ version permanently authorizes you to choose that version for the
|
||||||
Document.
|
Document.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf 11. RELICENSING\par}
|
\bigskip\bigskip{\Large\bf 11. RELICENSING\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
|
|
||||||
``Massive Multiauthor Collaboration Site'' (or ``MMC Site'') means any
|
``Massive Multiauthor Collaboration Site'' (or ``MMC Site'') means any
|
||||||
|
@ -1575,9 +1652,9 @@ under CC-BY-SA on the same site at any time before August 1, 2009,
|
||||||
provided the MMC is eligible for relicensing.
|
provided the MMC is eligible for relicensing.
|
||||||
|
|
||||||
|
|
||||||
\begin{center}
|
|
||||||
{\Large\bf ADDENDUM: How to use this License for your documents\par}
|
\bigskip\bigskip{\Large\bf ADDENDUM: How to use this License for your documents\par}\bigskip
|
||||||
\end{center}
|
|
||||||
|
|
||||||
To use this License in a document you have written, include a copy of
|
To use this License in a document you have written, include a copy of
|
||||||
the License in the document and put the following copyright and
|
the License in the document and put the following copyright and
|
||||||
|
@ -1615,4 +1692,3 @@ free software license, such as the GNU General Public License,
|
||||||
to permit their use in free software.
|
to permit their use in free software.
|
||||||
|
|
||||||
\end{document}
|
\end{document}
|
||||||
|
|
||||||
|
|
|
@ -1,38 +1,40 @@
|
||||||
\babel@toc {english}{}\relax
|
\babel@toc {english}{}\relax
|
||||||
\contentsline {chapter}{Abstract}{4}{chapter*.1}%
|
\contentsline {chapter}{Abstract}{5}{chapter*.1}%
|
||||||
\contentsline {chapter}{\numberline {1}Introduction to firmware and BIOS evolution}{5}{chapter.1}%
|
\contentsline {chapter}{\numberline {1}Introduction to firmware and BIOS evolution}{6}{chapter.1}%
|
||||||
\contentsline {section}{\numberline {1.1}Historical context of BIOS}{5}{section.1.1}%
|
\contentsline {section}{\numberline {1.1}Historical context of BIOS}{6}{section.1.1}%
|
||||||
\contentsline {subsection}{\numberline {1.1.1}Definition and origin}{5}{subsection.1.1.1}%
|
\contentsline {subsection}{\numberline {1.1.1}Definition and origin}{6}{subsection.1.1.1}%
|
||||||
\contentsline {subsection}{\numberline {1.1.2}Functionalities and limitations}{6}{subsection.1.1.2}%
|
\contentsline {subsection}{\numberline {1.1.2}Functionalities and limitations}{7}{subsection.1.1.2}%
|
||||||
\contentsline {section}{\numberline {1.2}Modern BIOS and UEFI}{7}{section.1.2}%
|
\contentsline {section}{\numberline {1.2}Modern BIOS and UEFI}{8}{section.1.2}%
|
||||||
\contentsline {subsection}{\numberline {1.2.1}Transition from traditional BIOS to UEFI (Unified Extensible Firmware Interface)}{7}{subsection.1.2.1}%
|
\contentsline {subsection}{\numberline {1.2.1}Transition from traditional BIOS to UEFI (Unified Extensible Firmware Interface)}{8}{subsection.1.2.1}%
|
||||||
\contentsline {subsection}{\numberline {1.2.2}An other way with \textit {coreboot}}{7}{subsection.1.2.2}%
|
\contentsline {subsection}{\numberline {1.2.2}An other way with \textit {coreboot}}{8}{subsection.1.2.2}%
|
||||||
\contentsline {section}{\numberline {1.3}Shift in firmware responsibilities}{9}{section.1.3}%
|
\contentsline {section}{\numberline {1.3}Shift in firmware responsibilities}{10}{section.1.3}%
|
||||||
\contentsline {chapter}{\numberline {2}Characteristics of ASUS KGPE-D16 mainboard}{10}{chapter.2}%
|
\contentsline {chapter}{\numberline {2}Characteristics of ASUS KGPE-D16 mainboard}{11}{chapter.2}%
|
||||||
\contentsline {section}{\numberline {2.1}Overview of ASUS KGPE-D16 hardware}{11}{section.2.1}%
|
\contentsline {section}{\numberline {2.1}Overview of ASUS KGPE-D16 hardware}{12}{section.2.1}%
|
||||||
\contentsline {section}{\numberline {2.2}Chipset}{12}{section.2.2}%
|
\contentsline {section}{\numberline {2.2}Chipset}{13}{section.2.2}%
|
||||||
\contentsline {section}{\numberline {2.3}Processors}{14}{section.2.3}%
|
\contentsline {section}{\numberline {2.3}Processors}{15}{section.2.3}%
|
||||||
\contentsline {section}{\numberline {2.4}Baseboard Management Controller}{15}{section.2.4}%
|
\contentsline {section}{\numberline {2.4}Baseboard Management Controller}{16}{section.2.4}%
|
||||||
\contentsline {chapter}{\numberline {3}Key components in modern firmware [WIP]}{17}{chapter.3}%
|
\contentsline {chapter}{\numberline {3}Key components in modern firmware [WIP]}{18}{chapter.3}%
|
||||||
\contentsline {section}{\numberline {3.1}General structure of coreboot}{17}{section.3.1}%
|
\contentsline {section}{\numberline {3.1}General structure of coreboot}{18}{section.3.1}%
|
||||||
\contentsline {subsection}{\numberline {3.1.1}Bootblock stage}{18}{subsection.3.1.1}%
|
\contentsline {subsection}{\numberline {3.1.1}Bootblock stage}{19}{subsection.3.1.1}%
|
||||||
\contentsline {subsection}{\numberline {3.1.2}Romstage}{18}{subsection.3.1.2}%
|
\contentsline {subsection}{\numberline {3.1.2}Romstage}{20}{subsection.3.1.2}%
|
||||||
\contentsline {subsection}{\numberline {3.1.3}Ramstage}{19}{subsection.3.1.3}%
|
\contentsline {subsection}{\numberline {3.1.3}Ramstage}{20}{subsection.3.1.3}%
|
||||||
\contentsline {subsection}{\numberline {3.1.4}Payload}{19}{subsection.3.1.4}%
|
\contentsline {subsubsection}{\numberline {3.1.3.1}Advanced Configuration and Power Interface}{20}{subsubsection.3.1.3.1}%
|
||||||
\contentsline {section}{\numberline {3.2}Advanced Configuration and Power Interface}{19}{section.3.2}%
|
\contentsline {subsubsection}{\numberline {3.1.3.2}System Management Mode}{21}{subsubsection.3.1.3.2}%
|
||||||
\contentsline {section}{\numberline {3.3}System Management Mode}{20}{section.3.3}%
|
\contentsline {subsection}{\numberline {3.1.4}Payload}{22}{subsection.3.1.4}%
|
||||||
\contentsline {section}{\numberline {3.4}AMD Platform Security Processor and Intel Management Engine}{21}{section.3.4}%
|
\contentsline {section}{\numberline {3.2}AMD Platform Security Processor and Intel Management Engine}{22}{section.3.2}%
|
||||||
\contentsline {chapter}{\numberline {4}Memory initialization and training algorithms [WIP]}{22}{chapter.4}%
|
\contentsline {chapter}{\numberline {4}Memory initialization and training algorithms [WIP]}{23}{chapter.4}%
|
||||||
\contentsline {section}{\numberline {4.1}Importance of memory initialization}{22}{section.4.1}%
|
\contentsline {section}{\numberline {4.1}Importance of memory initialization}{23}{section.4.1}%
|
||||||
\contentsline {section}{\numberline {4.2}Memory training algorithms}{22}{section.4.2}%
|
\contentsline {section}{\numberline {4.2}Memory training algorithms}{23}{section.4.2}%
|
||||||
\contentsline {section}{\numberline {4.3}Practical examples}{23}{section.4.3}%
|
\contentsline {section}{\numberline {4.3}Practical examples}{24}{section.4.3}%
|
||||||
\contentsline {chapter}{\numberline {5}Firmware and hardware virtualization [WIP]}{24}{chapter.5}%
|
\contentsline {chapter}{\numberline {5}Firmware and hardware virtualization [WIP]}{25}{chapter.5}%
|
||||||
\contentsline {section}{\numberline {5.1}Introduction to hardware virtualization}{24}{section.5.1}%
|
\contentsline {section}{\numberline {5.1}Introduction to hardware virtualization}{25}{section.5.1}%
|
||||||
\contentsline {section}{\numberline {5.2}Role of BIOS/UEFI in virtualization}{24}{section.5.2}%
|
\contentsline {section}{\numberline {5.2}Role of BIOS/UEFI in virtualization}{25}{section.5.2}%
|
||||||
\contentsline {section}{\numberline {5.3}Security and freedom considerations}{24}{section.5.3}%
|
\contentsline {section}{\numberline {5.3}Security and freedom considerations}{25}{section.5.3}%
|
||||||
\contentsline {section}{\numberline {5.4}Future trends in firmware and virtualization}{24}{section.5.4}%
|
\contentsline {section}{\numberline {5.4}Future trends in firmware and virtualization}{25}{section.5.4}%
|
||||||
\contentsline {chapter}{Conclusion}{25}{chapter*.2}%
|
\contentsline {chapter}{Conclusion}{26}{chapter*.2}%
|
||||||
\contentsline {section}{\numberline {5.5}Summary of key points}{25}{section.5.5}%
|
\contentsline {section}{\numberline {5.5}Summary of key points}{26}{section.5.5}%
|
||||||
\contentsline {section}{\numberline {5.6}Call for action}{25}{section.5.6}%
|
\contentsline {section}{\numberline {5.6}Call for action}{26}{section.5.6}%
|
||||||
\contentsline {chapter}{Bibliography}{26}{section.5.6}%
|
\contentsline {chapter}{Bibliography}{27}{section.5.6}%
|
||||||
\contentsline {chapter}{GNU Free Documentation License}{31}{chapter*.4}%
|
\contentsline {chapter}{List of Figures}{32}{chapter*.3}%
|
||||||
|
\contentsline {chapter}{List of Listings}{33}{chapter*.3}%
|
||||||
|
\contentsline {chapter}{GNU Free Documentation License}{34}{chapter*.5}%
|
||||||
|
|
15
packages.tex
15
packages.tex
|
@ -1,11 +1,19 @@
|
||||||
% -*- coding: utf-8 -*-
|
% -*- coding: utf-8 -*-
|
||||||
% Preamble
|
% Copyright (C) 2024 Adrien 'neox' Bourmault <neox@gnu.org>
|
||||||
|
%
|
||||||
|
% Permission is granted to copy, distribute and/or modify this document
|
||||||
|
% under the terms of the GNU Free Documentation License, Version 1.3
|
||||||
|
% or any later version published by the Free Software Foundation;
|
||||||
|
% with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
|
||||||
|
% A copy of the license is included in the section entitled "GNU
|
||||||
|
% Free Documentation License".
|
||||||
|
|
||||||
\documentclass[french, 11pt]{report}
|
\documentclass[french, 11pt]{report}
|
||||||
\usepackage[utf8]{inputenc}
|
\usepackage[utf8]{inputenc}
|
||||||
\usepackage{url}
|
\usepackage{url}
|
||||||
\usepackage{float}
|
\usepackage{float}
|
||||||
\usepackage{fontspec}
|
\usepackage{fontspec}
|
||||||
\usepackage{hyperref}
|
\usepackage[hidelinks]{hyperref}
|
||||||
\usepackage{setspace}
|
\usepackage{setspace}
|
||||||
\usepackage[style=numeric]{biblatex}
|
\usepackage[style=numeric]{biblatex}
|
||||||
\usepackage{tocloft}
|
\usepackage{tocloft}
|
||||||
|
@ -18,6 +26,7 @@
|
||||||
\usepackage{xcolor}
|
\usepackage{xcolor}
|
||||||
\usepackage{chngcntr}
|
\usepackage{chngcntr}
|
||||||
\usepackage{changepage}
|
\usepackage{changepage}
|
||||||
|
\usepackage{array}
|
||||||
\usepackage[a4paper, portrait, margin=1.45cm]{geometry}
|
\usepackage[a4paper, portrait, margin=1.45cm]{geometry}
|
||||||
\title{Titre du mémoire}
|
\title{Titre du mémoire}
|
||||||
\author{Nom et prénom de l'auteur}
|
\author{Nom et prénom de l'auteur}
|
||||||
|
@ -34,8 +43,6 @@
|
||||||
|
|
||||||
\renewcommand{\cftsecleader}{\cftdotfill{\cftdotsep}} %places dots on sections lines as well
|
\renewcommand{\cftsecleader}{\cftdotfill{\cftdotsep}} %places dots on sections lines as well
|
||||||
|
|
||||||
\counterwithout{figure}{chapter}
|
|
||||||
|
|
||||||
\cftsetindents{section}{0pt}{4em}
|
\cftsetindents{section}{0pt}{4em}
|
||||||
\cftsetindents{subsection}{10pt}{4em}
|
\cftsetindents{subsection}{10pt}{4em}
|
||||||
\cftsetindents{subsubsection}{20pt}{4em}
|
\cftsetindents{subsubsection}{20pt}{4em}
|
||||||
|
|
|
@ -1,3 +1,12 @@
|
||||||
|
% -*- coding: utf-8 -*-
|
||||||
|
% Copyright (C) 2024 Adrien 'neox' Bourmault <neox@gnu.org>
|
||||||
|
%
|
||||||
|
% Permission is granted to copy, distribute and/or modify this document
|
||||||
|
% under the terms of the GNU Free Documentation License, Version 1.3
|
||||||
|
% or any later version published by the Free Software Foundation;
|
||||||
|
% with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
|
||||||
|
% A copy of the license is included in the section entitled "GNU
|
||||||
|
% Free Documentation License".
|
||||||
% Titlepage
|
% Titlepage
|
||||||
\begin{titlepage}
|
\begin{titlepage}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue