GNUBoot
/
hardware-init-review
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hardware-init-review/hardware_init_review.tex

1590 lines
85 KiB
TeX
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

\input{packages.tex}
% setup things
\setcounter{secnumdepth}{4}
\setcounter{tocdepth}{4}
%\setcounter{secnumdepth}{4}
% setup bibliography
\addbibresource{bibliographie.bib}
% --------------------------------------------------------------------------------------
\begin{document}{
% --------------------------------------------------------------------------------------
\sloppy % allow flexible margins
\input{titlepage.tex} % import titlepage
\newpage
% --------------------------------------------------------------------------------------
% License page
% --------------------------------------------------------------------------------------
\setcounter{page}{2}
\vspace*{\fill} % fill the page so that text is at the bottom
This is Edition 0.0. \newline
Copyright (C) 2024 Adrien 'neox' Bourmault \href{mailto:neox@gnu.org}{<neox@gnu.org>} \newline
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU
Free Documentation License".
\newpage
% Table of contents
\tableofcontents
\newpage
\chapter*{Abstract}
\addcontentsline{toc}{chapter}{Abstract}
The global trend is towards the scarcity of free software-compatible hardware,
and soon there will be no computer that will work without software domination
by big companies, especially involving firmware like BIOSes. \\
A Basic Input Output System
(BIOS) was originally a set of low-level functions contained in the read-only
memory of a computer's mainboard, enabling it to perform basic operations when
powered up. However, the definition of a BIOS has evolved to include what used
to be known as Power On Self Test (POST) for the presence of peripherals,
allocating resources for them to avoid conflicts, and then handing over to an
operating system boot loader. Nowadays, the bulk of the BIOS work is the
initialization and training of RAM. This means, for example, initializing the
memory controller and optimizing timing and read/write voltage for optimal
performance, making the code complex, as its role is to optimize several
parallel buses operating at high speeds and shared by many CPU cores, and make
them act as a homogeneous whole. \\
This document is the product of a project hosted by the \textit{LIP6 laboratory}
and supported by the \textit{GNU Boot Project} and the \textit{Free Software
Foundation}. It delves into the importance of firmware in the hardware
initialization of modern computers and explores various aspects of firmware,
such as Intel Management Engine (ME), AMD Platform Security Processor (PSP),
Advanced Configuration and Power Interface (ACPI), and System Management Mode
(SMM). Additionally, it provides an in-depth look at memory initialization and
training algorithms, highlighting their critical role in system stability
and performance. Examples of the implementation in the ASUS KGPE-D16 mainboard are
presented, describing its hardware characteristics, topology, and the crucial role
of firmware in its operation after the mainboard architecture is examined.
Practical examples illustrate the impact of firmware on hardware
initialization, memory optimization, resource allocation, power management,
and security. Specific algorithms used for memory training and their outcomes
are analyzed to demonstrate the complexity and importance of firmware in
achieving optimal system performance.
Furthermore, this document explores the relationship between firmware and
hardware virtualization, discussing how modern firmware supports and enhances
virtualized environments. Security considerations and future trends in
firmware development are also addressed, emphasizing the need for continued
research and advocacy for free software-compatible hardware.
\chapter{Introduction to firmware and BIOS evolution}
\section{Historical context of BIOS}
\subsection{Definition and origin}
The BIOS (Basic Input/Output System) is firmware, which is a type of software
that is embedded into hardware devices to control their basic functions,
acting as a bridge between hardware and other software, ensuring that the
hardware operates correctly. Unlike regular software, firmware is usually
stored in a non-volatile memory like ROM or flash memory. The term "firmware"
comes from its role: it is "firm" because it's more permanent than regular
software (which can be easily changed) but not as rigid as hardware. \\
The BIOS is used to perform initialization during the booting process
and to provide runtime services for operating systems and programs.
Being a critical component for the startup of personal computers,
acting as an intermediary between the computer's hardware and its
operating system, the BIOS is embedded on a chip on the motherboard and
is the first code that runs when a PC is powered on.
The concept of BIOS has its roots in the early days of personal
computing. It was first developed by IBM for their IBM PC, which was
introduced in 1981 \cite{freiberger2000fire}.
The term BIOS itself was coined by Gary Kildall, who developed the CP/M
(Control Program for Microcomputers) operating
system \cite{shustek2016kildall}. In CP/M, BIOS was used to describe a
component that interfaced directly with the hardware, allowing the operating
system to be somewhat hardware-independent. \newline
\begin{figure}[H]
\centering
\includegraphics[width=0.5\textwidth]{images/IBM_logo.png}
\caption{The eight-striped wordmark of IBM (1967, public domain,
trademarked)}
\end{figure}
IBM's implementation of BIOS became a de facto standard in the industry,
as it was part of the IBM PC's open
architecture \cite{grewal_ibm_pc}\cite{ibm_pc}, which refers to the
design philosophy adopted by IBM when developing the IBM Personal Computer
(PC), introduced in 1981. This architecture is characterized by the use of
off-the-shelf components and publicly available specifications, which
allowed other manufacturers to create compatible hardware and software.
It was in fact a departure from the proprietary systems prevalent at
the time, where companies closely guarded their designs to maintain
control over the hardware and software ecosystem.
For example, IBM used the Intel 8088 CPU, a well-documented and widely
available processor, and also the Industry Standard Architecture (ISA) bus,
which defined how various components like memory, storage, and peripherals
communicated with the CPU. This open architecture allowed other
manufacturers to create IBM-compatible computers, also known as "clones",
which further popularized the BIOS concept. As a result, the IBM PC BIOS
set the stage for a standardized method of interacting with computer
hardware, which has evolved over the years but remains fundamentally the
same in principle. IBM also published detailed technical documentation at
that time, including circuit diagrams, BIOS listings, and interface
specifications. This transparency allowed other companies to understand and
replicate the IBM PC's functionality \cite{freiberger2000fire}.
\subsection{Functionalities and limitations}
When a computer is powered on, the BIOS executes a Power-On Self-Test
(POST), a diagnostic sequence that verifies the integrity and functionality
of critical hardware components such as the CPU, RAM, disk drives,
keyboard, and other peripherals \cite{wiki_bios}.
This process ensures that all essential hardware components are operational
before the system attempts to load the operating system.
If any issues are detected, the BIOS generates error messages or beep codes
to alert the user.
Following the successful completion of POST, the BIOS runs the bootstrap
loader, a small program that identifies the operating system's bootloader
on a storage device, such as a hard drive, floppy disk, or optical drive.
The bootstrap loader then transfers control to the OS bootloader,
initiating the process of loading the operating system into the computer's
memory and starting it. This step effectively bridges the gap between
hardware initialization and operating system execution.
The BIOS also provides a set of low-level software routines known as
interrupts. These routines enable software to perform basic input/output
operations, such as reading from the keyboard, writing to the display, and
accessing disk drives, without needing to manage the hardware directly. By
providing standardized interfaces for hardware components, the BIOS
simplifies software development and improves compatibility across different
hardware configurations \cite{ibm_pc}. \newline
\begin{figure}[H]
\centering
\includegraphics[width=0.5\textwidth]{images/bios_chip.jpg}
\caption{An AMI BIOS chip from a Dell 310, by Jud McCranie
(CC BY-SA 4.0, 2018)}
\end{figure}
Despite its essential role, the early BIOS had several limitations.
One significant limitation was its limited storage capacity.
Early BIOS firmware was stored in Read-Only Memory (ROM) chips with very
limited storage, often just a few kilobytes. This constrained the
complexity and functionality of the BIOS, limiting it to only the most
essential tasks needed to start the system and provide basic hardware
control. The original BIOS was also non-extensible. ROM chips were
typically soldered onto the motherboard, making updates difficult and
costly. Bug fixes, updates for new hardware support, or enhancements
required replacing the ROM chip, leading to challenges in maintaining and
upgrading systems. Furthermore, the early BIOS was tailored for the
specific hardware configurations of the initial IBM PC models, which
included a limited set of peripherals and expansion options. As new
hardware components and peripherals were developed, the BIOS often needed
to be updated to support them, which was not always feasible or timely.
Performance bottlenecks were another limitation. The BIOS provided basic
input/output operations that were often slower than direct hardware access
methods. For example, disk I/O operations through BIOS interrupts were
slower compared to later direct access methods provided by operating
systems, resulting in performance bottlenecks, especially for
disk-intensive operations. This inflexibility restricts the ability to
support new hardware and technologies efficiently\cite{anderson_2018}.
Early BIOS implementations also had minimal security features. There were
no mechanisms to verify the integrity of the BIOS code or to protect
against unauthorized modifications, leaving systems vulnerable to attacks
that could alter the BIOS and potentially compromise the entire system,
such as rootkits and firmware viruses.
Added to that, the traditional BIOS operates in 16-bit real mode, a
constraint that limits the amount of code and memory it can address. This
limitation hinders the performance and complexity of firmware, making
it less suitable for modern computing needs \cite{intel_uefi}.
Additionally, BIOS relies on the Master Boot Record (MBR) partitioning
scheme, which supports a maximum disk size of 2 terabytes and allows only
four primary partitions \cite{uefi_spec}\cite{russinovich2012}.
This constraint has become a
significant drawback as storage capacities have increased.
Furthermore, the traditional BIOS has limited flexibility and is
challenging to update or extend. This inflexibility restricts the ability
to support new hardware and technologies efficiently
\cite{anderson_2018}\cite{acmcs2015}.
\section{Modern BIOS and UEFI}
\subsection{Transition from traditional BIOS to UEFI (Unified Extensible Firmware Interface)}
All the limitations listed earlier caused a transition to a more
modern firmware interface, designed to address the shortcomings of the
traditional BIOS. This section delves into the historical context of this
shift, the driving factors behind it, and the advantages UEFI offers over
the traditional BIOS. \\
The development of UEFI began in the mid-1990s as part of the Intel Boot
Initiative, which aimed to modernize the boot process and overcome the
limitations of the traditional BIOS. By 2005, the Unified EFI Forum, a
consortium of technology companies including Intel, AMD, and Microsoft,
had formalized the UEFI specification \cite{uefi_spec}. UEFI was designed
to address the shortcomings of the traditional BIOS, providing several key
improvements.
\begin{figure}[H]
\centering
\includegraphics[width=0.25\textwidth]{images/uefi_logo.png}
\caption{The UEFI logo (public domain, 2010)}
\end{figure}
One of the most significant advancements of UEFI is its support for 32-bit
and 64-bit modes, allowing it to address more memory and run more complex
firmware programs. This capability enables UEFI to handle the increased
demands of modern hardware and software \cite{intel_uefi}\cite{shin2011}.
Additionally, UEFI uses the GUID Partition Table (GPT) instead of the MBR,
supporting disks larger than 2 terabytes and allowing for a nearly
unlimited number of partitions
\cite{microsoft_uefi}\cite{russinovich2012}.
Improved boot performance is another driving factor. UEFI provides faster
boot times compared to the traditional BIOS, thanks to its efficient
hardware and software initialization processes. This improvement is
particularly beneficial for systems with complex hardware configurations,
where quick boot times are essential \cite{intel_uefi}.
UEFI's modular architecture makes it more extensible and easier to update
compared to the traditional BIOS. This design allows for the addition of
drivers, applications, and other components without requiring a complete
firmware overhaul, providing greater flexibility and adaptability to new
technologies \cite{acmcs2015}. UEFI also includes enhanced
security features such as \textit{Secure Boot}, which ensures that only
trusted software can be executed during the boot process, thereby
protecting the system from unauthorized modifications and malware
\cite{anderson_2018}\cite{chang2013}. \newline
The industry-wide support and standardization of UEFI have accelerated its
adoption across various platforms and devices. Major industry players,
including Intel, AMD, and Microsoft, have adopted UEFI as the new standard
for firmware interfaces, ensuring broad compatibility and interoperability
\cite{uefi_spec}.
\subsection{An other way with \textit{coreboot}}
While UEFI has become the dominant firmware interface for modern computing
systems, it is not without its critics. Some of the primary concerns about
UEFI include its complexity, potential security vulnerabilities, and the
degree of control it provides to hardware manufacturers over the boot
process.
Originally known as LinuxBIOS, \textit{coreboot}, is a free firmware
project
initiated in 1999 by Ron Minnich and his team at the Los Alamos National
Laboratory. The project's primary goal was to create a fast, lightweight,
and flexible firmware solution that could initialize hardware and boot
operating systems quickly, while remaining transparent and
auditable\cite{coreboot}. As an alternative to UEFI, \textit{coreboot}
offers a different approach to firmware that aims to address some of these
concerns and continue the evolution of BIOS.\newline
One of the main advantages of \textit{coreboot} over UEFI is its
simplicity, as it is designed to perform only the minimal tasks required to
initialize hardware and pass control to a payload, such as a bootloader or
operating system kernel. This minimalist approach reduces the attack
surface and potential for security vulnerabilities, as there is less code
that could be exploited by malicious actors \cite{rudolph2007}.
Another significant benefit of \textit{coreboot} is its libre nature.
Unlike
UEFI, which is controlled by a consortium of hardware and software vendors,
\textit{coreboot}'s source code is freely available and can be audited,
modified,
and improved by anyone. This transparency ensures that security researchers
and developers can review the code for potential vulnerabilities and
contribute to its improvement, fostering a community-driven approach to
firmware development\cite{coreboot}.
This project also supports a wide range of bootloaders, called payloads,
allowing users to
customize their boot process to suit their specific needs. Popular payloads
include SeaBIOS, which provides legacy BIOS compatibility, and Tianocore,
which offers UEFI functionality within the \textit{coreboot} framework.
This flexibility allows \textit{coreboot} to be used in a variety of
environments, from embedded systems to high-performance
servers \cite{coreboot_payloads}.
\newline
\begin{figure}[H]
\centering
\includegraphics[width=0.3\textwidth]{images/coreboot_logo.png}
\caption{The \textit{coreboot} logo, by Konsult Stuge \& coresystems
(coreboot logo license, 2008)}
\end{figure}
Despite its advantages, \textit{coreboot} is not without its challenges.
The project
relies heavily on community contributions, and support for new hardware
often lags behind that of UEFI. Additionally, the minimalist design of
\textit{coreboot} means that some advanced features provided by UEFI are not
available by default. However, the \textit{coreboot} community
continues to work on adding new features and improving compatibility with
modern hardware or security issues \cite{coreboot_challenges}. For example,
it provides a \textit{verified boot} function, allowing to prevent
rootkits and other attacks based on firmware modifications
\cite{coreboot_docs}.
However, it's important to note that \textit{coreboot} is not entirely free
in all aspects. Many modern processors and chipsets require
\textit{proprietary blobs}, short for \textit{Binary Large Object}, which
is a collection of binary data stored as a single entity. These blobs are
necessary for \textit{coreboot} to function correctly on a wide range of
hardware, but they compromise the goal of having a fully free firmware one
day \cite{blobs}, since these blobs are used for certain functionalities such
as memory initialization and hardware management.
\begin{figure}[H]
\centering
\includegraphics[width=0.25\textwidth]{images/gnuboot.png}
\caption{The \textit{GNU Boot} logo, by Jason Self (CC0, 2020)}
\end{figure}
To address these concerns, the GNU Project has developed GNU Boot, a
fully free distribution of firmware, including \textit{coreboot}, that aims
to be
entirely free by avoiding the use of proprietary binary blobs. GNU Boot is
committed to using only free software for all aspects of firmware, making
it a preferred choice for users and organizations that prioritize software
freedom and transparency \cite{gnuboot}.
\section{Shift in firmware responsibilities}
Initially, the BIOS's primary function was to perform the POST, a basic
diagnostic testing process to check the system's hardware
components and ensure they were functioning correctly. This included verifying
the CPU, memory, and essential peripherals before passing control to the
operating system's bootloader. This process was relatively simple, given the
limited capabilities and straightforward architecture of early computer
systems \cite{anderson_2018}.
As computer systems advanced, particularly with the advent of more
sophisticated memory technologies, the role of firmware expanded
significantly. Modern memory modules operate at much higher speeds and
capacities than their predecessors, requiring precise configuration to ensure
stability and optimal performance. Firmware now plays a critical role in
managing the memory controller, which is responsible for regulating data flow
between the processor and memory modules. This includes configuring memory
frequencies, voltage levels, and timing parameters to match the specifications
of the installed memory \cite{uefi_spec}\cite{BKDG}.
Beyond memory management, firmware responsibilities have broadened to
encompass a wide range of system-critical tasks. One key area is power
management, where firmware is responsible for optimizing energy consumption
across various components of the system. Efficient power management is
essential not only for extending battery life in portable devices
but also for reducing thermal output and ensuring system longevity in desktop
and server environments.
Moreover, modern firmware takes on significant roles in hardware
initialization and configuration, which were traditionally handled by the
operating system. For example, the initialization of USB controllers, network
interfaces, and storage devices is now often managed by the firmware during
the early stages of the boot process. This shift ensures that the operating
system can seamlessly interact with hardware from the moment it takes control,
reducing boot times and improving overall system
reliability \cite{uefi_spec}.
Security has also become a paramount concern for modern firmware. UEFI
(Unified Extensible Firmware Interface), which has largely replaced
traditional BIOS in modern systems, includes features which
prevents unauthorized or malicious software from loading during the boot
process. This helps protect the system from rootkits and other low-level
malware that could compromise the integrity of the operating system before it
even starts \cite{uefi_spec}.
In the context of performance tuning, firmware sometimes also plays a key
role in enabling and managing overclocking, particularly for the memory
subsystem. By allowing adjustments to memory frequencies, voltages, and
timings, firmware provides tools for enthusiasts to push their systems beyond
default limits. At the same time, it includes safeguards to
manage the risks of instability and hardware damage, balancing performance
gains with system reliability \cite{anderson_2018}. \\
In summary, the evolution of firmware from simple hardware initialization
routines to complex management systems reflects the increasing sophistication
of modern computer architectures. Firmware is now a critical layer that not
only ensures the correct functioning of hardware components but also optimizes
performance, manages power consumption, and enhances system security, making
it an indispensable part of contemporary computing. \\
This document will focus on \textit{coreboot} during the next parts
to study how modern firmware interact with hardware and also as a basis for
improvements.
\chapter{Characteristics of ASUS KGPE-D16 mainboard}
\begin{figure}[H]
\centering
\includegraphics[width=0.9\textwidth]{images/kgpe-d16.png}
\caption{The KGPE-D16 (CC BY-SA 4.0, 2021)}
\end{figure}
\newpage
\section{Overview of ASUS KGPE-D16 hardware}
The ASUS KGPE-D16 server mainboard is a dual-socket motherboard designed to
support AMD Family 10h/15h series processors. Released in 2009, this mainboard
was later awarded the \textit{Respects Your Freedom} (RYF) certification in
March 2017, underscoring its commitment to fully free software compatibility
\cite{fsf_ryf}. Indeed, this mainboard can be operated with a fully free
firmware such as GNU Boot \cite{gnuboot_status}. \\
This mainboard is equipped with robust hardware components designed to meet the
demands of high-performance computing. It features 16 DDR3 DIMM
slots, capable of supporting up to 256GB of memory, although certain
configurations may be limited to 192GB, with some reports suggesting the
potential to support 256GB under specific conditions.
In terms of expandability, the KGPE-D16 includes multiple PCIe slots, with five
physical slots available, although only four can be used simultaneously due to
slot sharing. For storage, the mainboard provides
several SATA ports. Networking capabilities are enhanced by integrated dual
gigabit Ethernet ports, which provide high-speed connectivity essential for
data-intensive tasks and network communication \cite{ASUS_kgpe_d16_manual}.
Additionally, the board is equipped with various peripheral interfaces,
including USB ports, audio outputs, and other I/O ports, ensuring compatibility
with a wide range of external devices. \\
\begin{figure}[H]
\centering
\includegraphics[width=0.8\textwidth]{images/fig1_schema_basique.png}
\caption{Basic schematics of the ASUS KGPE-D16 Mainboard, ASUS (2011)}
\label{fig:d16_basic_schematics}
\end{figure}
The physical layout of the ASUS KGPE-D16 is meticulously designed to optimize
airflow, cooling, and power distribution. All of this is critical for
maintaining system stability, particularly under heavy computational loads, as
this board was designed for server operations. In particular, key components
such as the CPU sockets, memory slots, and PCIe slots are strategically
positioned. \\
\begin{figure}[H]
\centering
\includegraphics[width=0.8\textwidth]{images/kgpe-d16_real.png}
\caption{The KGPE-D16, viewed from the top (CC BY-SA 4.0, 2024)}
\label{fig:d16_top_view}
\end{figure}
\section{Chipset}
Before diving into the specific components, it is essential to understand the
roles of the northbridge and southbridge in traditional motherboard
architecture. These chipsets historically managed communication between the CPU
and other critical components of the system \cite{amd_chipsets}. \\
The northbridge is a chipset on the motherboard that traditionally manages
high-speed communication between the CPU, memory (RAM), and graphics card (if
applicable). It serves as a hub for data that needs to move quickly between
these components. On the ASUS KGPE-D16, the functions typically associated with
the northbridge are divided between the CPUs internal northbridge and an
external SR5690 northbridge chip. The SR5690 specifically acts as a translator
and switch, handling the HyperTransport interface, a high-speed communication
protocol used by AMD processors, and converting it to ALink and PCIe interfaces,
which are crucial for connecting
peripherals like graphics cards \cite{SR5690BDG}.
Additionally,
the northbridge on the KGPE-D16 incorporates the IOMMU (Input-Output Memory
Management Unit), which is crucial for ensuring secure and efficient memory
access by I/O devices. The IOMMU allows for the virtualization of memory
addresses, providing device isolation and preventing unauthorized memory access,
which is particularly important in environments that run multiple virtual
machines \cite{amd_chipsets}\cite{northbridge_wiki}. \\
The southbridge, on the other hand, is responsible for handling lower-speed,
peripheral interfaces such as the PCI, USB, and IDE/SATA connections, as well as
managing onboard audio and network controllers. On the KGPE-D16, these functions
are managed by the SP5100 southbridge chip, which integrates several critical
functions including the LPC bridge, SATA controllers, and other essential I/O
operations \cite{amd_chipsets}\cite{southbridge_wiki}.
It is essentially an ALink bus controller and includes the hardware interrupt
controller, the IOAPIC. Interrupts from peripheral always pass
through the northbridge (fig. \ref{fig:d16_ioapic}), since it translates ALink
to HyperTransport for the CPUs and contains the IOMMU \cite{SR5690BDG}. \\
\begin{figure}[H]
\centering
\includegraphics[width=0.9\textwidth]{images/ioapic.png}
\caption{Functional diagram presenting the IOAPIC function of the SP5100,
ASUS (2011)}
\label{fig:d16_ioapic}
\end{figure}
In addition to the northbridge and southbridge, the KGPE-D16 also contains
specialized chips for managing input/output operations and system health
monitoring. The WINBOND W83667HG-A Super I/O chip handles traditional I/O
functions such as legacy serial and parallel ports, keyboard, and mouse
interfaces, but also the SPI chip that contains the firmware
\cite{winbond}. Meanwhile, the Nuvoton W83795G/ADG Hardware Monitor
oversees the systems health by monitoring temperatures, voltages, and fan
speeds, ensuring that the system operates within safe parameters \cite{nuvoton}.
On the KGPE-D16, access to the Super I/O from a CPU core is done through the
SR5690, then the SP5100, as that can be observed on the functional diagram of
the chipset (fig. \ref{fig:d16_chipset}) \cite{SR5690BDG}.
\begin{figure}[H]
\centering
\includegraphics[width=0.8\textwidth]{images/fig2_diagramme_chipset.png}
\caption{Functional diagram of the KGPE-D16 chipset (CC BY-SA 4.0, 2024)}
\label{fig:d16_chipset}
\end{figure}
\section{Processors}
The ASUS KGPE-D16 supports AMD Family 10h processors, but it is important to
note that Vikings, a known vendor for libre-software-compatible hardware, does
not recommend using the Opteron 6100 series due to the lack of IOMMU support,
which is critical for security. Fortunately, AMD Family 15h
processors are also supported. However, the Opteron 6300 series, while
supported, requires proprietary microcode updates for stability, IOMMU
functionality, and fixes for specific vulnerabilities, including a gain-root-
via-NMI exploit. The Opteron 6200 series does not suffer from
these problems and works properly without any proprietary microcode update
needed \cite{vikings}. \\
\begin{figure}[H]
\centering
\includegraphics[width=0.9\textwidth]{images/opteron6200_annoté.png}
\caption{Annotated photography of an Opteron 6200 series CPU (2024), from a photography by AMD Inc. (2008)}
\label{fig:opteron2600}
\end{figure}
The Opteron 6200 series, part of the Bulldozer microarchitecture, was designed to
target high-performance server applications. These processors feature 16 cores,
organized into 8 Bulldozer modules, with each module containing two integer cores
that shared resources like the floating-point unit (FPU) and L2 cache
(fig. \ref{fig:opteron2600}, \ref{fig:opteron2600_diagram})
\cite{amd_6200}\cite{anandtech_bulldozer}.
The architecture of the Opteron 6200 series is built around AMD's Bulldozer core
design, which uses Clustered Multithreading (CMT) to maximize resource
utilization. This is a technique where each processor
module contains two integer cores that share certain resources like the
floating-point unit (FPU), L2 cache, and instruction fetch/decode stages. Unlike
traditional multithreading, where each core handles multiple threads, CMT allows
two cores to share resources to improve parallel processing efficiency. This
approach aims to balance performance and resource usage, particularly in multi-
threaded workloads, though it can lead to some performance trade-offs in
single-threaded tasks.
In the Opteron 6272, the processor consists of eight modules, effectively
creating 16 integer cores. Due to the CMT architecture, each Opteron 6272 chip
functions as two CPUs within a single processor, each with its own set of cores,
L2 caches, and shared L3 cache. Here, one CPU is made by four modules, each
module in it sharing certain components, such as the FPU and L2 cache, between
two integer cores. The L3 cache is shared across these modules.
HyperTransport links provide high-speed communication between the two sockets of
the KGPE-D16. Shared L3 cache and direct memory access are provided by each
socket \cite{amd_6200}\cite{hill_impact_caching}. \\
This architecture also integrates a quad-channel DDR3 memory controller directly
into the processor die, which facilitates high bandwidth and low latency access
to memory. This memory controller supports DDR3 memory speeds up to 1600 MHz and
connects directly to the memory modules via the memory bus. By integrating the
memory controller into the processor, the Opteron 6200 series reduces memory
access latency, enhancing overall performance
\cite{amd_6200}Is \cite{amd_ddr3_guide}. It is interesting to note that Opterons
incorporate the internal northbridge that we cited previously. The traditional
northbridge functions, such as memory controller and PCIe interface management,
are partially integrated into the processor. This integration reduces the
distance data must travel between the CPU and memory, decreasing latency and
improving performance, particularly in memory-intensive applications
\cite{amd_6200}. \\
\begin{figure}[H]
\centering
\includegraphics[width=0.8\textwidth]{
images/fig3_img_dual_processor_node.png}
\caption{Functional diagram of an Opteron 6200 package (CC BY-SA 4.0, 2024)}
\label{fig:opteron2600_diagram}
\end{figure}
Power efficiency was a key focus in the design of the Opteron 6200 series.
Despite the high core count, the processor includes several power management
features, such as Dynamic Power Management (DPM) and Turbo Core technology. These
features allow the processor to adjust power usage based on workload demands,
balancing performance with energy consumption. However, the Bulldozer
architecture's focus on high clock speeds and multi-threaded performance resulted
in higher power consumption compared to competing architectures
\cite{anandtech_bulldozer}. A special model of the series,
called \textit{high efficiency} models, solve a bit this problem by proposing
a bit less performant processor but with a power consumption divided by a factor
from 1.5 to 2.0 in some cases. \\
The processor connected to the I/O hub is known as the Bootstrap
Processor (BSP).
The BSP is responsible for starting up the system by executing the
initial firmware code from the reset vector, a specific memory address where the
CPU begins execution after a reset \cite{amd_bsp}. Core 0 of the BSP, called the
Bootstrap Core (BSC), initiates this process. During early initialization, the
BSP performs several critical tasks, such as memory initialization, and bringing
other CPU cores online. One of its duties is storing Built-In Self-Test (BIST)
information, which involves checking the integrity of the processor's internal
components to ensure they are functioning correctly. The BSP also determines the
type of reset that has occurred—whether it's a cold reset, which happens when
the system is powered on from an off state, or a warm reset, which is a restart
without turning off the power. Identifying the reset type is crucial for
deciding which initialization procedures need to be executed
\cite{amd_bsp}\cite{BKDG}.
\section{Baseboard Management Controller}
The Baseboard Management Controller (BMC) on the KGPE-D16 motherboard,
specifically the ASpeed AST2050, plays a role in the server's
architecture by managing out-of-band communication and control of the hardware.
The AST2050 is based on an ARM926EJ-S processor, a low-power 32-bit ARM
architecture designed for embedded systems \cite{ast2050_architecture}. This
architecture is well-suited for BMCs due to its efficiency and capability to
handle multiple management tasks concurrently without significant resource
demands from the main system. \\
The AST2050 features several key components that contribute to its functionality.
It includes an integrated VGA controller, which enables remote graphical
management through KVM-over-IP (Keyboard, Video, Mouse), a critical feature for
administrators who need to interact with the system remotely, including BIOS
updates and troubleshooting \cite{ast2050_kvm}. Additionally, the AST2050
integrates a dedicated memory controller, which supports up to 256MB of DDR2 RAM.
This allows it to handle complex tasks and maintain responsiveness during
management operations \cite{ast2050_memory}.
The BMC also features a network interface controller (NIC) dedicated to
management traffic, ensuring that remote management does not interfere with the
primary network traffic of the server. This separation is vital for maintaining
secure and uninterrupted system management, especially in environments where
uptime is critical \cite{ast2050_nic}.
Another important architectural aspect of the AST2050 is its support for multiple
I/O interfaces, including I2C, GPIO, UART, and USB, which allow it to interface
with various sensors and peripherals on the motherboard \cite{ast2050_io}. This
versatility enables comprehensive monitoring of hardware health, such as
temperature sensors, fan speeds, and power supplies, all of which can be managed
and configured through the BMC. \\
When combined with OpenBMC \cite{openbmc_wiki}, a libre firmware that can be
run on the AST2050 thanks to Raptor Engineering \cite{raptor_engineering},
the architecture of the BMC becomes even more powerful. OpenBMC takes
advantage of the AST2050's architecture, providing a flexible and
customizable environment that can be tailored to specific use cases. This
includes adding or modifying features related to security, logging, and network
management, all within the BMC's ARM architecture framework
\cite{openbmc_customization}.
\chapter{Key components in modern firmware [WIP]}
\section{General structure of coreboot}
The firmware of the ASUS KGPE-D16 is crucial in ensuring the proper functioning
and optimization of the mainboard's hardware components. For this to be done
efficiently, \textit{coreboot} is organized in different stages (fig.
\ref{fig:coreboot_stages}) \cite{coreboot_docs}.
\begin{figure}[H]
\centering
\includegraphics[width=0.9\textwidth]{
images/fig9_coreboot_stages.png}
\caption{\textit{coreboot}'s stages timeline, by \textit{coreboot} project (CC BY-SA 4.0, 2009)}
\label{fig:coreboot_stages}
\end{figure}
Being a complex project with ambitious goals, \textit{coreboot} decided early on
to establish an file-system-based architecture for its images (also called ROMs).
This special file-system is CBFS (which stands for coreboot file system).
The CBFS architecture consists of a binary image that can be interpreted as a
physical disk, referred to here as ROM. A number of independent components, each
with a header added to the data, are located within the ROM. The components are
nominally arranged sequentially, although they are aligned along a predefined
boundary \ref{fig:coreboot_diagram}). \\
Each stage is compiled as a separate binary and inserted into the CBFS with
custom compression. The \textbf{bootblock} is usually not compressed, while the
\textbf{ramstage} and the \textbf{payload} are compressed with LZMA.
Each stage loads the next stage at a given address (possibly decompressing it
in the process). \\
\begin{figure}[H]
\centering
\includegraphics[width=0.8\textwidth]{
images/fig8_coreboot_architecture.png}
\caption{\textit{coreboot} ROM architecture (CC BY-SA 4.0, 2024)}
\label{fig:coreboot_diagram}
\end{figure}
Some stages are relocatable and can be placed anywhere in the RAM. These stages
are typically cached in the \textbf{CBMEM} for faster loading times during
wake-up. The CBMEM is a specific memory area used by the
\textit{coreboot} firmware to store important data structures and logs during the
boot process. This area is typically allocated in the system's RAM and is used to
store various types of runtime information that it might need to reference
after the initial boot stages.
\subsection{Bootblock stage}
The \textbf{bootblock} is the first stage executed after the CPU reset.
The beginning of this stage is written in assembly language, and its main task is
to set everything up for a C environment. The rest, of course, is written in C.
\\
The \textbf{bootblock} occupies the last 20k and within it is a main
header containing information about the ROM, including the size, component
alignment, and the offset of the start of the first CBFS component in the ROM.
This block is a mandatory component of the ROM as it also contains the entry
point of the firmware. \\
Upon startup, this stage is responsible for the initial hardware setup, which
involves identifying and configuring the CPU. This process is particularly
significant for AMD Family 10h/15h processors, where the firmware sets up the
Bootstrap Processor (BSP) and executes the necessary initialization routines.
Using the BSP, it enables the processor's cache, a small but fast type of memory
that stores frequently accessed data, improving overall system speed by reducing
data access time. However, the cache is there used as memory since DDR DIMMs are
not available yet. It is done by programing the \textbf{Memory Type Range
Registers} (MTRRs), which define how different ranges of system memory are
accessed, such as whether they are cacheable or non-cacheable, used to optimize
memory performance on normal operation.
The firmware will then set the stack pointer, allocate memory for the BSS, and
decompress and load the next stage. On x86 platforms, this process also includes
updating the CPU microcode, initializing the timer, and transitioning from 16-bit
real mode to 32-bit protected mode. The \textbf{bootblock} is responsible for
loading the romstage, or the verstage if verified boot is enabled.
\subsection{Romstage}
The firmware also configures the Advanced Programmable Interrupt Controller
(APIC), which manages how the processor handles interrupts to ensure
the system can respond efficiently to hardware and
software events. Lastly, it sets up the routing for HyperTransport (HT)
technology, a high-speed communication protocol used for data exchange between
the processor and the northbridge, ensuring that data flows smoothly
between these components.
Memory training and optimization are key functions of the firmware. During this
process, the firmware adjusts memory settings, such as timings, frequencies, and
voltages, to ensure that the installed memory modules operate efficiently and
stably. This step is crucial for achieving optimal performance, especially when
dealing with large amounts of RAM for a large amount of CPU cores, as
supported by the KGPE-D16. \\
\subsection{Ramstage}
Effective resource allocation is essential for system stability, particularly in
complex configurations involving multiple CPUs and peripherals. The firmware
manages resource allocation, resolving any conflicts between hardware components
to prevent resource contention and ensure smooth operation. \\
Power management is another critical aspect managed by the firmware. Through the
Advanced Configuration and Power Interface (ACPI), the firmware can adjust the
power states of various components, optimizing energy consumption across the
system. This not only reduces power usage but also minimizes heat generation,
which is vital for maintaining system longevity and efficiency. \\
Security is a major concern in modern systems, and the KGPE-D16s firmware
includes features designed to protect the system from unauthorized access and
maintain the integrity of its operations. This includes support for IOMMU, which
is crucial for preventing unauthorized direct memory access (DMA) attacks,
particularly in virtualized environments.
\subsection{Payload}
TODO
\section{Advanced Configuration and Power Interface}
The Advanced Configuration and Power Interface (ACPI) is a critical component
of modern computing systems, providing an open standard for device
configuration and power management by the operating system (OS). Developed in
1996 by Intel, Microsoft, and Toshiba, ACPI replaced the older Advanced Power
Management (APM) standard with more advanced and flexible power management
capabilities\cite{intel_acpi_spec}.
At its core, ACPI is implemented through a series of data structures and
executable code known as ACPI tables, which are provided by the system firmware
and interpreted by the OS. These tables describe various aspects of the system,
including hardware resources, device power states, and thermal zones. The ACPI
Specification outlines these structures and provides the necessary
standardization for interoperability across different platforms and operating
systems\cite{acpi_os_support}. These tables are used by the OS to perform
low-level task, including managing power states of the CPU, controlling the
voltage and frequency scaling (also known as Dynamic Voltage and Frequency
Scaling, or DVFS), and coordinating power delivery to peripherals. \newline
The ACPI Component Architecture (ACPICA) is the reference implementation of
ACPI, providing a common codebase that can be used by OS developers to
integrate ACPI support. ACPICA includes tools and libraries that allow for the
parsing and execution of ACPI Machine Language (AML) code, which is embedded
within the ACPI tables\cite{acpi_programming}. One of the key tools in ACPICA
is the Intel ACPI Source Language (IASL) compiler, which converts ACPI Source
Language (ASL) code into AML bytecode, allowing firmware developers to write
custom ACPI methods\cite{intel_acpi_spec}.
The triggering of ACPI events is managed through a combination of hardware
signals and software routines. For example, when a user presses the power
button on a system, an ACPI event is generated, which is then handled by the
OS. This event might trigger the system to enter a low-power state, such as
sleep or hibernation, depending on the configuration provided by the ACPI
tables\cite{acpi_os_support}. These power states are defined in the ACPI
specification, with global states (G0 to G3) representing different levels of
system power consumption, and device states (D0 to D3) representing individual
device power levels. \newline
\textbf{ASUS KGPE-D16 Example}: The ASUS KGPE-D16 mainboard, which is designed
for server and high-performance computing environments, utilizes ACPI for
managing its power distribution across multiple CPUs and attached peripherals.
ACPI is integral in controlling the power states of various components, thereby
optimizing performance and energy use. Additionally, the firmware on the
KGPE-D16 uses ACPI tables to manage system temperature and fan speed, ensuring
reliable operation under heavy workloads\cite{ASUS_kgpe_d16_manual}.
\section{System Management Mode}
System Management Mode (SMM) is a highly privileged operating mode provided by
x86 processors for handling system-level functions such as power management,
hardware control, and other critical tasks that must be isolated from the OS
and applications. Introduced by Intel, SMM operates in an environment separate
from the main operating system, offering a secure and controlled space for
executing sensitive operations\cite{uefi_smm_security}. \newline
SMM is triggered by a System Management Interrupt (SMI), which is a
non-maskable interrupt that causes the CPU to save its current state and switch
to executing code stored in a protected area of memory called System Management
RAM (SMRAM). SMRAM is a specialized memory region that is isolated from the
rest of the system, making it inaccessible to the OS and preventing tampering
or interference from other software\cite{heasman2007}. Within SMM, the
firmware can execute various low-level functions that require direct hardware
control or need to be protected from the OS. This includes tasks such as
thermal management, where the system monitors CPU temperature and adjusts
performance or power levels to prevent overheating, as well as power management
routines that enable efficient energy usage by adjusting power states based on
system activity\cite{offsec_bios_smm}.
One of the critical security features of SMM is its role in managing firmware
updates and handling system-level security events. Because SMM operates in a
privileged mode that is isolated from the OS, it can securely apply firmware
updates and respond to security threats without being affected by potentially
compromised system software\cite{domas2015}. However, the high privilege level
and isolation of SMM also present significant security challenges. If an
attacker can compromise SMM, they gain full control over the system, bypassing
all security measures implemented by the OS\cite{cyber_smm_hack}. \newline
\textbf{ASUS KGPE-D16 Example}: The ASUS KGPE-D16 mainboard utilizes SMM to
perform critical management tasks that need to be isolated from the operating
system. For example, SMM is used to monitor and manage system health by
responding to thermal events and adjusting power levels to maintain system
stability. SMM operates independently of the main operating system, allowing it
to perform sensitive tasks securely.
\textit{coreboot}, an open-source firmware project, supports SMM, but its
implementation
is typically minimal compared to traditional BIOS/UEFI systems.
In \textit{coreboot}, SMM initialization involves setting up the System Management
Interrupt (SMI) handler and configuring System Management RAM (SMRAM), the
memory region where SMM code executes\cite{brown2003linuxbios}. The extent of
SMM support in \textit{coreboot} can vary significantly depending on the hardware
platform and the specific requirements of the system. \textit{coreboot}'s design
philosophy emphasizes a lightweight and fast boot process, delegating more
complex management tasks to payloads or the operating system itself
\cite{reinauer2008coreboot}.
One of the key challenges with implementing SMM in \textit{coreboot} is ensuring
that
SMI handlers are configured correctly to manage necessary system tasks without
compromising security or performance. \textit{coreboot}'s approach to SMM is
consistent
with its overall goal of providing a streamlined and efficient firmware
solution, leaving more intricate functionalities to be handled by subsequent
software layers\cite{mohr2012comparative}.
\section{AMD Platform Security Processor and Intel Management Engine}
The AMD Platform Security Processor (PSP) and Intel Management Engine (ME) are
embedded subsystems within AMD and Intel processors, respectively, that handle
a range of security-related tasks independent of the main CPU. These
subsystems are fundamental to the security architecture of modern computing
platforms, providing functions such as secure boot, cryptographic key
management, and remote system management\cite{amd_psp_overview}.
The AMD PSP is based on an ARM Cortex-A5 processor and is responsible for
several security functions, including the validation of firmware during boot
(secure boot), management of Trusted Platform Module (TPM) functions, and
handling cryptographic operations such as key generation and storage. The PSP
operates independently of the main x86 cores, which allows it to execute
security functions even when the main system is powered off or compromised by
malware\cite{amd_psp_overview}. The PSP's isolated environment ensures that
sensitive operations are protected from threats that could affect the main OS.
Similarly, the Intel Management Engine (ME) is a dedicated microcontroller
embedded within Intel chipsets that operates independently of the main CPU.
The ME is a comprehensive subsystem that provides a variety of functions,
including out-of-band system management, security enforcement, and support for
Digital Rights Management (DRM) \cite{intel_csme}. The ME's firmware runs on an
isolated environment that allows it to perform these tasks securely, even when
the system is powered off. This capability is crucial for enterprise
environments where administrators need to perform remote diagnostics, updates,
and security checks without relying on the main OS. \newline
The Intel ME, however, has been a source of controversy due to its deep
integration into the hardware and its potential to be exploited if
vulnerabilities are discovered. Researchers have demonstrated ways to hack into
the ME, potentially gaining control over a system even when it is powered off
\cite{blackhat_me_hack}. These concerns have led to calls for greater
transparency and security measures around the ME and similar subsystems.
When comparing Intel ME and AMD PSP, the primary difference lies in their scope
and functionality. Intel ME offers more extensive remote management
capabilities, making it a more comprehensive tool for enterprise environments,
while AMD PSP focuses more narrowly on core security tasks. Nonetheless, both
play critical roles in ensuring the security and integrity of modern computing
systems. \newline
\textbf{ASUS KGPE-D16 Example}: The ASUS KGPE-D16 mainboard does not include
the AMD Platform Security Processor (PSP) or the Intel ME.
\chapter{Memory initialization and training algorithms [WIP]}
\section{Importance of memory initialization}
\begin{itemize}
\item Steps involved in initializing the memory controller
\item Critical role in system stability and performance
\item \textbf{ASUS KGPE-D16 Example}: Memory initialization process on the KGPE-D16 mainboard
\end{itemize}
Memory training involves several steps:
1. **Detection and Initialization**: The BIOS detects the installed memory
modules, determining their size, speed, and type.
2. **Configuration and Timing Setup**: The BIOS configures the memory
controller settings, including timings for memory access such as CAS
latency, RAS to CAS delay, and other parameters\cite{intel_uefi}.
3. **Training and Calibration**: The BIOS performs tests and adjustments to
calibrate the memory system, ensuring stable operation at optimal speeds by
adjusting signal voltages and testing data integrity\cite{wolf2006}.
These steps are crucial for modern systems, where improper memory
configuration can lead to instability, data corruption, or suboptimal
performance.
Memory timings, such as CAS latency, RAS to CAS delay, and others, must be
finely tuned to ensure optimal performance. The BIOS uses a combination of
predefined profiles and dynamic adjustments to achieve the best balance
between speed and stability. Advanced timing optimization involves setting
these parameters to ensure that memory operations are performed with
minimal latency and maximum throughput\cite{russinovich2012}.
\section{Memory training algorithms}
\begin{itemize}
\item Techniques used for training memory
\item Optimization of timings and voltage settings
\item Challenges in multi-core CPU environments
\item \textbf{ASUS KGPE-D16 Example}: Specific algorithms used for memory training in the mainboard and their performance outcomes
\end{itemize}
To optimize memory performance, the BIOS employs various training
algorithms and calibration techniques. These methods test the memory under
different conditions and make necessary adjustments to improve stability
and efficiency. Key techniques include voltage adjustments, data integrity
testing, and signal timing calibration\cite{shin2011}.
Voltage adjustments involve tweaking the power supplied to the memory
modules to ensure reliable operation. Data integrity testing checks that
data can be accurately read and written, while signal timing calibration
fine-tunes the delays between different memory operations to minimize
latency.
\section{Practical examples}
\begin{itemize}
\item Real-world scenarios where firmware played a crucial role in system performance
\item Analysis of firmware updates and their impact on the KGPE-D16 mainboard
\item User experiences and testimonials highlighting the importance of firmware
\item \textbf{ASUS KGPE-D16 Example}: Specific case studies and firmware updates for the mainboard
\end{itemize}
\chapter{Firmware and hardware virtualization [WIP]}
\section{Introduction to hardware virtualization}
\begin{itemize}
\item Definition and purpose of virtualization
\item How firmware interacts with virtualized environments
\item \textbf{ASUS KGPE-D16 Example}: Virtualization capabilities and performance on the mainboard
\end{itemize}
\section{Role of BIOS/UEFI in virtualization}
\begin{itemize}
\item Initialization and configuration for virtual machines
\item Resource allocation and management
\item \textbf{ASUS KGPE-D16 Example}: BIOS/UEFI settings and their impact on virtualization efficiency on the KGPE-D16
\end{itemize}
\section{Security and freedom considerations}
\begin{itemize}
\item Security risks associated with virtualization
\item Measures taken by firmware to mitigate risks
\item \textbf{ASUS KGPE-D16 Example}: Security measures implemented in the mainboard's firmware to support secure virtualization
\end{itemize}
\section{Future trends in firmware and virtualization}
\begin{itemize}
\item Emerging advancements and their impact on firmware
\item Predictions for the evolution of BIOS/UEFI in virtualization
\item \textbf{ASUS KGPE-D16 Example}: Potential future firmware updates and their expected impact on the mainboard's virtualization capabilities
\end{itemize}
\chapter*{Conclusion [WIP]}
\addcontentsline{toc}{chapter}{Conclusion}
\section{Summary of key points}
\begin{itemize}
\item Recap of the evolution and current state of firmware
\item Importance of understanding modern BIOS functionalities
\item \textbf{ASUS KGPE-D16 Example}: Summary of the mainboard's features and firmware contributions
\end{itemize}
\section{Call for action}
\begin{itemize}
\item Advocacy for free software-compatible hardware
\item Encouraging research and development in libre firmware solutions
\item A libre BIOS is very important\cite{coreboot_fsf}.
\end{itemize}
\newpage
% Bibliography
\nocite{*}
\addcontentsline{toc}{chapter}{Bibliography}
\printbibliography
\newpage
\chapter*{\rlap{GNU Free Documentation License}}
\addcontentsline{toc}{chapter}{GNU Free Documentation License}
\begin{center}
Version 1.3, 3 November 2008
Copyright \copyright{} 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
\bigskip
\texttt{<https://fsf.org/>}
\bigskip
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
\end{center}
\begin{center}
{\bf\large Preamble}
\end{center}
The purpose of this License is to make a manual, textbook, or other
functional and useful document ``free'' in the sense of freedom: to
assure everyone the effective freedom to copy and redistribute it,
with or without modifying it, either commercially or noncommercially.
Secondarily, this License preserves for the author and publisher a way
to get credit for their work, while not being considered responsible
for modifications made by others.
This License is a kind of ``copyleft'', which means that derivative
works of the document must themselves be free in the same sense. It
complements the GNU General Public License, which is a copyleft
license designed for free software.
We have designed this License in order to use it for manuals for free
software, because free software needs free documentation: a free
program should come with manuals providing the same freedoms that the
software does. But this License is not limited to software manuals;
it can be used for any textual work, regardless of subject matter or
whether it is published as a printed book. We recommend this License
principally for works whose purpose is instruction or reference.
\begin{center}
{\Large\bf 1. APPLICABILITY AND DEFINITIONS\par}
\end{center}
This License applies to any manual or other work, in any medium, that
contains a notice placed by the copyright holder saying it can be
distributed under the terms of this License. Such a notice grants a
world-wide, royalty-free license, unlimited in duration, to use that
work under the conditions stated herein. The ``\textbf{Document}'', below,
refers to any such manual or work. Any member of the public is a
licensee, and is addressed as ``\textbf{you}''. You accept the license if you
copy, modify or distribute the work in a way requiring permission
under copyright law.
A ``\textbf{Modified Version}'' of the Document means any work containing the
Document or a portion of it, either copied verbatim, or with
modifications and/or translated into another language.
A ``\textbf{Secondary Section}'' is a named appendix or a front-matter section of
the Document that deals exclusively with the relationship of the
publishers or authors of the Document to the Document's overall subject
(or to related matters) and contains nothing that could fall directly
within that overall subject. (Thus, if the Document is in part a
textbook of mathematics, a Secondary Section may not explain any
mathematics.) The relationship could be a matter of historical
connection with the subject or with related matters, or of legal,
commercial, philosophical, ethical or political position regarding
them.
The ``\textbf{Invariant Sections}'' are certain Secondary Sections whose titles
are designated, as being those of Invariant Sections, in the notice
that says that the Document is released under this License. If a
section does not fit the above definition of Secondary then it is not
allowed to be designated as Invariant. The Document may contain zero
Invariant Sections. If the Document does not identify any Invariant
Sections then there are none.
The ``\textbf{Cover Texts}'' are certain short passages of text that are listed,
as Front-Cover Texts or Back-Cover Texts, in the notice that says that
the Document is released under this License. A Front-Cover Text may
be at most 5 words, and a Back-Cover Text may be at most 25 words.
A ``\textbf{Transparent}'' copy of the Document means a machine-readable copy,
represented in a format whose specification is available to the
general public, that is suitable for revising the document
straightforwardly with generic text editors or (for images composed of
pixels) generic paint programs or (for drawings) some widely available
drawing editor, and that is suitable for input to text formatters or
for automatic translation to a variety of formats suitable for input
to text formatters. A copy made in an otherwise Transparent file
format whose markup, or absence of markup, has been arranged to thwart
or discourage subsequent modification by readers is not Transparent.
An image format is not Transparent if used for any substantial amount
of text. A copy that is not ``Transparent'' is called ``\textbf{Opaque}''.
Examples of suitable formats for Transparent copies include plain
ASCII without markup, Texinfo input format, LaTeX input format, SGML
or XML using a publicly available DTD, and standard-conforming simple
HTML, PostScript or PDF designed for human modification. Examples of
transparent image formats include PNG, XCF and JPG. Opaque formats
include proprietary formats that can be read and edited only by
proprietary word processors, SGML or XML for which the DTD and/or
processing tools are not generally available, and the
machine-generated HTML, PostScript or PDF produced by some word
processors for output purposes only.
The ``\textbf{Title Page}'' means, for a printed book, the title page itself,
plus such following pages as are needed to hold, legibly, the material
this License requires to appear in the title page. For works in
formats which do not have any title page as such, ``Title Page'' means
the text near the most prominent appearance of the work's title,
preceding the beginning of the body of the text.
The ``\textbf{publisher}'' means any person or entity that distributes
copies of the Document to the public.
A section ``\textbf{Entitled XYZ}'' means a named subunit of the Document whose
title either is precisely XYZ or contains XYZ in parentheses following
text that translates XYZ in another language. (Here XYZ stands for a
specific section name mentioned below, such as ``\textbf{Acknowledgements}'',
``\textbf{Dedications}'', ``\textbf{Endorsements}'', or ``\textbf{History}''.)
To ``\textbf{Preserve the Title}''
of such a section when you modify the Document means that it remains a
section ``Entitled XYZ'' according to this definition.
The Document may include Warranty Disclaimers next to the notice which
states that this License applies to the Document. These Warranty
Disclaimers are considered to be included by reference in this
License, but only as regards disclaiming warranties: any other
implication that these Warranty Disclaimers may have is void and has
no effect on the meaning of this License.
\begin{center}
{\Large\bf 2. VERBATIM COPYING\par}
\end{center}
You may copy and distribute the Document in any medium, either
commercially or noncommercially, provided that this License, the
copyright notices, and the license notice saying this License applies
to the Document are reproduced in all copies, and that you add no other
conditions whatsoever to those of this License. You may not use
technical measures to obstruct or control the reading or further
copying of the copies you make or distribute. However, you may accept
compensation in exchange for copies. If you distribute a large enough
number of copies you must also follow the conditions in section~3.
You may also lend copies, under the same conditions stated above, and
you may publicly display copies.
\begin{center}
{\Large\bf 3. COPYING IN QUANTITY\par}
\end{center}
If you publish printed copies (or copies in media that commonly have
printed covers) of the Document, numbering more than 100, and the
Document's license notice requires Cover Texts, you must enclose the
copies in covers that carry, clearly and legibly, all these Cover
Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on
the back cover. Both covers must also clearly and legibly identify
you as the publisher of these copies. The front cover must present
the full title with all words of the title equally prominent and
visible. You may add other material on the covers in addition.
Copying with changes limited to the covers, as long as they preserve
the title of the Document and satisfy these conditions, can be treated
as verbatim copying in other respects.
If the required texts for either cover are too voluminous to fit
legibly, you should put the first ones listed (as many as fit
reasonably) on the actual cover, and continue the rest onto adjacent
pages.
If you publish or distribute Opaque copies of the Document numbering
more than 100, you must either include a machine-readable Transparent
copy along with each Opaque copy, or state in or with each Opaque copy
a computer-network location from which the general network-using
public has access to download using public-standard network protocols
a complete Transparent copy of the Document, free of added material.
If you use the latter option, you must take reasonably prudent steps,
when you begin distribution of Opaque copies in quantity, to ensure
that this Transparent copy will remain thus accessible at the stated
location until at least one year after the last time you distribute an
Opaque copy (directly or through your agents or retailers) of that
edition to the public.
It is requested, but not required, that you contact the authors of the
Document well before redistributing any large number of copies, to give
them a chance to provide you with an updated version of the Document.
\begin{center}
{\Large\bf 4. MODIFICATIONS\par}
\end{center}
You may copy and distribute a Modified Version of the Document under
the conditions of sections 2 and 3 above, provided that you release
the Modified Version under precisely this License, with the Modified
Version filling the role of the Document, thus licensing distribution
and modification of the Modified Version to whoever possesses a copy
of it. In addition, you must do these things in the Modified Version:
\begin{itemize}
\item[A.]
Use in the Title Page (and on the covers, if any) a title distinct
from that of the Document, and from those of previous versions
(which should, if there were any, be listed in the History section
of the Document). You may use the same title as a previous version
if the original publisher of that version gives permission.
\item[B.]
List on the Title Page, as authors, one or more persons or entities
responsible for authorship of the modifications in the Modified
Version, together with at least five of the principal authors of the
Document (all of its principal authors, if it has fewer than five),
unless they release you from this requirement.
\item[C.]
State on the Title page the name of the publisher of the
Modified Version, as the publisher.
\item[D.]
Preserve all the copyright notices of the Document.
\item[E.]
Add an appropriate copyright notice for your modifications
adjacent to the other copyright notices.
\item[F.]
Include, immediately after the copyright notices, a license notice
giving the public permission to use the Modified Version under the
terms of this License, in the form shown in the Addendum below.
\item[G.]
Preserve in that license notice the full lists of Invariant Sections
and required Cover Texts given in the Document's license notice.
\item[H.]
Include an unaltered copy of this License.
\item[I.]
Preserve the section Entitled ``History'', Preserve its Title, and add
to it an item stating at least the title, year, new authors, and
publisher of the Modified Version as given on the Title Page. If
there is no section Entitled ``History'' in the Document, create one
stating the title, year, authors, and publisher of the Document as
given on its Title Page, then add an item describing the Modified
Version as stated in the previous sentence.
\item[J.]
Preserve the network location, if any, given in the Document for
public access to a Transparent copy of the Document, and likewise
the network locations given in the Document for previous versions
it was based on. These may be placed in the ``History'' section.
You may omit a network location for a work that was published at
least four years before the Document itself, or if the original
publisher of the version it refers to gives permission.
\item[K.]
For any section Entitled ``Acknowledgements'' or ``Dedications'',
Preserve the Title of the section, and preserve in the section all
the substance and tone of each of the contributor acknowledgements
and/or dedications given therein.
\item[L.]
Preserve all the Invariant Sections of the Document,
unaltered in their text and in their titles. Section numbers
or the equivalent are not considered part of the section titles.
\item[M.]
Delete any section Entitled ``Endorsements''. Such a section
may not be included in the Modified Version.
\item[N.]
Do not retitle any existing section to be Entitled ``Endorsements''
or to conflict in title with any Invariant Section.
\item[O.]
Preserve any Warranty Disclaimers.
\end{itemize}
If the Modified Version includes new front-matter sections or
appendices that qualify as Secondary Sections and contain no material
copied from the Document, you may at your option designate some or all
of these sections as invariant. To do this, add their titles to the
list of Invariant Sections in the Modified Version's license notice.
These titles must be distinct from any other section titles.
You may add a section Entitled ``Endorsements'', provided it contains
nothing but endorsements of your Modified Version by various
parties---for example, statements of peer review or that the text has
been approved by an organization as the authoritative definition of a
standard.
You may add a passage of up to five words as a Front-Cover Text, and a
passage of up to 25 words as a Back-Cover Text, to the end of the list
of Cover Texts in the Modified Version. Only one passage of
Front-Cover Text and one of Back-Cover Text may be added by (or
through arrangements made by) any one entity. If the Document already
includes a cover text for the same cover, previously added by you or
by arrangement made by the same entity you are acting on behalf of,
you may not add another; but you may replace the old one, on explicit
permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License
give permission to use their names for publicity for or to assert or
imply endorsement of any Modified Version.
\begin{center}
{\Large\bf 5. COMBINING DOCUMENTS\par}
\end{center}
You may combine the Document with other documents released under this
License, under the terms defined in section~4 above for modified
versions, provided that you include in the combination all of the
Invariant Sections of all of the original documents, unmodified, and
list them all as Invariant Sections of your combined work in its
license notice, and that you preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License, and
multiple identical Invariant Sections may be replaced with a single
copy. If there are multiple Invariant Sections with the same name but
different contents, make the title of each such section unique by
adding at the end of it, in parentheses, the name of the original
author or publisher of that section if known, or else a unique number.
Make the same adjustment to the section titles in the list of
Invariant Sections in the license notice of the combined work.
In the combination, you must combine any sections Entitled ``History''
in the various original documents, forming one section Entitled
``History''; likewise combine any sections Entitled ``Acknowledgements'',
and any sections Entitled ``Dedications''. You must delete all sections
Entitled ``Endorsements''.
\begin{center}
{\Large\bf 6. COLLECTIONS OF DOCUMENTS\par}
\end{center}
You may make a collection consisting of the Document and other documents
released under this License, and replace the individual copies of this
License in the various documents with a single copy that is included in
the collection, provided that you follow the rules of this License for
verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and distribute
it individually under this License, provided you insert a copy of this
License into the extracted document, and follow this License in all
other respects regarding verbatim copying of that document.
\begin{center}
{\Large\bf 7. AGGREGATION WITH INDEPENDENT WORKS\par}
\end{center}
A compilation of the Document or its derivatives with other separate
and independent documents or works, in or on a volume of a storage or
distribution medium, is called an ``aggregate'' if the copyright
resulting from the compilation is not used to limit the legal rights
of the compilation's users beyond what the individual works permit.
When the Document is included in an aggregate, this License does not
apply to the other works in the aggregate which are not themselves
derivative works of the Document.
If the Cover Text requirement of section~3 is applicable to these
copies of the Document, then if the Document is less than one half of
the entire aggregate, the Document's Cover Texts may be placed on
covers that bracket the Document within the aggregate, or the
electronic equivalent of covers if the Document is in electronic form.
Otherwise they must appear on printed covers that bracket the whole
aggregate.
\begin{center}
{\Large\bf 8. TRANSLATION\par}
\end{center}
Translation is considered a kind of modification, so you may
distribute translations of the Document under the terms of section~4.
Replacing Invariant Sections with translations requires special
permission from their copyright holders, but you may include
translations of some or all Invariant Sections in addition to the
original versions of these Invariant Sections. You may include a
translation of this License, and all the license notices in the
Document, and any Warranty Disclaimers, provided that you also include
the original English version of this License and the original versions
of those notices and disclaimers. In case of a disagreement between
the translation and the original version of this License or a notice
or disclaimer, the original version will prevail.
If a section in the Document is Entitled ``Acknowledgements'',
``Dedications'', or ``History'', the requirement (section~4) to Preserve
its Title (section~1) will typically require changing the actual
title.
\begin{center}
{\Large\bf 9. TERMINATION\par}
\end{center}
You may not copy, modify, sublicense, or distribute the Document
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense, or distribute it is void, and
will automatically terminate your rights under this License.
However, if you cease all violation of this License, then your license
from a particular copyright holder is reinstated (a) provisionally,
unless and until the copyright holder explicitly and finally
terminates your license, and (b) permanently, if the copyright holder
fails to notify you of the violation by some reasonable means prior to
60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, receipt of a copy of some or all of the same material does
not give you any rights to use it.
\begin{center}
{\Large\bf 10. FUTURE REVISIONS OF THIS LICENSE\par}
\end{center}
The Free Software Foundation may publish new, revised versions
of the GNU Free Documentation License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns. See
\texttt{https://www.gnu.org/licenses/}.
Each version of the License is given a distinguishing version number.
If the Document specifies that a particular numbered version of this
License ``or any later version'' applies to it, you have the option of
following the terms and conditions either of that specified version or
of any later version that has been published (not as a draft) by the
Free Software Foundation. If the Document does not specify a version
number of this License, you may choose any version ever published (not
as a draft) by the Free Software Foundation. If the Document
specifies that a proxy can decide which future versions of this
License can be used, that proxy's public statement of acceptance of a
version permanently authorizes you to choose that version for the
Document.
\begin{center}
{\Large\bf 11. RELICENSING\par}
\end{center}
``Massive Multiauthor Collaboration Site'' (or ``MMC Site'') means any
World Wide Web server that publishes copyrightable works and also
provides prominent facilities for anybody to edit those works. A
public wiki that anybody can edit is an example of such a server. A
``Massive Multiauthor Collaboration'' (or ``MMC'') contained in the
site means any set of copyrightable works thus published on the MMC
site.
``CC-BY-SA'' means the Creative Commons Attribution-Share Alike 3.0
license published by Creative Commons Corporation, a not-for-profit
corporation with a principal place of business in San Francisco,
California, as well as future copyleft versions of that license
published by that same organization.
``Incorporate'' means to publish or republish a Document, in whole or
in part, as part of another Document.
An MMC is ``eligible for relicensing'' if it is licensed under this
License, and if all works that were first published under this License
somewhere other than this MMC, and subsequently incorporated in whole
or in part into the MMC, (1) had no cover texts or invariant sections,
and (2) were thus incorporated prior to November 1, 2008.
The operator of an MMC Site may republish an MMC contained in the site
under CC-BY-SA on the same site at any time before August 1, 2009,
provided the MMC is eligible for relicensing.
\begin{center}
{\Large\bf ADDENDUM: How to use this License for your documents\par}
\end{center}
To use this License in a document you have written, include a copy of
the License in the document and put the following copyright and
license notices just after the title page:
\bigskip
\begin{quote}
Copyright \copyright{} YEAR YOUR NAME.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled ``GNU
Free Documentation License''.
\end{quote}
\bigskip
If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
replace the ``with \dots\ Texts.''\ line with this:
\bigskip
\begin{quote}
with the Invariant Sections being LIST THEIR TITLES, with the
Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.
\end{quote}
\bigskip
If you have Invariant Sections without Cover Texts, or some other
combination of the three, merge those two alternatives to suit the
situation.
If your document contains nontrivial examples of program code, we
recommend releasing these examples in parallel under your choice of
free software license, such as the GNU General Public License,
to permit their use in free software.
\end{document}
Reference in New Issue View Git Blame Copy Permalink