Compiling coreboot firmware
Command Line – coreboot
Coreboot lets you build your own custom firmware while learning more about Linux.
The open source alternative to BIOS and UEFI, coreboot is often praised for its speed and security [1]. However, just as important is the accessibility of its firmware. According to the coreboot website, "The architecture of coreboot is designed to have an unbrickable update process. Updating firmware should be no more dangerous than installing your favorite app on your mobile phone." As the major result of this goal, users can choose to customize their own firmware. Much like customizing the Linux kernel, the process is lengthy but mostly a matter of following instructions in the thorough documentation. Although the documentation is oriented towards Debian, it can easily be transposed to other distributions, the main difference being the occasional difference in the names of some of the necessary packages.
You may want to build your own firmware for several reasons. You might want to install coreboot on a machine that already has its own BIOS or UEFI. If your machine already uses coreboot, you might want to tweak it to better suit your needs. For example, you may prefer to turn off virtualization support in order to get every bit of performance from your machine. Sometimes, too, an unsupported mainboard might be usable with a few experimental tweaks. Perhaps the main reason is that building coreboot firmware can satisfy your curiosity about a technology that is still unfamiliar to most Linux users.
Despite the project's goals, some chance exists that you could brick your machine. Should that happen, another attempt at coreboot customization or the manufacturer's firmware may restore functionality. All the same, before flashing your custom firmware, you should make sure you have a current backup and thoroughly research what you are doing before you begin.
Preparing to Build
A work in progress, coreboot must be tailored to each mainboard. While several hundred mainboards are supported, you should check that your mainboard is supported before you build your own firmware. The project claims that its list of supported boards is current to within the last hour [2], and some hardware manufacturers maintain their own documentation. Some entries have an upstream link to an existing version of the firmware you can work with, following coreboot's documentation [3].
You will also need the tools to build the firmware. On Debian, run the command:
apt-get install git build-essential gnat flex bison libncurses5-dev wget zlib1g-dev
This collection of packages includes the necessary compiler and other tools needed to build the firmware. You will also need Git to access coreboot's files. You may also want to install Doxygen in order to read package documentation. If you have a compiler preference, GCC, G++, or gcc-multilib can replace gnat
. If you use Clang or LLVM as a compiler, you should also add CMake. Similarly, if your hardware uses Advance Configuration and Power Interface (ACPI) for power management, add iasl
. If you want a better graphical display when building, add ncurses-dev. For many users, the command above should be all you need. With other distributions, you may have to search for slightly different names.
Build Steps
You can build coreboot on any machine. The process will not alter your machine until you flash the resulting firmware. To begin the build, clone the coreboot files and switch to the directory created for them:
git clone https://review.coreboot.org/coreboot cd coreboot git submodule update --init --checkout
The last command checks out a sub-repository for your use (Figure 1).
The final preparation stage is to build the toolchain. This step is necessary because different distributions include different toolchains. To prevent any problems, coreboot creates its own patched version of GCC, including all dependencies. Enter:
make crossgcc-i386
The process can take 10-15 minutes, depending on the machine (Figure 2).
Building Custom Firmware
To build efficiently, you most likely need your hardware's specifications. If you no longer have the specifications or cannot find them online, you can still attempt to build, although success may take several tries. For practice, you might want to follow one of the online tutorials for the Qemu emulator, which requires fewer configuration choices [4].
From the directory with the source code, enter make menuconfig
to display a text-based interface (Figure 3). Alternatively, if ncurses is installed, enter make nconfig
for a more user-friendly menu. Detailed instructions are available in the coreboot documentation, although for some settings you may be able to accept the defaults. For a system with native graphics, follow the generic instructions in Figure 4, entering the information for your hardware. For non-native graphics, enter the information in Figure 5. Note that for some Intel and AMD boards, you may need to provide files from the vendor. These vendor files are most likely necessary for older hardware, because manufacturers are increasingly cooperating with the coreboot project.
The payload is the code that loads an operating system in the final stage of starting a machine with coreboot. You can use the default payload SeaBIOS or one of the other payloads [5]. Increasingly, hardware vendors like System76 and Star Labs provide their own payloads, which may be necessary in order to use some of their utilities or apps. However, you can build successfully with other payloads as well.
When you have made all your choices, press Esc to exit the menu and save your choices. Then enter make
from the directory that contains coreboot and any vendor or payload files (Figure 6). At the end of the build process, make
indicates success or failure, listing errors that you can correct with some research before making another attempt. Only flash a successful result, never a failed one.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.