It has a number of gaps, but it is mostly there. It doesn't build, it doesn't have source for some of the service calls iirc (SVC_.*), and the AGESA source isn't open (though a replacement is in progress, openSIL).
This is a ridiculously cool blogpost. Thanks for sharing. Lots of detail.
Since you've looked at the firmware there quite a lot would you be able to share if you noticed if ES/QS CPUs have different configurations in the firmware or if it's just a matter of duplicating and renaming so that they're recognized?
I did not have any encounters with ES CPUs from AMD. I just remember my experience with Intel ES CPUs, which used a different set of keys for blob signing. I connected the dots and assumed that this is also true for AMD.
It is not about the configuration but rather a key burned into the CPU silicon that is used to verify the key used in blobs and the signatures of the blobs.
I can't wait for a modern system with an open firmware. Just so that there would be any hope for bugfixes outside "works for (default configuration) Windows".
It's all about incentives. My laptop spends good five seconds after each power-on (or resume from suspend-to-disk), showing me giant vendor's logo and doing nothing else.
Surely, open firmware could skip that and boot faster - if vendor would allow an escape hatch from the "secure boot" hell. But why would they expend effort on something 99.9% of users don't care about, and give up free ads in the process, too?
Good post on troubleshooting the failure to boot, but from the title I was kind of hoping for something like decryption and analysis of the blobs' contents, rather than just metadata. Very "cool" that 3 megabytes of unauditable malware (the public blobs) are still not enough to even boot the platform...
strstr|5 months ago
It has a number of gaps, but it is mostly there. It doesn't build, it doesn't have source for some of the service calls iirc (SVC_.*), and the AGESA source isn't open (though a replacement is in progress, openSIL).
miczyg|5 months ago
renewiltord|5 months ago
Since you've looked at the firmware there quite a lot would you be able to share if you noticed if ES/QS CPUs have different configurations in the firmware or if it's just a matter of duplicating and renaming so that they're recognized?
miczyg|5 months ago
It is not about the configuration but rather a key burned into the CPU silicon that is used to verify the key used in blobs and the signatures of the blobs.
Avamander|5 months ago
kees99|5 months ago
Surely, open firmware could skip that and boot faster - if vendor would allow an escape hatch from the "secure boot" hell. But why would they expend effort on something 99.9% of users don't care about, and give up free ads in the process, too?
kaszanka|5 months ago
pietrushnic|5 months ago
[deleted]
paulhart|5 months ago
[deleted]