In cooperation with one of our customers, we enabled a modern Intel Coffee Lake Platform with coreboot. The platform supports Intel's 8th/9th generation processors with up to 16 cores. The platform itself supports a variety of features:
- Intel 8th/9th Generation Processors
- Intel C246 Chipset
- 4 DIMMs DDR4 (up to 64GB) Memory
- 4 SATA Ports
- 5 Dedicated Ethernet Ports
- 3 Optional Display Ports
- 2 COM Port Headers and 1 Rear COM Port
- BMC Aspeed AST2500
- Optional TPM 2.0
It can be either used in workstations or in entry-level server systems.
The source code can be found upstream in the coreboot project and is licensed under the GPLv2.
The coreboot port itself is pretty much straight forward with the usual fixups. We had to make some changes to the enhanced security requirements that this project required.
First we modified the SMMStore in coreboot do enhance security. Multiple patches have been applied to the SMMSTORE Version 2. There fore we had to implement multiple helper functions to verify the user-provided pointers to protect the integrity of the SMM and the whole BIOS Firmware.
In addition, wide-ranging changes to the EDK2 payloads have been made in order to support the restructured SMMSTORE V2. We also rebased the MrChromeBox EDK2 branch which has several coreboot specific patches on top of the EDK2 master branch which is now hosted in our own 9elements github repository. The basis of the work was done here by System76 - thanks!
coreboot commits:
https://review.coreboot.org/c/coreboot/+/38303
https://review.coreboot.org/c/coreboot/+/41081
https://review.coreboot.org/c/coreboot/+/39454
https://review.coreboot.org/c/coreboot/+/39875
https://review.coreboot.org/c/coreboot/+/40756
https://review.coreboot.org/c/coreboot/+/41083
https://review.coreboot.org/c/coreboot/+/41334
https://review.coreboot.org/c/coreboot/+/40520
https://review.coreboot.org/c/coreboot/+/40856
https://review.coreboot.org/c/coreboot/+/41507