Documentation is now handled by the same processes we use for code: Add something to the Documentation/ directory in the coreboot repo, and it will be rendered to https://doc.coreboot.org/. Contributions welcome!
This mechanism permits to test and recover from certain non-booting coreboot images.
This works by having two coreboot images in the same flash chip:
This feature is not widely tested on all boards. It also requires it to have a reboot_counter exported in the CMOS layout.
This also doesn't protect against human errors when using such feature, or bugs in the code responsible for switching between the two images.
Coreboot increments a reboot count at each boot but never clears it. What runs after coreboot is responsible for that.
That way, the count can be cleared by the OS once it's fully booted.
If a certain threshold<ref>Defined by CONFIG_MAX_REBOOT_CNT, typically 3</ref> is attained at boot, coreboot will boot the fallback image.
Because we uses two images, it's easy to wrongly identify which image booted:
To configure it for fallback, do:
$ make menuconfig
Then in "General setup --->", near the top use "fallback" in "CBFS prefix to use":
(fallback) CBFS prefix to use
Then near the bottom, make sure to have:
[ ] Update existing coreboot.rom image
And in the "Chipset --->" menu at the bottom:
Bootblock behaviour (Switch to normal if CMOS says so) ---> [*] Do not clear reboot count after successful boot
You can then build the fallback image with the fallback.sh script.
To configure it for normal, do:
$ make menuconfig
Then in "General setup --->", near the top use "normal" in "CBFS prefix to use":
(normal) CBFS prefix to use
Then near the bottom, make sure to have:
[*] Update existing coreboot.rom image
And in the "Chipset --->" menu at the bottom:
Bootblock behaviour (Switch to normal if CMOS says so) ---> [*] Do not clear reboot count after successful boot
You can then build with the normal part with the normal.sh script. It takes an existing coreboot image as argument.
An approach is to run switch-to-normal.sh before trying an image. It's however more error prone than the systemd approach because:
#!/bin/sh nvramtool -w boot_option=Normal nvramtool -w reboot_counter=0
#!/bin/sh nvramtool -w boot_option=Fallback nvramtool -w reboot_counter=15
(Assuming that 15 is the maximum that can be stored in reboot_counter.)
Here we use systemd to automatically reset the boot counter after each successful boot (or resume).
We are then supposed to use the normal image daily and only resort to fallback in case of issues.
To install it, first install nvramtool (from coreboot sources):
$ cd util/nvramtool $ make $ sudo make install
Then add the following systemd units at their respective paths:
Then enable them with:
$ sudo systemctl enable coreboot@boot.service $ sudo systemctl start coreboot@boot.service $ sudo systemctl enable coreboot@resume.service $ sudo systemctl start coreboot@resume.service
This linux driver can have some bad interactions with the fallback/normal mecanism: when using it with the volume_control=1 option, volume_mode=1 is required, otherwise after shutting down the computer, it will always boot from fallback.
This might be because as the default settings of volume_mode touches the nvram, it probably corrupts it at shutdown when saving the alsa state of the volume buttons "sound card" (called EC Mixer). Then at boot, coreboot will detects a corrupted nvram and restore its valid defaults.
<references/>