Coreboot Update for APU1
-
It's an AMD CPU, it was never affected by meltdown and there is no firmware fix for meltdown. The spectre mitigations require both an updated CPU microcode as well as OS support. AFAIK this combination doesn't exist for pfsense and the T40E in the APU. (If it did, the OS is capable of loading the microcode update regardless of the firmware.)
Short answer: you're wasting your time.
-
thats a good one
thank you -
@vamike said in Coreboot Update for APU1:
Short answer: you're wasting your time.
I did the update myself and, as noted before, there are severe benefits for doing so. Booting from previously unsupported mSATA drives for example.
For me it was absolutely worth it. -
@jahonix said in Coreboot Update for APU1:
@vamike said in Coreboot Update for APU1:
Short answer: you're wasting your time.
I did the update myself and, as noted before, there are severe benefits for doing so. Booting from previously unsupported mSATA drives for example.
For me it was absolutely worth it.Sure, if you need functionality in a newer version then go for it. If you're doing it for vague reasons of "security", no.
-
Just updating this, I upgraded to v4.10.0.0 on the APU1 as sold by Netgate. No problems thus far with the Coreboot code.
BUT! I updated using flashrom directly from pfSense 2.5 and it did not go smoothly:
[2.5.0-DEVELOPMENT][root@apu.stevew.lan]/root: flashrom -p internal -c MX25L1605A/MX25L1606E/MX25L1608E -w apu1_v4.10.0.0.rom flashrom v1.0 on FreeBSD 12.0-RELEASE-p8 (amd64) flashrom is free software, get the source code at https://flashrom.org Using clock_gettime for delay loops (clk_id: 4, resolution: 70ns). coreboot table found at 0xdfd79000. Found chipset "AMD SB7x0/SB8x0/SB9x0". Enabling flash write... OK. Found Macronix flash chip "MX25L1605A/MX25L1606E/MX25L1608E" (2048 kB, SPI) mapped at physical address 0x00000000ffe00000. Reading old flash chip contents... done. Erasing and writing flash chip... AMD SPI FIFO pointer corruption! Pointer is 0, wanted 2 Something else is accessing the flash chip and causes random corruption. Please stop all applications and drivers and IPMI which access the flash chip. RDSR failed! AMD SPI FIFO pointer corruption! Pointer is 1, wanted 0 Something else is accessing the flash chip and causes random corruption. Please stop all applications and drivers and IPMI which access the flash chip. spi_nbyte_program failed during command execution at address 0x1eb9 Reading current flash chip contents... AMD SPI FIFO pointer corruption! Pointer is 1, wanted 3 Something else is accessing the flash chip and causes random corruption. Please stop all applications and drivers and IPMI which access the flash chip. Can't read anymore! Aborting. FAILED! Uh oh. Erase/write failed. Checking if anything has changed. Reading current flash chip contents... done. Apparently at least some data has changed. Your flash chip is in an unknown state. Get help on IRC at chat.freenode.net (channel #flashrom) or mail flashrom@flashrom.org with the subject "FAILED: <your board name>"! ------------------------------------------------------------------------------- DO NOT REBOOT OR POWEROFF!Ultimately I was able to recover by reflashing my backup image after several attempts.
I did manage to update using flashrom from single user mode, that seemed to go through no problem.
I would not recommend updating Coreboot from a 2.5 snapshot at this time.
Steve
-
S stephenw10 referenced this topic on
-
S stephenw10 referenced this topic on
