summaryrefslogtreecommitdiff
path: root/resources/coreboot
AgeCommit message (Collapse)Author
2023-09-04merge config/ and resources/Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-04move ifd/gbe configs into config/ifd/Leah Rowe
it doesn't really make sense for them to be under blobs/ - nominally, they are blobs, but they are well-understood data files containing config data, that is easily parsed by tools like ich9show or ifdtool (and tools like bincfg or nvmutil) blobs/ has been re-purposed: this directory no longer exists in lbmk, but it is created (and on .gitignore) when needed, by blobutil thus, the blobs/ directory shall only contain vendor files, and only those files that libreboot scrubs from releases. therefore, build/release/src can (and has been) simplified; it currently copies just the ifd and gbe files from blobs/, selectively, and this logic is quite error prone, requiring maintenance. now, the build/release/src script simply copies config/ (which only ever contains distributable files) and entirely ignores the blobs/ directory the blob download script already creates the required directory, except for the sch5545 download; this is now fixed lbmk code size is slightly smaller, due to this patch Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-03run make oldconfig on coreboot/default mainboardsLeah Rowe
the resulting changes are what i will push. this prevents the coreboot build system from asking for user input. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-03ich9m mainboards: use pre-assembled ifd/gbe filesLeah Rowe
This cuts down on build time, and it will allow libreboot to remove large chunks of code. these ifd/gbe configs are just binary-encoded config files, in a format well-understood. they can easily be opened up and displayed, using ich9show or ifdtool, and manipulated by these tools; bincfg can generate them from scratch, and nvmutil can change mac addresses, for example. so, do this and remove from lbmk the following: * ich9utils (which contains ich9gen) - not needed anymore * code in lbmk for handling ich9gen and insertions; the coreboot build system is now used, for this same purpose, so remove such code from lbmk this results in a massive code size reduction (thousands of lines) in lbmk; smaller when only looking at the build system, but much larger when you consider that ich9utils is also removed (about 3k sloc) Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-03Add Dell Latitude E6430Nicholas Chin
This was only tested on the iGPU model, though a dGPU model does exist. The vendor firmware used a 16KiB gbe.bin, which was modified with a random MAC address as well as shrinking it to 8KiB. As with the E6400, GRUB doesn't like the way the EC implements the keyboard controller and thus GRUB payloads are disabled at this time. Suspend does not currently work, and this is believed to be due to the EC controlling the DRAM reset gate which is required to prevent DRAM from being reset on resume. With some tweaks, the e6400-flash-unlock utility also works on this system, though both flash chips can be accessed through removal of only the keyboard. Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
2023-09-03don't support ucode removal on untested targetsLeah Rowe
i have in fact tested whether many of these targets (ivy, sandy and haswell on intel) boot without microcode, and many do, but it's not as well tested the older targets like i945, x4x, pineview and gm45 are well-tested without microcode; ditto fam10/15h amd. lbmk supports providing roms with and/or without microcode. for the targets touched in this commit, lbmk now only provides images with microcode included by default. manual removal (with cbfstool) is still possible, if you want to do that. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-02coreboot/e6400: support nvidia modelsLeah Rowe
The same ROM images that you flash on Intel GPU variants, are now flashed on Nvidia models. The same ROM will work on both. If an Intel GPU variant is present, libgfxinit is used, and the VGA ROM is used if an Nvidia GPU variant; however, release ROMs will scrub the nvidia option ROM, so release ROMs will only work on Intel GPUs unless you run the blobutil inject command. I decided to no longer have this under WIP, but to put it in master. The issue with it pertains to video drivers, which is not Libreboot's problem. Nouveau crashes under Linux, so use "nomodeset" if it does. The "nv" drivers in BSD systems work very well. The nvidia model of E6400 isn't recommended for other reasons, namely: poor thermal cooling (thermal pad on the GPU) and that Nvidia GPU doesn't get very good performance on any libre drivers anyway. The Intel GPU variant is better, in terms of power efficiency and software support; the intel variant also works with native graphics initialisation in coreboot. This board port already only enables SeaBIOS, which will simply execute the VGA ROM. Blobutil already supports reading the config, detecting that a VGA ROM is needed, because that part of the WIP E6400 branch was already merged in lbmk master. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-27enable memtest86plus on various boardsLeah Rowe
d510mo, g43t-am3 and ga-g41m-es2l did not have the memtest86+ payload enabled enable it! Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-27x86 desktops: only enable seabios_withgrubLeah Rowe
and only where grub was already enabled; on boards that did not enable grub, grub is still disabled on desktops, it's possible that the user may insert a graphics card. if their first payload was grub, it won't work because lbmk doesn't configure coreboot itself to execute vga roms at present i found when testing t1650 (dell) that if a vgarom is loaded from seabios (from a graphics card), the grub payload still works; if booting in corebootfb mode, text mode is still used when booting with the card to decrease the probability of bricks with any given set of users, make seabios the only payload that starts first, but make grub available in the esc menu on seabios it's possible to add a bootorder file and disable the seabios menu, if you only want a grub payload accessible Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-22hp8300usdt: enable mSATARiku Viitanen
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
2023-08-19remove board: qemu_x86_12mb (not usable for now)Leah Rowe
x86 u-boot is a bit flaky and this board never builds. re-add it ot a later date. u-boot is only really used in arm machines, for our purposes at least. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-19consolidate u-boot/seabios/coreboot build scriptsLeah Rowe
See file: resources/scripts/build/defconfig/for It is based on: resources/scripts/build/payload/u-boot The u-boot payload script has been deleted, as has the seabios payload script; the build/boot/roms logic has been heavily simplified too, by removing the logic for building of elf files based on defconfig. SeaBIOS, U-Boot and coreboot all use defconfig-type infrastructure for their build systems, and they are fundamentally the *same* in how to compile each codebase, at least in an lbmk context, regardless of actual (and very huge) differences in these codebases. Several hundred sources-lines of code have been eliminated by this change, drastically simplifying everything; U-Boot payload compiling also now errors out when a single build fails, instead of continuing. Also: build/boot/roms no longer re-compiles a coreboot target that was already compiled, which is the same behaviour observed for payloads. (this means you must now manually delete a target, when you wish to re-build it; the build/boot/roms logic now more or less just runs cbfstool; blobutil is handled from build/defconfig/for) ALSO: Since crossgcc is now handled by build/defconfig/for, not build/boot/roms, standalone compiling of u-boot is now possible. This has been tested. You compile it like so: ./build defconfig for u-boot or specific trees, e.g. ./build defconfig for u-boot default One other consequence of this patch is that re-building the same ROM image is now much faster, because the same builds are re-used unless deleted. This could be useful when testing grub.cfg changes, for example, if that's all you change. With things like ccache used (not yet used robustly in lbmk), this could speed things up more, depending on the codebase. This patch demonstrates the raw power of lbmk; it is a very simple and highly efficient build system, and now much more so! Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-17coreboot/fam15h: fix for gcc/gnat buildingAdrien 'neox' Bourmault
With newer hostcc, trying to build GCC 8.3.0 will raise an error from ld: undefined reference to `__gnat_begin_handler_v1' This commit adds a patch for GCC found on coreboot [1] correcting this error by backporting the GNAT exception handler v1 to GCC 8.3.0 allowing GNAT to be built with newer hostcc like GCC 10+. [1]https://review.coreboot.org/c/coreboot/+/42158 Signed-off-by: Adrien 'neox' Bourmault <neox@gnu.org> Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2023-08-16merge coreboot/u-boot download logic to one scriptLeah Rowe
they are fundamentally the same, in an lbmk context. they are downloaded in the same way, and compiled in the same way! (Kconfig infrastructure, board-specific code, the way submodules are used in git, etc) ~200 sloc reduction in resources/scripts the audit begins Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-14NEW BOARD: HP EliteBook 8470p (Intel GPU)Leah Rowe
Intel GPU! The AMD ones will be tested, but assume Intel-only for now. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-14NEW BOARD: Dell Precision T1650Leah Rowe
Very nice ivybridge board that supports ECC RAM. NOTE: I couldn't get onboard graphics working yet, but this was confirmed working with a graphics card (in my case nvidia quadra k420) booted in text mode on the SeaBIOS payload. The GRUB payload also works, when loaded from SeaBIOS. Therefore, this is a SeaBIOS-only board (as far as first payload is concerned), but you can pick GRUB from the menu. You could make it "GRUB-only" in practise by setting SeaBIOS boot order to only load GRUB, and disable the SeaBIOS menu. We refer to this as "SeaGRUB". I've made lbmk use biosutilities and uefiextract, to get at the SMSC SCH5545 Environmental Control (EC) firmware. This firmware is needed for fan control. This is automatically downloaded and extracted, from Dell UEFI firmware updates. As with other blobs such as Intel ME, this firmware is then scrubbed by the release build scripts. The blobutil "inject" script can be used to re-insert it. Of note: there is no fixed offset, but no other blobs to be inserted in CBFS either, so the offset when re-inserting on release ROMs should still be the same, and thus the ROM checksums should match, when running blobutil inject. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-09NEW BOARD: HP EliteBook 2170pLeah Rowe
Another ivybridge platform, added in coreboot recently. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-06coreboot/default: bump revision to 2 August 2023Leah Rowe
coreboot revision: d86260a134575b083f35103e1cd5c7c7ad883bce from 2 August 2023 The patches were updated. HP 8300 USDT has now been merged upstream, so that patch is no longer included in lbmk. SD card fix for E6400 merged upstream, so now it's removed in lbmk. The nvidia E6400 patch (devicetree.cb) has not yet merged upstream. The ifdtool --nuke option has been rebased. Patches as follow-ups to earlier patches removed; for example, patches that set VRAM to 352MB on GM45 have been removed, and replaced with patches that just set 256MB in the first place (this is more stable). This was mostly a clean rebase, of all the patches. It went smooth. I haven't updated cros/haswell yet; the 4.11_branch revision used on fam15h will also remain, for now. The coreboot configurations have been updated, for this new revision of coreboot. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-22coreboot/fam15h: remove unused filesLeah Rowe
they were taken from c-libreboot, but they are not needed here (deblob-check files) Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-16coreboot/fam15h: re-enable microcode updatesLeah Rowe
this was taken from old libreboot. the last libreboot revisions that had these boards were under the old policy. i left microcode disabled at first, because the old coreboot 4.11 behaviour was to always insert microcode regardless, so old libreboot patched out microcode from the coreboot build system however, 4.11_branch appears to actually honour microcode configuration, so i do actually need to make sure it's enabled in configs Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-16board/qemu_x86: don't enable u-bootLeah Rowe
it's a bit buggy when building. disable for now. will re-visit later. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-16coreboot/haswell: fix acpica downloadsLeah Rowe
the upstream link died. this patch makes it grab the acpica tarball (for iasl) via libreboot rsync, where i've added the corresponding tarball Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-16coreboot: re-add asus kgpe-d16/kcma-d8/kfsn4-dreLeah Rowe
Libreboot 20220710 was the last release to support these boards. I plan to eventually port code differences between D8/D16 to Dasharo, for KCMA-D8 support in Dasharo, to then use in Libreboot for both KCMA-D8 and KGPE-D16, but I have no plans to update the KFSN4-DRE code, at least for now. Libreboot 20220710 used coreboot 4.11, whereas this patch makes use of coreboot 4.11_branch; the crossgcc toolchains no longer compile on modern distros, so I spent time patching those (tested in Debian Sid, will also work on Arch Linux and so on). The acpica downloads now fail, in 4.11_branch, because Intel made some changes upstream for these tarball downloads. Newer coreboot works around this by grabbing tarballs from github, itself a non-ideal solution, but I digress; this patch changes coreboot crossgcc (in 4.11_branch) to download the acpica tarball from libreboot rsync, where I've added it. This patch also re-introduces the PIKE2008 fix, where empty option ROMs for these are inserted into CBFS. This prevents SeaBIOS from loading the real option ROMs, which would cause SeaBIOS to hang. This means that SAS drives are not supported in SeaBIOS, for these boards in Libreboot. I previously said, in the Censored Libreboot c20230710 announcement, that I would *only* merge D8/D16 when I've added Dasharo support to Libreboot, and use that, but the work to make coreboot 4.11_branch compile is something I'm quite proud of and I see no reason to exclude from lbmk master branch. Honestly, there's not much different than 4.11, code-wise. I *probably* won't use 4.11_branch for the next Libreboot release, on D8/D16. By then, I might have Dasharo integrated in lbmk instead. We shall see. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-16coreboot/cros: fix acpica downloadsLeah Rowe
upstream died. i put the corresponding tarball on libreboot rsync. this is used by the coreboot build system, specifically in crossgcc (cross compilers) Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-25Revert "Revert "Add 4MB version of HP 8200 SFF""Leah Rowe
This reverts commit 2099545078d5a5586743d32b2470a296b66cb5c7. Wasn't this config's fault, the problem happens elsewhere too. I'm going to revert build/boot/roms to an older version and backport a few recent changes, to see if that fixes the problem. If it does, then I know that the recent linker issues happen due to recent changes in build/boot/roms The linker errors typically appear in util/kconfig/ but can happen elsewhere, seemingly random, which means I'm not handling distclean properly. Something isn't getting cleaned properly. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-25Revert "Add 4MB version of HP 8200 SFF"Leah Rowe
This reverts commit 0f7a5386b9219111418a8de8637039c8533d99ea. Random linker errors, must investigate after release. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-22cros: Disable coreboot related BL31 featuresAlper Nebi Yasak
I don't know why, but removing this BL31 make argument lets gru-kevin power off properly when shut down from Linux. Needs investigation. Do it as a cros-only HACK patch so people don't have to hold the power button after every shutdown. Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2023-06-20re-add gigabyte/ga-g41m-es2lLeah Rowe
turns out it's just picky ram. errant reports of "no boot" (users did not have debug dongles) were likely "bad" ram notes will be written on libreboot.org about this Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-20nuke boards: delete nyan* (for now)Leah Rowe
not well-tested, and existing testing has revealed video issues on some of them (or just no boot) for now, retain only qemu and gru-* on arm Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-19board/t440p_12mb: rename to t440plibremrc_12mbLeah Rowe
t440pmrc_12mb is the blob one. t440p_12mb is the libre one, but this isn't clear. rename accordingly. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-19build/boot/roms: Support removing microcodeLeah Rowe
From now on, the following rules are available for all mainboards, in resources/coreboot/boardname/board.cfg: * blobs_required="n" or "y" * microcode_required="n" or "y" The blobs setting, if set to "n", simply renames filename.rom to filename_noblobs.rom. The microcode setting, if set to "n", copies the ROM (with or without _noblobs) to filename_nomicrocode.rom (if blobs="n", it would be filename_noblobs_nomicrocode.rom). Where "nomicrocode" is set, ROMs with microcode will still be provided by lbmk and in relesase, but ROMs will also be provided alongside it that lacks any microcode updates. If the *original* ROM already lacks microcode updates, then the original ROM will be *renamed* to include "nomicrocode" in the name. This is done on images for ARM platforms, for instance, where microcode is never used whatsoever. Example filenames now generated: seabios_e6400_4mb_libgfxinit_corebootfb_noblobs_nomicrocode.rom seabios_e6400_4mb_libgfxinit_corebootfb_noblobs.rom seabios_withgrub_hp8300usdt_16mb_libgfxinit_corebootfb_colemak_nomicrocode.rom seabios_withgrub_hp8300usdt_16mb_libgfxinit_corebootfb_colemak.rom uboot_payload_gru_kevin_libgfxinit_corebootfb_noblobs_nomicrocode.rom A vocal minority of people were not happy with some of the changes made in Libreboot last year, including on existing supported hardware from before those changes were made. I did this before the last release, out of respect: https://libreboot.org/news/gm45microcode.html (re-add mitigations for no-microcode setup on GM45) This new change is done as an further, extended courtesy. Tested and works fine. (testing using cbfstool-print) Actual Libreboot policy about binary blobs is nuanced. See: https://libreboot.org/news/policy.html (reduction policy) and: https://libreboot.org/freedom-status.html (implementation) Well, the status page talks about descriptor vs non-descriptor on Intel platforms, and where me_cleaner is used (on platforms that need Intel ME firmware), it regards the descriptored setups to be blob-free if coreboot does not require binary blobs. In this paradigm, microcode updates are not considered to be binary blobs, because they aren't technically software, they're more like config files that just turn certain features on or off within the CPU. However, for lbmk purposes, "noblobs" means that, after the ROM is fully ready to flash on the chip, there will be no blobs in it (except microcode). So for example, an X200 that does not require ME firmware is considered blob-free under this paradigm, even though Libreboot policy regards X230 as equally libre when me_cleaner is used; in this setup, ROMs will not contain "blobfree" in the filename, for X230 (as one example). Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-17Add HP 8300 USDTRiku Viitanen
Still on Gerrit. ME downloader failed with HP update file, so let's just use Lenovo's instead. Both contain identical ME8_5M_Production.bin files. Tested and working: * Native raminit with both DIMMs * Libgfxinit textmode and framebuffer on both DisplayPorts and VGA * External USB2 and USB3 ports: they all work * USB 3.0 SuperSpeed (rear, 4 ports) * Ethernet * Mini-PCIe WLAN * SATA: 2.5" SSD and optical drive bay * SeaBIOS and GRUB (boot to linux) * PS/2 keyboard and mouse * S3 suspend and resume, wake using USB keyboard * Headphone output, line out, internal speaker * Wake on LAN * Rebooting * CMOS options & nvramcui Untested: * Line in, mic input * MXM graphics card * EHCI debug Not working: * Mini-PCIe USB: I couldn't get it working on vendor BIOS either, so maybe it just isn't present * PS/2 keyboard wake from S3 * mSATA (I have no mSATA drives)
2023-06-16Add HP Elitebook 2570pRiku Viitanen
Tested with Johan Ehnberg (johan@molnix.com) The following is tested and confirmed working: - backlight control - touchpad - USB (external, smart card, fingerprint, bluetooth, webcam, WWAN) - touchpad - Wi-Fi - 2,5" SATA - USB 3.0 - SD card - Memory: 2+2 (matched or unmatched), 8+2, 8+8 - internal flashing from libreboot - SeaBIOS and GRUB payloads - Boots Devuan and Ubuntu Untested: - ExpressCard - DVD - dock - external displays - eSATA - trackpoint (not present on this aftermarket keyboard)
2023-06-12resources/coreboot/default/patches: Add patch for E6400 SD cardNicholas Chin
This fixes the PCI interrupt routing tables for the E6400 so that the SD card works. It is already merged in upstream but libreboot has not yet updated coreboot.
2023-05-28Add 4MB version of HP 8200 SFFRiku Viitanen
This is useful for internally flashing Libreboot from OEM BIOS since the top ~3MB is write-protected by vendor firmware.
2023-05-12Remove warning for coreboot images build without a payloadNicholas Chin
I added this in upstream to prevent people from accidentally flashing roms without a payload resulting in a no boot situation, but in libreboot lbmk handles the payload and thus this warning always comes up. This has caused confusion and concern so just patch it out.
2023-05-12remove ga-g41m-es2l board for nowLeah Rowe
users reported it doesn't boot in recent releases, with the february 2023 coreboot revision update i have one in the lab, i'll just re-test it and fix whatever's wrong for a future release
2023-05-11remove python3 patchesLeah Rowe
python 3 is default now, in all the distros specifically calling "python3" often doesn't work anymore python2 is obsolete let python2 die
2023-05-09Add devicetree patch for E6400 with Nvidia GPUNicholas Chin
2023-05-09hp9470m: fix board name in smbiosRiku Viitanen
2023-05-06remove e6400_8mb and e6400_16mb (keep e6400_4mb)Leah Rowe
nobody will bother to upgrade the flash on those machines not much point maintaining the 8/16mb versions might aswell do just the _4mb version
2023-04-22Add HP EliteBook Folio 9470mRiku Viitanen
2023-04-21Add HP EliteBook 2560pRiku Viitanen
2023-04-20Re-disable GRUB payload for E6400Nicholas Chin
This reverts commit fe2b72035fb58d2c0792daa62aa346da710f04a3. The GRUB patch to fix the E6400 broke other systems and has been reverted. As a result, GRUB needs to be disabled again on the E6400 until a better fix has been created.
2023-04-20Revert "Fix GRUB handling of the E6400 keyboard"Nicholas Chin
This reverts commit 1497ae045104145de677fd151da4de6e92be4e5a. The blanket GRUB patch seems to break PS/2 keyboard handling across other platforms, so revert it.
2023-04-19Revert "dell/e6400: disable grub payload"Nicholas Chin
This reverts commit 7bc4dc32ac3e430e50ace3a2876cf501f647b89f. The E6400 keyboard should work in GRUB now so we can reenable it.
2023-04-19Fix GRUB handling of the E6400 keyboardNicholas Chin
This introduces a patch to grub which disables the coreboot specific handling, allowing PS/2 keyboards to be handled the same as i386-pc. However this alone breaks the keyboard in Linux, requiring coreboot to perform PS/2 initialization. I think GRUB may be restoring the original configuration of the PS/2 controller once it exits, and if coreboot doesn't initialize the controller then it's restored to the default state which Linux doesn't seem to like. I think the emulated keyboard interface provided by the EC on the E6400 behaves in a non-standard way that is incompatible with the old coreboot specific handling.
2023-04-19dell/e6400: disable grub payloadLeah Rowe
ps/2 internal keyboard faulty in grub target i386-coreboot, according to nic3-14159 normal i386-pc grub (bios grub) is fine, booted from seabios it is being investigated
2023-04-19Add configs for the Latitude E6400Nicholas Chin
Tested the 4MiB ROMs but not the 8 or 16 MiB ones. This uses the same board.cfg as the GM45 ThinkPads with an IFD+GBE from ich9gen. Known issues: - The internal keyboard does not work properly in GRUB. It seems like the keyboard controller is outputing set 1 (XT) scancodes, but GRUB is interpreting them as set 2 (AT) scancodes. This may also have something to do with scancode translation. However, the keyboard works fine in SeaBIOS and Linux. USB keyboards also work properly. - The subsystem IDs in the GBE region are hardcoded for a Thinkpad in ich9gen, though this doesn't seem to cause issues in Linux. The vendor IFD and GBE region do have some differences from the generated binaries, though they do not appear to be critical.
2023-04-17gm45: re-add mitigations for no-microcode setupLeah Rowe
libreboot will still include microcode updates by default, but mitigations against broken speedstep and reboot (when microcode updates are excluded) were removed following the merge with osboot this patch restores those mitigations; the patch reverts coreboot to older smrr code (which works fine, it isn't critical to use the new behaviour) and disables peci (pointless feature) i'll probably re-tool this later to apply the changes conditionally to whether ucode is present this is not a change in policy. policy says: include cpu microcode updates by default policy also says: libreboot must be configurable microcode removal via cbfstool remove -n, counts as configuration, and in practise is not possible on gm45 patches in current libreboot; this patch corrects that problem, allowing the machines to work somewhat well (same stability issues as before, like MCE errors resulting in kernel panic on high CPU/memory usage, but i digress) happy... hacking