OPNsense Forum

English Forums => Hardware and Performance => Topic started by: tillsense on January 03, 2017, 07:36:55 pm

Title: PCENGINES APU[1-5] Bios
Post by: tillsense on January 03, 2017, 07:36:55 pm
Update 09.Feb.2019
APU[1-5]https://pcengines.github.io (https://pcengines.github.io)


03.Jan.2017
The core development for a new APU2 BIOS seems to be recovering again.

Hopefully finally with the promised ECC RAM!

[sources]:
https://github.com/pcengines (https://github.com/pcengines)
https://review.coreboot.org/#/c/14138/ (https://review.coreboot.org/#/c/14138/)

http://pcengines.ch/howto.htm#bios (http://pcengines.ch/howto.htm#bios)

cheers till
Title: Re: APU2 Bios
Post by: schnauz on January 03, 2017, 07:42:42 pm
Thanks for sharing.
Title: Re: APU2 Bios
Post by: Micky on January 03, 2017, 08:04:50 pm
thx Till
Title: Re: APU2 Bios
Post by: michkov on January 03, 2017, 09:05:57 pm
great. ecc would be a dream.
Title: Re: APU2 Bios
Post by: franco on January 04, 2017, 07:59:53 am
Awesome to see. :)
Title: Re: APU2 Bios
Post by: schnauz on March 31, 2017, 11:34:32 am
New BIOS for APU2 is now available, see http://pcengines.ch/apu2c4.htm. 
Pcengines writes about this BIOS update: Update 3/2017: various fixes, iPXE with setup

With updated BIOS my APU2 shows, now with ECC?:
Code: [Select]
PCEngines apu2
coreboot build 20170228
4080 MB ECC DRAM
Title: Re: APU2 Bios
Post by: tillsense on May 04, 2017, 06:51:45 pm
Hi all,

has anybody tested the coreboot mainstream version (experimental 4.5.5)?
http://pcengines.ch/howto.htm#bios (http://pcengines.ch/howto.htm#bios)

cheers till
Title: Re: APU2 Bios
Post by: tillsense on October 26, 2017, 08:47:15 pm
Hi all,

for interested 4.6.2 is available.

cheers
till
Title: Re: APU2 Bios
Post by: Wired Life on November 21, 2017, 11:53:31 pm
Hiho :)
I've updated my APU2C4 to 4.6.1 because i've bought a mini pcie gigabit nic from delock with rtl8111e chipset which has not worked.
With the help of this guide
http://www.bsdforen.de/threads/pc-engines-apu2-bios-update.33587/
i did it directly from the running OPNsense system  ;D
After that the nic has started to work, but after some time i got many ahcich0 errors and a unresponsive/self rebooting APU.
Maybe this version has bugs or i having issues with the original power supply, so i installed 4.0.11 and looking forward how it works now...

Does anyone know where i can download new bios instead of
http://pcengines.ch/howto.htm#bios
? This site is not up to date, i got the 4.6.1 by editing the url
http://pcengines.ch/file/apu2_v4.6.0.rom.tar.gz
to
http://pcengines.ch/file/apu2_v4.6.1.rom.tar.gz

But
http://pcengines.ch/file/apu2_v4.6.2.rom.tar.gz
or
http://pcengines.ch/file/apu2_v4.6.3.rom.tar.gz
doesnt work.
And here are only the sources available...
https://github.com/pcengines/coreboot/releases
Title: Re: APU2 Bios
Post by: tillsense on December 01, 2017, 07:22:50 pm
Hi all,

for interested 4.6.4 is available.

cheers till
Title: Re: APU2 Bios
Post by: tillsense on January 08, 2018, 09:05:50 pm
Hi all,

for interested 4.6.5 is available.

cheers till
Title: Re: APU2 Bios
Post by: schlegel11 on January 08, 2018, 11:46:17 pm
I have a general question. Do we need an update for the meltdown or spectre issue? Is the apu board affected?
Unfortunately I haven't tested it yet. I still use an APU1 board.
Title: Re: APU2 Bios
Post by: tillsense on January 10, 2018, 07:36:21 pm
Hi all,

that's a question for amd. pcengines has a statement here: https://www.pcengines.ch/spectre.htm (https://www.pcengines.ch/spectre.htm)

cheers till
Title: Re: APU2 Bios
Post by: STRUBartacus on January 18, 2018, 12:58:14 pm
for interested 4.6.5 is available.

Where can I download it?
Title: Re: APU2 Bios
Post by: mayo on January 22, 2018, 03:16:42 pm
for interested 4.6.5 is available.

Where can I download it?

I would like to download 4.6.5 but the link doesn't work...
Title: Re: APU2 Bios
Post by: sebastien@calexium.com on January 23, 2018, 10:07:09 am
Changelog 4.6.X
https://github.com/pcengines/release_manifests/blob/coreboot-4.6.x/CHANGELOG.md
Title: Re: APU2 Bios
Post by: fhloston on February 17, 2018, 12:32:43 pm
I have also managed to compile the recent BIOS versions 4.6.5 and 4.6.6.

I have 2 issues with these:

a) memtest does beep when it is entered, but there is no console output - have you tested the memtest feature in 4.6.5 or 4.6.6? Did I miss something when I compiled this?

b) the apu2 does sporadically hang during reboot - sometimes the first time, sometimes it takes 20 reboots to hang. The original 4.6.1 also shows this behaviour. 4.5.5 seems to reboot reliably. I have contacted pcengines' support for this. I am interested in your experience regarding this issue.

Cheers

Martin
Title: Re: APU2 Bios
Post by: Evil_Sense on February 17, 2018, 01:47:55 pm
I'm running 4.6.0 and reboots sometimes are also failing.
It hangs up but boots fine after replugging power.

Loading kernel is slow, read an issue on github that this is related to disabled UDMA.

Didn't build 4.6.5 or 4.6.6, the later should include enabled UDMA..
Title: Re: APU2 Bios
Post by: smawuascht on February 20, 2018, 12:14:38 pm
Hey guys,

I' now here and new to the APU2 board.

I'm just wondering as you guys are running BIOS versions such as 4.5/4.6
The PCEngines site states that for APU2 the legacy BIOS should be used (http://pcengines.ch/howto.htm#bios).

Is there any specific reason running the mainline version?

Thanks.
Greets
Michi
Title: Re: APU2 Bios
Post by: fhloston on February 20, 2018, 12:38:14 pm
I am comiling anyhow to have the default console output on COM3. Background: I am trying to build a dual APU2 box with COM3/COM4 internally crossconnected. COM1 is then free to connect switches or other serial stuff.

Other than that i think the occasional USB errors are gone with 4.6.6

I mitigated the reboot hang problem with a simple usb-hid based watchdog [1] - my apu2 with self-compiled 4.6.6 booted reliably ~600 times over night - with the help of that watchdog.


[1] https://www.ebay.de/itm/Interne-USB-Watchdog-Reset-Controller-PC-Stick-Crash-Blue-Screen-automatisch/263490474653
Title: Re: APU2 Bios
Post by: mayo on February 20, 2018, 05:33:48 pm
Same situation for me.
Every reboot stops at bios startup, the only way is to unplug the power and reconnect.
I also tried to boot with TinyCore from USB but, when loading, it stops at the beginning of the process:

PC Engines apu2
coreboot build 07/24/2017
BIOS version v4.6.0
4080 MB ECC DRAM

SeaBIOS (version rel-1.10.2.1)

Press F10 key now for boot menu

Booting from Hard Disk...


and nothing else.
Any advice?
Title: Re: APU2 Bios
Post by: fhloston on February 20, 2018, 08:23:55 pm
Try an older BIOS Version. For me 4.5.5 or older did the trick.
Title: Re: APU2 Bios
Post by: mayo on February 20, 2018, 11:14:08 pm
I tried, but how to install an older bios if TinyCore doesn’t boot?
Title: Re: APU2 Bios
Post by: mayo on February 28, 2018, 09:03:49 am
Same situation for me.
Every reboot stops at bios startup, the only way is to unplug the power and reconnect.
I also tried to boot with TinyCore from USB but, when loading, it stops at the beginning of the process:

PC Engines apu2
coreboot build 07/24/2017
BIOS version v4.6.0
4080 MB ECC DRAM

SeaBIOS (version rel-1.10.2.1)

Press F10 key now for boot menu

Booting from Hard Disk...


and nothing else.
Any advice?

soved downgrading to 4.0.7 following this guide: https://howdoilinux.com/2016/05/flash-bios-of-apu2c4/
Title: Re: APU2 Bios
Post by: smawuascht on April 02, 2018, 01:29:36 pm
Hey guys,

I' now here and new to the APU2 board.

I'm just wondering as you guys are running BIOS versions such as 4.5/4.6
The PCEngines site states that for APU2 the legacy BIOS should be used (http://pcengines.ch/howto.htm#bios).

Is there any specific reason running the mainline version?

Thanks.
Greets
Michi

Anyone?
Title: Re: APU2 Bios
Post by: wget on April 07, 2018, 04:00:24 pm
Hi smawuascht.

I was in the same situation as you and read a lot about this topic. From my understanding, here are the pieces of info I have been able to gather:

- Back in the days, when they launched the APU boards, PCEngines forked the coreboot project and modified it in order to support their APU board (CPU, ACPI tables, etc.)
- They submitted a patch upstream, to the coreboot project, in order to have their changes integrated in the coreboot project directly.
- Their patch has been integrated around version coreboot 4.5.1.
- But in the meanwhile, they still supported their old forked version. The coreboot firmware has payloads (SeaBIOS, memtest, etc.) that are continuously upgraded by PCEngines (cf. version 4.0.16 released just yesterday (https://github.com/pcengines/release_manifests/blob/coreboot-4.0.x/CHANGELOG.md)).

So from my understanding, as of 2018, there is no reason to upgrade to the 4.6 branch (and onward). The board is stable enough with this 4.0.X versions an the payload are up to date. Changes in coreboot mainly concerns adding support for new boards and refactoring the coreboot code to support new board additions, nothing much. And I think if modifications concerning or impacting explicitly APU2 were to happen in the coreboot official branch, PCEngines would be more than happy to backport them to their own 4.0.X version, if this doesn't require too much work/hassle for them.

Regards,
Title: Re: APU2 Bios
Post by: wget on April 07, 2018, 04:39:55 pm
You can also make you own opinion by reading this page: https://pcengines.github.io/ which is a bit more complete than the Markdown file hosted on their github page: https://github.com/pcengines/release_manifests/blob/coreboot-4.6.x/CHANGELOG.md
Title: Re: APU2 Bios
Post by: miroco on October 18, 2018, 10:46:06 am
ECC is fixed on the APU-platform effective 2018-10-04 BIOS v4.8.0.5 Mainline release.

https://pcengines.github.io

https://3mdeb.com/firmware/enabling-ecc-on-pc-engines-platforms/#.W8eUoKeHKuM
Title: Re: APU2 Bios
Post by: Ricardo on October 18, 2018, 01:14:28 pm
I would be more cautious to conclude so quickly, that the ECC support has REALLY been completed 100%. Knowing the history of this topic dates back to more than 2 yrs in fact, with many miscommunication and blind guessing!
Title: Re: APU2 Bios
Post by: Evil_Sense on October 18, 2018, 01:30:35 pm
I would be more cautious to conclude so quickly, that the ECC support has REALLY been completed 100%. Knowing the history of this topic dates back to more than 2 yrs in fact, with many miscommunication and blind guessing!
Well at least the guy from the blog seems to know what he's talking about and there are some changes to the code.

I just hope they finally fix the reboot hang issue (and the newly discovered frequency issue).
Title: Re: APU2 Bios
Post by: miroco on October 20, 2018, 12:22:46 am
Looking at these test results, the mainline v4.8.0.5 seems more promising, even without the ECC capability, then the legacy v4.0.20, but YMMW.

https://docs.google.com/spreadsheets/d/1_uRhVo9eYeZONnelymonYp444zYHT_Q_qmJEJ8_XqJc/edit#gid=0

https://docs.google.com/spreadsheets/d/1_uRhVo9eYeZONnelymonYp444zYHT_Q_qmJEJ8_XqJc/edit#gid=1817105926
Title: Re: APU2 Bios
Post by: Ricardo on October 20, 2018, 11:43:16 am
Looking at these test results, the mainline v4.8.0.5 seems more promising, even without the ECC capability, then the legacy v4.0.20, but YMMW.

https://docs.google.com/spreadsheets/d/1_uRhVo9eYeZONnelymonYp444zYHT_Q_qmJEJ8_XqJc/edit#gid=0

https://docs.google.com/spreadsheets/d/1_uRhVo9eYeZONnelymonYp444zYHT_Q_qmJEJ8_XqJc/edit#gid=1817105926

Have you checked the list of known issues between the latest 4.8.x and 4.0.x release? Also, some known issues are revealed on that page only after it has been fixed, not when it is being discovered. So you would assume everything is fine and dandy when you see the current release has only 1-2 issues listed. When in reality, there are many discovered issues, just that they dont get revealed, until they get fixed. Which means, you naively think "oh it will be fine to use this as I am not affected by this 1-2 already revealed bugs". But behind the scenes, most probably you will be affected by the already-discovered but non-disclosed and not-yet-fixed ones.

This for example is only a partial list of what is going on behind the scenes:
https://github.com/pcengines/coreboot/issues

Just to get an idea, this ECC topic is the perfect example. Nowhere it is mentioned, that "hey customers, ECC is broken since our product hit the market". And all of a sudden, 4.8.0.5 finally admits: "well guys, we knew it was broken for 2+ yrs, but now we BELIEVE its working".
Have you seen ECC reported as broken in any of the previous releases "known issues" section? You see, thats the problem with this approach: perfectly supports the product vendor dishonesty, and allows them to reveal (or not!) their product defects on their convenience.

Or here is another topic: nobody in the world knows for sure, what is the real clockrate of the AMD CPU built into the APU2 boards!
https://forum.netgate.com/topic/133656/did-i-just-overclocked-my-apu2c4-amd-gx-412tc-soc

Everybody just guessing, not a single person can confidently say, this CPU is clocked to XYZ Ghz, and can/cannot do Turbo clock, where its Turbo clockrate is XYZ+ABC Ghz, and the reason why in the APU2 we dont see this clockrate ever is: ? (a big questionmark, nobody external or internal knows it)
Title: Re: APU2 Bios
Post by: tillsense on November 28, 2018, 08:57:43 pm
Hi all,

for interested 4.8.0.6 is available.

cheers
till
Title: Re: APU2 Bios
Post by: loredo on November 28, 2018, 09:19:31 pm
Still wouldn't recommend to install the new 4.8.x versions.
Just recently downgraded to 4.0.x because of reboot issues still existing.
Title: Re: APU2 Bios
Post by: Ricardo on November 29, 2018, 09:37:44 am
Hi all,

for interested 4.8.0.6 is available.

cheers
till

4.8.0.6 has many stability issues:
https://pcengines.github.io/#mr-16

Known issues:
CPU frequency is stuck at low frequencies and does not react to stressin"
some PCIe cards are not detected on certain OSes
booting with 2 USB 3.x sticks plugged in apu4 sometimes results in detecting only 1 stick
certain USB 3.x sticks happen to not appear in boot menu
booting Xen is unstable
platforms happen to hang after reboot
Title: Re: APU2 Bios
Post by: Evil_Sense on November 29, 2018, 01:22:57 pm
Hi all,

for interested 4.8.0.6 is available.

cheers
till

4.8.0.6 has many stability issues:
https://pcengines.github.io/#mr-16

Known issues:
CPU frequency is stuck at low frequencies and does not react to stressin"
some PCIe cards are not detected on certain OSes
booting with 2 USB 3.x sticks plugged in apu4 sometimes results in detecting only 1 stick
certain USB 3.x sticks happen to not appear in boot menu
booting Xen is unstable
platforms happen to hang after reboot
Not only in 4.8.0.6.
At least the whole 4.8.x releases have these bugs, they just weren't added to the previous releases after they were found.
Title: Re: APU2 Bios
Post by: Ricardo on December 01, 2018, 04:21:14 pm
"Not only in 4.8.0.6.
At least the whole 4.8.x releases have these bugs, they just weren't added to the previous releases after they were found."

Exactly.
There may be other open issues in 4.8 that are already known, but not yet published. So I dont recommend 4.8.x, personally I stick to 4.0 as long as necessary. Dont want to risk my firewall crash because of these BIOS issues, it is rock solid (at least the BIOS) on 4.0.19.
Title: Re: APU2 Bios
Post by: Evil_Sense on December 01, 2018, 06:15:48 pm
"Not only in 4.8.0.6.
At least the whole 4.8.x releases have these bugs, they just weren't added to the previous releases after they were found."

Exactly.
There may be other open issues in 4.8 that are already known, but not yet published. So I dont recommend 4.8.x, personally I stick to 4.0 as long as necessary. Dont want to risk my firewall crash because of these BIOS issues, it is rock solid (at least the BIOS) on 4.0.19.
Well I'm running 4.8.0.6 and it's also stable, the most boring issue is that I need to replug power when rebooting after some hours/days running, not shure about the cpu frequency but working ecc and ahci is nice to have.
Title: Re: APU2 Bios
Post by: tillsense on December 12, 2018, 07:39:25 pm
Hi all,

for interested 4.8.0.7 is available.

cheers
till
Title: Re: APU2 Bios
Post by: Northguy on December 12, 2018, 09:04:05 pm
From the changelog it doesn't look if something useful is fixed with this release.
Title: Re: APU2 Bios
Post by: miroco on December 15, 2018, 09:54:38 pm
There seems to have been a substantial breakthrough in the development of the PC Engines firmware, the apu1 trough apu5 range. The latest test builds have a 05_ prefix and can be found here: https://cloud.3mdeb.com/index.php/s/ssRQPSjYG8Ek6mD

The upcoming official release is expected around January 10th. as v4.8.0.8

https://github.com/pcengines/apu2-documentation/issues/64

https://pcengines.github.io


miroco
Title: Re: APU2 Bios
Post by: miroco on January 22, 2019, 09:25:57 am
Jan. 12th saw the most recent release of the APUx firmware range, including a new channel for announcing future releases.

v4.9.0.1 - Mainline
v4.0.23 - Legacy

http://www.pcengines.info/forums/?page=post&id=4C472C95-E846-42BF-BC41-43D1C54DFBEA&fid=6D8DBBA4-9D40-4C87-B471-80CB5D9BD945&pageindex=3


miroco
Title: Re: APU2 Bios
Post by: loredo on January 22, 2019, 09:47:01 am
awww, people report the reboot issue to be finally fixed for the mainline version.
Sounds promising, might be worth giving it a try. but maybe not mixing it up together with 19.1 migration - just to make sure there is nothing interfering, you never know...
Title: Re: APU2 Bios
Post by: mayo on February 08, 2019, 01:43:42 pm
Updated bios to v4.9.0.1 - Mainline with 19.1.1 without problems.
Title: Re: APU2 Bios
Post by: loredo on February 08, 2019, 01:49:32 pm
Same
Title: Re: APU2 Bios
Post by: Northguy on February 08, 2019, 02:55:15 pm
What happens if you reload WAN interface settings if you have a DHCP enabled WAN?

I am experiencing the following issue: https://github.com/opnsense/core/issues/3200
Title: Re: APU2 Bios
Post by: loredo on February 08, 2019, 03:34:46 pm
No issues as far as i can tell
Title: Re: APU2 Bios
Post by: tillsense on February 08, 2019, 07:36:37 pm
Hi all,

for interested 4.9.0.1 is available.

cheers
till
Title: Re: APU2 Bios
Post by: tillsense on February 09, 2019, 06:05:25 pm
Hi,

first dev apu1 with OPNsense 19.1.x and Bios 4.9.0.1 has been running stable for a week now.

cheers
till
Title: Re: APU2 Bios
Post by: tillsense on February 09, 2019, 06:39:03 pm
Here's an important note for OPNsense 19.1 and apu4 Users with fix to Bios 4.0.23 (Legacy releases):
https://forum.opnsense.org/index.php?topic=11472 (https://forum.opnsense.org/index.php?topic=11472)
https://github.com/opnsense/core/issues/3180 (https://github.com/opnsense/core/issues/3180)

cheers till
Title: Re: PCENGINES APU[1-5] Bios
Post by: miroco on February 12, 2019, 08:05:18 pm
The most recent BIOS versions for the APU1 trough APU5 platforms are out.

v4.9.0.2 - Mainline
v4.0.24 - Legacy

https://pcengines.github.io


miroco
Title: Re: PCENGINES APU[1-5] Bios
Post by: newsense on February 13, 2019, 06:48:57 am
Appears to have been pulled:

The requested URL /file/apu1_v4.9.0.2.rom.tar.gz was not found on this server.

All links give the same error message it appears.
Title: Re: PCENGINES APU[1-5] Bios
Post by: miroco on February 13, 2019, 01:03:19 pm
It was perhaps a glich or an outage of some sort. However, all five BIOS-versions are/was accessable as of 13:00 CET.


miroco
Title: Re: PCENGINES APU[1-5] Bios
Post by: tillsense on February 13, 2019, 08:16:06 pm
Hi,

is the download (from v4.9.0.2) of a third domain (3mdeb.com) here officially approved by PCengines? I did not read anything about it from the manufacturer.

cheers
till
Title: Re: PCENGINES APU[1-5] Bios
Post by: miroco on February 13, 2019, 09:08:01 pm
Hi till,

As far as I can tell, 3mdeb is a company specialized in embedded systems, particular firmwares. The lightly scenario is that PCengines contracted 3mdeb for the development of firmares for their APU series products.

http://www.pcengines.info/forums/?page=post&id=4C472C95-E846-42BF-BC41-43D1C54DFBEA&fid=6D8DBBA4-9D40-4C87-B471-80CB5D9BD945&pageindex=2

https://calendly.com/3mdeb


miroco
Title: Re: PCENGINES APU[1-5] Bios
Post by: pietrushnic on February 14, 2019, 01:26:46 am
Hi all,
my name is Piotr Król and I'm the founder of 3mdeb Embedded Systems Consulting company. As stated here (https://pcengines.github.io/about.html) 3mdeb maintains PC Engines Open Source Firmware on behalf of PC Engines. Please note we are a licensed provider of coreboot consulting services (https://www.coreboot.org/consulting.html). If you are doing some high-end security stuff with hardware please let us know - we are very interested in TPM, secure/verified boot, Xen, virtualization, SRTM/DRTM, and other things. We sometimes write about that on our blog  (https://3mdeb.com/category/firmware/).

We are working on our mission of Open Source Firmware for a network appliance. Soon you should hear about another known brand of a network appliance to switch to Open Source Firmware. Stay tuned.

I would like to thank tillsense, miroco and others for keeping this thread and exchanging valuable information related to PC Engines hardware and firmware.

Our goal is to provide open and healthy discussion about firmware quality, priorities and what can be improved. It would be great to get feedback from OPNsense community and understand your needs. We will be glad to address problems if there would be enough resources. We are committed to long term support and monthly releases.

P.S. Please note that there is some report about v4.9.0.2 instability here (https://github.com/pcengines/coreboot/issues/266#issuecomment-463397036). This is because we enabled CPU Performance Boost, which in some workloads may give 20% boost - problem is that we can't validate all possible configuration so there may be some problems in the field. If some can afford to test we would appreciate your feedback.
Title: Re: PCENGINES APU[1-5] Bios
Post by: newsense on February 14, 2019, 06:43:04 am
Hi pietrushnic,

Thank you for clarifying 3mdeb relationship with PCEngines, it was definitely a surprise to learn about it after using their hardware for a few years.

I would appreciate if you could let me know where can I find either a GPG signature or a SHA-256 digest for the ROMs --- if they exist. Access to the source code and reproducible builds are a great thing to have yet everyone should be able to independently validate in an easy way that the downloaded binary file is identical with the one published on the site.

Also, with ECC recently enabled in 4.0.23 on the Legacy branch, is there anything in the works for the Mainline one ? I'll have to upgrade the firmware on an APU4C4 in a few days and I'm still a bit puzzled in terms of which branch is more appropriate for the time being.

Last but not least, linking only the pfSense installation tutorial on the of the pcengines.github.io page could very well hint that opnsense is an unsupported platform...which clearly is not the case.
Title: Re: PCENGINES APU[1-5] Bios
Post by: pietrushnic on February 14, 2019, 12:28:05 pm
Hi newsense,


Thank you for clarifying 3mdeb relationship with PCEngines, it was definitely a surprise to learn about it after using their hardware for a few years.

Please note that we started work on PC Engines firmware in January 2016.

I would appreciate if you could let me know where can I find either a GPG signature or a SHA-256 digest for the ROMs --- if they exist. Access to the source code and reproducible builds are a great thing to have yet everyone should be able to independently validate in an easy way that the downloaded binary file is identical with the one published on the site.

I'm working on making that clear if you can advise best practice I would appreciate that. We definitely have to improve the website to make things clear. At this point SHA256 and detached signature for it you can find in newsletter or  blog post (https://pcengines.github.io/firmware/2019/02/12/PC-Engines-Firmware-v4-9-0-2.html) - definitely we have to improve that. Please note there is asciinema (https://asciinema.org/a/227035) which can help in faster verification since you just copy paste commands. All keys can be found on 3mdeb-secpack repo (https://github.com/3mdeb/3mdeb-secpack) inspired by QubesOS approach. My key also can be found on keybase.io/pietrushnic (https://keybase.io/pietrushnic). I tried to push everything to SKS pool but I failed. Please note we are not crypto pros, so if you have seen anything problematic in whole process just let me know and we will try align to best practice.

Please note that there is still a problem with reproducible builds which we track here (https://github.com/pcengines/coreboot/issues/267).

Also, with ECC recently enabled in 4.0.23 on the Legacy branch, is there anything in the works for the Mainline one ? I'll have to upgrade the firmware on an APU4C4 in a few days and I'm still a bit puzzled in terms of which branch is more appropriate for the time being.

I'm not sure if I understand the question correctly. ECC was first enabled in mainline v4.8.0.5. It is very hard to claim one branch is better than other. Mainline is bleeding edge, we rebase continuously on coreboot master and use most recent code from SeaBIOS, iPXE and other payloads included - those changes can introduce bugs. Because of that, we provide regression test results here (https://docs.google.com/spreadsheets/d/1_uRhVo9eYeZONnelymonYp444zYHT_Q_qmJEJ8_XqJc/edit#gid=0). Using the most recent version in production without a clear reason is a bad idea, if version of firmware that you using right now works for you and there is no bug or features that you need from newer version I would not go with updating that. If there is a fix that you would like to have you should probably analyze test results and make a decision. I know the expectation is to get a clear answer, but TBH there is no clear answer to question what is better - YMMV. The number of configurations that have to be validated is beyond our capabilities.

Last but not least, linking only the pfSense installation tutorial on the of the pcengines.github.io page could very well hint that opnsense is an unsupported platform...which clearly is not the case.

Understood, I will make sure this will be addressed in the next release cycle.
Title: Re: PCENGINES APU[1-5] Bios
Post by: lattera on February 14, 2019, 07:48:52 pm
Hi all,
my name is Piotr Król and I'm the founder of 3mdeb Embedded Systems Consulting company. As stated here (https://pcengines.github.io/about.html) 3mdeb maintains PC Engines Open Source Firmware on behalf of PC Engines. Please note we are a licensed provider of coreboot consulting services (https://www.coreboot.org/consulting.html). If you are doing some high-end security stuff with hardware please let us know - we are very interested in TPM, secure/verified boot, Xen, virtualization, SRTM/DRTM, and other things. We sometimes write about that on our blog  (https://3mdeb.com/category/firmware/).

We are working on our mission of Open Source Firmware for a network appliance. Soon you should hear about another known brand of a network appliance to switch to Open Source Firmware. Stay tuned.

I would like to thank tillsense, miroco and others for keeping this thread and exchanging valuable information related to PC Engines hardware and firmware.

Our goal is to provide open and healthy discussion about firmware quality, priorities and what can be improved. It would be great to get feedback from OPNsense community and understand your needs. We will be glad to address problems if there would be enough resources. We are committed to long term support and monthly releases.

P.S. Please note that there is some report about v4.9.0.2 instability here (https://github.com/pcengines/coreboot/issues/266#issuecomment-463397036). This is because we enabled CPU Performance Boost, which in some workloads may give 20% boost - problem is that we can't validate all possible configuration so there may be some problems in the field. If some can afford to test we would appreciate your feedback.

Very rarely do I see such quality transparent collaboration and communication. I don't really have anything technical to add, but I'd like to say thank you, Piotr, for supporting PC Engines. I absolutely love these little APU devices. Firmware work tends to be underappreciated, but it's hard work and I would like to thank you for your efforts.

Putting my HardenedBSD and OPNsense hats on: if there's anything HardenedBSD and/or OPNsense can do to support PC Engines and 3mdeb, please let me know.
Title: Re: PCENGINES APU[1-5] Bios
Post by: tillsense on February 16, 2019, 09:36:58 pm
Hi pietrushnic,

i simply join the words of lattera here and a warm welcome Piotr. When I started this thread 2 years ago I could not imagine such an interest and its development. I used PC Engines hardware since the times of Alix with m0n0wall, t1t1 and various and also I think that the firmware topic is still completely underestimated. With OPNsense and from 19.1 HardenedBSD as base and 3mdeb as licensed coorebot provider for PC Engines hardware this seems to take on a completely new quality. I am really impressed.

cheers
till
Title: Re: PCENGINES APU[1-5] Bios
Post by: pietrushnic on February 17, 2019, 11:43:01 pm
Hi till,
thank you. Definitely, this is a great thread with a reasonable statistic. I agree that firmware is underestimated - IMO especially in security and advanced hardware features (e.g. virtualization). My dream would be to form a movement that can convince network appliance vendors to use Open Source Firmware that is compiled in a reproducible way, has recent security patches and state of the art performance, deployed in a way convenient to users (e.g. LVFS/fwupd) as well as open for contribution.

If you see any vendor who would be a good candidate for Open Source Firmware please let us know, if there would be big enough movement we may be able to enable more hardware platforms.

Unfortunately, we face a neverending battle with silicon vendors who just seem to care about sales figures. Good documentation and support are rather not on their agenda. We see a lot of changes in approach to the firmware (FSP license change, Project Mu, Slim Bootloader) - I can't say AMD keep up to recent trends. We rather spent times on working around issues in vendor code, then extending or improving coreboot support.
Title: Re: PCENGINES APU[1-5] Bios
Post by: newsense on February 18, 2019, 09:48:12 pm
Hi pietrushnic

Thank you for the detailed answer and the quick turnaround regarding the SHA256 and signature information that's been added to the latest versions in mainline and legacy. (My bad, completely missed ECC being enabled in mainline in 4.8.0.5)

As time permits, it would likely be a good idea to provide the same SHA256 information for the previous releases should there be a need in a specific setup to revert to a previously known version that worked.
Title: Re: PCENGINES APU[1-5] Bios
Post by: newsense on February 21, 2019, 05:17:44 am
Hi pietrushnic

I bring both lousy and awesome news... :)

Just received an APU4C4 which came with a stock BIOS v4.6.4 which fails to update to either v4.9.0.2 or v4.9.0.1 with a weird FIFO message that I couldn't find on Github or PCEngines forums:

Code: [Select]
FIFO pointer corruption! Pointer is 6, wanted 3

For the time being, nothing is plugged in the board other than power, USB stick and serial cable.


The awesome news however is that it successfully booted 19.1 :)


Your help and guidance with regards to the BIOS update would be very much appreciated. Full output of the BIOS update attempt and live boot are attached.