Major Updates for System76 Open Firmware!

We’re constantly making improvements to our products to provide the best experience for users. Last week, we introduced new functionality to our 13th Gen Intel laptops with System76 Open Firmware. If you have a CPU from a previous generation, take a look at our firmware matrix to see which updates are available on your system. We’ll be adding these changes to previous generations over time.

Re-disabled Intel Management Engine

We prefer to disable the Intel Management Engine wherever possible to reduce the amount of closed firmware running on System76 hardware. We’ve resolved a coreboot bug that allows the Intel ME (Management Engine) to once again be disabled.

This bug was a buffer overflow which caused coreboot firmware memory to be overwritten by the TPM measurement log, keeping the S3 suspend method from working properly. As a result of this, we had to switch from S3 to S0ix suspend, which required use of the Intel ME in order for OS-level drivers to function.

By fixing this bug, we were able to move back to S3 and re-disable the Intel ME on most platforms. (However, S3 suspend is not functional in the silicon we received for 11th Gen (Tiger Lake) U-class CPUs.) This fix was submitted upstream to coreboot as well.

https://review.coreboot.org/c/coreboot/+/73297

Windows 11 & Secure Boot support

Windows 11 requires Secure Boot to install without tweaks. To support this, we’ve added a new firmware setup menu for enabling and disabling Secure Boot. This menu also allows for entering setup mode for custom key enrollment.

Secure Boot and TPM2 support is now available in System76 Open Firmware on laptops with 13th Gen Intel CPUs. We'll be adding the feature to previous CPU generations over time.

Image

Work is being done in Pop!_OS to enable the use of custom Secure Boot keys, in addition to adding TPM2-TOTP authentication of the firmware boot path.

system76/edk2#38

Increased battery power limits & CPU performance

The standard battery power limit for the CPU was increased from 28W to 45W on the majority of our 13th Gen Intel systems, with some going as high as 55W. This significantly improves CPU performance on battery on H-class and higher CPUs. Many older systems will be getting updates in the near future as well. This change was done after an analysis of power capabilities when developing the new 13th Gen systems. Battery life should remain about the same for most use cases. The CPU will finish tasks faster with total energy used remaining roughly the same. Continuous tasks like gaming can draw more energy, but framerates will be higher.

NVIDIA Dynamic Boost

On new systems with the NVIDIA 40-Series GPUs, we’ve added new code in coreboot to enable NVIDIA Dynamic Boost, which allows power to be shared between the CPU and GPU. In practice, this means that your system can provide up to an additional 25W boost to the subsystem that needs it most, significantly improving throughput and framerates.

Firmware Security Update

Firmware for 13th Gen Intel (Raptor Lake) systems is locked while running, meaning it cannot be tampered with or overwritten. To unlock it, you must be physically present at your computer; you’ll be prompted to type a randomly generated number as confirmation to begin firmware flashing, and the system will reboot. Both EC firmware and system firmware are locked on any boots where the prompt is not shown.

Image

system76/firmware-setup#1

Fixes for soldered DDR5 memory initialization in coreboot

The Lemur Pro (lemp12) laptop comes with one 8GB DDR5 DIMM (RAM stick) attached to the motherboard in addition to one DDR5 DIMM slot. We corrected issues with memory-down (memory soldered to the motherboard) DDR5 memory initialization on 12th and 13th Gen Intel (Alder Lake and Raptor Lake) platforms, ensuring future systems using this style of memory will be supported by coreboot.

https://review.coreboot.org/c/coreboot/+/75135
https://review.coreboot.org/c/coreboot/+/75284
https://review.coreboot.org/c/coreboot/+/75283

Coreboot support for 13th Gen HX-class Intel processors

13th Gen Intel (Raptor Lake) HX-class CPUs contain a dedicated Platform Controller Hub (PCH) to boost performance. Though Raptor Lake HX-class chips were somewhat supported on coreboot, we added model IDs for a vast number of CPU and PCH devices to ensure full support. As with our other coreboot work, this support will be upstreamed for the benefit of all coreboot users.

https://review.coreboot.org/c/coreboot/+/72926
https://review.coreboot.org/c/coreboot/+/73437
https://review.coreboot.org/c/coreboot/+/75285

Intel Discrete Thunderbolt driver for coreboot

Our new laptops with 13th Gen Intel HX-class CPUs use a Maple Ridge discrete Thunderbolt controller to support Thunderbolt connectivity. This controller required changes in firmware to support setting the correct security state and enforcing the use of VT-d in the OS. The driver has been submitted upstream to coreboot for use in other systems using this Thunderbolt controller.

https://review.coreboot.org/c/coreboot/+/75286


Like what you see?

Share on Social Media