xref: /aosp_15_r20/external/coreboot/Documentation/getting_started/architecture.md (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c) 
1# coreboot architecture
2
3## Overview
4![][architecture]
5
6[architecture]: comparison_coreboot_uefi.svg
7
8## Stages
9coreboot consists of multiple stages that are compiled as separate binaries and
10are inserted into the CBFS with custom compression. The bootblock usually doesn't
11have compression while the ramstage and payload are compressed with LZMA.
12
13Each stage loads the next stage at given address (possibly decompressing it).
14
15Some stages are relocatable and can be placed anywhere in DRAM. Those stages are
16usually cached in CBMEM for faster loading times on ACPI S3 resume.
17
18Supported stage compressions:
19* none
20* LZ4
21* LZMA
22
23## bootblock
24The bootblock is the first stage executed after CPU reset. It is written in
25assembly language and its main task is to set up everything for a C-environment:
26
27Common tasks:
28
29* Cache-As-RAM for heap and stack
30* Set stack pointer
31* Clear memory for BSS
32* Decompress and load the next stage
33
34On x86 platforms that includes:
35
36* Microcode updates
37* Timer init
38* Switching from 16-bit real-mode to 32-bit protected mode
39
40The bootblock loads the romstage or the verstage if verified boot is enabled.
41
42### Cache-As-Ram
43The *Cache-As-Ram*, also called Non-Eviction mode, or *CAR* allows to use the
44CPU cache like regular SRAM. This is particullary useful for high level
45languages like `C`, which need RAM for heap and stack.
46
47The CAR needs to be activated using vendor specific CPU instructions.
48
49The following stages run when Cache-As-Ram is active:
50* bootblock
51* romstage
52* verstage
53* postcar
54
55## verstage
56The verstage is where the root-of-trust starts. It's assumed that
57it cannot be overwritten in-field (together with the public key) and
58it starts at the very beginning of the boot process.
59The verstage installs a hook to verify a file before it's loaded from
60CBFS or a partition before it's accessed.
61
62The verified boot mechanism allows trusted in-field firmware updates
63combined with a fail-safe recovery mode.
64
65## romstage
66The romstage initializes the DRAM and prepares everything for device init.
67
68Common tasks:
69
70* Early device init
71* DRAM init
72
73## postcar
74To leave the CAR setup and run code from regular DRAM the postcar-stage tears
75down CAR and loads the ramstage. Compared to other stages it's minimal in size.
76
77## ramstage
78
79The ramstage does the main device init:
80
81* PCI device init
82* On-chip device init
83* TPM init (if not done by verstage)
84* Graphics init (optional)
85* CPU init (like set up SMM)
86
87After initialization tables are written to inform the payload or operating system
88about the current hardware existence and state. That includes:
89
90* ACPI tables (x86 specific)
91* SMBIOS tables (x86 specific)
92* coreboot tables
93* devicetree updates (ARM specific)
94
95It also does hardware and firmware lockdown:
96* Write-protection of boot media
97* Lock security related registers
98* Lock SMM mode (x86 specific)
99
100## payload
101The payload is the software that is run after coreboot is done. It resides in
102the CBFS and there's no possibility to choose it at runtime.
103
104For more details have a look at [payloads](../payloads.md).
105
106