Here you can find two options available for companies interested on creating their own bootloader
One is the firmware engine, this allow for easy customization of a basic firmware:Intel® Firmware Engine | Intel® Architecture Firmware Resource Center
The other is the FSP, the FSP provides binaries that perform basic Firmware Initialization and can be integrated with Coreboot or EDK-II code:Intel® FSP - About | Intel® Architecture Firmware Resource Center
Additionally for security you must also search about TXE Firmware, the Trusted eXecution Engine provide features to prevent BIOS tampering, however information about TXE is considered Intel Confidential and require that you have CNDA account.
As someone whom over the last 6 months has brought up a custom E3800 design using Coreboot I can say don't be intimidated. Yes, there is a lot to learn at first but once figured out it's very straight-forward. I did want to pass along a couple of things. Intel did seem to back out some of the security requirements for the "Bay Trail I" version thankfully. Being an embedded product all that stuff does is get in the way.
The CPU will boot without a TXE image but the XDP port will be locked out.
So long as the TXE image is present it the XDP will be available. You don't have to configure anything, just add the TXE image in the FITC tool.
You don't need to sign your images or generate a manifest.
When you said 'safety critical' be aware that unless you are a large company you will never have access to FSP source and therefor cannot do any code coverage analysis. For example if you are doing a DO178 project you typically can only get a cert on DAL C and below. These processors will not boot without the FSP.
We are working on one customized board based on Intel ISX design based on E3845. With reference bios image, processor is booting but we are not able to get HDMI display.
While building from coreboot, I generated .rom file without TXE. Is there any additional care to be taken? Can I flash directly this image?
We have the GPU disabled on our product so I may not be much help here. I guess my first question would be is yours also? If you look through your coreboot boot logs with the log level set to 8 (SPEW) then you will see the entire PCI enoumeration. Look for Bus 0, Device 3, Function 0 - it will show up as 00:03.0, and make sure it is enabled. Be careful, as it may initially say it is enabled and then it becomes disabled at a later stage. Whether it is enabled or not is set in the FSP by the BCT. Also, did you add the VGA BIOS?
As for building Coreboot to the best of my knowledge it has no provisions to add the TXE image. I did find where you can add a descriptor.bin file but that assumes you have an image of that too. I have never tried it so I don't know if it works for our processor. The best way to get the descriptor, and the TXE if you are going to add it, correctly loaded is to use the FITC tool. You may have to contact your Intel rep to get access to it and the TXE - they should come together in a package. If you can't get the FITC then this document, 514482_ByTti_SoC_SPIFlashProgGuide_Rev1p0, gives you the layout of the descriptors including the soft straps.
When booting the first thing the processor does is read address 0x10 of the flash looking for the Signature telling it to boot in descriptor mode. (The very first steppings of the processor would boot in non-descriptor mode but the current ones cannot. You can find statements in the docs where it says it one way then corrects it a sentence later. ) It then reads the Descriptors, the TXE if present and then 1st stage boot - the part that runs in 'cache as ram' mode.
It is not really obvious how flash is laid out but certain things are fixed: 0x10 for the Signature, 0x14 for the beginning of the descriptor tables are at the start of flash. The boot image MUST be at the very end of flash because the reset vector is at xxFFFF0. The TXE can be located anywhere in between with it's start location specified by its descriptor.
Once you have a complete flash image you do not need to rebuild it with the FITC tool. Just reflash the coreboot image for updates. For example, I use a 16MB boot flash but I only build a 2MB coreboot image. When I need to update coreboot I just update the flash from E00000 to FFFFFF.
Hope this helps,