@nrp @Kieran_Levin – i’m currently researching for a new laptop purchase and having this would make the framework easily edge out the other options. is there anywhere i could follow along for status? is there a rough timeline for when it might happen?
@khimaros You see a bell button on the right side of this thread. You can select “Watching” to be notified by email.
In the frame.work newsletter it just got announced that they made the Embedded Controller Firmware open source available on github: https://github.com/FrameworkComputer/EmbeddedController?_kx=NZBQy1WorZzP0Mi2s2H9zcQjDkI00LjYeiVwZ-Pd6HY%3D.LNYsui
I guess that is a great step in the right direction. And I’m super happy to receive mine next month!
Coreboot might come (unofficially at least) sooner than we think https://twitter.com/mjg59/status/1484710796789567488
In that twitter thread Matthew Garrett says “Initial port would be with an unfused board, but it sounds like the longer term goal is to sign a firmware bootblock that will run a user-signed image”
Is that all that’s needed to allow us to flash coreboot with a cleaned intel management engine / ime?
So it sounds like even if framework do unlock the boot loader at some point, we’d have to buy a new mainboard that supports this anyway?
There’s a theoretical solution to getting Coreboot working even with Boot Guard enabled, but at this point it can’t be guaranteed. Boot Guard only verifies the initial boot block of the firmware, and it’s up to that boot block to do the rest of the validation. The theoretical approach would be to have a signed boot block that’s willing (based on configuration) to launch unsigned code or code signed with a user-managed key, and then have that jump into Coreboot.
@Patrick_Macdonald I think indeed the solution proposed by Matthew is feasible. Not saying it will work for sure but it is definitely worth a try and considering Framework is willing to help explore the option I am hopeful that eventually, Matthew will manage to piggyback on the initial boot and then load coreboot. I think Matthew has quite a bit more experience with coreboot/firmware than I do.
The lack of Coreboot is also currently the only thing holding me back from buying/recommending the notebook. Hope that changes soon!
this seems to be the exploit code: https://github.com/binarly-io/Vulnerability-REsearch/blob/main/Insyde/rsrc/PocPkg-2021-009/Src/SetPrimaryDisplay.c
Is there an estimated timeline when Coreboot will be available? I’m in the market for a new laptop and need Heads on it. Coreboot is a good first step
There is not, their blogpost says they are looking into replacing proprietary firmware but no timeline was established nor what products it would apply to, could be that only future products will be Coreboot compatible
If you need Heads then I suspect your best option is a Librem 14 from Purism
Before buying a Librem 14, you should consider whether having Intel ME (backdoor in all modern Intel CPU) neutralized is important to you.
The Librem 14 does not have neutralized Intel ME so I recommend looking into getting an older thinkpad where ME can be both disabled + neutralized.
You probably don’t care about that since we’re commenting on Framework community where Intel ME is neither disabled or neutralized but worth mentioning.
Or get an older Purism laptop that allows for the same thing, reading over what me_cleaner does, it does not completely remove the ME, just most of it. Purism did the same with their older laptops. Thinkpads are old and getting older by the day. Technically still functional yes but newer CPU’s bring better graphics and better I/O that users appreciate (not to mention the battery and performance improvements).
I’m sure some folks here are interested in the combo of coreboot + AMD.
If we look at coreboot’s current support for AMD SoCs:
We can see Cezanne (Ryzen 5000 series) and Sabrina (probably Ryzen 7000 series) there, but not Rembrandt (Ryzen 6000 series).
The Cezanne and Sabrina code was put there at the insistence of Google to support some Chromebooks.
If FW wants to release a coreboot + AMD version, it would make sense to piggyback off of this work. That means the first coreboot + AMD FW could use Ryzen 7000 and not 6000.
I found an interesting live streaming. (live in 14 hours)
Matthew tries to port Coreboot to the Framework laptop: Matthew tries to port Coreboot to the Framework laptop - YouTube
That’s freaking awesome! Mine is coming in next week so looking forward to it, thank’s for sharing!
Stream just ended, no success as of yet but Matthew says he will be trying again later
Thanks for sharing the result of the live streaming. I just found this.
I made an account just to say that a non Intel, core boot framework laptop would probably put purism’s Librem laptops out of business. You would dominate the security laptop space. I’m currently limping along with a laptop that’s on it’s last leg (all kinds of hardware failing) trying to hold out for such a framework laptop. I REALLY hope that you can meet this need soon. I would definitely rather spend my money on Framework if you manage to do so.
– A hopeful Potential Customer
hey @Kenneth_L_Rountree, welcome to the forum.
i suspect the friendly folks at framework are not interested in putting purism out of business. the Purism team is doing a lot of amazing work on mobile linux. they’re a great company that is worth supporting.
that said, i agree this functionality would make the framework laptops very attractive to the same niche which is filled by purism today. having more creators in that space sounds like a net win for society.