[RESPONDED] Coreboot on the Framework Laptop

This thread is a wiki. Anyone who has the permission to edit the wiki can edit the first comment.


Context

This thread started with a topic to ask to open EC firmware and also to use open BIOS firmware, coreboot (Wikipedia). In January 2022, Framework open-sourced their EC firmware (blog). Then this thread became the main thread of the coreboot.

Challenges and actions

Here is a summary mainly from a coreboot issue ticket to port coreboot to Framework Laptop below.

  • Notes to collaborate with people in the coreboot community
    • Responsibility: The coreboot community doesn’t have the responsibility, but the PC manufacture company (Framework) should have it.
    • Fairness: The companies and individuals develop the coreboot. The companies invest a significant amount to get the work done. In the current situation, we can’t ask the entire coreboot project to port coreboot to the Framework. But we can ask individuals. Also due to the fairness with other companies, we may not be able to manage the porting task on the coreboot project’s issue tracker.
      Some choices.
      • :question: Framework will invest in the coreboot as well as other companies in the coreboot project?
      • :question: Will ask individuals in the coreboot?
  • Clarifications:
    • :question: Q. Whom nrp provided the 3 Framework Laptops to in the coreboot community? A. Not sure. Framework didn’t answer this question due to their privacy policy.
    • :question: Q. Do the 3 Framework Laptops which nrp sent to the people in the coreboot disable Intel BootGuard fully? A. Yes or No. Framework didn’t enable the Intel BootGuard for the 3 Laptops. However, not sure that is equivalent to being fully disabled.
    • :ballot_box_with_check: Will ask Matthew Garrett the current status to port the coreboot to the Framework Laptop. @junaruga emailed him. However, no response so far on June 25, 2022. Needs someone’s help to contact his Twitter.
    • Documentations
      • :question: Q. Is the current documentation (not full) without an agreement good enough to port coreboot? A. Not sure. Framework didn’t answer this question.
      • :white_check_mark: Q. Can individuals in the coreboot community access the full schematics and board views with an agreement? The kb article says it is for repair shops. A. No.

Documentation

What Framework or people said or did about coreboot

  • In April 2021, Framework said that open source firmware was well aligned to their mission. (reference)
  • In February 2022, Matthew Garrett tried to port the coreboot to the Framework Laptop. (reference) Unfortunately it didn’t work at that time. (reference)
  • In April 2022, Framework said “We’ve handed three systems that can boot unsigned bootloaders to folks in the coreboot community. Our plan in the near term is to help them create a shim loader that can be signed to run on any Framework Laptop, which then enables anyone to do further coreboot development.”. (reference)
  • On 1 June 2022, Framework said below. (reference)

    On the list of things that we are exploring ways to improve on in the future:

    • More of the schematics, including of modules beyond the Mainboards.
    • Moving to open UEFI/BIOS solutions.
  • On 5 June 2022, @junaruga opened an issue ticket on the coreboot issue tracker to port the coreboot to the Framework Laptop.

See also

Original first comment by @Please_Don_t

The Framework Laptop is an exceedingly promising and ambitious project that will create shockwaves if successful, however this grand endeavour will not be truly complete unless framework commits to freeing the embedded controller firmware and offering coreboot. Fully open-sourcing and liberating these two elements would allow us to unleash much more of the hardware’s potential.

Simple, practical applications of having a free EC could include options such as custom remapping the keyboard or allowing user-customisable charging caps to conserve battery cycles, but shipping with a free EC also allows for more exiting prospects, such as fully exposing elements such as fan control to userspace. Perhaps most importantly, it creates much more transparency and enables the community to inspect, audit and fix bugs in the EC.
Coreboot is an equally critical addition for similar reasons, while also opening the door to HEADS being made available further long the line, thus massively improving security prospects.

Purism and System76 have already done a lot of the work needed to make this possible and have eliminated many barriers preventing framework from doing so. Their spirit of collaboration extends to Purism inheriting their custom open EC from System76 without any licencing or permission requirements. Framework has no excuse to not follow suit, the path has already been cleared.
Neutralising the Intel ME would also be nice, but we should limit the scope to Coreboot and an Open EC for now.

I hope framework takes this into consideration and does not forgo this massive opportunity.

110 Likes

There’s an entire community that’s willing to ditch Purism and System76 if the Framework Laptop meets these two requirements.

@Framework

33 Likes

Hey,
According to @Kieran_Levin, they want to work on implementing coreboot

10 Likes

Absolutely. Wholeheartedly agree.

3 Likes

Yep, open source firmware is well aligned to our mission of building products that are better for people and the planet. Our EC firmware is based on chromium-ec, and we will be releasing source. As @Kieran_Levin noted, we’re also exploring coreboot. We’re currently focused on getting the Framework Laptop out into the world in a lower-risk path that uses an off the shelf proprietary BIOS, but we’re looking forward to replacing that with an open alternative in the future.

81 Likes

The future of EC firmware is Zephyr. Please note that Google announced switching from Chromium EC to Zephyr on OSFC 2020. Of course, after investing in Chromium EC switching doesn’t make sense, but in long run (maybe next laptop?) and support available from EC manufacturers, this could be the solution. Also if the platform would be popular enough, schematics reasonably open, then maybe community effort will open the path for Zephyr support. This is what wish to Framework Laptop.

13 Likes

I think releasing firmware is a good step in the right direction, even though it will still have proprietary stuffs and blobs in it.

Coreboot would then be the next logical step, but without a stripped and disabled ME it’s kind of worthless.
Even though you could then have Legacy Boot again, which already is a big improvement to UEFI.

I would love to see a further developed solution of me_cleaner that covers also the latest intel chipsets in the most possible way.

Those two combined in my opinion is the most powerful solution to address privacy as it is needed.

Maybe Zephyr is also great, I just haven’t heard of it until now :slight_smile:

6 Likes

I’m not very familiar with firmware like this, so sorry if this has been answered before, but if you have a Framework laptop that does not have coreboot or another open source firmware on it, and you’d like to install it, how would you do that? And is there a way to check what you have installed?

3 Likes

Until it is officially supported, you can’t install it. So wait until Framework announces support, because they’ll most likely detail how to flash the new bios firmware then.

9 Likes

Looking forward to Coreboot !!!

11 Likes

How much support do you have for people who want to hack the BIOS? Specifically, I wouldn’t mind trying to install CoreBoot and disable the IME. Obviously, I won’t come crying to mommy if I brick my machine, but I wonder if, say, the JTAG port is accessable and relevant documentation is available somewhere.

11 Likes

You will have to wait for Framework to support it! looking forward for it :smiley:

4 Likes

I too am putting in my vote for Coreboot at the least.

6 Likes

I think that in the future there should at least be an option for open boot firmware like https://www.coreboot.org/ or https://libreboot.org/. we need to show that there is a demand for this and that framework should consider it.

13 Likes
9 Likes

Always the more open the better. If you guys manage to get open firmware solutions I will change my stance from “well, I don’t endorse anything at this point except for Framework” to “absolutely don’t get anything but Framework,” when people ask me what laptop to get. A whole lot of people ask their technologist family or friend what laptop to get - I tend to be that guy for a whole lot of people. Now I can tell them that I will only support working on it if they get Framework.
Seriously though, I just ordered one for my mother. As a datasec professional, I want to cast a strong, strong vote for open firmware. I will continuing voting with my wallet and suggesting others do as well.

13 Likes

I think a possible future enhancement that would suit this is having dual bios onboard. This is a fairly common feature on motherboards intended to facilitate novel use (like ln2 overclocking).

3 Likes

I think for the end user thats only helpful when they have an eeprom programmer to put the bios image on the new chip unless framworks starts to sell pre-programmed chips. There is also the danger that a DAU would remove the chip for an extended period of time which would reset the enitre bios and system clock. If the boot order gets messed up because of the reset then you might look at a laptop that refuses to boot :sweat_smile:.

Also dual bios for overclocking puposes only makes sense when you have a physical bios switch. Looking a desktop motherboards maybe a feature like a clear CMOS and bios flashback button would be useful. Being able to save your bios setings in a safe profile in case of a reset would also be nice

5 Likes

My thinking with regard to this thread specifically would be for those who seek to modify their open source BIOS. If they were tinkering with the source, adding/changing things, they’d be at substantially less risk of ending up with a bricked system and be substantially easier to test changes.

It’s also interesting to consider novel applications for framework hardware that aren’t a laptop configuration - some kind of custom device that needs an onboard computer. There’s really no way to predict how these components could be used or configured, so leaving the door open as wide as possible with as few tradeoffs as possible to satisfy the intended laptop only makes sense. In a situation where the motherboard/cpu combo is being used in a device, the bios switch could be used to change states of the device, for example - especially with open source bios.

2 Likes

I would love it when the bios is modifiable without the use of a eeprom programer or an method that requires an functional bios. It would make my own modding atempts with laptops bioses easier though i usually only enable hidden bios settings. For a coreboot developer this would probably be a dream feature

1 Like