It’s great !
I was curious that if you going to provide software support for Linux like System 76 with there DKMS and Drivers on GitHub.
I bought a framework laptop yesterday because of this.
Keep going! Open source the bios (Coreboot?), work on firmware upgrades from Linux!
My XPS 13 was a big disappointment because of the broken + unstable TB 3 implementation under Linux. Really hopeful the Framework is outta this world.
Ive had 4 framework laptops (one for each of my family members) in my basket for ages… the only thing holding me back is not being able to flash coreboot (so that intel management engine (IME) can be disabled with me_cleaner). Obviously it would be even better if framework distributed their laptops with coreboot & a disabled Intel ME but if framework would at least disable boot guard and unlock the CPU I could have a crack at it myself.
The release of EC code is actually enough to convince me that it’s coming and I should just go ahead and order at least one, but assuming that Framework does eventually get this done, will it apply retroactively to the current models for those willing to DIY? Or will it require a hardware change (and hence buying a new mainboard?)
It would require a whole new motherboard from my understanding. I know Purism is able to ship a mostly neutered and disabled ME because they leave certain fuses unfused but if the manufacturer of Framework’s board trips the fuses then they can’t be unfused. The only problem with that theory is that Purism uses 10th gen parts and not 11th or 12th gen so perhaps the design changed.
very excited for coreboot ! will keep watching this issue !
understand that frame.work have a lot of work ahead but im hopefull they recognise the value . the type of people who want a diy upgradible laptop are likely to be the type of people who want a free bios !
As mentioned here, there’s a theoretical path to enabling Coreboot on existing hardware, using a similar model to how we enabled UEFI Secure Boot on Linux systems. While I think it’s possible to build everything in an appropriate way, it’s not yet guaranteed to be possible.
I just put some articles about this topic.
- Framework looks to expand repairability beyond the laptop – TechCrunch
- Framework is Open Sourcing their firmware #OpenSource @FrameworkPuter « Adafruit Industries – Makers, hackers, artists, designers and engineers! - I am sure people loving open hardware like this organization Adafruit and the website https://www.adafruit.com/ .
Has anyone tried using the TGL package from edk2-platforms?
edk2-platforms/Platform/Intel/TigerlakeOpenBoardPkg · GitHub
This does only apply to vPro CPUs, doesn’t it? The ones without vPro do not come with ME, right?
Every modern Intel CPU comes with ME. Period. Only older platforms lack Intel ME.
On the processor, yes, still come with ME.
On the system, up to the manufacturer to provide something like this:
https://www.dell.com/community/Latitude/What-is-quot-ME-Lockout-MOD-quot/td-p/7699939
For example, you can see it here:
@Second_Coming It can be disabled by flipping the HAP bit but not removed from what I understand. Good to know that other more mainstream manufacturers are offering that option, I wasn’t aware of that. I knew of a few niche manufacturers offering that but Dell is new to me.
It’s mostly around using devices in government contracts and defense contracts. But now, you know, as a consumer, you can have that option to disable Intel ME.
Related:
…and with or without news like this, Lenovo could be ruled out. So that leaves Dell and HP really for most of the North America.
@Second_Coming I see no hard reason ruling out said chinese companies in this news. It seems like “we found nothing but it is from china so it is dangerous”, very common US hate to china.
It is unfortunate as Huawei has been making the best to-bussiness x86 ultrabooks as of 2022. And I think people in North America should worry more about the three-letter agencies rather than China trying to spy on them?
No hard reason to rule out…but to some, it’s about taking the route with minimal risk…instead of waiting for an incident to occur. (Or take risks that can be managed)
Dell has actually had the ability to disable the ME for years.
Whenever I replace a motherboard, the first thing that comes up is a one-shot screen to set the service tag (serial number) to match the actual machine’s, several options for the ME, and sometimes a few other settings. There’s a sticker on (usually inside) the computer that indicates which ME option is appropriate.
(And yes, federal and some medical sites have it disabled.)
It’s not resettable once I’ve finished the replacement - if I get it wrong, the only option is to replace the motherboard again.
Why restrict myself? The things that make it harder for the three letter agencies would undoubtedly make it more difficult for the Chinese or frankly anyone else from listening in on me. Although frankly the most common attack vector isn’t low-level firmware, it’s the web browser or other applications or even the OS. Those have much more surface area and are more universal than the ME.
Having said that, I’m under no illusions that if any nation-state wants my data, they’ll get it one way or another.
Speaking for myself here, I don’t hate the Chinese as a people. I am however exceedingly distrustful of any nation that manages to be more hostile to civil rights than my own. Don’t try and portray this as xenophobic because it simply isn’t. China has given plenty of cause for concern, just as much as the US has.
DoublePulsar
I wouldn’t trust any nation, Western or otherwise. They are all going full on authoritarian.
They’ve run the numbers. They know they have to get us all under control before we kick off.
Yeah, comes down to which nation would you like to backup your data.