[RESPONDED] Coreboot on the Framework Laptop

Matt_Hartley · May 4, 2023, 11:47pm

@GhostLegion Twistgibber and nrp were crystal clear. So I won’t be expanding on it.

We’re more than happy to have a civil discussion, however, you need to consider your tone.

Reread your last statement from the beginning. It’s unwarranted and frankly, as a 15+ year member of the Linux community, not reflective of the Linux community I have fought to defend for over a decade.

The statements on the matter are clear, on point. First sentence in, nrp clearly stated what we have done. Clear as glass. Full stop.

If you would like to offer positive suggestions, etc, that would be welcome. But to say that Framework’s stance is so vague as to be meaningless is disrespectful, and overall flat out inconsiderate and uncalled for.

As a very long time member of the Linux community I suggest you think long and hard about how we approach this conversation going forward.

This will be my only comment on the matter.

Matt

GhostLegion · May 5, 2023, 12:08am

@Matt_Hartley I have given positive suggestions

GhostLegion:

EDIT: Dasharo (the company mentioned previously) can be contracted in the same way as Insyde to dev your BIOS and provide support in the same way. Why has this option not been explored? Framework does not need to on board any other hires and it keeps the same category of costs as contracting out to Insyde. If we the community pay for a port to Dasharo, will Framework commit or at least consider dropping Insyde in favor of Dasharo?

EDIT 2: Alright, so a quick glance at how Dasharo makes money gives me 2 conclusions.

They charge based upon how many laptops will be sold with their firmware (assuming it comes from the factory with it) but the implication is that this is standard practice.

Derived from conclusion 1, a community based fundraiser will be the more expensive path without a commitment from Framework to switch to Dasharo as Dasharo understandably wants the support contract more than they want the porting contract.

As expressed in EDIT 1, there is a path forward for Framework that allows them to satisfy the community desire for Coreboot without necessitating the hiring of more staff. It would be preferable to have the Coreboot stuff done in-house for logistical reasons but Dasharo would be a huge step forward and would signal some goodwill here.

These suggestions have not been responded to yet. To be clear, I am not making any implications as to why they have not yet been responded to, quite a few posts have gone up and what I wrote could have been missed in the shuffle, especially since my later posts have apparently been much more inflammatory than intended.

I disagree. Not that I think any qualifications could necessarily be given. Nobody can tell what the future holds so any promised future action is also hazy at best since market conditions can change. I have made no personal attacks on any Framework employee or intent behind the statement. I have attacked the statement and nothing else. I have not violated any community guidelines here. I want Coreboot support and I’m willing to discuss sane and sustainable paths to getting it. Framework’s mission is predicated on “doing the impossible” eg “They said it was impossible to create a thin and performant repairable laptop”. So I don’t buy any statement that says “We can’t do it”. It can be done, it is a question of when and how. I am exceedingly bullish on Framework and a proud user of said product and I approve and delight in the level of support the Linux community has gotten compared to mainstream manufacturers. My comments here should not be interpreted as some broader critique on support. This is about Coreboot and only Coreboot.

If Framework as a company does not think they have the financials to support a Coreboot port at this juncture, then fine, I can’t deny that. I don’t have access to their financials and cannot contest that. That does not mean that Coreboot ports cannot be a community led effort via other funding mechanisms. Other questions will be raised if that is the method the community and Framework want to go with but those can be asked at the appropriate time.

I recognize that my responses have combative but that does equate to hostility towards Framework employees or Framework’s mission. I want what is best for the community and the company same as anybody else. I should not be viewed as some hostile force, which is clearly what I’m being painted as.

TheTwistgibber · May 5, 2023, 12:09am

And that’s all folks, topic closed.

TheTwistgibber · July 16, 2023, 9:22pm

As some time has passed, after internal discussion, we have made the decision to re-open this thread. As stated in previous responses, any discussion should remain focused on potential future implementation, and not a debate on the current status, as that has not changed.

Our Community Guidelines still stand, and we ask that all Community members follow them.

Thank you.

ldare373 · July 16, 2023, 9:44pm

Has there been any progress since the thread was closed?

nrp · July 16, 2023, 10:17pm

As of yet, no, but we are closely following the progress AMD is making on OpenSIL: Empowering The Industry with Open System Firmware ... - AMD Community

Niko_Cantero · July 18, 2023, 9:55pm

Hopefully AMD OpenSIL comes to fruition

samcday · July 30, 2023, 8:39am

@nrp would you mind expanding on why ya’ll are closely following the progress of openSIL? Specifically, why is openSIL of interest when coreboot already exists, has existed for many years now, and has been proven to support modern hardware (1) (2)?

As an 11th gen Framework owner eagerly awaiting the AMD mainboard launch, I can imagine openSIL paving the way to open firmware on what I hope will be my next laptop. But at that point my 11th gen board will still be put to use elsewhere (sitting in one of those awesome Cooler Master cases helping to power my home lab, most likely!).

I’d really like to believe that, 10 years from now, my 11th gen will still be useful somewhere, and also still continue to receive firmware updates.

Side note: I’m a big believer in the Framework vision. I originally discovered the Framework laptop because I was a casual follower of your old blog (3)!

Given the wild success the Framework 16 launch has seen, and the strong brand capital that Framework absolutely deserves, I really hope you’ll consider investing meaningful resources into coreboot. I’m gonna go out on a limb here and say I reckon Framework the company is probably reasonably solvent and profitable now, that such a move is feasible and would likely not even show up as a major line item on the CFO’s spreadsheet.

Personally, I think ya’ll ought to just engage 3mdeb to undertake this work for the 11th thru to 13th gen mainboards. Given how much profile Framework has built many big mainstream press outlets, I suspect you’d be able to wrangle a pretty solid deal with Dasharo. I understand their public website indicates that they typically do deals based on volume and actual unit sales, but I bet that’s not taking into account laptops that receive glowing reviews from The Verge and are spruiked on the regular by Linus to his 15M Youtube subscribers

I do wanna restate what others have already said in this thread: I think coreboot support is important not just for ~~weirdo neckbeard Linux nerds~~ “power-users” such as myself. I think it’s an integral part of the vision to reduce e-waste.

Once a open-source coreboot port exists for the Framework 13 laptops, it exists. Sure, it might still need a bunch of yucky blobs for FSP, nvme controllers and the like. But the wider community will have that solid foundation to work from. To maintain. To improve upon. Once the initial investment has been made, there’s a very good chance that further work and maintenance happens “for free” (from the perspective of Framework the Company)

I like to think about how the various *WRT projects got started. Once Linksys did the totally ethical thing, entirely of their own volition (thus ensuring my continuing faith in the very sound economic model of capitalism), and released the WRT54G firmware source tree, a cambrian explosion of very high quality firmware distributions burst forth. 20 years later, I can flash my AVM router and go from a pretty-good firmware to a freaking-awesome-and-holy-crap-I-can-even-opkg-install-tailscale-on-this-thing firmware.

I absolutely believe Framework the company will exist 5 years from now, and still be kicking ass. But I also know that even if Framework the company doesn’t exist, the Amoc stops tomorrow, sea levels are 30m higher than today and we’re all eating each other to survive, Framework laptops will absolutely still exist in the physical world (mostly because we won’t be able to eat them and they seem kinda impractical to burn for warmth/energy).

What if the roving bands of cannibals are sophisticated enough to launch RCE attacks on my 11th gen Framework laptop to pinpoint my location through the Intel NIC?

At that point I can’t count on Framework to still be maintaining proprietary business contracts with Insyde to produce proprietary firmware blob updates. But if the source is there, I have faith in some rando from Estonia to be maintaining patches with commit titles like “mb/framework/13gen11: fix buffer overrun in vpro_nic_rx_poll - prevents RCE attacks launched by roving bands of cannibals”. I’m kidding of course, the commit title would never be that - it’s way longer than 55 chars.

In summary if Framework doesn’t support development of open-source firmware blobs they are complicit in cannibalism. That’s all, thanks and have a good day!

Niko_Cantero · August 15, 2023, 12:32am

Hmm maybe we can crowdfund the Coreboot team getting some Framework laptops?

Sir-Photch · August 18, 2023, 1:59am

Hi guys and gals,

I’m currently searching for a new laptop to buy, and framework is a hot contender!
I stumbled across this post during my research, and I have a question considering Coreboot / Open Firmware:
If you ever introduce open firmware to your products, will devices sold before this release of open firmware made compatible with the new firmware?
Phrased differently: Would users be able to flash the firmware on their own, even when the device to be flashed was sold before the release of coreboot?

Cipher · August 18, 2023, 2:21am

Hi @Sir-Photch
In my honest opinion, buy the framework 13 based on what it is today and it’s history (main board can be upgraded and every part can be replaced if damaged/broken)

As for flashing a different firmware in the future like coreboot, I don’t see any reason why it wouldn’t be possible to do so when it becomes available, either through community or framework.

rstat1 · August 19, 2023, 3:35am

OpenSIL is not firmware. It is not the same thing as Coreboot or Insyde or any of that. Its a chunk of code that firmware vendors (Coreboot included) would use to initialize the CPU and memory and stuff. The closest Intel equivalent would be the FSP (or Firmware Support Package).

This code is usually never open source and always covered by a stack of NDAs so thick it’d require a whole forest’s worth of trees just have enough paper to print them on. That’s why OpenSIL is interesting, because it means much fewer binary blobs in your firmware.

But even after its release (whenever that is) it’ll still require adoption by the various firmware vendors (again, Coreboot included). So its gonna be while.

CodeAsm · August 24, 2023, 3:19pm

If coreboot, (or the shim to boot into coreboot) is signed with the blessing from Framework, we canflash it fine. maybe even worst case with an external flashtool. For now, you can build coreboot, flash it, but it wont boot. Any “bios” (firmware) needs to be signed with the key FW has based on Intels “Bootguard”. probably been said before, once the CPU has bootguard enabled (and it is, as Intel wants it this way) any new “bios” needs to have this signing bit done. but there was this idea from FW (probably not original, but cool) to maybe have a shim, a small bit that also is signed, and chainloads our own corboot.

What they offered, where none bootguard framework boards for 3(?) devs and they tried their very hard and best to port coreboot. with bricked results. sending them back, as they where unable to recover them. (FW probably willing to reship again, but devs been busy, profecional and alott. doing stuff in freetime…) maybe we offer those devs some paid time? Im just recapping the bits i know tho. 1 dev we know, other 2 I dunno who. They busy, they skilled. FW being willing, but as stated: not many that are able. and eh… the special framework boards (once an image works, they can sign it )

EDIT: And note, its probably Intel who wants FW to only ship bootguard enabled boards. I dunno how System76 gets their boards with coreboot. maybe Compal has different agreements.

Niko_Cantero · August 27, 2023, 12:51pm

So whats the plan?

Kent_Brockman · August 27, 2023, 5:36pm

Is there a funding mechanism already set up that the community here could contribute to? Like a gofundme or a patreon or something? There’s a fair bit of interest in coreboot here, maybe those with interest could donate some dollars to pay the developers to do it.

EDIT: And maybe Framework could match contributions?

James_SM · August 27, 2023, 10:30pm

It would be awesome if 3mdeb’s @Piotr_Krol and framework would be willing to set up even a crowdfunding campaign, I think it really matches the framework philosophy to have an open UEFI as it could be continually updated by the community avoiding ewaste and potentially lowering framework’s costs. Not to mention the large security and granularity benefits over proprietary UEFI’s (like Insyde) and allowing direct competition with the likes of System76 and Starlabs.

Also would it be possible to port the already existing coreboot on the Chromebook main board to the normal one or is that impractical?

Piotr_Krol · August 28, 2023, 11:21pm

Let me reevaluate the potential cost of such a port. With so many targets supported in coreboot, we could figure something out. Meanwhile, we should find out answers to following topics:

Precise state of Intel Boot Guard on Framework laptop we discuss here (BTW, I’m a little bit lost, are we talking about Framework Laptop 13 11th Gen ? Or maybe a more recent one?) - We can achieve that by dumping BIOS with flashrom and reading it in UEFITool - key question is if Framework has private essential part of what was fused, because if not there is another level of complexity and maybe concern for some.
Based on point 1, we can think of what strategy could work: IBG-shim, signed release by Framework, way of obtaining unfused mainboard (I guess “fusing mainboard to my keys” could be a good deal for some customers). In 3mdeb, we gave a bit of thought to IBG-shim and have to say the idea is great but sounds like assembly hacking without much portability between microarchitecture (read, not scalable software solution - I guess nobody likes that). TBH, I’m not sure where @Matthew_Garrett is with that project because maybe we are completely wrong, and there is a way to solve this scalable (or not scalable would be good enough for community purposes).
If we were on the crowdfunding path, the critical question is which platform to choose and which would work for the community. We are working with OpenCollective, and there is an option to have a goals-based funding gathering. Other options also would be great, but we have no resources for marketing campaigns like Kickstarter. We also want to avoid configuration overhead to keep things simple and relatively cheap. Back in the day, we discussed with @Martin_Roth coreboot leadership crowdfunding or another vehicle for sponsoring activity related to coreboot, but then the whole concept was vetoed and not pursued further. The notes from that discussion should still be available in the coreboot leadership archive.

Please let me know what you think.

Niko_Cantero · August 29, 2023, 12:57pm

There is Librepay, too, Goteo, which is AGPLv3.0: https://en.goteo.org/, and Open Collective is an excellent platform. We also don’t need to sock up the whole laptop cost. I don’t think having the mainboard and expansion cards would be good. Display, if we can, would be even better.