And that’s all folks, topic closed.
As some time has passed, after internal discussion, we have made the decision to re-open this thread. As stated in previous responses, any discussion should remain focused on potential future implementation, and not a debate on the current status, as that has not changed.
Our Community Guidelines still stand, and we ask that all Community members follow them.
Thank you.
Has there been any progress since the thread was closed?
As of yet, no, but we are closely following the progress AMD is making on OpenSIL: Empowering The Industry with Open System Firmware ... - AMD Community
Hopefully AMD OpenSIL comes to fruition
@nrp would you mind expanding on why ya’ll are closely following the progress of openSIL? Specifically, why is openSIL of interest when coreboot already exists, has existed for many years now, and has been proven to support modern hardware (1) (2)?
As an 11th gen Framework owner eagerly awaiting the AMD mainboard launch, I can imagine openSIL paving the way to open firmware on what I hope will be my next laptop. But at that point my 11th gen board will still be put to use elsewhere (sitting in one of those awesome Cooler Master cases helping to power my home lab, most likely!).
I’d really like to believe that, 10 years from now, my 11th gen will still be useful somewhere, and also still continue to receive firmware updates.
Side note: I’m a big believer in the Framework vision. I originally discovered the Framework laptop because I was a casual follower of your old blog (3)!
Given the wild success the Framework 16 launch has seen, and the strong brand capital that Framework absolutely deserves, I really hope you’ll consider investing meaningful resources into coreboot. I’m gonna go out on a limb here and say I reckon Framework the company is probably reasonably solvent and profitable now, that such a move is feasible and would likely not even show up as a major line item on the CFO’s spreadsheet.
Personally, I think ya’ll ought to just engage 3mdeb to undertake this work for the 11th thru to 13th gen mainboards. Given how much profile Framework has built many big mainstream press outlets, I suspect you’d be able to wrangle a pretty solid deal with Dasharo. I understand their public website indicates that they typically do deals based on volume and actual unit sales, but I bet that’s not taking into account laptops that receive glowing reviews from The Verge and are spruiked on the regular by Linus to his 15M Youtube subscribers
I do wanna restate what others have already said in this thread: I think coreboot support is important not just for weirdo neckbeard Linux nerds “power-users” such as myself. I think it’s an integral part of the vision to reduce e-waste.
Once a open-source coreboot port exists for the Framework 13 laptops, it exists. Sure, it might still need a bunch of yucky blobs for FSP, nvme controllers and the like. But the wider community will have that solid foundation to work from. To maintain. To improve upon. Once the initial investment has been made, there’s a very good chance that further work and maintenance happens “for free” (from the perspective of Framework the Company)
I like to think about how the various *WRT projects got started. Once Linksys did the totally ethical thing, entirely of their own volition (thus ensuring my continuing faith in the very sound economic model of capitalism), and released the WRT54G firmware source tree, a cambrian explosion of very high quality firmware distributions burst forth. 20 years later, I can flash my AVM router and go from a pretty-good firmware to a freaking-awesome-and-holy-crap-I-can-even-opkg-install-tailscale-on-this-thing firmware.
I absolutely believe Framework the company will exist 5 years from now, and still be kicking ass. But I also know that even if Framework the company doesn’t exist, the Amoc stops tomorrow, sea levels are 30m higher than today and we’re all eating each other to survive, Framework laptops will absolutely still exist in the physical world (mostly because we won’t be able to eat them and they seem kinda impractical to burn for warmth/energy).
What if the roving bands of cannibals are sophisticated enough to launch RCE attacks on my 11th gen Framework laptop to pinpoint my location through the Intel NIC?
At that point I can’t count on Framework to still be maintaining proprietary business contracts with Insyde to produce proprietary firmware blob updates. But if the source is there, I have faith in some rando from Estonia to be maintaining patches with commit titles like “mb/framework/13gen11: fix buffer overrun in vpro_nic_rx_poll - prevents RCE attacks launched by roving bands of cannibals
”. I’m kidding of course, the commit title would never be that - it’s way longer than 55 chars.
In summary if Framework doesn’t support development of open-source firmware blobs they are complicit in cannibalism. That’s all, thanks and have a good day!
Hmm maybe we can crowdfund the Coreboot team getting some Framework laptops?
Hi guys and gals,
I’m currently searching for a new laptop to buy, and framework is a hot contender!
I stumbled across this post during my research, and I have a question considering Coreboot / Open Firmware:
If you ever introduce open firmware to your products, will devices sold before this release of open firmware made compatible with the new firmware?
Phrased differently: Would users be able to flash the firmware on their own, even when the device to be flashed was sold before the release of coreboot?
Hi @Sir-Photch
In my honest opinion, buy the framework 13 based on what it is today and it’s history (main board can be upgraded and every part can be replaced if damaged/broken)
As for flashing a different firmware in the future like coreboot, I don’t see any reason why it wouldn’t be possible to do so when it becomes available, either through community or framework.
OpenSIL is not firmware. It is not the same thing as Coreboot or Insyde or any of that. Its a chunk of code that firmware vendors (Coreboot included) would use to initialize the CPU and memory and stuff. The closest Intel equivalent would be the FSP (or Firmware Support Package).
This code is usually never open source and always covered by a stack of NDAs so thick it’d require a whole forest’s worth of trees just have enough paper to print them on. That’s why OpenSIL is interesting, because it means much fewer binary blobs in your firmware.
But even after its release (whenever that is) it’ll still require adoption by the various firmware vendors (again, Coreboot included). So its gonna be while.
If coreboot, (or the shim to boot into coreboot) is signed with the blessing from Framework, we canflash it fine. maybe even worst case with an external flashtool. For now, you can build coreboot, flash it, but it wont boot. Any “bios” (firmware) needs to be signed with the key FW has based on Intels “Bootguard”. probably been said before, once the CPU has bootguard enabled (and it is, as Intel wants it this way) any new “bios” needs to have this signing bit done. but there was this idea from FW (probably not original, but cool) to maybe have a shim, a small bit that also is signed, and chainloads our own corboot.
What they offered, where none bootguard framework boards for 3(?) devs and they tried their very hard and best to port coreboot. with bricked results. sending them back, as they where unable to recover them. (FW probably willing to reship again, but devs been busy, profecional and alott. doing stuff in freetime…) maybe we offer those devs some paid time? Im just recapping the bits i know tho. 1 dev we know, other 2 I dunno who. They busy, they skilled. FW being willing, but as stated: not many that are able. and eh… the special framework boards (once an image works, they can sign it )
EDIT: And note, its probably Intel who wants FW to only ship bootguard enabled boards. I dunno how System76 gets their boards with coreboot. maybe Compal has different agreements.
So whats the plan?
Is there a funding mechanism already set up that the community here could contribute to? Like a gofundme or a patreon or something? There’s a fair bit of interest in coreboot here, maybe those with interest could donate some dollars to pay the developers to do it.
EDIT: And maybe Framework could match contributions?
It would be awesome if 3mdeb’s @Piotr_Krol and framework would be willing to set up even a crowdfunding campaign, I think it really matches the framework philosophy to have an open UEFI as it could be continually updated by the community avoiding ewaste and potentially lowering framework’s costs. Not to mention the large security and granularity benefits over proprietary UEFI’s (like Insyde) and allowing direct competition with the likes of System76 and Starlabs.
Also would it be possible to port the already existing coreboot on the Chromebook main board to the normal one or is that impractical?
Let me reevaluate the potential cost of such a port. With so many targets supported in coreboot, we could figure something out. Meanwhile, we should find out answers to following topics:
- Precise state of Intel Boot Guard on Framework laptop we discuss here (BTW, I’m a little bit lost, are we talking about Framework Laptop 13 11th Gen ? Or maybe a more recent one?) - We can achieve that by dumping BIOS with
flashrom
and reading it in UEFITool - key question is if Framework has private essential part of what was fused, because if not there is another level of complexity and maybe concern for some. - Based on point 1, we can think of what strategy could work: IBG-shim, signed release by Framework, way of obtaining unfused mainboard (I guess “fusing mainboard to my keys” could be a good deal for some customers). In 3mdeb, we gave a bit of thought to IBG-shim and have to say the idea is great but sounds like assembly hacking without much portability between microarchitecture (read, not scalable software solution - I guess nobody likes that). TBH, I’m not sure where @Matthew_Garrett is with that project because maybe we are completely wrong, and there is a way to solve this scalable (or not scalable would be good enough for community purposes).
- If we were on the crowdfunding path, the critical question is which platform to choose and which would work for the community. We are working with OpenCollective, and there is an option to have a goals-based funding gathering. Other options also would be great, but we have no resources for marketing campaigns like Kickstarter. We also want to avoid configuration overhead to keep things simple and relatively cheap. Back in the day, we discussed with @Martin_Roth coreboot leadership crowdfunding or another vehicle for sponsoring activity related to coreboot, but then the whole concept was vetoed and not pursued further. The notes from that discussion should still be available in the coreboot leadership archive.
Please let me know what you think.
There is Librepay, too, Goteo, which is AGPLv3.0: https://en.goteo.org/, and Open Collective is an excellent platform. We also don’t need to sock up the whole laptop cost. I don’t think having the mainboard and expansion cards would be good. Display, if we can, would be even better.
I can’t say I speak for the entire thread, but I think OpenCollective seems like a great choice. Also if framework (@nrp) would be willing to embrace this and even match contributions as suggested by @Kent_Brockman , we could really get the ball rolling. I also think targeting the latest generation mainboard possible is probably the best idea (edit: [concensus]). It is also optimal to have a scaleable solution such as the one suggested by @Matthew_Garrett, albeit I think that a signed release by framework is currently the most realistic strategy.
Would you be able to speculate on how much overlap in work there would be between the coreboot porting efforts for 11th, 12th and 13th Intel generations?
I think if only one is chosen (to start with), it ought to be the 11th gen. Not because that’s the one I personally own, either! Rather, I would assume this is the one with the most units already out in the wild (although if that’s not the case, and if someone from the Framework team could share which generation has had the most units shipped, that would certainly be useful!).