Wow, malibal is a good reminder to research any company you plan to buy from, or otherwise do any business with.
I know that there are many people walking around that, might seem normal at first glance, but are actually quite unhinged. But, one usually assumes a company can’t be too out of the norm, and the owner can’t be too nuts, or else it would all crash quickly. Except, well, here’s malibal.
Oh no, did you copy and paste that?
Looks like that’s a violation!
You may not:
Copy or Distribute: Copy, print, republish, display, distribute, transmit, sell, rent, lease, loan or otherwise make available in any form or by any means all or any portion of the Site or any Content and Materials retrieved from it.
Oops. I might have just earned a ban myself.
I had to go read their ToS. Terms of Service : MALIBAL.
Yep, it all earns a ban. Doing anything they don’t like, that is. Such as using any Google or Apple device or service. Including using Google search.
Grounds for banning may include, but are not limited to:
– Violations of our terms of service
– Disruptive behavior
– Misuse of our platform
– Any actions that, in our judgment, pose a risk to the integrity and security of our company
Appeals: Bans are permanent and cannot be appealed under any circumstances.
The one who poses the greatest risk to the integrity of their company, is the owner, I think.
As far as I tell, the idea was previously floated to crowdfund the development. The coreboot team explained at the time that this should be arranged directly with individual developers, who might be happy to do the work.
I think the best way forward (and perhaps the only one for short to medium timescales), is to actually see how much money we can all pledge for this and hope that someone finds the sum attractive enough to get it done.
Unfortunately, I don’t have experience with organising something like this (I guess the biggest problems are trust management and finding a suitable platform), so I hope someone else will volunteer.
I wonder if, as a preliminary step, we might be able somehow to “estimate” (i.e without committing actual money to an escrow) how much money we could potentially raise? And see if it any dev signals their interest in response? At least we’d get the ball rolling a little and make sure the idea remains in people’s minds; because right now, everything seems to have stalled.
There wasn’t much interest 2 years ago, I don’t see how my conclusions are any different now.
Make the Kickstarter or GoFundMe or whatever if you so choose. See if anybody donates, if you meet the minimum then write the contract with 3mdeb. If not, refund the backers.
There isn’t anyone with some great amount of trust without corporate backing. So you are as good as any other member of the forum for creating the fundraiser. You just need to reach out to 3mdeb to figure out the cost to contract the work. Expect the cost to be higher without a support contract lined up.
I just created an account as I want to provide my two cents as a coreboot user (MSI Z690 + Kaby Lake Razer Blade Stealth) and tinkerer as well as new member of the vocal minority on this forum of coreboot users who will buy a framework laptop when it is supported.
I’m confused about this - my understanding is this will eliminate any benefit of Boot Guard (as anyone could but a malicious BIOS after the shim loader) while adding extra steps for the community - the worst of both worlds.
A crowdfunding campain sounds like a good idea in theory but is ultimately toast if framework don’t cooperate by providing units without Intel Boot Guard.
I would definitely tend to agree with this. If a device’s firmware has a critical (i.e. security) bug and it is EOL or framework no longer exists.
AFAIK, provided you set a few register values, coreboot’s libgfxinit can be used instead.
Any update from the framework team about either of these points - whether laptops with no boot guard will be either provided or for sale? I’d be willing to purchase a framework laptop without boot guard to tinker around with. As a side note, I dislike how coreboot is seemingly brushed off after little work by (presumably) 3 unpaid volunteers. I feel like for good chance at support, either a consulting company, such as 3mbdeb, should be contracted - or the ability for the entire community to port and test ports should be opened by providing an option to purchase a framework laptop without boot guard.
With the newest generation being AMD-only, and Intel versions seemingly clearing out (except FW 12), and likely PSB disabled as previous generations, my guess is our best bet is to wait for OpenSIL’s release. Assuming Intel versions don’t come back for the near future, I doubt coreboot will ever happen for existing Intel versions (at least until another Boot Guard vulnerability is discovered, and the entire community is finally free to port coreboot).
We’ve handed three systems that can boot unsigned bootloaders to folks in the coreboot community. Our plan in the near term is to help them create a shim loader that can be signed to run on any Framework Laptop, which then enables anyone to do further coreboot development.
To be clear, this cited comment from this is not my comment.
This is a minor correction because I think it was probably repeated too many times because of my miscommunication somewhere (Founder of 3mdeb here). Dasharo is not a company. Dasharo is coreboot downstream and a trademark registered by 3mdeb. 3mdeb is a Poland-based Open Source Firmware Vendor responsible for the development, validation, and maintenance of Dasharo.
This is based on what? eventually all three got bricked, and one was shipped to another person who was making some small progress and was supposed to present something about it. I have not yet found that particulars persons progress but if you follow the coreboot porting scene a tiny bit, its not easy and require time and skills. we can donate all we want, it requires skills and time, and they dont always go hand in hand in some of these folks schedules.
To me, it seems for the more skilled folks, getting to a unbricked state was too much of a hassle to continue. (understandable if not the right equipement is owned) and to others it might be a time issue. I take too much time from my homework into other side projects and can totaly see where family, dayjob and more intresting (porting) projects seem way more interesting. Still have small hope. brushing my own skills on more reliable hardware i can recover. yet not close to say I would try a stab at it. As my FW is still my mainboard i daily drive.
Discontinued I see, also never availeble in europe sadly. but Coreboot. (different hardware (chipset details) from 12th gen intel)
I’ve taken an interest in the possibility of neutralising the ME backdoor, without modifying the Framework vendor BIOS. Because it is tangential to this thread, and because I don’t want to interrupt the current conversation around crowdfunding and the interesting ideas suggested by @xbjfk, I have started a new one: Feasibility of DIY Intel ME neutralisation
Thanks - I’ve corrected it in my comment. Still getting learning Discourse even after all this time
My bad Piotr - I’ve updated this as well. Thanks for founding such an influential company! I am immensely grateful for your company’s work that allows me to run open source firmware on a modern motherboard (MSI Z690 Pro-A).
I’m talking about this in relation to framework, and the inaction of them after providing the 3 units, rather than anything regarding to developers they provided to. Of course, there is no obligation for framework to provide any further laptops without Boot Guard (for anyone who doesn’t know - Boot Guard prevents any unofficial firmware running) - it would just be nice to have and go along with their mission, and to expedite the porting process.
I believe this one is the Chromebook version (correct me if I’m wrong). if so, my guess is they sent it to the very skilled MrChromebox - it is now supported by his firmware.
I’ve done a coreboot port before (only for a submodel, no where near as impressive as an entirely new mainboard) and am aware of some of the challenges that arise . My respect goes out to all developers who work on coreboot, and continue to port new mainboards.
I unequivocally agree with these points (I tried to express this in my original post). If framework instead provided laptops without Boot Guard for sale to the public, it would enable anyone to work on coreboot for framework, instead of artificially limiting this possibility and relying only on the work of 3 extremely generous unpaid volunteers with lives and commitments.
Furthermore, if donations were started, and the status quo regarding Boot Guard was the same, I think this would there would be even more pressure on the developers to not break their “blessed” units without Boot Guard now that they are being paid.
In any case, as a prerequisite for crowdfunding we need to wait for a working laptop without Boot Guard (either through framework providing another or an existing one being unbricked).
To be clear - I have utmost respect for all the volunteers who have participated, and am entirely cognizant of their high level of skill. It is entitled to demand anything from volunteers. My sole disappointment is directed at framework for a seemingly lackluster job at even allowing the community to attempt to port coreboot by only ever releasing 3 laptops able to run custom firmware. It also seems facetious to me that framework advertises openness, extensibility, etc. while having boot guard as an unremovable option (I’m not even suggesting they put any resources into coreboot - just allow the entire community to).
Finally, I want to be clear that I am grateful that framework provided even 3 laptops without boot guard - they easily could have not released any - I just wish there were more opportunities for the community to port.
Sorry if my posts came off as ranty or abrasive to anyone - that’s absolutely not my intention. I am just someone who is very passionate about open firmware.
I understand the sentiment, if framework was to blame, i would be completely on your side in this case. (i dont qoute other parts as im pretty much in agreement and would love to see coreboot)
As far as I understand, its Intel who requires Framework to enable bootguard from the factory to send certified intel laptops (being allowed to ship Thunderbolt support too) and i think i remember reading either in this thread or on Discord that if FW where to ship more regularly unlocked boards, intel might not even consider to ship cpu’s or help develop new hardware together with FW. basicly Intel forcing manufacturers to ship these locked to end customers.
I would make a guess, that the 3 unlocked ones (maybe FW owned more unlocked ones) where shipped under some kind of trust/nda/contract/belief, that these would be used to build and test a new bios/firmware and in the end, targeting the new firmware to be run on bootguard enabled boards. under this premise, id see FW willing to ship a few of these to people they (somewhat?) trust.
I never felt like FW was an enemy of Coreboot in this story. maybe slightly understaffed or more likely, not enough time to spend on particular issues like these when new hardware and support more regular user problems (like with updates to bioses, power issues or what not) is more to be expected
Wish the chromebook one had more in common with the 12th gen intel regular board. WIld guess, by now, wouldnt there be some unlocked cpu for sale on the asian markets? a chainloader that is signed and be able to run unsigned coreboot would help tons, sadly no idea if that is even possible
For those saying coreboot ain’t happening on framework, you are aware that intel isn’t all that framework laptops ship with, right? AMD and in the future Risc-V are options.
. My respect goes out to all developers who work on coreboot, and continue to port new mainboards.