[RESPONDED] Coreboot on the Framework Laptop

there was, but not available everywhere and not anymore.

sadly, not availeble where I can buy them. maybe second hand.
I refrain from further comments untill someone makes some coreboot progress or FW themselves. unless pm/dm/discord.

Stupid Boot Guard. We have a known working coreboot for a very similar board, it would be trivial to fill out the little bits that a non-Chromebook Intel 12th gen board would need, and jump from there to 11th/13th+. Any plans for an Intel motherboard without Boot Guard someday, Framework? You could sell it at a premium, no support needed for the firmware.

Apparently it’s non-trivial as those that received boards without boot guard have failed to deliver a port of Coreboot nor has Framework themselves invested in this.

Couple of things. The unlocked laptops got sent to “some people”, unknown to the larger Coreboot development group and community. We literally have no idea what was done, FW isn’t commenting, no one in the Coreboot community heard anything, I’m not saying it didn’t happen, but it didn’t happen in a helpful and supported way. Those laptops were later reported to be bricked, again without any information about what that means or who tried what to recover them. No Framework hardware, support, or documentation has been provided to anyone publicly associated with Coreboot to my knowledge. (Edit: There is one Youtube video. Didn’t find that on my initial search.)

That’s also not the point I was making. We HAVE an existing Coreboot port that’s fully functional on the Intel 12th gen board. It’s every Framework Chromebook ever shipped. This means that if Boot Guard wasn’t a big problem (it is), we could start with the Chromebook firmware today and have something that boots right away. I’d hazard a guess that full FW 12th gen support would only take a week. Backporting to the 11th gen would likely be equally simple, since the hardware is very similar.

Porting forward to the 13th gen and up would be more difficult, but all we lack is some way to disable Boot Guard, and a little bit of support from Framework, who understandably aren’t very interested.

There’s an unofficial Coreboot proof of concept build on AMD, and there’s a shipping and supported Coreboot on the 12th gen hardware, via the Chromebook. Framework is clearly not interested in supporting/advancing these, and THAT’S OKAY, but it still makes those of us who would like Coreboot sad. That’s all!

Took that quite personally, didn’t you? Here’s a link to a bunch of folks on the Coreboot ticketing system saying pretty much the same things. Also, I never once said that anyone lied. I said that Framework claimed to work with some people, and they won’t identify any of them (fair), but that the larger community around Coreboot remains un-engaged (which is true, as far as I can tell).

The plain truth remains this: Framework made an overture, it didn’t work out, and the answer given is that board level documentation is provided only to authorized repair agencies, under NDA. Between this and the lack of any new developments on the three one-off laptops three years ago, it looks like Coreboot on Intel Frameworks is pretty dead. I was just lamenting that, not casting any aspersions or lambasting anyone. Framework isn’t obligated to support Coreboot, or anyone else.

Yeah, I agree that Framework isn’t obligated to provide a Coreboot port or Coreboot support. Yeah, this is lamentable. Given how long people have been asking for this, I seriously doubt this effort is going anywhere. At any time Framework could have said “We won’t invest engineering time/budget into backporting our older platforms but going forward we will be using Coreboot”. They have not. Skilled devs were handed hardware and it got bricked. We can assume Framework wasn’t handing out hardware to any idiot that asked for it and only those that could demonstrate an ability to do the work were given hardware. Matthew Garrett is such an individual.

I’ll cautiously say that Frameworks track record is improving on Firmware but it’s been historically atrocious. At this point, be satisfied with the proprietary firmware or purchase a laptop that uses Coreboot out the gate.

Maybe OpenSIL will change this. I’m waiting on the sidelines to find out.

A Coreboot dev (I think it was Martin) also said “ I think we all would like a framework coreboot port, and would be excited to see it happen, but it takes quite a bit of work to get an initial port done and maintained” so the work cannot both be “trivial” and “quite a bit of work”.

I have ranted and raved plenty in this thread pleading for Framework to get this in gear but to no avail. If Framework the corporation does not aid in getting Coreboot ported in a substantial way (assigning devs/paying for the port) then it’s dead. Especially since the Chromebox variant hasn’t received a hardware refresh…ever. MrChromeBox created a Coreboot “distribution” so that Linux could be run on that board. That’s the state of things today and I don’t see anything to change that status quo in the next year or so.

I would say that there are a number of things that need to be in place to advance coreboot on FW:

1. make the FW laptop unbrickable. All this means is, if the bios, pd, ec firmware is corrupted, the is always a simple, non-expensive, no-resoldering way to recover.
2. allow anyone to write their own BIOS, and not need special versions of the hardware.
3. full documentation of the AMD chips, together with AMDs detailed description of what the boot process is. I.e. which registers need to be set to what, during the boot process.
4. able to replace AMD proprietary firmware blobs with their own.
5. FW full schematics.

Those 5 items are not in place, and unlikely to be for a long time, so coreboot is a long way away.
If 5 items did exist, anyone, even me could dabble in helping coreboot work.

For example, intel laptops can display the BIOS screens to both laptop display and external monitor. AMD cannot. The FW AMD laptop can only display BIOS screens to the laptop display. It would need a AMD firmware blob change to fix it. So no one from FW or coreboot could ever fix that. If you are wondering why displaying to both is useful:

1. user using their laptop with external displays and the lid closed.
2. diagnosis, maybe the laptop display is faulty, so proving that would have the BIOS display on an external monitor.

Summary:
I don’t think coreboot is going to get very far with the current lack of open documentation from all parties.

I personally would like something like uboot ported to FW laptops but you need an exposed serial port for that.

My current understanding of the situation is as follows:

• Intel devices with Boot Guard are virtually impossible, barring expoits.
• Intel devices without Boot Guard are challenging but possible, and in my opinion a device such as the Framework laptop will be supported relatively quickly, provided devices without Boot Guard are provided to the community. It is also easier if a similar device exists (e.g. the Chromebook version)
• AMD has Platform Secure Boot (Platform Secure Boot). This is done at the CPU level rather than the PCH level. This means if you bring your own CPU in a device with PSB it is effectively vendor locked for the rest of its life!
• AMD PSB seems to be rare on laptops and consumer devices in general, with a focus on servers/workstations. Evidently, the Framework AMD version does not have it enabled, which allowed the coreboot port.
• Current AMD CPUs use AGESA, which is proprietary and interfaces with EFI. This is the equivalent to the Intel Firmware Support Package.
• My understanding is porting coreboot to current gen AMD devices is extremely difficult but technically possible because AGESA is designed for UEFI, and it is challenging to interface with it from non-UEFI firmware like coreboot to do things like sleep.
• OpenSIL is the replacement of AGESA. It is fully open source (!) and not specific to UEFI.
• Provided OpenSIL releases in CPU used in a Framework laptop, and framework does not enable PSB, I believe we will finally have a device where anyone can do development of a practical and eventually feature-complete coreboot port, even with continued lack of involvement by framework.

Tangentially, another point against Boot Guard being enabled is that Framework cannot support a device with FW updates for ever, so if a security issue is discovered, there may be no way for the community to fix it.

That’s what I was curious about, the AMD framework doesn’t have PSB then? Nothing stops you from installing Coreboot? Since there doesn’t seem to be any updates since last time they showed it, too