so far it’s in Ryzen 6xxx and 7xxx, and also ARM CPUs manufactured by Mediatek. It will be coming to intel imminently I’d imagine, as well as other ARM. It originated in xbox and is part of azure as well.
They call it chip to cloud security, but the reality is its a Microsoft controlled remotely updateable IME, and its only a matter of time before it gets compromised or they start abusing it.
Has there been any update on coreboot support? Is it still in the plans for 2023?
I would recommend checking the first post in this thread, as it has been updated as new information has come out. So far the last official thing we’ve heard is that the initial boards sent to coreboot devs were bricked, and new ones were being built up, but that was a few months back and nothing else has been said since.
There were never official plans for it ever, but there were coreboot devs who may have been working on it, and some talk a while back on having the community fund a third party group to work on it, but nothing came of that as far as I know.
@Demi_Marie_Obenour Coreboot is available if you are willing to purchase the Chromebook variant of the FW laptop. Other than that, no updates to report.
I still think its good to get coreboot for regular framework laptops, atleast the 12th gen one. I dislike Intel Bootguard very much right now.
When coreboot support lands, will we need to buy a coreboot mainboard? Or will a simple fwupdmgr update install coreboot on the current hardware?
Qubes requires coreboot as one of their requirements for certified hardware. So there’s a reason you might need it. Also I’ve got an intuitive belief that a Qubes certified Framework laptop would be a good thing, so it’s not just you needing it.
I’m starting to dive into Qubes for some research projects, and just bought my Framework laptop for it. I’m still working on figuring out the details, but it’s clear some threat model concerns them. I might or might not share that same level of concern. Regardless of that I would like to have the option of coreboot and eventually a Qubes certified hardware platform, especially if the research I’ve got planned proves fruitful. Or even just to provide another alternative for research.
the framework chromebook comes with coreboot, so basicly your question has been answered, fastest way to get a framework with coreboot, would be to get the chromebook version (mainboard or full system)
Im pretty sure most of us here are hoping for a fwupdmgr update (or switch) option. mainline probably stays as stable with normal bios as possible. yes, im ok with testing and the occasional bug. im willing to solder debug connectors to diagnose software issues.
anyway, coreboot is there on the chromebook
As I have no idea what Qubes is…I guess I don’t. 
Or maybe just don’t know that you do? 
A lot of folks, myself among them, think it may be the most inherently secure os available, especially as free open source.
Oh god no definitely not. Life is too short. I read all the “alternative OS” struggles and I’ve tried Linux a few times and I find the user group “difficult to down right agressive” at best when help is required.
Used Windows for 30+ years…I know it inside and out. I dont have any struggles with it. Another 5 years and I can retire and walk away.
Sorry, I think I wasn’t clear. I’m not interested in the release date of coreboot for regular laptops. Also, I realize the Chromebooks use coreboot, but I’m not interested in ChromeOS.
My question is more like this: pretend FW announced today that coreboot was available for the regular laptops. Let’s say I have a regular laptop that I bought a year ago. It runs Linux.
How would I move from the old firmware to coreboot?
This indeed will depend on the manufacture of said laptop. possibly using the same tools normal firmware updates are applied (maybe also selecting said coreboot image.)
for windows, this might be just an .exe and for linux, I see they have an EFI file that we are supposed to put on a USB.
I imagine a start.nsh file on this fat32 drive to look like:
H2OFFT-Sx64.efi hx20_capsule_CoreBoot.bin
But can totaly be different and tutorials and howtos will explain what to do. also, I can imagine they might preload the coreboot image with seabios, but I also hope we can put our own payloads inside (thus not all will be signed by them, but by us?)
The framework chromebook boots coreboot, you can wipe chromeos away and use linux (or windows if you must)
So sorry to hear this. There are plenty of helpfull folks out there that would have loved to help you with constructive feedback and easy to read howtos. sadly we also have tons of weirdos, ive met them in some weird windows places aswell. I hope youll give Linux a try again someday, maybe inside WSL2 ? (thats linux but virtual, inside your windows machine).
Ive had so many mixed feelings towards windows, and they keep changing the things (config menu from 95was awesome, all the way until 7. ) I prever Linux now. but I understand my dad aswell, Windows works, FlightSim and his photos. I did get him to try linux on his raspberry pi (for Plane tracking). Coreboot can boot windows, and you can make an argument for it to be more secure, but it might just not be a vallue to you. Stick with windows, and yes, if you by accident get coreboot, we will hopefully be able to gently help you get windows to boot again.
Coreboot is still something I think should be considered for regular framework laptops, at least the ones made from the 12th generation. The Intel Bootguard is one of my least favorite features right now, and I hate it very much.
I really hate the way this is presented.
“we tried to give users the control and freedom they demanded, and even the wizards ended up stepping on their own …”
Bricked is only bricked if there is no jtag or socketed eprom. Is there a usable jtag/icsp? If not, then you didn’t actually give anyone anything.
It’s like creating the conditions to fail, and then going “See? Failure.” It’s disingenuous and insulting and infuriating.
I look at your github with stuff like the pinouts and part numbers for all the motherboard connectors etc, and I assume you really are trying to give people what I at least want, so please excuse how bitter that sounded. There’s just mixed messages and that is frustrating. If the goal is to empower the user, then why am I still not empowered? Why can’t I even so much as downgrade to a previous proprietary bios let alone install my own, let alone hack on yours? Perhaps your hands are tied by Microsoft or something, but if so, it’s not apparent from over here is user land. From here it just looks like yet another product I paid money for and yet do not own.
No but maybe for you it’s fine to assume that and have no interest.
For me it’s the same as why I want to run linux as the OS. There is no single specific thing that I want that linux provides, it’s the fact that it provides anything I might ever possibly want (or at least allows for the possibility and doesn’t prevent anything), whatever that might be, whenever that might be, without having to predict or itemize it. If tomorrow I discover that I have a problem with something, or just want something, I know I can do something about it.
For instance, currently almost all modern machines have a new problem with suspend, driven by Microsoft ultimately. Well, if my bios was open like my OS is, we would only have the “modern standby” problem for about 11 minutes after the first developer or even merely capable user it annoyed. Instead we have a well known industry-wide problem affecting basically all machines, persisting for more than a year now, and we all just have to just sit here and live with it instead of fixing it. It’s ridiculous.
In the past, I had an expensive Vaio laptop that had a cpu that had VT-x, meaning that I should have been able to use hardware enabled virtualization on it, but in fact could not, and only because the bios disabled it, not because the hardware was missing. Someone actually managed to binary edit that bios and enable the feature and it worked, so, that is the ultuimate proof that there wasn’t some mystery hardware support still missing. Someone hacked the bios and it worked, so there was nothing about the rest of the mothernboard design that stood in the way.
Similarly, almost every machine I’ve ever used, servers and desktops too not just laptops, had buggy or incomplete acpi, which screws up all kinds of things like cotrolling power/backlight/radios/camera/mic, reading sensors, etc. All fixable if the bios were accessable like the OS is. Instead what we have is the “noacpi” kernel boot option to just disable and ignore acpi entirely when it’s too buggy.
No, it’s not about 2 seconds of boot time.
Yeah I still havent seen anything compelling in any reponses that make this worth any effort/benefit for me or framework to be honest.
But that’s my usage case. I wish you luck in your quest, whatever it is. 
How interesting and thoughtful…
Well after watching LTT today, I ordered an AMD 13inch and I’ll be passing down it down to my wife once is once the 16 inch is out. I want to say thank to Framework for listening to it’s customers. At least on the cpu side. I’m still looking forward to coreboot on the mainline but I’m a little more confident that that problem will be solved.
– A New Customer