Originally posted by michaelb1
View Post
Coreboot is still using the FSP blobs from Intel, that are technically smart enough to be able to boot a u-boot bootloader from flash on their own (i.e. Coreboot is basically a shim in this case).
LinuxBoot just avoids having to sign NDAs to get info and all the board hardware reverse engineering phase as it reuses the same pre-configured low-level components extracted from stock firmware.
there are modern boards: check out Purism Librem and Librebox
The ones using real Coreboot+SeaBIOS (although not by default afaik) are Chromebook/boxes, but still, blobs (the FSP).
And, actually even those proprietary UEFIs could use SeaBIOS as a module
UEFI isn't disabled if you boot in "bios mode". It's still running and has SMM access.
It might be useful for future UEFI firmwares where they drop CSM mode (as they will do so, there were some statements about it).
Check out "vboot" source code directory
and also "heads" project, to realize that your coreboot+SeaBIOS combination could be made secure if you would like
Heads is working like LinuxBoot, and its main dev is also active in the LinuxBoot scene. It is just using Coreboot for low-level initialization instead of reusing stock firmware blobs. This is of course possible only where you can add true Coreboot support to begin with.
Comment