Wrong, again. The FUD is getting old.

We host these repos ourselves (all of github.com/coreboot is a read-only mirror of review.coreboot.org, all of these submodules point to our repos). We secured redistribution rights for everything because we don't feel like breaking the law.

These blobs can be used according to the license terms, which don't require NDAs.

Wrong, again. coreboot still controls the boot flow. It's up to coreboot to decide when the blobs are executed.


The core could be the boot state machine that defines the boot flow across all stages, which is open source. Or the resource allocator (which essentially drives the ramstage), which is open source.

No, FSP or BinaryPI don't replace "the core".

So where's your patch to reimplement ram init for some modern hardware?

So... they aren't providing the blobs themselves.
The blobs are not their work. They're not their prerogative.
What I really want to know is what do you make of distros that provide blob drivers? Are they suddenly no longer an open-source project, just because you can use a non-free repo? I don't see how Coreboot is any different - it is up to the user if they want to use a non-free repo.
Ok. And how does any of this determine whether Coreboot is actually open source?
Again - if the most critical parts are replaced, is it really Coreboot anymore?
This question matters, because if the most important parts of Coreboot aren't used, what's to say that they're actually using Coreboot? Like I said before, at that point it's basically false advertising. That doesn't in any way mean Coreboot's goals are compromised.
Um, no? Coreboot isn't just "a bunch of scripts". You're comparing apples to oranges here.
Right, and as far as I'm concerned, all of Coreboot, from github, is open-source. It's implementation on most motherboards might not be, but that doesn't detract that Coreboot itself is open-source.
Just like how 2 wrongs don't make a right, taking open source code and sticking proprietary software in it doesn't make the original source code closed-source.

Which is mandatory for modern hardware?

This folder https://github.com/coreboot/coreboot...aster/3rdparty
Note that it's mostly a link to other repos with the blobs, as in many cases they don't even have the right to host or redistribute the blobs themselves.

The build system downloads and adds automatically stuff where it's set to.

Intel or AMD is the hardware vendor. Coreboot is a board firmware. The ones wanting a board firmware are the OEM (companies making the boards) or end users of such boards. And these parties need a NDA to Intel or AMD to be able to use the blobs (and Coreboot) at all.

As I said, it's not a "vendor that uses coreboot as closed source", but a Intel and AMD require any board port to use blobs that basically gut Coreboot.

It would if you replaced the more critical parts of it with blobs. It's not comparable to kernel modules. It's the core that is replaced with a blob.

By that definition, even OpenGapps project is opensource https://github.com/opengapps/opengapps
Even if it is just a bunch of scripts that download and assemble binary Android packages from Google.

I mean, all we care is that we can legally call it "opensource"? Not that it can actually be tinkered with and worked on by people without NDAs.

When using CONFIG_USE_BLOBS. I guess for bonus points I could finish https://review.coreboot.org/c/coreboot/+/28637, but to be honest, the best motivation killer for any work that supports the "blob free or death" community is having to deal with it.

Mind telling me where Coreboot packs the blobs in github?

So you're telling me the Coreboot devs have to sign/agree to NDAs, even though a company like Intel or AMD could just take their code downstream?
That's irrelevant to my point. Just because a vendor chooses to use Coreboot in a closed-source manner, doesn't make it closed-source. Linux itself is used for closed-source purposes all the time. Does that make it closed-source?
I get it - there pretty much isn't any Coreboot implementation that's fully open-source. That doesn't mean Coreboot as a project isn't open-source.

I don't care about GPLv2 compatibility of the source in the repo.

I need that to actually act like if it was opensource in practice.

If to port a new board (that isn't just a copycat of another existing one) you need an NDA with Intel for the docs and blob configuring tools, then what's the point of the stuff in the repo being "opensource".

It might have been proprietary and it will be exactly the same. Only paying OEMs can use it, or even understand the more important parts of it. What's the point?

Wrong, Coreboot build system downloads and packs blobs in any image for modern hardware.

It's not "the corporations".
It's "anyone that wants to port Coreboot to a modern board".

This isn't some optional thing or some downstream fork. It's mandatory. You need NDAs for docs, and access to the tools to configure the blobs for your board.

Dunno, the fact that they can't?
It's not their choice, it's the vendor of the hardware they support that chose for them.

Coreboot, as provided by its internal devs, is open source. Just because the way it is commonly used is proprietary, doesn't make Coreboot at it's core proprietary. There is nothing wrong about what Coreboot is doing.
I'm aware of this; I didn't say otherwise. But again - using a product outside of its intentions doesn't negate its intentions.
How? Their goals are independent of what corporations what to use their software for.
By your logic, that's like a kid saying "I want to get the highest grades in class" where a bully comes by and burns all of his books. Just because someone else is stomping on your dreams and aspirations, in no way does that mean they're suddenly voided. Coreboot can still strive to create a totally open source firmware. Even if the way it is used is just a wrapper for proprietary blobs, why does that mean they can't keep going at their goals?
Coreboot is being honest. They're doing their part. It's not their fault corporations aren't playing along.