Announcement

Collapse
No announcement yet.

Coreboot 4.13 Adds Intel TXT, Picks Up New Boards For AMD Pollock, Intel Alder Lake

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Coreboot 4.13 Adds Intel TXT, Picks Up New Boards For AMD Pollock, Intel Alder Lake

    Phoronix: Coreboot 4.13 Adds Intel TXT, Picks Up New Boards For AMD Pollock, Intel Alder Lake

    Coreboot 4.13 is out today as the latest tagged version of this open-source firmware platform supporting a wide range of hardware...

    http://www.phoronix.com/scan.php?pag...-4.13-Released

  • #2
    How about AMD supporing libreboot on their CPUs? https://libreboot.org/amd-libre.html

    Comment


    • #3
      Any idea if this new support is open support or just adding in closed source blobs to make it work ?

      Comment


      • #4
        Why did they add TXT?

        There is no good reason for this technology which exists to remove peoples Freedoms.

        Comment


        • #5
          I wish I could replace UEFI on my systems with coreboot. It is sad that almost all vendors still invest in the legacy UEFI only. Desktops often need more that 50% of the boot time just for UEFI.
          Did linuxboot progress as an alternative to UEFI?

          Comment


          • #6
            Originally posted by GI_Jack View Post
            Why did they add TXT?

            There is no good reason for this technology which exists to remove peoples Freedoms.
            Because someone, somewhere, likes to use it for whatever reason and implemented the support for it. I have no idea what they use it for, but for all I know they might have implemented support to research TXT more easily?

            Comment


            • #7
              I wish they'd support real-world boards. All you see is of course Chromebooks cause google data-kraken pays for it (well, at least they spend some money for a good thing), though you wonder how locked down therse Chromebooks might be if you really test ist, and then, there are some server boards and a few older ones - but often those are hard to come by these days. And developer boards. Which is okay if mainboard vendors would use those to get (a libre) Coreboot running on their own boards.

              But just normal boards, like some ASRock/Asus, MSI, GB, Biostar, Jetway, Sapphire, whatev. or normal notebooks ... meh. You hardly see anything. Thus is remains a nice dream and kind of an academic toy.
              Stop TCPA, stupid software patents and corrupt politicians!

              Comment


              • #8
                I appreciate AMD reminding me of all these tasty fish during the Nativity Fast.

                Comment


                • #9
                  Originally posted by Adarion View Post
                  you wonder how locked down therse Chromebooks might be if you really test it
                  Since I'm working on that stuff: with the exception of one Dell Enterprise Chromebook (sad story), all Chrome OS devices can be unlocked if you're the owner[0] and from there you have way too many different ways to obtain various degrees of control over the device: dev mode, dev mode with a chrome-os styled OS install, dev mode + your own firmware build, legacy boot with your own payload, full firmware replacement, ...

                  The most comprehensive (but also the most risky[1]), of course, is to build your own coreboot image based on the public coreboot sources with your own payload, which will often be SeaBIOS, Tianocore or GRUB, with your own EC firmware (also open source) and flash it.
                  After that, the only Google-ish thing on the device left is the Cr50 firmware. As Cr50 is our root of trust, that firmware (while open source) can't be replaced without our secret keys (a replacement could fake to be Google-issued firmware and then do something else entirely, which is undesirable). But: That chip is a passive component in the security scheme, like all TPMs, so if you don't want to use it, it's as if it isn't there - and if you want to use it for your own security scheme, you can install your own keys (but you'll have to trust our firmware, just like you'd have to trust the firmware of any other TPM manufacturer).

                  [0] On company/school-issues devices the user often isn't the owner and the admin can lock things down considerably. That was a specific request by school boards because students have way too much time on their hands and wrote elaborate documentation on how to open up and repurpose their school devices. In our team we admired those efforts (lots of open source hackers at heart), but we also recognize that the owner of a device should have the final say about what happens to it.

                  [1] All other options provide a way to recover the system, "worst" case by going back to an official Chrome OS install. Replacing your firmware entirely means that no simple recovery mechanism is left. You will probably have to deal with a bad flash or two, but on recent Chromebooks you don't even have to open your device anymore to recover from that. Details at https://wiki.mrchromebox.tech/Firmware_Write_Protect

                  Comment


                  • #10
                    Originally posted by GI_Jack View Post
                    Why did they add TXT?

                    There is no good reason for this technology which exists to remove peoples Freedoms.
                    Some more background here: https://www.phoronix.com/scan.php?pa...ource-Coreboot

                    Since I was involved with this I can tell you that the reason for doing it was to add a layer of security to servers and switches in a tightly controlled datacenter environment, not to "remove peoples Freedoms." Now people in the open source community who want remote attestation can use it in a libre-friendly manner.
                    Last edited by davidhendricks; 24 November 2020, 12:07 AM.

                    Comment

                    Working...
                    X