Announcement

**Drizzt321** · 14 May 2024, 05:13 PM

Very cool work.

Maybe this can be used as the basis for other AMD systems to have Coreboot put on it. Or is there far more than board makers need to do/release in order to use Coreboot on them?

**ThomasD** · 14 May 2024, 06:33 PM

Does AMD not have something like Intel Boot Guard? I thought these kind of "attacks" are a part of the past?

**Drizzt321** · 14 May 2024, 06:43 PM

Originally posted by ThomasD View Post

Does AMD not have something like Intel Boot Guard? I thought these kind of "attacks" are a part of the past?

What attack? This is a highly experimental port of Coreboot to the Framework 13 AMD laptop.

**Forge** · 14 May 2024, 07:07 PM

Boot Guard isn't applicable. I'm excited to see this as functional as it already is, there's been noise in the FW forums for some time requesting effort be put into coreboot, but not a lot visible happened. Framework sent three laptops with Boot Guard to unknown coreboot developers some time ago (years now?), but they ended up bricked, according to Framework, and we got no new news for a long while.

The Framework Chromebook is already running coreboot as part of the Chromebook process, and that *should* be portable to the other Intel models with some effort (aforementioned Boot Guard means Framework would have to sign all coreboot releases, as I understand it), but the AMD models are a little more open, and can run coreboot without Intel entanglements.

I'll be watching this with interest, and possibly testing it.

**ThomasD** · 14 May 2024, 07:19 PM

Originally posted by Drizzt321 View Post

What attack?

Replacing the firmware of a device with possible malware. (I don't mean coreboot is malware, but an attacker could inject their own payload)

Edit: on the other hand, you could check this via PCR0 on boot with tpm2-totp , ultrablue or cryptographic-id
You just have to trust the initial paring.

**Almindor** · 14 May 2024, 09:31 PM

While this is a nice segway I really wished AMD got their sh*t together and fixed the real issues of Framework 13 (amd version obviously). They have got a bunch of tickets open on firmware/bios level wrt. suspend and hibernation bugs, powersaving issues etc.

**Drizzt321** · 14 May 2024, 10:20 PM

Originally posted by ThomasD View Post

Replacing the firmware of a device with possible malware. (I don't mean coreboot is malware, but an attacker could inject their own payload)

Edit: on the other hand, you could check this via PCR0 on boot with tpm2-totp , ultrablue or cryptographic-id
You just have to trust the initial paring.

Who says he's having to initiate an attack to inject? Framework is very open about how to use/repair/modify their systems. He might have had a bit of inside contact with them, since AMD has been working very closely for their new 13" AMD mainboard and 16" mainboard, but they'll provide some help and information to everybody regardless. So I'll bet he just had straightforward (for UEFI/BIOS updating, doesn't mean straightforward for the rest of us) instructions, possibly even a signing key or something.

So in short, I highly doubt there was any attack of any kind. This isn't "someone ports Coreboot to random mobo" kind of work.

**ayumu** · 15 May 2024, 12:31 AM

This is ridiculous.

Why is Framework not sponsoring this?

**mechkbfan** · 15 May 2024, 03:52 AM

Originally posted by ayumu View Post

This is ridiculous.

Why is Framework not sponsoring this?

Not sure if this exact one but they did send multiple units to coreboot community. IIRC a bunch of them got bricked

[RESPONDED] Coreboot on the Framework Laptop

https://community.frame.work/t/responded-coreboot-on-the-framework-laptop/791

This thread is a wiki. Anyone who has the permission to edit the wiki can edit the first comment. Context This thread started with a topic to ask to open EC firmware and also to use open BIOS firmware, coreboot (Wikipedia). In January 2022, Framework open-sourced their EC firmware (blog). Then this thread became the main thread of the coreboot. Challenges and actions Here is a summary mainly from a coreboot issue ticket to port coreboot to Framework Laptop below. Notes to collaborate with p...

I don't have time to TLDR that thread right now sorry

Edit: Found the bricked comment

[RESPONDED] Coreboot on the Framework Laptop

https://community.frame.work/t/responded-coreboot-on-the-framework-laptop/791/117

I believe we’ve noted this elsewhere, but of the three unfused units we provided to coreboot devs, all three managed to get bricked in development. We’ll be preparing another set of unfused units for additional (or maybe the same) coreboot developers. In addition, we’ve provided a Chromebook Edition unit early to a community member who has expertise in alternative firmware for Chromebooks. As noted previously, Chromebooks use coreboot already.

"three unfused units we provided to coreboot devs, all three managed to get bricked in development. We’ll be preparing another set of unfused units for additional (or maybe the same) coreboot developers"

Announcement

Framework 13 AMD Laptop Seeing Experimental Coreboot Port

Framework 13 AMD Laptop Seeing Experimental Coreboot Port

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment