Coreboot Is Ridding Its Need For Intel's FSP-T Blob

Coreboot making progress on its temporary RAM initialization code (cache as RAM) means that its usage of the FSP-T binary blob is increasingly unnecessary.

Thanks to work by consulting firm 9elements Cyber Security, it's now possible with Coreboot to get open-source cache as RAM (CAR) code working even if using Intel BootGuard. This working open-source code thereby makes Intel's FSP-T binary more redundant and thus can be avoided for an increasing amount of Intel hardware out there. FSP-T is still needed for some platforms like Skylake-SP, Cooperlake-SP, and Denverton-NS for FSP-T's other hardware initialization bits.

FSP-T is one part of the overall Intel Firmware Support Package (FSP) and primarily deals with temporary RAM initialization and on some platforms other early hardware initialization handling.

9elements wrote a blog post outlining their work on open-source cache as RAM handling while still having functionality like BootGuard working. Arthur Heymans of the firm concluded the post with, "The advantages of being in control of the execution environment are overwhelming. From personal experience on working with the Cooperlake SP platform, we did regularly hit issues with FSP-T. Sometimes those were bugs inside the FSP-T code that had to be worked around. On other occasions it was coreboot making assumptions on the bootflow that were not compatible with FSP being in control of the execution environment. I can firmly say that FSP-T causes more troubles than it actually solves, so having that code open sourced is the best strategy. We hope that by setting this good example with open source Bootguard support, others will be incentivised to not rely on FSP-T but pursue open source solutions."

Many free software enthusiasts continue longing for the day when modern Intel and AMD platforms -- and especially widely available desktop motherboards -- can work with Coreboot using a fully open-source stack.