The Mission Of Coreboot - Is It About Open-Source Or Appeasing Hardware Vendors?
The current description of the project as set out on Coreboot.org is "coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology."
Recently brought up though was trying to provide clarity that Coreboot isn't necessarily a complete solution for those wanting a 100% open-source firmware solution due to the likes of Intel FSP/ME and other binary components often being required for any functional support.
Among the ideas expressed was changing the end of their mission statement to include: "As an Open Source project it aims to provide auditability and maximum control over technology; On some platforms (especially non-open ISA platforms), some boot functionalities are provided by Silicon Vendor binary blobs." Meanwhile another proposal was suggested as "coreboot is an open firmware platform with its primary goal as a fully owner controlled, secure boot experience. For open ISA and other owner controlled systems, it currently provides an auditable, secure boot environment for silicon vendors, large organizations, and individual developers. For restricted systems, such as modern x86 platforms, it provides a compatible end stage loader and firmware module framework for proprietary vendor binaries." Or another, "The project aims to provide auditability and maximum control over technology. But, the framework also allows to include binary blobs to initialize certain devices."
Those statements were rejected over too much jargon/text or not relevant for a brief description of the project. And as for why Coreboot doesn't more prominently advertise that some binary blobs are commonly needed, an interesting analogy was used: "The bakery won't advertise bread as "has too many carbs". It will advertise "fresh and crunchy". For nutritional education you will have to read the fine print on the label or do your homework. Without trying to defend any business practices, why would one assume that that's realistically any different for any coreboot or other technology related project?"
The situation around the openness of Coreboot becomes clouded with some vendors like Purism prominently advertising their "open-source" Coreboot support but without mentioning that FSP binaries for example are still being used. Only when it comes to downstreams like Libreboot or now Oreboot where they have explicit promises around open-source that there are guarantees the system is liberated of any binary bits for hardware initialization.
The mailing list archives have been acting up but part of the discussion can be seen via this thread.
So to Phoronix readers, should Coreboot be doing more for acknowledging the binary bits often at play or any other suggestions for them in improving the clarity and intent of the project? Are you interested in Coreboot for the idea of purely open-source firmware or its technical features and capabilities?