LVFS Exploring Alternate, Open-Source Firmware For Capable End-Of-Life Devices
Lead LVFS/Fwupd developer Richard Hughes of Red Hat stoked a community question, "Hypothetically, if a legal entity (like the LVFS) started distributing Coreboot firmware security updates for EOL hardware like the ThinkPad X220 (with the vendors blessing) how does that feel? You'd have to explicitly opt-in and it would be clear all OEM warranty is gone."
Obviously there are some legal issues involved and such a move may not be endorsed by the hardware vendor, but the affected hardware is end-of-life after all. It is an interesting avenue since right now Coreboot can run on a lot of other Intel laptops / desktop motherboards / server motherboards but generally isn't very easy for inexperienced users to flash and transition to with usually quite involved steps for building and flashing. LVFS/Fwupd could make it much easier to switch off the proprietary firmware of your system and onto libre firmware where supported.
Hughes has subsequently proposed the idea of alternate branches for LVFS. To this point LVFS has relied exclusively on the ODM/OEM to upload firmware for their hardware due to legal requirements, good security model, etc. But with the proposed alternate branches it could open up EOL'ed hardware to non-vendor firmware. The alternate firmware branches would be strictly opt-in by the user and show appropriate warnings around the potential consequences (reduced functionality, damaged, or even bricked hardware), and that the alternate firmware cannot leverage any code/binaries/assets from the original hardware vendor without permission.
Older ThinkPad laptops in particular have tended to see Coreboot ports and could see extended life with the "alternate firmware" proposal. Other hardware with open-source third-party firmware could also benefit.
Besides the Lenovo ThinkPad X220, the Broadcom BCM57xx GPL firmware is another example of something that could be offered as an alternate option. The proposal ends with:
It is insanity to throw a perfectly working machine into landfill just because it’s considered EOL by the original hardware vendor and no longer receiving security updates.
If we can help provide alternate safe firmware, these machines then provide inexpensive access for education and employment for those otherwise unable to afford devices.
We'll see if LVFS is (hopefully) able to offer such alternate firmware service as an organization and will ideally not be blocked by vendor push-back... Great idea if it's able to take off properly for more easily switching to alternate/open-source firmware on EOL systems.