This the the Blob Matrix. What is the Blob Matrix? It is a table in which we define, for different systems, what blobs there are. The goal is to have a common reference of types of blobs. Until we're sure we have the right list we don't need the matrix yet.
Consider, for example, the Google Pixel laptop. We can identify the following CPUs that affect coreboot or that it uses: EC, ME, main CPU.
For this example, we have the following blobs: ME, blob from Intel (replaceable, signed); main CPU: microcode (not practically replaceable), MRC (not practically replaceable), VGA BIOS (replaceable, proof of concept in repo).
Here is another system, the Snow Chromebook. It has an EC and a main CPU. The blobs are main CPU: BL0 (not replaceable), and BL1 (replaceable, signed).
My old x60, with coreboot on it: EC: EC OS (not replaceable); ME, blob from Intel (replaceable, signed); main CPU: microcode, BIOS, VGA BIOS
Let's consider the first coreboot systems, the l440gx, PowerPC, and Alpha
The l440GX had no CPUs save the main CPU, and all of linuxbios was open. There was no ACPI or SMM.
The PowerPC was, similarly, blob free.
We think the Alpha had an EC, which was closed and had a blob; it was otherwise blob free.
|Mainboard||Chipset||EC Blob||ME Blob / Signed & Type||Mask ROM blob||Reset vector blob / Signed?||Microcode Blob||VGA blob||SMM Blob||ACPI Blob||Runtime Blob||Notes|
|Google Pixel||Sandybridge||No||Yes / Yes; Unknown||No||No||Yes||Yes||No||No||No|
|Intel Galileo||Quark||No EC||No ME||Yes||Yes; see notes||Yes||Yes||Yes||Yes||Yes EFI|| We make a key, Intel signs the key, we use the signing tool to sign our binary.
The signing utility is part of the BSP on communities.intel.com. ( https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=23197)
The Customer is required to provide a public RSA key that is derived from a Private key that conforms to the following:
We expect to receive a .pem file that contains only the public components of the Customer RSA 2048 key.