[coreboot] Are any Chromebooks able to run fully libre?
David Hendricks
dhendrix at google.com
Sat Dec 21 00:37:21 CET 2013
On Fri, Dec 20, 2013 at 3:12 PM, ron minnich <rminnich at gmail.com> wrote:
> To expand on this answer, it's going to be just about impossible,
> going forward, to become blob-free on any popular platform. I can go
> into more detail if you want to know the particulars, but there's so
> many places in our systems containing blobs, far more than in 2000,
> and as fast as we seem to stamp them out, new blobs crop up.
>
> Not possible on any popular ARM products of which I am aware (e.g.
> most of chips have a ROM in the CPU mask which is closed and not
> replaceable); definitely not an option on anything new from Intel. And
> it's really a matter of a tradeoff. The Chromebooks come with blobs,
> it is true; but the EC is blob-free. You can get AMD-based laptops,
> maybe with coreboot, and they'll come with a closed EC with blobs. The
> wonderful work on the X60 and X201 has gone very far, but the EC blob
> remains. It's a really hard problem!
>
I think it's important to keep the scope of these blobs in mind. The BL1
blob used on the Exynos5xxx chips (like on the Samsung XE303C12
Chromebook), for example, is small (~8K) and mostly exists to just load the
next phase. Contrast that with the multi-megabyte management engine blob on
Intel platforms that runs on its own microcontroller and has unfettered
access to DRAM and networking resources.
For ECs, the attack vector to worry about is key logging but at least that
can be mitigated if you can read the EC firmware and verify its contents
like we do on Chromebooks. But of course simply reading the EC firmware on
a typical laptop can be a challenge...
>
> At this point it's harder and harder to escape the Blob. It eats you
> alive! http://www.youtube.com/watch?v=TdUsyXQ8Wrs
>
> I think the idea of creating blob-free systems continues to be a
> wonderful idea, one that I'd love to see happen some day.
>
> ron
>
> --
> coreboot mailing list: coreboot at coreboot.org
> http://www.coreboot.org/mailman/listinfo/coreboot
>
--
David Hendricks (dhendrix)
Systems Software Engineer, Google Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20131220/c1a34f2e/attachment.html>
More information about the coreboot
mailing list