[coreboot] Permanent solution of the UEFI Secure Boot problem?!
Xavi Drudis Ferran
xdrudis at tinet.cat
Fri Jan 11 15:38:25 CET 2013
On Thu 10/01/13 18:44 , ron minnich <rminnich at gmail.com> wrote:
> Get a chromebook. It runs coreboot. You can rebulid and reflash the
> bios. It has a secure boot you can turn on and off. It's a state of
> the art machine with excellent build quality. I replaced my Mac Air
> with a samsung xe550, I put in it normal mode and run Linux in a
> chroot and it's great. All my coreboot, Plan 9, and Go work is done on
> this chromebook. It runs my personal build of coreboot.
> Get tbe GETAC laptops that use coreboot. They're even more open than
> the chromebook -- there's no binary blob. They're heavy and have poor
> battery life but they're pretty open.
Just curious which are the blobs in the xe550 ? The intel signed boot code
for the CPU ? (I'm not certain which CPUs need it). Or are there more for
wifi, 3G or whatever. I guess graphics drivers are free, ain't them ?
> find a laptop that mostly uses coreboot supported chipsets. Spend a
> year trying to get all the proprietary bits working (EC for example).
> You will learn a lot.
I tried that with a desktop board (should be easier, I bought it thinking to
port coreboot and laptops are harder) and a year (of spare time, not full time)
wasn't enough for me. But yes, I learned a lot.
> get an ARM-based laptop and help us with the ongoing ARM port of
> coreboot. A samsung ARM chromebook or EFIKA might be nice.
Porting coreboot should be nice, but AFAIK they already come with
free firmware (uboot).
> One of the things that people don't always realize is that hardware
> design is really, really hard -- far harder than it was 10 years ago.
> It's pretty easy to put together a board that boots most of the time.
> But add in the effort to make a real laptop that people want to use,
> with packaging and cooling and emissions and wifi and pointer device
> and so on, and then taking that through regulatory hurdles and all the
> other bits, well, that's another problem entirely. Peter's estimate is
> quite good.
I know. I blame it partially on the PC architecture, but I suspect that's
more because of my ignorance of architectures than a real characteristic trait.
It's not only difficult per se. It's harder to distribute the job globally,
harder to build on incremental improvements, much more costly to experiment
than with software, needing more tools and software (not all free possibly)
and a long etc. Hardware design is mostly logic, so
us software people tend to think it as similar to what we are used to, just
with some different "API"s but it is not only logic. There's some physical
considerations, and particulary we don't have foundries at home, so
businesses with expensive factories and good staffs have much more leverage than
software oligopolists. They use that leverage to impose ridiculous
secrecy and throtle the pace of obsolescence by changing availability
of products and parts. Add patents and certification and it's a nonstarter.
> So get one of the laptops that coreboot supports and start there.
> Unless you're at a company that does design routinely it's going to be
> almost impossible to get something done in a timely manner, and, when
> you're done, it's unlikely anyone will care.
> I talked to Mark years ago about the laptop issue, but I ended up
> concluding that ubuntu was not going to be able to contribute a lot to
> the effort.
I didn't need to talk to Mark. Just a brief look at the page shows they're staying
at good intentions.
I've often thought it would be very nice if "we" (who?) could pick a very few
computer models each year and try to concentrate effort on those in order
to have free implementation for both coreboot and all drivers. But it's not
so easy. The effort is too much to pay for it between a handful of users,
and the decision on which models to pick is too difficult to agree on (everyone
has different comfort zones on the diverse trade-offs). The availability
of the choosen products is not guaranteed, and the legal framework does not
So it goes the other way around. Some volunteer picks some model, gets the
hard job done, and then the rest get to try to get the same hardware if it's still
in the market. It's difficult that a single product is picked by all the different teams
trying to liberate firmware, drivers, etc.
Maybe the open hardware will advance enough to be a solution, but I think
it started later than software, and advancesin free software took also several
years before they were evident and could solve everyday problems.
More information about the coreboot