[coreboot] Are any Chromebooks able to run fully libre?

Sam Kuper sam.kuper at uclmail.net
Fri Jan 3 00:28:14 CET 2014 

On 02/01/2014, mrnuke <mr.nuke.me at gmail.com> wrote:
> On Thursday, January 02, 2014 09:16:25 PM Sam Kuper wrote:
>> My earlier question about the Acer C7/C710 and HP Pavilion 14 was
>> motivated by the following consideration: if they have not been found
>> to have CPU errata warranting uploading of CPU microcode, then they
>> might be (at least in this respect) preferable to the X60 which forces
>> the user to choose between uploading microcode or running with known
>> vulnerabilities.*
>>
> x86 Chromebooks ship with microcode updates.

On the C7/C710 and Pavilion 14 as shipped, where are those microcode
updates stored?

> And
> how exactly is a CPU different if the microcode update is patched in the
> factory rather than uploaded at boot? It's the same microcode in the end.

First of all, if some microcode is in the CPU from the factory rather
than being uploaded into the CPU's "microcode-patchable space"[1] then
it's not "*patched* in".

If no errata have been reported for the 847 and 1007U for which
microcode updates have been released, then that's one less thing to
keep on top of when building Coreboot or installing an OS. Personally,
I'm in favour of having one less thing to keep on top of in such a
situation.

Also, if no errata have been reported for the 847 and 1007U for which
microcode updates have been released, then it's possible those two
models are - at least compared to Core Solo, Core Duo, Core 2 Duo, etc
- not lemons. Personally, I'd rather not buy a lemon.

Additionally, if no errata can be found by people outside Intel in the
847 and 1007U for which a microcode update would be justified, then
Intel/whoever would be less likely to be able to convincingly foist
compromised microcode for those CPUs on anybody in the future.[2][3]

> This microcode discussion is ridiculous.

Well, that's the problem with proprietary systems; you have to just
make a guess about which of several black boxes is the least worst.
Might as well at least try to make that an educated guess instead of a
blind guess.

Regards,

Sam

[1] https://web.archive.org/web/19990219103606/http://eetimes.com/news/97/963news/hole.html
[2] http://www.forbes.com/sites/steveblank/2013/07/15/your-computer-may-already-be-hacked-nsa-inside/
[3] http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI

More information about the coreboot mailing list