[coreboot] Official builds for EoL Chromebooks

Emilian Bold emilian.bold at gmail.com
Sun Oct 16 12:15:15 CEST 2016 

Well, it was an idea. Feel free to use it for Summer of Code or some such.


--emi

On Fri, Oct 14, 2016 at 1:41 AM, Matt DeVillier <matt.devillier at gmail.com>
wrote:

> I don't mean to speak on behalf of the project, just letting you know some
> of the obstacles of trying to distribute or validate firmware images.
>
> If I were better organized, I'd post hashes of my firmware images as well
> as the hashes of all the blobs used, which is probably as good as you can
> get ATM
>
> On Thu, Oct 13, 2016 at 3:58 PM, Emilian Bold <emilian.bold at gmail.com>
> wrote:
>
>> Sad to hear Coreboot cannot provide this info. Is there some downstream
>> project I don't know about that could provide this?
>>
>> Maybe Google will take pity on the poor Chromebooks and provide some kind
>> of firmware update themselves after the EoL.
>>
>>
>> --emi
>>
>> On Thu, Oct 13, 2016 at 10:35 PM, Matt DeVillier <
>> matt.devillier at gmail.com> wrote:
>>
>>> but then you get into the situation where coreboot (org) is providing
>>> hashes for binary firmware it didn't build / isn't providing / can't easily
>>> validate.  And pulling that from a live system like is done with board
>>> status isn't easily done, for multiple reasons.  That's one of the reasons
>>> for the "rom-o-matic" GSoC project (where users would provide the blobs,
>>> and a firmware image would be build in real-time using a known good commit
>>> hash, config, etc), but I'm not sure the status on that
>>>
>>> Funny you mention the C710, as I'll be releasing updated firmware for
>>> it, both UEFI and Legacy versions, supporting both SB/IVB variants, in the
>>> next few days.  You will be able to reproduce it yourself using my posted
>>> sources, build scripts, and the blobs extracted from my firmware.
>>>
>>> On Thu, Oct 13, 2016 at 2:22 PM, Emilian Bold <emilian.bold at gmail.com>
>>> wrote:
>>>
>>>> Just listing SHA hashes of the recommended ROMs for a given Chromebook
>>>> would be an improvement.
>>>>
>>>> The hash is sufficient to verify a build / download. But it has to come
>>>> from Coreboot.
>>>>
>>>> Actually, this would be a nice project for someone from Google.
>>>>
>>>> I can only volunteer testing a build on my Acer C710 (which is probably
>>>> the only Chromebook with upgradeable RAM and disk).
>>>>
>>>>
>>>>
>>>> --emi
>>>>
>>>> On Thu, Oct 13, 2016 at 6:49 PM, Matt DeVillier <
>>>> matt.devillier at gmail.com> wrote:
>>>>
>>>>> well, in order for that to happen, someone would have to take
>>>>> ownership of that - are you volunteering?  =)
>>>>>
>>>>> There's also the issue of blobs that can't be redistributed, which is
>>>>> AIUI one of the reasons why coreboot doesn't offer compiled firmware.
>>>>> Additionally, some models (ie, Chomeboxes) require persistence of parts of
>>>>> the stock firmware in order to maintain their unique ethernet MAC address,
>>>>> so having users simply download and manually flash a compiled firmware
>>>>> manually is highly suboptimal.  This is why I implemented the flashing
>>>>> script (well that, and to provide some basic sanity checks that users
>>>>> weren't flashing the wrong firmware, had write-protect disabled, etc)
>>>>>
>>>>> On Thu, Oct 13, 2016 at 10:14 AM, Emilian Bold <emilian.bold at gmail.com
>>>>> > wrote:
>>>>>
>>>>>> I think EoL Chromebooks are a good opportunity for Coreboot to
>>>>>> present itself to end users.
>>>>>>
>>>>>> Right now Chromebooks use Coreboot but nobody knows that.
>>>>>>
>>>>>> But once a Chromebook reaches EoL people will either throw it away or
>>>>>> use it with the insecure and outdated browser version they have until it
>>>>>> breaks.
>>>>>>
>>>>>> People would appreciate that it's possible to keep the device and use
>>>>>> a modern Linux with up-to-date browser by only installing a dedicated
>>>>>> Coreboot ROM.
>>>>>>
>>>>>> A per-device wiki page would be great! Something to show how to
>>>>>> install it, etc.
>>>>>>
>>>>>> A ROM sha-256 (and a link) is also essential to know what to grab (or
>>>>>> if your build was good).
>>>>>>
>>>>>> I'm actually the one that started the reproducible builds thread last
>>>>>> time precisely because I could not get the same ROM image as the ones
>>>>>> posted online and I was wondering what I did wrong and if I would brick my
>>>>>> laptop or not.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --emi
>>>>>>
>>>>>> On Thu, Oct 13, 2016 at 5:53 PM, Matt DeVillier <
>>>>>> matt.devillier at gmail.com> wrote:
>>>>>>
>>>>>>> Emi,
>>>>>>>
>>>>>>> I think this is what you're looking for: https://www.coreboot.org/
>>>>>>> Supported_Motherboards
>>>>>>> It contains the commit hash, build config, and a few other logs for
>>>>>>> each device/commit.  It is user submitted though, since there doesn't exist
>>>>>>> a test setup for every supported device.
>>>>>>>
>>>>>>> Right now, I'm the main builder/distributor of upstream coreboot
>>>>>>> firmware for ChromeOS devices; I support all Haswell, Broadwell, and some
>>>>>>> Baytrail devices, the former with both UEFI and Legacy Boot variants. When
>>>>>>> time permits, I'll expand that to cover the rest of the Baytrail devices,
>>>>>>> then move on to adding support for Skylake.  No plans for Braswell support
>>>>>>> unless I acquire a device on which to test.
>>>>>>>
>>>>>>> John Lewis has some upstream firmware for the older
>>>>>>> SandyBridge/IvyBridge models, but his Haswell firmware is build from
>>>>>>> Google's tree/branches not upstream.  He also has no plans for any future
>>>>>>> upstream firmware.
>>>>>>>
>>>>>>> cheers,
>>>>>>> Matt
>>>>>>>
>>>>>>> On Thu, Oct 13, 2016 at 6:49 AM, Emilian Bold <
>>>>>>> emilian.bold at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> Now that Coreboot has reproducible builds, could you provide a list
>>>>>>>> of build hashes for Chromebooks that are or will soon reach End of Life?
>>>>>>>>
>>>>>>>> I see on https://support.google.com/chrome/a/answer/6220366?hl=en that
>>>>>>>> 2 Chromebooks will reach End of Life in 2016 and 3 more in 2017 then 7 in
>>>>>>>> 2018. I assume the number will increase each year.
>>>>>>>>
>>>>>>>> I know that Coreboot does not distribute builds, but the little
>>>>>>>> Custom roms section on https://www.coreboot.org/users.html seems
>>>>>>>> insufficient.
>>>>>>>>
>>>>>>>> It's easy making a build, you just need to have the certainty you
>>>>>>>> did it well. Or that the one you are downloading is correct.
>>>>>>>>
>>>>>>>> Posting an official SHA-256 hash for a ROM would solve this.
>>>>>>>>
>>>>>>>> --emi
>>>>>>>>
>>>>>>>> --
>>>>>>>> coreboot mailing list: coreboot at coreboot.org
>>>>>>>> https://www.coreboot.org/mailman/listinfo/coreboot
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20161016/61413924/attachment.html>

More information about the coreboot mailing list