I don't mean to speak on behalf of the project, just letting you know some of the obstacles of trying to distribute or validate firmware images.If I were better organized, I'd post hashes of my firmware images as well as the hashes of all the blobs used, which is probably as good as you can get ATMOn Thu, Oct 13, 2016 at 3:58 PM, Emilian Bold <emilian.bold@gmail.com> wrote:Sad to hear Coreboot cannot provide this info. Is there some downstream project I don't know about that could provide this?Maybe Google will take pity on the poor Chromebooks and provide some kind of firmware update themselves after the EoL.--emiOn Thu, Oct 13, 2016 at 10:35 PM, Matt DeVillier <matt.devillier@gmail.com> wrote:but then you get into the situation where coreboot (org) is providing hashes for binary firmware it didn't build / isn't providing / can't easily validate. And pulling that from a live system like is done with board status isn't easily done, for multiple reasons. That's one of the reasons for the "rom-o-matic" GSoC project (where users would provide the blobs, and a firmware image would be build in real-time using a known good commit hash, config, etc), but I'm not sure the status on thatFunny you mention the C710, as I'll be releasing updated firmware for it, both UEFI and Legacy versions, supporting both SB/IVB variants, in the next few days. You will be able to reproduce it yourself using my posted sources, build scripts, and the blobs extracted from my firmware.On Thu, Oct 13, 2016 at 2:22 PM, Emilian Bold <emilian.bold@gmail.com> wrote:Just listing SHA hashes of the recommended ROMs for a given Chromebook would be an improvement.The hash is sufficient to verify a build / download. But it has to come from Coreboot.Actually, this would be a nice project for someone from Google.I can only volunteer testing a build on my Acer C710 (which is probably the only Chromebook with upgradeable RAM and disk).--emiOn Thu, Oct 13, 2016 at 6:49 PM, Matt DeVillier <matt.devillier@gmail.com> wrote:well, in order for that to happen, someone would have to take ownership of that - are you volunteering? =)There's also the issue of blobs that can't be redistributed, which is AIUI one of the reasons why coreboot doesn't offer compiled firmware. Additionally, some models (ie, Chomeboxes) require persistence of parts of the stock firmware in order to maintain their unique ethernet MAC address, so having users simply download and manually flash a compiled firmware manually is highly suboptimal. This is why I implemented the flashing script (well that, and to provide some basic sanity checks that users weren't flashing the wrong firmware, had write-protect disabled, etc)On Thu, Oct 13, 2016 at 10:14 AM, Emilian Bold <emilian.bold@gmail.com> wrote:I think EoL Chromebooks are a good opportunity for Coreboot to present itself to end users.Right now Chromebooks use Coreboot but nobody knows that.But once a Chromebook reaches EoL people will either throw it away or use it with the insecure and outdated browser version they have until it breaks.People would appreciate that it's possible to keep the device and use a modern Linux with up-to-date browser by only installing a dedicated Coreboot ROM.A per-device wiki page would be great! Something to show how to install it, etc.A ROM sha-256 (and a link) is also essential to know what to grab (or if your build was good).I'm actually the one that started the reproducible builds thread last time precisely because I could not get the same ROM image as the ones posted online and I was wondering what I did wrong and if I would brick my laptop or not.--emiOn Thu, Oct 13, 2016 at 5:53 PM, Matt DeVillier <matt.devillier@gmail.com> wrote:Emi,I think this is what you're looking for: https://www.coreboot.org/Supported_Motherboards It contains the commit hash, build config, and a few other logs for each device/commit. It is user submitted though, since there doesn't exist a test setup for every supported device.Right now, I'm the main builder/distributor of upstream coreboot firmware for ChromeOS devices; I support all Haswell, Broadwell, and some Baytrail devices, the former with both UEFI and Legacy Boot variants. When time permits, I'll expand that to cover the rest of the Baytrail devices, then move on to adding support for Skylake. No plans for Braswell support unless I acquire a device on which to test.John Lewis has some upstream firmware for the older SandyBridge/IvyBridge models, but his Haswell firmware is build from Google's tree/branches not upstream. He also has no plans for any future upstream firmware.cheers,
MattOn Thu, Oct 13, 2016 at 6:49 AM, Emilian Bold <emilian.bold@gmail.com> wrote:--Hello,Now that Coreboot has reproducible builds, could you provide a list of build hashes for Chromebooks that are or will soon reach End of Life?I see on https://support.google.com/chrome/a/answer/6220366?hl=en that 2 Chromebooks will reach End of Life in 2016 and 3 more in 2017 then 7 in 2018. I assume the number will increase each year. I know that Coreboot does not distribute builds, but the little Custom roms section on https://www.coreboot.org/users.html seems insufficient.It's easy making a build, you just need to have the certainty you did it well. Or that the one you are downloading is correct.Posting an official SHA-256 hash for a ROM would solve this.--emi
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot