Issue #387 has been updated by Nico Huber.
Framework controls this key, and has proposed creating both a signed "official" coreboot image as well as signed shim which would allow user-built coreboot firmware to be used.
I hope they know what they are talking about. I mean such a shim, wouldn't that effectively disable the whole BootGuard feature? It would be most welcome, though. Because without it, it would be very hard for the community to maintain the port (and to be honest, if they make it hard, it won't happen). Alternatively, they could sell units with BootGuard disabled. That would also reduce the amount of blobs needed.
How can we, people in the Framework community, help you?
Get them to publish documentation. Or at least get them to offer a reasonable NDA to individuals. Without documentation, the community is unlikely to pick up the maintenance effort and they'll need to constantly pay somebody for it (if the goal is to have upstream coreboot support). Schematics are a minimum. What is controlled by the EC and how is also very valuable information. Without such documentation, one has to be very lucky. If unlucky, it's possible that the initial port costs some $10,000 more.
---------------------------------------- Support #387: Support Framework Laptop https://ticket.coreboot.org/issues/387#change-952
* Author: Jun Aruga * Status: New * Priority: Normal * Category: board support * Target version: none * Start date: 2022-06-05 * Affected hardware: Framework Laptop ---------------------------------------- Dear coreboot developers,
I am a user of Framework Laptop[1][2]. Thank you for working to make coreboot work on Framework Laptop! This ticket is to track the task, as I didn't see any other issue tickets about Framework Laptop here. According to the Framework founder's comment[3] below, Framework provided Framework Laptops to the coreboot community.
We've handed three systems that can boot unsigned bootloaders to folks in the coreboot community. Our plan in the near term is to help them create a shim loader that can be signed to run on any Framework Laptop, which then enables anyone to do further coreboot development.
Then I saw Matthew's try to make the coreboot work on Framework Laptop,[4] but unfortunately it didn't work at that time.[5]
How is the current status? What prevents coreboot from working on the Framework Laptop? How can we, people in the Framework community, help you? As a reference, there is a coreboot specific thread on the Framework community forum.[6]
## References
* [1] https://frame.work/ * [2] Framework Computer - Wikipedia - https://en.wikipedia.org/wiki/Framework_Computer * [3] Framework Laptop Mainboard, Hacker News, April 20, 2022 - https://news.ycombinator.com/item?id=31097434 * [4] Matthew tries to port Coreboot to the Framework laptop - February 27, 2022 - https://www.youtube.com/watch?v=Jf_6xW-8tfQ * [5] Matthew Garrett on Twitter, February 27, 2022 - https://twitter.com/mjg59/status/1497788538212917250 * [6] Free the EC! and Coreboot Only - https://community.frame.work/t/free-the-ec-and-coreboot-only/791