This seems to be a fairly accurate assessment of the situation, imo.

It's disappointing to see people shocked by inclusion of binary components and left with a very negative impression. I've seen coreboot particularly derided by people who first learn about libreboot from the FSF and arrive with high expectations. Perhaps acknowledging the split and that right now x86 is a best effort in bad situation can help with this.

This both points out the platforms which are "fully free" and manages expectations upfront with other architectures. POWER systems that exist like the Talos II and any future openPOWER implementations are arguably far more "free" than anything on the RYF list (every thinkpad runs proprietary EC firmware, including the X220), and may be very appealing to those looking for a "maximum freedom" solution. The only other thing to do is be specific about what firmware modules are included in various other platforms and provide information needed to make an informed decision for a given threat model.

As Patrick Georgi noted:
FSP is a mixed bag in that it enabled going on with contemporary hardware but also seemed to have killed all motivation to reverse engineer chipset bringup - or maybe that's due to the omnipresent ME...
I think acknowledging the split may also generate interest in improving this situation. It's great if it prompts people to investigate proprietary components or pressure their vendors for better documentation.

A nitpick: Perhaps
As an Open Source project it provides a flexible framework for integration of necessary vendor-specific firmware modules, and...
instead of
As an Open Source project it provides a flexible framework for insertion of vendor specific firmware modules, and...
is more specific?

I not sure about naming. There was mention a while back of Oreboot, but not everything fully open source is also C-free.
Which one of the two would be coreboot-lite? :P


On Sat, Aug 31, 2019 at 5:54 PM Timothy Pearson <tpearson@raptorengineering.com> wrote:
I'd like to open discussion on a revamp of the text on the main coreboot.org Web site.  I had a brief discussion on IRC recently with some basic agreement from a couple of people that the text on that page has likely bitrotted enough compared to the current status and goals of coreboot to no longer be useful.

I bring this up due to confusion in less technical circles that I've been having to correct over the past week or so.  Specifically, these statements taken in isolation:

"Fast, secure and flexible OpenSource firmware"

"coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology."

present a very different picture than the reality of the project at the moment for modern platforms.  If people are not aware of the ME, PSP, AGESA, FSP, BinaryPI, and a host of other proprietary components, they naturally take the statements above at face value and assume that installing coreboot on their machine (or paying for coreboot support for their system) allows them to replace the entire proprietary firmware with an auditable, fast, secure OpenSource firmware.  As those of us dealing with the reality of modern x86 and ARM platforms understand more fully, this could not be farther from the truth.

One of the problems as I see it is that coreboot is really two different projects with two different goals right now, under the same label.  One is the native init project, which at the moment is only viable for RISC-V, POWER, and certain ARM SoCs.  The other is the open glue project for vendor binaries, which is not well understood at this time among much of the open source community, but seems to have significant support from vendors like Google, Intel, and AMD.

Complicating matters, the trademark "coreboot" is currently known to some members of the public as a trusted (albeit limited in compatibility) fully open source replacement for their exiting board level firmware.  When the word "coreboot" is used, very few people think of the glue project.  Do we want to dilute / shift the coreboot trademark / branding to the glue part of the project, or do we want to somehow reserve "coreboot" for the native init part of the project?  I don't have an answer here, I'm just trying to state the facts as I currently see them for further discussion.

I would propose the following changes, and welcome discussion on these topics:

The heading could read something like "Flexible, open source frameworks for system firmware"

and the detailed description could read "coreboot is an extensible firmware platform that aims to provide a minimal boot environment for modern computers and embedded systems.  As an Open Source project it provides a flexible framework for insertion of vendor specific firmware modules, and on open ISA platforms aims to provide a fully open, auditable boot process with maximum control over the technology."


Timothy Pearson
Raptor Engineering, LLC
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-leave@coreboot.org