The CTL education chromebook has recently popped up on one of the associated OLPC mailing lists.
http://ctl.net/education-chromebook/
Now that XO laptops are getting hard to come by it's being evaluated as a replacement for the XO by smaller deployments.
Anyone know if these run coreboot and how locked down they are?
Hi Richard,
* Richard A. Smith richard@laptop.org [140710 19:45]:
http://ctl.net/education-chromebook/
Anyone know if these run coreboot and how locked down they are?
All new Chrome OS devices run coreboot and depthcharge, a payload that implements a verified boot process. Chrome OS devices with an Embedded Controller also run Open Source EC firmware.
The devices have a part of their firmware write protected (root of trust) and the RW firmware portions are cryptographically checked. Flash write protection can be circumvented by opening the device and removing the "write protect screw".
In "Normal Mode" Chrome OS devices will only run Chrome OS signed by Google. In "Developer Mode" (built-in "jailbreak" mode) you can install your own software (and run SeaBIOS or any other payload)
Please let me know if you have further questions.
Stefan
Am Donnerstag, den 10.07.2014, 13:45 -0400 schrieb Richard A. Smith:
The CTL education chromebook has recently popped up on one of the associated OLPC mailing lists.
http://ctl.net/education-chromebook/
Now that XO laptops are getting hard to come by it's being evaluated as a replacement for the XO by smaller deployments.
Anyone know if these run coreboot and how locked down they are?
As Stefan replied, Google did a great job by getting coreboot running on it, by using an Embedded Controller (EC) with the free firmware Chrome EC, by even having native graphics initialization, I believe, so the proprietary Video BIOS/VGA Option ROM does not have to run, and to make it easy to get into developer mode and to install on the device what you want.
Unfortunately Intel is used on the device, so several binary blobs have to be used like the firmware for the Intel Management Engine (ME) or the Memory Reference Code (MRC). Please see the coreboot Wiki page *Binary situation* [1].
Also keep in mind that a lot of the code by Google is not upstreamed and only available in the Chromium Git repositories.
On AMD, until Family 15 (Trinity) binary BLOBs problems do not exist to that extent as the AGESA platform initialization (PI) code has been submitted by AMD to coreboot under the MIT license. Unfortunately no AMD based Chromebooks exist and there are also only a few AMD based laptops. On these you would have problems with no free Embedded Controller firmware and no free graphics initialization, so you currently have to run the proprietary Video BIOS/VGA Option ROM. For xHCI you’ll also need non-free firwmare [2].
Unfortunately, for the latest AMD devices, AMD changed their policy and only provides binary BLOBs for platform initialization (PI) [3]. In contrast to Intel, the datasheets are still available though and if you are a big customer you can request access to the AGESA source code. Also talks exist with AMD to get them to revert that decision, so fingers crossed.
There are also ARM based Chromebooks for sale, which do not have to use these BLOBs. These are shipped with U-Boot as far as I know. To some (all?) of these, coreboot has been ported too though. You have to check the Chromium git repositories again though.
Thanks,
Paul
[1] http://www.coreboot.org/Binary_situation [2] http://review.coreboot.org/6219/ [3] http://review.coreboot.org/6218/
-
Paul Menzel -
Richard A. Smith -
Stefan Reinauer