Hi Dame,
The coreboot on Purism machines is indeed open and available, and it is all merged into upstream coreboot, so there is no specific repository for it other than the coreboot repository (the code is in src/mainboard/purism/ subdirectory). Here is the build script we use to build coreboot for our machines, from scratch : https://forums.puri.sm/t/building-coreboot-from-source-official-script/1264 I haven't updated the build script in a while, so it's actually building from here : https://code.puri.sm/kakaroto/coreboot.git but those commits were merged upstream and the upstream coreboot repository is all you need now. Note that to disable the ME, we need to use the '-S -e MFS' option to me_cleaner (the script also uses my own repository for me_cleaner, but my patches to me_cleaner were also merged upstream, so you can just use the upstream repository for me_cleaner. See my pull request here : https://github.com/corna/me_cleaner/pull/70) . You can read more about the efforts to disable the ME and the need for the -e option by reading my blog post here : https://puri.sm/posts/deep-dive-into-intel-me-disablement/ You said you want to implement coreboot for some 7th and 8th generation Intel computers. Then you'd probably also be interested in the blog posts I wrote about the porting experience. You can find all my posts on the right sidebar of our coreboot timeline page here : https://puri.sm/coreboot/timeline/ If you still have any questions, feel free to ask.
As for Taiidan's response, I think Matt's response to it is pretty good already, and I'm tired of seeing Taiidan jumping at the chance to talk against Purism every chance he gets, but I won't rant about that today, I will only add this to the discussion : * The original question was on whether our coreboot port was available or not because the OP wanted to know how we disable the ME, you completely missed the question and decided to give advice on what device to buy instead... * You seem to think that the purism laptops are selling at a premium because it comes with coreboot? I'm pretty sure that the Cost/MSRP margin is the same or lower than from other laptop manufacturers, the "premium" you'd pay is because of the low volume of machines we are making, Dell/Lenovo can of course sell for lower prices because they get economy of scale, which we don't. It's not because we are increasing our revenue and using coreboot as an excuse to do it. * You said "they are charging for a whitebox re-brand.", that's actually a completely false statement, the motherboard is our own and it is designed to avoid having any firmware-based hardware so a binary-blob-free linux distribution can run on it. It is not a whitebox re-brand. If it was a whitebox re-brand, then yeah, we'd be selling for a lot lower price considering we'd be able to also take advantage of the economies of scale. * You are encouraging the purchase of lenovo machines, but as far as I know, lenovo is not actively working on reverse enginering the FSP. Also, the only reason that Lenovo can have a libreboot running on it is because the community did the port, not because the company itself is working towards freeing it or investing anything to provide more freedom to users. So yeah, sure, you could say "don't pay a 30$ premium for coreboot, buy a lenovo and do the port yourself" (assuming you know how to do the port, or you buy one that is already ported) , but you might as well say "don't pay a 30$ premium for coreboot, buy a lenovo, do the port yourself, then reverse engineer the FSP yourself while you're at it" and it would be more accurate. And that's of course ignoring the question of the harware kill switches, the fact that you can't compare a 200$ refurbished laptop from 6 years ago with a higher priced laptop from today, or that lenovo won't answer you if you ask tech support questions on coreboot or linux, etc... * We worked on disabling the ME on the purism laptops. Yes, the lion's share of the work was done by others (Corna for me_cleaner and Positive Technologies for the HAP bit), but not only did it require a significant amount of work from our side as well, to test, validate and package the ME disablement work (see above blog post link), but we are the first manufacturer to offer it standard and without us doing it, it could be argued whether or not this differentiation would have convinced System76 and Dell to also pursue offering machines with the ME disabled. So, encouraging those who are trying to pioneer the work might actually help the entire community. Do you think it might convince Intel to offer ME-less designs if they see half the manufacturers starting to ship unofficially-disabled ME machines ? Maybe, maybe not, but at least someone is trying to move things along instead of only complaining about the status of things.
I could go on, but I think that's enough.
Hopefully, this helps clarify the situation.
Thanks, Youness.
On Mon, Dec 18, 2017 at 4:07 AM, Dame Más damemasporfavor@gmail.com wrote:
Hello, I understand. I want implement Coreboot for current 7th and 8th generation Intel computers. And if the Pursism BIOS was opensource, I could work with it as a base. However I can not find the source code to work with him. I like GNU/Linux and the opensource because among all we do it better, but if the code is not liberated, I can not speak well of Purism.
2017-12-18 6:01 GMT+01:00 Matt DeVillier matt.devillier@gmail.com:
On Sun, Dec 17, 2017 at 6:58 PM, Taiidan@gmx.com Taiidan@gmx.com wrote:
On 12/17/2017 05:06 PM, Dame Más wrote:
Hi, The Coreboot BIOS of Purism 13 is open?
No it isn't, while they do use coreboot the silicon init process is entirely blobbed.
Technical merits - is it better than an off the shelf dell laptop? Of course, but not better enough to justify even a $30 premium let alone the thousands they are charging for a whitebox re-brand. It removes the brander (ex: dell) from the firmware trust equation but intel still remains and so does ME.
That's a pretty absurd exaggeration. Purism laptops certainly sell at a premium relative to a Dell (eg) with similar CPU/RAM/SSD, but they don't sell anywhere near the same volume, so their costs are higher. They also feature hardware kill switches for wifi/BT and mic/webcam, ship with a blob-free Debian-based distro, and use coreboot with a disable/neutered ME. Whether or not you consider those qualities, and supporting a startup working towards increasing owner control on modern hardware, to justify the price premium is certainly a valid point of discussion.
If I was you I would purchase a different coreboot compatible laptop then compile and install coreboot while running me_cleaner yourself - this will provide a better result for a lot less money as these following laptops feature open source silicon init and in the case of the intel models are pre-skylake so more of ME can be "cleaned".
One of these laptops is $200 max for one in good condition, vs thousands for a Purism 13 - with the cash you save you can also buy a KCMA-D8 gaming computer for libre gaming in a VM or otherwise.
"better" certainly depends on how one ranks the various qualities of a given device. If owner-controller trumps all other considerations, then certainly there are "better" options, but you're not going to find anything for $200 that is anywhere close in terms of weight, battery life, screen quality, or using a modern SoC -- that's the tradeoff, and again something that's worth discussion, but framing it in the context of paying "thousands" for a Purism device vs $200 for something of equal/better capability is dishonest and does a disservice to the entire community IMO.
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot