[coreboot] Are any Chromebooks able to run fully libre?

Sam Kuper sam.kuper at uclmail.net
Fri Jan 3 01:37:34 CET 2014


On 20/12/2013, ron minnich <rminnich at gmail.com> wrote:
> At this point it's harder and harder to escape the Blob. It eats you
> alive! http://www.youtube.com/watch?v=TdUsyXQ8Wrs

In a similar vein :)

https://web.archive.org/web/20130422085916/http://www.openbsd.org/lyrics.html#39


On 02/01/2014, mrnuke <mr.nuke.me at gmail.com> wrote:
> On Thursday, January 02, 2014 11:28:14 PM Sam Kuper wrote:
>> On the C7/C710 and Pavilion 14 as shipped, where are those microcode
>> updates stored?
>>
> This [1] should help you extract a stock coreboot.rom that you can cbfstool
>
> with. The rest is left as an exercise to the reader.
> (Short answer: cpu_microcode_blob.bin in CBFS)

Thank you, but unfortunately, I don't own a Samsung Series 5 550 or a
Series 3 Chromebox, nor any other CrOS device from which to extract a
stock coreboot.rom.

>> > And
>> > how exactly is a CPU different if the microcode update is patched in
>> > the
>> > factory rather than uploaded at boot?
>>
>> First of all, if some microcode is in the CPU from the factory rather
>> [yada, yada, yada]
>
> I don't care for any Stallmanian lecturing on how microcode updates work.
> [...] With the risk of sounding arrogant, that
> gives
> me the credit to avoid your uninformed lecturing.

With respect, I wasn't trying to lecture anyone; I was giving a
straight answer to your question.

I freely admit I'm not terribly well-informed on the subject. That's
why I'm reading to learn as much as I can and asking questions here to
fill in the gaps.

> You have the option in
> coreboot to not include them. Period.

That was my understanding, but thanks for confirming it.

> What I gather from your description is that you want is the CPU that works
> best without microcode updates.

I'm after a couple of things:

- Server: x86, not necessarily Intel, with Core Solo performance or
better, that supports 16GB+ of RAM with double bit error correction
(e.g. Chipkill).
- Laptop/netbook: not necessarily x86, with Core Solo performance or
better, that supports 2GB+ of RAM.

And the kicker is that I'd like both to be fully open! Since no such
systems appear to exist, I'm trying in each case to pick the least
worst option.[1] That *doesn't necessarily* mean running without
microcode updates, so even though you may not agree with them, the
reasons I gave for distinguishing between baked-in microcode and
patched-in microcode were earnest ones. It does mean that I've read
the "supported motherboards" page (for the server) and the X60 and
Chromebook-related pages - plus several other pages - on the Coreboot
wiki.

> Ask around

That's what I'm doing :)

> or test yourself.

I intend to, but first I'm trying to identify the best candidate(s),
because my budget is small. If the C7/C710/HP14 didn't have CPU errata
& corresponding microcode updates, then I'd be tempted to get one for
testing. If not, then probably the X60 is a better option for me.
Hence my questions here :)

> I don't think
> many people have tested without microcode updates.

Some Trisquel folks are running without microcode updates.[2] I don't
know if anyone except Intel and the sort of security folks mentioned
in Kris Kaspersky's presentation[3] are *testing* anything in relation
to that, though.

Anyhow, since I've managed inadvertently to generate a couple of
slightly tetchy replies here since I started this thread (i.e. yours
and the earlier one from Gregg Levine), maybe that's a hint that I'm
asking too many questions or something, and that I should take my
leave for now?

Thanks again for the help you've given,

Sam

[1] I don't have a fixed understanding of what I mean by "least worst
option". Each time I learn something relevant, I try to update my
understanding accordingly.
[2] http://trisquel.info/en/forum/intel-processor-microcode-security-update-trisquel
[3] http://www.cs.dartmouth.edu/~sergey/cs258/2010/D2T1%20-%20Kris%20Kaspersky%20-%20Remote%20Code%20Execution%20Through%20Intel%20CPU%20Bugs.pdf



More information about the coreboot mailing list