[coreboot] Official builds for EoL Chromebooks

Thu Oct 13 21:35:59 CEST 2016

but then you get into the situation where coreboot (org) is providing
hashes for binary firmware it didn't build / isn't providing / can't easily
validate.  And pulling that from a live system like is done with board
status isn't easily done, for multiple reasons.  That's one of the reasons
for the "rom-o-matic" GSoC project (where users would provide the blobs,
and a firmware image would be build in real-time using a known good commit
hash, config, etc), but I'm not sure the status on that

Funny you mention the C710, as I'll be releasing updated firmware for it,
both UEFI and Legacy versions, supporting both SB/IVB variants, in the next
few days.  You will be able to reproduce it yourself using my posted
sources, build scripts, and the blobs extracted from my firmware.

On Thu, Oct 13, 2016 at 2:22 PM, Emilian Bold <emilian.bold at gmail.com>
wrote:

> Just listing SHA hashes of the recommended ROMs for a given Chromebook
> would be an improvement.
>
> The hash is sufficient to verify a build / download. But it has to come
> from Coreboot.
>
> Actually, this would be a nice project for someone from Google.
>
> I can only volunteer testing a build on my Acer C710 (which is probably
> the only Chromebook with upgradeable RAM and disk).
>
>
>
> --emi
>
> On Thu, Oct 13, 2016 at 6:49 PM, Matt DeVillier <matt.devillier at gmail.com>
> wrote:
>
>> well, in order for that to happen, someone would have to take ownership
>> of that - are you volunteering?  =)
>>
>> There's also the issue of blobs that can't be redistributed, which is
>> AIUI one of the reasons why coreboot doesn't offer compiled firmware.
>> Additionally, some models (ie, Chomeboxes) require persistence of parts of
>> the stock firmware in order to maintain their unique ethernet MAC address,
>> so having users simply download and manually flash a compiled firmware
>> manually is highly suboptimal.  This is why I implemented the flashing
>> script (well that, and to provide some basic sanity checks that users
>> weren't flashing the wrong firmware, had write-protect disabled, etc)
>>
>> On Thu, Oct 13, 2016 at 10:14 AM, Emilian Bold <emilian.bold at gmail.com>
>> wrote:
>>
>>> I think EoL Chromebooks are a good opportunity for Coreboot to present
>>> itself to end users.
>>>
>>> Right now Chromebooks use Coreboot but nobody knows that.
>>>
>>> But once a Chromebook reaches EoL people will either throw it away or
>>> use it with the insecure and outdated browser version they have until it
>>> breaks.
>>>
>>> People would appreciate that it's possible to keep the device and use a
>>> modern Linux with up-to-date browser by only installing a dedicated
>>> Coreboot ROM.
>>>
>>> A per-device wiki page would be great! Something to show how to install
>>> it, etc.
>>>
>>> A ROM sha-256 (and a link) is also essential to know what to grab (or if
>>> your build was good).
>>>
>>> I'm actually the one that started the reproducible builds thread last
>>> time precisely because I could not get the same ROM image as the ones
>>> posted online and I was wondering what I did wrong and if I would brick my
>>> laptop or not.
>>>
>>>
>>>
>>> --emi
>>>
>>> On Thu, Oct 13, 2016 at 5:53 PM, Matt DeVillier <
>>> matt.devillier at gmail.com> wrote:
>>>
>>>> Emi,
>>>>
>>>> I think this is what you're looking for: https://www.coreboot.org/
>>>> Supported_Motherboards
>>>> It contains the commit hash, build config, and a few other logs for
>>>> each device/commit.  It is user submitted though, since there doesn't exist
>>>> a test setup for every supported device.
>>>>
>>>> Right now, I'm the main builder/distributor of upstream coreboot
>>>> firmware for ChromeOS devices; I support all Haswell, Broadwell, and some
>>>> Baytrail devices, the former with both UEFI and Legacy Boot variants. When
>>>> time permits, I'll expand that to cover the rest of the Baytrail devices,
>>>> then move on to adding support for Skylake.  No plans for Braswell support
>>>> unless I acquire a device on which to test.
>>>>
>>>> John Lewis has some upstream firmware for the older
>>>> SandyBridge/IvyBridge models, but his Haswell firmware is build from
>>>> Google's tree/branches not upstream.  He also has no plans for any future
>>>> upstream firmware.
>>>>
>>>> cheers,
>>>> Matt
>>>>
>>>> On Thu, Oct 13, 2016 at 6:49 AM, Emilian Bold <emilian.bold at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> Now that Coreboot has reproducible builds, could you provide a list of
>>>>> build hashes for Chromebooks that are or will soon reach End of Life?
>>>>>
>>>>> I see on https://support.google.com/chrome/a/answer/6220366?hl=en that
>>>>> 2 Chromebooks will reach End of Life in 2016 and 3 more in 2017 then 7 in
>>>>> 2018. I assume the number will increase each year.
>>>>>
>>>>> I know that Coreboot does not distribute builds, but the little Custom
>>>>> roms section on https://www.coreboot.org/users.html seems
>>>>> insufficient.
>>>>>
>>>>> It's easy making a build, you just need to have the certainty you did
>>>>> it well. Or that the one you are downloading is correct.
>>>>>
>>>>> Posting an official SHA-256 hash for a ROM would solve this.
>>>>>
>>>>> --emi
>>>>>
>>>>> --
>>>>> coreboot mailing list: coreboot at coreboot.org
>>>>> https://www.coreboot.org/mailman/listinfo/coreboot
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20161013/00736d27/attachment.html>