[coreboot] Coreboot Purism BIOS is free? open?

[Youness Alaoui]

Hi Dame,

The coreboot on Purism machines is indeed open and available, and it
is all merged into upstream coreboot, so there is no specific
repository for it other than the coreboot repository (the code is in
src/mainboard/purism/ subdirectory).
Here is the build script we use to build coreboot for our machines,
from scratch : https://forums.puri.sm/t/building-coreboot-from-source-official-script/1264
I haven't updated the build script in a while, so it's actually
building from here : https://code.puri.sm/kakaroto/coreboot.git but
those commits were merged upstream and the upstream coreboot
repository is all you need now.
Note that to disable the ME, we need to use the '-S -e MFS' option to
me_cleaner (the script also uses my own repository for me_cleaner, but
my patches to me_cleaner were also merged upstream, so you can just
use the upstream repository for me_cleaner. See my pull request here :
https://github.com/corna/me_cleaner/pull/70) .
You can read more about the efforts to disable the ME and the need for
the -e option by reading my blog post here :
https://puri.sm/posts/deep-dive-into-intel-me-disablement/
You said you want to implement coreboot for some 7th and 8th
generation Intel computers. Then you'd probably also be interested in
the blog posts I wrote about the porting experience. You can find all
my posts on the right sidebar of our coreboot timeline page here :
https://puri.sm/coreboot/timeline/
If you still have any questions, feel free to ask.

As for Taiidan's response, I think Matt's response to it is pretty
good already, and I'm tired of seeing Taiidan jumping at the chance to
talk against Purism every chance he gets, but I won't rant about that
today, I will only add this to the discussion :
* The original question was on whether our coreboot port was available
or not because the OP wanted to know how we disable the ME, you
completely missed the question and decided to give advice on what
device to buy instead...
* You seem to think that the purism laptops are selling at a premium
because it comes with coreboot? I'm pretty sure that the Cost/MSRP
margin is the same or lower than from other laptop manufacturers, the
"premium" you'd pay is because of the low volume of machines we are
making, Dell/Lenovo can of course sell for lower prices because they
get economy of scale, which we don't. It's not because we are
increasing our revenue and using coreboot as an excuse to do it.
* You said "they are charging for a whitebox re-brand.", that's
actually a completely false statement, the motherboard is our own and
it is designed to avoid having any firmware-based hardware so a
binary-blob-free linux distribution can run on it. It is not a
whitebox re-brand. If it was a whitebox re-brand, then yeah, we'd be
selling for a lot lower price considering we'd be able to also take
advantage of the economies of scale.
* You are encouraging the purchase of lenovo machines, but as far as I
know, lenovo is not actively working on reverse enginering the FSP.
Also, the only reason that Lenovo can have a libreboot running on it
is because the community did the port, not because the company itself
is working towards freeing it or investing anything to provide more
freedom to users. So yeah, sure, you could say "don't pay a 30$
premium for coreboot, buy a lenovo and do the port yourself" (assuming
you know how to do the port, or you buy one that is already ported) ,
but you might as well say "don't pay a 30$ premium for coreboot, buy a
lenovo, do the port yourself, then reverse engineer the FSP yourself
while you're at it" and it would be more accurate. And that's of
course ignoring the question of the harware kill switches, the fact
that you can't compare a 200$ refurbished laptop from 6 years ago with
a higher priced laptop from today, or that lenovo won't answer you if
you ask tech support questions on coreboot or linux, etc...
* We worked on disabling the ME on the purism laptops. Yes, the lion's
share of the work was done by others (Corna for me_cleaner and
Positive Technologies for the HAP bit), but not only did it require a
significant amount of work from our side as well, to test, validate
and package the ME disablement work (see above blog post link), but we
are the first manufacturer to offer it standard and without us doing
it, it could be argued whether or not this differentiation would have
convinced System76 and Dell to also pursue offering machines with the
ME disabled. So, encouraging those who are trying to pioneer the work
might actually help the entire community. Do you think it might
convince Intel to offer ME-less designs if they see half the
manufacturers starting to ship unofficially-disabled ME machines ?
Maybe, maybe not, but at least someone is trying to move things along
instead of only complaining about the status of things.

I could go on, but I think that's enough.

Hopefully, this helps clarify the situation.

Thanks,
Youness.

On Mon, Dec 18, 2017 at 4:07 AM, Dame Más <damemasporfavor at gmail.com> wrote:
> Hello,
> I understand.
> I want implement Coreboot for current 7th and 8th generation Intel
> computers.
> And if the Pursism BIOS was opensource, I could work with it as a base.
> However I can not find the source code to work with him.
> I like GNU/Linux and the opensource because among all we do it better, but
> if the code is not liberated, I can not speak well of Purism.
>
> 2017-12-18 6:01 GMT+01:00 Matt DeVillier <matt.devillier at gmail.com>:
>>
>> On Sun, Dec 17, 2017 at 6:58 PM, Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>>>
>>> On 12/17/2017 05:06 PM, Dame Más wrote:
>>>
>>>> Hi,
>>>> The Coreboot BIOS of Purism 13 is open?
>>>
>>> No it isn't, while they do use coreboot the silicon init process is
>>> entirely blobbed.
>>>
>>> Technical merits - is it better than an off the shelf dell laptop? Of
>>> course, but not better enough to justify even a $30 premium let alone the
>>> thousands they are charging for a whitebox re-brand.
>>> It removes the brander (ex: dell) from the firmware trust equation but
>>> intel still remains and so does ME.
>>
>>
>> That's a pretty absurd exaggeration.  Purism laptops certainly sell at a
>> premium relative to a Dell (eg) with similar CPU/RAM/SSD, but they don't
>> sell anywhere near the same volume, so their costs are higher.  They also
>> feature hardware kill switches for wifi/BT and mic/webcam, ship with a
>> blob-free Debian-based distro, and use coreboot with a disable/neutered ME.
>> Whether or not you consider those qualities, and supporting a startup
>> working towards increasing owner control on modern hardware, to justify the
>> price premium is certainly a valid point of discussion.
>>
>>>
>>>
>>> If I was you I would purchase a different coreboot compatible laptop then
>>> compile and install coreboot while running me_cleaner yourself - this will
>>> provide a better result for a lot less money as these following laptops
>>> feature open source silicon init and in the case of the intel models are
>>> pre-skylake so more of ME can be "cleaned".
>>>
>>>
>>> One of these laptops is $200 max for one in good condition, vs thousands
>>> for a Purism 13 - with the cash you save you can also buy a KCMA-D8 gaming
>>> computer for libre gaming in a VM or otherwise.
>>
>>
>> "better" certainly depends on how one ranks the various qualities of a
>> given device. If owner-controller trumps all other considerations, then
>> certainly there are "better" options, but you're not going to find anything
>> for $200 that is anywhere close in terms of weight, battery life, screen
>> quality, or using a modern SoC -- that's the tradeoff, and again something
>> that's worth discussion, but framing it in the context of paying "thousands"
>> for a Purism device vs $200 for something of equal/better capability is
>> dishonest and does a disservice to the entire community IMO.
>
>
>
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot