[coreboot] Coreboot Purism BIOS is free? open?
kakaroto at kakaroto.homelinux.net
Sat Dec 23 05:36:20 CET 2017
On Tue, Dec 19, 2017 at 8:04 PM, Taiidan at gmx.com <Taiidan at gmx.com> wrote:
> On 12/18/2017 01:59 PM, Youness Alaoui wrote:
>> As for Taiidan's response, I think Matt's response to it is pretty
>> good already, and I'm tired of seeing Taiidan jumping at the chance to
>> talk against Purism every chance he gets
> I simply want people to have all the facts before they spend thousands on a
> computer - as I have stated before you guys really need to change your
> marketing as it is confusing a lot of people.
First of all, I feel like this email is genuinely curious/humble
rather than hateful as I've had the impression in the past, so thank
you for that. That's why I decided to answer you, as I've previously
preferred not to. This response will probably be long though, so if
anyone reading here decides to TL;DR, that's perfectly fine by me.
The facts are there for people and I don't think that there is
anything wrong with the marketing. Some people might be confused but I
think that's unavoidable, no matter what we do or how we say things or
which things are put on the front, there will always be people who
will be confused.
> I of course would be more than happy to assist with this task, please
> remember *people are still going to purchase your products if your marketing
> is entirely up front and honest* - will you loose a few sales? of course,
> but it is better to do that then have unhappy customers.
That's your issue here, you think that the marketing is not honest,
but it is. It's not about losing sales or anything like that. You'd be
surprised to know just how many "unhappy customers" there are compared
to how many customers are actually happy about their devices. Other
than a couple of people (like you or Nico) who have stated that they'd
be unhappy with such a device, I haven't heard of anyone complaining.
I think that you are simply projecting your own needs or wants to a
much larger proportion of our customers. Would some people prefer a
100% open machine, yes, can they buy such a machine from somewhere
else, yes, did they misunderstand what the librem actually was when
they bought it, probably not.
> I humbly request:
> Remove "Libre" from the product names,
Now this is ridiculous (sorry) for multiple reasons. First of all, it
would be a nightmare to suddenly change a brand's name just to satisfy
one non-customer, and secondly, it makes no sense, the fact that the
device is called a Librem doesn't mean that it's open source hardware!
What's next, you will ask LibreOffice from refusing to install on any
hardware if they detect binary blobs on it ? Or that they remove
support for non libre document formats? Would you say that libreboot
should not be installed on laptops for which the schematics are not
open source ? etc..
The laptops are the "Librem series" they are not "The Libre hardware
series", and you need to differentiate between the two. The brand name
is not meant to trap customers either.
> Remove "every chip hand selected to respect privacy" (Intel chips do not do
This one, I kind of agree with you on it. I understand where it comes
from, it's about the peripherals, USB chip, webcam chip, the wifi
chip, the fact that the ethernet chip (on the previous models with
ethernet) was added instead of using the intel integrated one, etc...
So, yes, every chip is indeed hand selected to optimize the privacy
and security when an alternative is available, it is not however a
guarantee that the CPU itself is privacy-respecting. The sentence is
there to basically say "we are not a white-label reseller", but I do
agree with you that it can be (easily) interpreted to mean that the
intel CPU is privacy-respecting when it is not necessarily true.
> Clearly mention and define the difference between a coreboot device with FSP
> and one without in the product description
How and where? There is nothing clearer than the fact that coreboot
comes with binary blobs. We have written countless blog posts about
it, I regularly post progress updates, we have discussed which binary
blobs are present and what they do, we have a link somewhere to point
to the https://www.coreboot.org/Binary_situation page, it's even
actually mentioned that "we have yet to free the Intel FSP" in the
Roadmap page, this is not something that is hidden from customers by
any stretch of the imagination, and your statement makes it sound like
we're hiding this on purpose from the customers.
Would you also suggest to any manufacturer that sells laptops with
Ubuntu on them to specify that "Ubuntu is not really free software
because it has binary firmwares in it" ? No, because the important
part is that you're running Ubuntu, it doesn't matter that it has a
binary firmware file in it somewhere... this is the same thing, it
ships with coreboot, yeay, it has an open source BIOS, yeay, coreboot
is still better than the proprietary BIOS even if the memory/silicon
init is done via a binary blob from Intel.
I will however agree that our coreboot page (which is linked in the
products page) needs an update as it's very outdated now and it's
lacking a lot of information on the coreboot port/seabios/FSP/etc...
> Please stop the requests for the FSF to bend the RYF rules so your devices
> can be RYF certified.
Euhh.. what? Where did you ever hear anything about that? requests to
the FSF to bend the RYF rules? Seriously, if you think we do that,
then you're clearly mistaken. We know quite well what the RYF rules
are and in the roadmap to freedom, the RYF certification step comes
after the 100% blob free BIOS in our roadmap :
> Remove the "Road to RYF" page - as it is entirely impossible for a modern
> intel device to be RYF certified.
Humm.. so you're saying that it's impossible that in the future we
would have a non-intel device which would be RYF certified? The page
is a *Road to Freedom*, it mentions what we still need before we can
be "Purist Standard". The very definition of a roadmap page is to talk
about what we want in the future. If the page was saying "we are
currently working on getting our current products RYF certified" then
yeah, I'd tell you you're right, but this is so far from the truth.
The RYF certification is just one step in the Road, the schematics is
another step, and it doesn't say anywhere that all our current or past
devices will be able to attain the freedom that we're working towards.
It's like telling Elon Musk to stop talking about his plan for Mars
because the Tesla Roadster itself cannot fly you safely there...
> I have never met a layman who didn't think that "coreboot" means entirely
> open source hardware initiation (as it used to mean that before FSP) and I
> have conversed with a variety of people who have bought or are considering
> buying a purism or ORWL computer - they are always surprised and unhappy
> when I explain.
Two things here, first, "when I explain".. I've seen you say so much
false things before on purism and if I didn't know better, then yeah,
I would also be unhappy after listening to you if I assumed everything
you said was a true statement. You're not immune to misinterpreting
things or misunderstanding things. If you tell someone "they lied,
they are dishonest, they say this but in fact it's not", then yeah,
that person would be unhappy, even if you were the one who
As for my second point, until I started working for Purism, I never
realized that this whole "binary blob" thing exists.. I always thought
that if you install Linux, it's 100% free software, I didn't know
fedora/debian came with binary firmwares, I didn't realize you could
have binary drivers loaded into the GPL kernel.. I didn't realize that
the hardware on my motherboard could have its own proprietary
firmware. So when I learned that, yes, I was unhappy, but I wasn't
angry at fedora for not showing a big red warning telling me that the
iso I'm downloading is not 100% free, I was angry at myself for
assuming things without doing the proper research. It was my own fault
for thinking that. And just don't get me started on the day I learned
that something exists that is called "Intel ME"... We say that PureOS
is binary free, and that it comes with coreboot and that we're still
working on freeing the BIOS, what else do you need ? Also, what could
ever be said that will make 100% of the users not be confused or
Purism is trying to educate people, if you see all the blog posts
we're publishing, I'm trying to tell people what really is happening
inside of their PC. The information is there, it's not hidden, it's
not obscure, but if people don't do their own research, that's their
own fault. We say it comes with coreboot, which is true, we don't have
to say that coreboot contains binary blobs, we don't have to say that
the ME exists, we don't have to say that a completely removed ME still
has code in its ROM, we don't have to say that we don't have the
Verilog code of the PCH, we don't have to say that the schematics is
not publicly released, we don't have to say that the intel CPUs have
undocumented instructions, we don't have to say any of that without
risking being called "dishonest marketing".
Dishonest marketing is saying that the entire software stack,
including the BIOS is 100% open source, when it actually isn't.
>> * You seem to think that the purism laptops are selling at a premium
>> because it comes with coreboot?
> They are, which isn't an issue (I know how much even a FSP coreboot board
> port costs) if someone insists on brand new hardware.
They aren't. The "premium" is because the motherboard is built to our
specs mostly and we don't buy in enough bulk to get lower prices. Like
I said, we're not resellers that charge a premium for the software,
we're manufacturer and we charge like anyone else, we just pay our
motherboards a much higher price from the factory than what the
resellers pay for theirs.
The software/coreboot/RE/etc.. is considered part of the regular
operations of the company.
>> * You said "they are charging for a whitebox re-brand.", that's
>> actually a completely false statement, the motherboard is our own and
>> it is designed to avoid having any firmware-based hardware so a
>> binary-blob-free linux distribution can run on it. It is not a
>> whitebox re-brand. If it was a whitebox re-brand, then yeah, we'd be
>> selling for a lot lower price considering we'd be able to also take
>> advantage of the economies of scale.
> As I recall at least the earlier laptops were in fact reference designs
> complete with OEM provided windows licenses.
> The blobs on a modern laptop are all peripheral related such as wi-fi and
> touchpad, if you have in fact spent money on a custom board fab I do not
> understand what made it worth it.
Nope, there never was any Windows license, and the very first laptop
was still a custom motherboard.
The custom board fab was probably justified because of the ethernet
chip that had to be used (everyone uses the intel integrated one) on
the first models, as well as changes required in order to expose the
microphone/webcam, and wifi/bluetooth for the hardware kill switches.
I'm not sure what else, but the EC might have been chosen to be
different from what the reference designs used, etc..
>> * You are encouraging the purchase of lenovo machines, but as far as I
>> know, lenovo is not actively working on reverse enginering the FSP.
>> Also, the only reason that Lenovo can have a libreboot running on it
>> is because the community did the port, not because the company itself
>> is working towards freeing it or investing anything to provide more
>> freedom to users.
> Yes obviously, but people who purchase used machines are not supporting
They kind of are. People will see you using a lenovo, and that makes
you a walking advertisement. Your next machine will also probably be a
lenovo. Buying it used doesn't mean you're not supporting the company.
> Reverse engineering FSP but always providing brand new hardware is a
> contradiction, it would take years and cost hundreds of thousands for every
> intel hardware revision. I do not understand how you will be able to afford
> this and again plead for the efforts to be re-directed to a high performance
> ARM laptop with for example an AppliedMicro CPU that could be owner
> controlled - currently all ARM laptops are very slow.
Not always providing brand new hardware. I think we can go a long way
with the current hardware and yes, it would take years and a lot of
effort to reverse engineer the FSP, but it won't take as much for the
next iteration, and besides, there's no guarantee the next iteration
will even be intel...
>> So yeah, sure, you could say "don't pay a 30$
>> premium for coreboot, buy a lenovo and do the port yourself" (assuming
>> you know how to do the port, or you buy one that is already ported) ,
>> but you might as well say "don't pay a 30$ premium for coreboot, buy a
>> lenovo, do the port yourself, then reverse engineer the FSP yourself
>> while you're at it" and it would be more accurate. And that's of
>> course ignoring the question of the harware kill switches, the fact
>> that you can't compare a 200$ refurbished laptop from 6 years ago with
>> a higher priced laptop from today
> The Lenovo G505S is from three years ago and it uses the FT3 platform, I
> still would like to know as to why you guys didn't use that as it was brand
> new when you first started selling laptops - it was just as fast and open
> source firmware could be easily made for it as it has no hardware code
> signing enforcement or ME/PSP...
You can read from this email and next few emails :
I think Todd started discussions about switching to AMD, but it was
said AMD had the same issues as intel pretty much, and I think the
main reason, as I explained in my previous mails here is that Todd was
led to believe he could get an ME-less design from Intel during his
talks with them, so it didn't matter to switch to AMD.
Also, correct me if I'm wrong, but AMD from 4 years ago (A10-5750M) is
underpowered and more energy-hungry than an intel from 4 years ago, no
Either way, maybe it was a decision that was made, maybe they didn't
know about this alternative, maybe they underestimated the work needed
for freeing the intel chip, maybe it was just a mistake, a bad
decision, or maybe if AMD was chosen, it would have made the machines
less attractive to people, they wouldn't have sold enough to keep the
company afloat and we wouldn't be talking today about the efforts
being deployed to freeing the FSP... I don't really know, so I can't
really answer your question about why that specific AMD chip wasn't
> It isn't as if a x86-64 board that isn't absolutely brand new is useless, I
> can play modern games on my KGPE-D16 without any issue with a 2013 CPU (not
No, it's not. The current Librem is using Skylake which is 2 years old
already, and it's still a good machine in terms of performance.
I can't answer you more in depth though, this is all my assumptions
from tidbits here and there, since as you know, I wasn't part of the
team back then.
>> * We worked on disabling the ME on the purism laptops. Yes, the lion's
>> share of the work was done by others (Corna for me_cleaner and
>> Positive Technologies for the HAP bit), but not only did it require a
>> significant amount of work from our side as well, to test, validate
>> and package the ME disablement work (see above blog post link), but we
>> are the first manufacturer to offer it standard and without us doing
>> it, it could be argued whether or not this differentiation would have
>> convinced System76 and Dell to also pursue offering machines with the
>> ME disabled. So, encouraging those who are trying to pioneer the work
>> might actually help the entire community. Do you think it might
>> convince Intel to offer ME-less designs if they see half the
>> manufacturers starting to ship unofficially-disabled ME machines?
> Intel will never do that - they have absolutely zero monetary reasons to do
> so - even a Fortune 50 company like google can't get them to free ME let
> alone FSP or even provide the documentation for google to do it themselves.
Well, they did add the HAP bit support for the US government, so
that's something at least... and no, I don't think that we could
convince them, even Google couldn't convince them, but I don't know
what their argument even was or how hard they pushed for it. But if
Dell, HP, Lenovo, and everybody else starts disabling it or start
pressuring them to disable them, then maybe that will make a
That was my point.. we opened the ball by disabling the ME and then
all hell broke loose with the exploits, then System76 saw that we
managed to do it and decided to do the same, then Dell jumped on
board... that's what happens, you change things little by little.. and
maybe it makes a wave, maybe not, but you won't know until you try.
> If you are absolutely committed to x86-64 (which like tim I believe it is
> the wrong choice) it would be better to go with AMD as they at least are
> entertaining the idea of a CPU without PSP (an AMD PR guy on reddit claims
> that it has "CEO level attention") and are a much smaller company so less
Yeah, I've followed that whole reddit stuff, and I know "CEO level
attention" doesn't mean anything, I was very excited about Ryzen for
multiple reasons, not just the fact that they recognized the people's
push for no-PSP, but also because AMD finally managed to catch up to
intel in terms of performance and their hardware can finally be on par
with the intel ones.. AMD becomes a possibility, but until they free
the PSP or allow us to remove it, I won't hold out any hope.
Also, like I said, we're not "absolutely committed to x86-64", only
that at the time, x86-64 was the only viable solution for what we
aimed to achieve (which is a recent, powerful laptop with great
battery life, and affordable pricing), if you can tell me that there
is a powerPC SoC that is as good as the current intel ones, and for
similar pricing, then that would be great, but I don't think that's
the case right now.. however, I don't think that's going to be the
case forever. When the situation changes, we'll adapt, for now, we're
trying our best with what we have.
> I believe in 10 years people will still be hoping that one day x86-64 will
> be free and saying just-a-little-bit-longer, instead of focusing on
> alternative architectures that are owner controlled.
Most probably, yeah.. or in 10 years we'll have cracked it open, or in
10 years, people will have moved on onto these alternative
architectures already, or in 10 years, people will have given up on
> People said there will never be linux gaming, now there are regularly AAA
> game releases on linux and I believe we can achieve a POWER gaming community
> as well. I have talked to several indie game developers and they are open to
> the idea if it doesn't cost them anything (as being the first POWER game
> would result in free publicity for them) and that was where it started for
> linux...indie devs later AAA studios.
I like your example, and yes, I remember, game devs said "not enough
user to justify the port", and the users said "not enough games to
justify using linux"... I think it's similar now with PPC, but it's
not an issue with games lacking for PPC, I think the price and the
availability is the real limiting factor.
With the same analogy as yours, we start with what we're doing at
purism to freeing intel hardware, and then "AAA manufacturers" will
start working on freeing the FSP / ME as well for their users...
I hope that answers your questions.
More information about the coreboot