[coreboot] Coreboot Purism BIOS is free? open?

Zoran Stojsavljevic zoran.stojsavljevic at gmail.com
Sat Dec 23 06:28:53 CET 2017

Hello Youness,

With all due respect, you write too long emails, trying to defend
Purism. Lot of yours argument I do not buy.
Some of them I do.

But, hey, this is what you/Purism have/has to offer, and this is a
sort of fair deal. We all know what you are offering,
in regards to x86, so let it be. Some people will buy Taiidan's facts,
some yours, and some will stay in between.

What stays as puzzle is the Purism charge for the Coreboot with
incorporated FSP, maximum stripped ME, with
HAP mechanism set, so minimum (sort of speak) ME stays inactive in
user space (no applications running).

At the end of the day, this is the customers' choice. How well they
are educated, and what side of the story they
do prefer, for which monies. These days they have several choices, I
see at least three/four:
[1] Classical UEFI laptops/notebooks;
[2] [1] with HAP set, so invalidate/inactivate ME in user space (example: DELL);
[3] Purism prepared laptops/notebooks;
[4] [1], then swap by themselves UEFI with Coreboot + FSP + stripped
ME (HAP set)!

So, battle goes on, in sales and marketing space (what is the best
solution out of above presented).

But this is the fact of Life, last few hundred years (advertisement
and marketing)! ;-)

As Russians use to say (Russian proverb): Kazdij kulik svoe boloto hvalit!


On Sat, Dec 23, 2017 at 5:36 AM, Youness Alaoui
<kakaroto at kakaroto.homelinux.net> wrote:
> On Tue, Dec 19, 2017 at 8:04 PM, Taiidan at gmx.com <Taiidan at gmx.com> wrote:
>> On 12/18/2017 01:59 PM, Youness Alaoui wrote:
>>> As for Taiidan's response, I think Matt's response to it is pretty
>>> good already, and I'm tired of seeing Taiidan jumping at the chance to
>>> talk against Purism every chance he gets
>> I simply want people to have all the facts before they spend thousands on a
>> computer - as I have stated before you guys really need to change your
>> marketing as it is confusing a lot of people.
> First of all, I feel like this email is genuinely curious/humble
> rather than hateful as I've had the impression in the past, so thank
> you for that. That's why I decided to answer you, as I've previously
> preferred not to. This response will probably be long though, so if
> anyone reading here decides to TL;DR, that's perfectly fine by me.
> The facts are there for people and I don't think that there is
> anything wrong with the marketing. Some people might be confused but I
> think that's unavoidable, no matter what we do or how we say things or
> which things are put on the front, there will always be people who
> will be confused.
>> I of course would be more than happy to assist with this task, please
>> remember *people are still going to purchase your products if your marketing
>> is entirely up front and honest* - will you loose a few sales? of course,
>> but it is better to do that then have unhappy customers.
> That's your issue here, you think that the marketing is not honest,
> but it is. It's not about losing sales or anything like that. You'd be
> surprised to know just how many "unhappy customers" there are compared
> to how many customers are actually happy about their devices. Other
> than a couple of people (like you or Nico) who have stated that they'd
> be unhappy with such a device, I haven't heard of anyone complaining.
> I think that you are simply projecting your own needs or wants to a
> much larger proportion of our customers. Would some people prefer a
> 100% open machine, yes, can they buy such a machine from somewhere
> else, yes, did they misunderstand what the librem actually was when
> they bought it, probably not.
>> I humbly request:
>> Remove "Libre" from the product names,
> Now this is ridiculous (sorry) for multiple reasons. First of all, it
> would be a nightmare to suddenly change a brand's name just to satisfy
> one non-customer, and secondly, it makes no sense, the fact that the
> device is called a Librem doesn't mean that it's open source hardware!
> What's next, you will ask LibreOffice from refusing to install on any
> hardware if they detect binary blobs on it ? Or that they remove
> support for non libre document formats? Would you say that libreboot
> should not be installed on laptops for which the schematics are not
> open source ? etc..
> The laptops are the "Librem series" they are not "The Libre hardware
> series", and you need to differentiate between the two. The brand name
> is not meant to trap customers either.
>> Remove "every chip hand selected to respect privacy" (Intel chips do not do
>> this),
> This one, I kind of agree with you on it. I understand where it comes
> from, it's about the peripherals, USB chip, webcam chip, the wifi
> chip, the fact that the ethernet chip (on the previous models with
> ethernet) was added instead of using the intel integrated one, etc...
> So, yes, every chip is indeed hand selected to optimize the privacy
> and security when an alternative is available, it is not however a
> guarantee that the CPU itself is privacy-respecting. The sentence is
> there to basically say "we are not a white-label reseller", but I do
> agree with you that it can be (easily) interpreted to mean that the
> intel CPU is privacy-respecting when it is not necessarily true.
>> Clearly mention and define the difference between a coreboot device with FSP
>> and one without in the product description
> How and where? There is nothing clearer than the fact that coreboot
> comes with binary blobs. We have written countless blog posts about
> it, I regularly post progress updates, we have discussed which binary
> blobs are present and what they do, we have a link somewhere to point
> to the https://www.coreboot.org/Binary_situation page, it's even
> actually mentioned that "we have yet to free the Intel FSP" in the
> Roadmap page, this is not something that is hidden from customers by
> any stretch of the imagination, and your statement makes it sound like
> we're hiding this on purpose from the customers.
> Would you also suggest to any manufacturer that sells laptops with
> Ubuntu on them to specify that "Ubuntu is not really free software
> because it has binary firmwares in it" ? No, because the important
> part is that you're running Ubuntu, it doesn't matter that it has a
> binary firmware file in it somewhere... this is the same thing, it
> ships with coreboot, yeay, it has an open source BIOS, yeay, coreboot
> is still better than the proprietary BIOS even if the memory/silicon
> init is done via a binary blob from Intel.
> I will however agree that our coreboot page (which is linked in the
> products page) needs an update as it's very outdated now and it's
> lacking a lot of information on the coreboot port/seabios/FSP/etc...
>> Please stop the requests for the FSF to bend the RYF rules so your devices
>> can be RYF certified.
> Euhh.. what? Where did you ever hear anything about that? requests to
> the FSF to bend the RYF rules? Seriously, if you think we do that,
> then you're clearly mistaken. We know quite well what the RYF rules
> are and in the roadmap to freedom, the RYF certification step comes
> after the 100% blob free BIOS in our roadmap :
> https://puri.sm/learn/freedom-roadmap/
>> Remove the "Road to RYF" page - as it is entirely impossible for a modern
>> intel device to be RYF certified.
> Humm.. so you're saying that it's impossible that in the future we
> would have a non-intel device which would be RYF certified? The page
> is a *Road to Freedom*, it mentions what we still need before we can
> be "Purist Standard". The very definition of a roadmap page is to talk
> about what we want in the future. If the page was saying "we are
> currently working on getting our current products RYF certified" then
> yeah, I'd tell you you're right, but this is so far from the truth.
> The RYF certification is just one step in the Road, the schematics is
> another step, and it doesn't say anywhere that all our current or past
> devices will be able to attain the freedom that we're working towards.
> It's like telling Elon Musk to stop talking about his plan for Mars
> because the Tesla Roadster itself cannot fly you safely there...
>> I have never met a layman who didn't think that "coreboot" means entirely
>> open source hardware initiation (as it used to mean that before FSP) and I
>> have conversed with a variety of people who have bought or are considering
>> buying a purism or ORWL computer - they are always surprised and unhappy
>> when I explain.
> Two things here, first, "when I explain".. I've seen you say so much
> false things before on purism and if I didn't know better, then yeah,
> I would also be unhappy after listening to you if I assumed everything
> you said was a true statement. You're not immune to misinterpreting
> things or misunderstanding things. If you tell someone "they lied,
> they are dishonest, they say this but in fact it's not", then yeah,
> that person would be unhappy, even if you were the one who
> misunderstood it.
> As for my second point, until I started working for Purism, I never
> realized that this whole "binary blob" thing exists.. I always thought
> that if you install Linux, it's 100% free software, I didn't know
> fedora/debian came with binary firmwares, I didn't realize you could
> have binary drivers loaded into the GPL kernel.. I didn't realize that
> the hardware on my motherboard could have its own proprietary
> firmware. So when I learned that, yes, I was unhappy, but I wasn't
> angry at fedora for not showing a big red warning telling me that the
> iso I'm downloading is not 100% free, I was angry at myself for
> assuming things without doing the proper research. It was my own fault
> for thinking that. And just don't get me started on the day I learned
> that something exists that is called "Intel ME"... We say that PureOS
> is binary free, and that it comes with coreboot and that we're still
> working on freeing the BIOS, what else do you need ? Also, what could
> ever be said that will make 100% of the users not be confused or
> misunderstand things?
> Purism is trying to educate people, if you see all the blog posts
> we're publishing, I'm trying to tell people what really is happening
> inside of their PC. The information is there, it's not hidden, it's
> not obscure, but if people don't do their own research, that's their
> own fault. We say it comes with coreboot, which is true, we don't have
> to say that coreboot contains binary blobs, we don't have to say that
> the ME exists, we don't have to say that a completely removed ME still
> has code in its ROM, we don't have to say that we don't have the
> Verilog code of the PCH, we don't have to say that the schematics is
> not publicly released, we don't have to say that the intel CPUs have
> undocumented instructions, we don't have to say any of that without
> risking being called "dishonest marketing".
> Dishonest marketing is saying that the entire software stack,
> including the BIOS is 100% open source, when it actually isn't.
>>> * You seem to think that the purism laptops are selling at a premium
>>> because it comes with coreboot?
>> They are, which isn't an issue (I know how much even a FSP coreboot board
>> port costs) if someone insists on brand new hardware.
> They aren't. The "premium" is because the motherboard is built to our
> specs mostly and we don't buy in enough bulk to get lower prices. Like
> I said, we're not resellers that charge a premium for the software,
> we're manufacturer and we charge like anyone else, we just pay our
> motherboards a much higher price from the factory than what the
> resellers pay for theirs.
> The software/coreboot/RE/etc.. is considered part of the regular
> operations of the company.
>>> * You said "they are charging for a whitebox re-brand.", that's
>>> actually a completely false statement, the motherboard is our own and
>>> it is designed to avoid having any firmware-based hardware so a
>>> binary-blob-free linux distribution can run on it. It is not a
>>> whitebox re-brand. If it was a whitebox re-brand, then yeah, we'd be
>>> selling for a lot lower price considering we'd be able to also take
>>> advantage of the economies of scale.
>> As I recall at least the earlier laptops were in fact reference designs
>> complete with OEM provided windows licenses.
>> The blobs on a modern laptop are all peripheral related such as wi-fi and
>> touchpad, if you have in fact spent money on a custom board fab I do not
>> understand what made it worth it.
> Nope, there never was any Windows license, and the very first laptop
> was still a custom motherboard.
> The custom board fab was probably justified because of the ethernet
> chip that had to be used (everyone uses the intel integrated one) on
> the first models, as well as changes required in order to expose the
> microphone/webcam, and wifi/bluetooth for the hardware kill switches.
> I'm not sure what else, but the EC might have been chosen to be
> different from what the reference designs used, etc..
>>> * You are encouraging the purchase of lenovo machines, but as far as I
>>> know, lenovo is not actively working on reverse enginering the FSP.
>>> Also, the only reason that Lenovo can have a libreboot running on it
>>> is because the community did the port, not because the company itself
>>> is working towards freeing it or investing anything to provide more
>>> freedom to users.
>> Yes obviously, but people who purchase used machines are not supporting
>> lenovo.
> They kind of are. People will see you using a lenovo, and that makes
> you a walking advertisement. Your next machine will also probably be a
> lenovo. Buying it used doesn't mean you're not supporting the company.
>> Reverse engineering FSP but always providing brand new hardware is a
>> contradiction, it would take years and cost hundreds of thousands for every
>> intel hardware revision. I do not understand how you will be able to afford
>> this and again plead for the efforts to be re-directed to a high performance
>> ARM laptop with for example an AppliedMicro CPU that could be owner
>> controlled - currently all ARM laptops are very slow.
> Not always providing brand new hardware. I think we can go a long way
> with the current hardware and yes, it would take years and a lot of
> effort to reverse engineer the FSP, but it won't take as much for the
> next iteration, and besides, there's no guarantee the next iteration
> will even be intel...
>>>   So yeah, sure, you could say "don't pay a 30$
>>> premium for coreboot, buy a lenovo and do the port yourself" (assuming
>>> you know how to do the port, or you buy one that is already ported) ,
>>> but you might as well say "don't pay a 30$ premium for coreboot, buy a
>>> lenovo, do the port yourself, then reverse engineer the FSP yourself
>>> while you're at it" and it would be more accurate. And that's of
>>> course ignoring the question of the harware kill switches, the fact
>>> that you can't compare a 200$ refurbished laptop from 6 years ago with
>>> a higher priced laptop from today
>> The Lenovo G505S is from three years ago and it uses the FT3 platform, I
>> still would like to know as to why you guys didn't use that as it was brand
>> new when you first started selling laptops - it was just as fast and open
>> source firmware could be easily made for it as it has no hardware code
>> signing enforcement or ME/PSP...
> You can read from this email and next few emails :
> https://mail.coreboot.org/pipermail/coreboot/2014-August/078527.html
> I think Todd started discussions about switching to AMD, but it was
> said AMD had the same issues as intel pretty much, and I think the
> main reason, as I explained in my previous mails here is that Todd was
> led to believe he could get an ME-less design from Intel during his
> talks with them, so it didn't matter to switch to AMD.
> Also, correct me if I'm wrong, but AMD from 4 years ago (A10-5750M) is
> underpowered and more energy-hungry than an intel from 4 years ago, no
> ?
> Either way, maybe it was a decision that was made, maybe they didn't
> know about this alternative, maybe they underestimated the work needed
> for freeing the intel chip, maybe it was just a mistake, a bad
> decision, or maybe if AMD was chosen, it would have made the machines
> less attractive to people, they wouldn't have sold enough to keep the
> company afloat and we wouldn't be talking today about the efforts
> being deployed to freeing the FSP... I don't really know, so I can't
> really answer your question about why that specific AMD chip wasn't
> chosen.
>> It isn't as if a x86-64 board that isn't absolutely brand new is useless, I
>> can play modern games on my KGPE-D16 without any issue with a 2013 CPU (not
>> 2008)
> No, it's not. The current Librem is using Skylake which is 2 years old
> already, and it's still a good machine in terms of performance.
> I can't answer you more in depth though, this is all my assumptions
> from tidbits here and there, since as you know, I wasn't part of the
> team back then.
>>> * We worked on disabling the ME on the purism laptops. Yes, the lion's
>>> share of the work was done by others (Corna for me_cleaner and
>>> Positive Technologies for the HAP bit), but not only did it require a
>>> significant amount of work from our side as well, to test, validate
>>> and package the ME disablement work (see above blog post link), but we
>>> are the first manufacturer to offer it standard and without us doing
>>> it, it could be argued whether or not this differentiation would have
>>> convinced System76 and Dell to also pursue offering machines with the
>>> ME disabled. So, encouraging those who are trying to pioneer the work
>>> might actually help the entire community. Do you think it might
>>> convince Intel to offer ME-less designs if they see half the
>>> manufacturers starting to ship unofficially-disabled ME machines?
>> Intel will never do that - they have absolutely zero monetary reasons to do
>> so - even a Fortune 50 company like google can't get them to free ME let
>> alone FSP or even provide the documentation for google to do it themselves.
> Well, they did add the HAP bit support for the US government, so
> that's something at least... and no, I don't think that we could
> convince them, even Google couldn't convince them, but I don't know
> what their argument even was or how hard they pushed for it. But if
> Dell, HP, Lenovo, and everybody else starts disabling it or start
> pressuring them to disable them, then maybe that will make a
> difference.
> That was my point.. we opened the ball by disabling the ME and then
> all hell broke loose with the exploits, then System76 saw that we
> managed to do it and decided to do the same, then Dell jumped on
> board... that's what happens, you change things little by little.. and
> maybe it makes a wave, maybe not, but you won't know until you try.
>> If you are absolutely committed to x86-64 (which like tim I believe it is
>> the wrong choice) it would be better to go with AMD as they at least are
>> entertaining the idea of a CPU without PSP (an AMD PR guy on reddit claims
>> that it has "CEO level attention") and are a much smaller company so less
>> bureaucracy.
> Yeah, I've followed that whole reddit stuff, and I know "CEO level
> attention" doesn't mean anything, I was very excited about Ryzen for
> multiple reasons, not just the fact that they recognized the people's
> push for no-PSP, but also because AMD finally managed to catch up to
> intel in terms of performance and their hardware can finally be on par
> with the intel ones.. AMD becomes a possibility, but until they free
> the PSP or allow us to remove it, I won't hold out any hope.
> Also, like I said, we're not "absolutely committed to x86-64", only
> that at the time, x86-64 was the only viable solution for what we
> aimed to achieve (which is a recent, powerful laptop with great
> battery life, and affordable pricing), if you can tell me that there
> is a powerPC SoC that is as good as the current intel ones, and for
> similar pricing, then that would be great, but I don't think that's
> the case right now.. however, I don't think that's going to be the
> case forever. When the situation changes, we'll adapt, for now, we're
> trying our best with what we have.
>> I believe in 10 years people will still be hoping that one day x86-64 will
>> be free and saying just-a-little-bit-longer, instead of focusing on
>> alternative architectures that are owner controlled.
> Most probably, yeah.. or in 10 years we'll have cracked it open, or in
> 10 years, people will have moved on onto these alternative
> architectures already, or in 10 years, people will have given up on
> that hope...
>> People said there will never be linux gaming, now there are regularly AAA
>> game releases on linux and I believe we can achieve a POWER gaming community
>> as well. I have talked to several indie game developers and they are open to
>> the idea if it doesn't cost them anything (as being the first POWER game
>> would result in free publicity for them) and that was where it started for
>> linux...indie devs later AAA studios.
> I like your example, and yes, I remember, game devs said "not enough
> user to justify the port", and the users said "not enough games to
> justify using linux"... I think it's similar now with PPC, but it's
> not an issue with games lacking for PPC, I think the price and the
> availability is the real limiting factor.
> With the same analogy as yours, we start with what we're doing at
> purism to freeing intel hardware, and then "AAA manufacturers" will
> start working on freeing the FSP / ME as well for their users...
> I hope that answers your questions.
> --
> coreboot mailing list: coreboot at coreboot.org
> https://mail.coreboot.org/mailman/listinfo/coreboot

More information about the coreboot mailing list