[coreboot] T450S + Coreboot
Nico Huber
nico.h at gmx.de
Tue Aug 28 10:20:11 CEST 2018
Hi Mike,
please don't spread FUD on this list.
On 28.08.2018 09:54, Mike Banon wrote:
> And even if there weren't any problem with Intel Boot Guard, its not
> that easy to add a support for new board (impossible to do it over
> weekends, especially for the newcomers).
The T450s would probably benefit a lot from the existing support for
ThinkPads. But Broadwell really isn't a weekend port (Sandy or Ivy
Bridge would be for a ThinkPad) because we have few Broadwell ports
and an ugly blob situation.
Anyway, chances are close to 100% that the T450s has BootGuard in
verification mode.
> If I were you I would have
> sold these T450S and bought some machine already supported by
> coreboot. It could be one of those Intel Thinkpads (although you'll
> have to spend time cleaning Intel ME)
You don't *have to* spend time cleaning the ME, you *can* spend time
with it. It is actually unknown if that lowers or highers security,
so there is really no reason to advice to do it (unless you need more
flash space for fancy stuff).
> or maybe Lenovo G505S quadcore
> AMD laptop which doesn't have any Intel ME / AMD PSP backdoors in its'
> CPU at all - so no need to clean anything.
The G505s requires a lot of other blobs, IIRC: xHCI (optional), AtomBIOS
for GFX (which even runs in the OS on the host CPU), maybe more I don't
remember. I don't see how that is better (you seemed to want to sell
that by only stating absence of blobs, ignoring those it has instead).
Nico
More information about the coreboot
mailing list