On 3/23/19 3:03 PM, [email protected] wrote:
Spent several hours yesterday trying to track down what I would need to do to
install coreboot on all of my computers, starting with my Qubes box: a Levnovo
Thinkpad T480.
The bottom line from what I can tell is that if you have an Intel CPU made
since 2008 (any that have Boot Guard) or an AMD CPU made since 2013 (any that
have PSP), you are out of luck. Libreboot spells this out in their docs. I'm
not sure if that is because of coreboot itself or something specific to
Libreboot. I was stuck by how they seemed perfectly fine walling themselves off
from the present and the future.
I could find nothing indicating that anyone had even tried, much less
succeeded, in installing coreboot on a T480 and everything I did find was for
much older hardware.
I read through the coreboot docs where they just wave their hands at the end of the build
process and say "now go flash". I also read through the heads docs, which say
more or less the same thing.
Hackaday has an article on the horrors of installing coreboot on a Toshiba
laptop. Not only do they neglect to say which model they used, at the end of
the article they had it working.
The gist is that the information that's out there is out of date, incomplete,
misleading, and sometimes just incompetent.
I'm hoping that someone here has first-hand knowledge and can advise me (and
others who read this).
It serves as a reminder that the 'Wintel' platform is really closed.
Open source projects like Coreboot cannot make progress where
information about the hardware is kept secret.
I also think Intel's combination of secrecy and high rate of
vulnerabilities is particularly toxic; some of this stuff can't be
patched so running a 'secure' OS on Intel chips now looks like a futile
exercise.
AMD are also closed, but appear to be more conscientious about how they
design their CPUs given how they are less vulnerable to side-channel
attacks.
FWIW, I think Qubes devs may have seen the handwriting on the wall and
now have at least some level of interest in moving to open hardware like
the POWER CPUs.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/0bf40a48-9de1-3bc9-38d9-713d82d341e3%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
