Re: [coreboot] Plans for upcoming Broadwell Thinkpads
Hi, On 06.02.2015 21:43, Zaolin wrote: let's say goodbye to all Intel notebooks produced by OEM's which are not Google ( Chromebooks ). Maybe the haswell/broadwell notebooks of Lenovo without U/Y processor can be used ( Thinkpad tXX xXX ). It depends if they are supporting Intel Boot Guard on the southbridge... If I managed to find a VAR (value added reseller) who sells HP business laptops without Boot Guard, would there be interest in this group to buy a few machines? Regards, Carl-Daniel -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
Hi, let's say goodbye to all Intel notebooks produced by OEM's which are not Google ( Chromebooks ). Maybe the haswell/broadwell notebooks of Lenovo without U/Y processor can be used ( Thinkpad tXX xXX ). It depends if they are supporting Intel Boot Guard on the southbridge... Regards Zaolin On 02/06/2015 06:29 AM, Zaolin wrote: Hi, new thinkpad's can't be used anymore for coreboot. Especially the U and Y Intel CPU Series. They come with Intel Boot Guard and you are won't be able to boot anything which is unsigned and not approved by OEM. This means the OEM are fusing SHA256 public key hashes into the southbridge. For more details take a look at Intel Boot Guard architecture. It could be also confirmed by Secunet AG and Google. Regards Zaolin That's scary to say the least. No more Thinkpads for us... signature.asc Description: This is a digitally signed message part -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
Hi, let's say goodbye to all Intel notebooks produced by OEM's which are not Google ( Chromebooks ). Maybe the haswell/broadwell notebooks of Lenovo without U/Y processor can be used ( Thinkpad tXX xXX ). It depends if they are supporting Intel Boot Guard on the southbridge and if they are locked down... Regards Zaolin On 02/06/2015 06:29 AM, Zaolin wrote: Hi, new thinkpad's can't be used anymore for coreboot. Especially the U and Y Intel CPU Series. They come with Intel Boot Guard and you are won't be able to boot anything which is unsigned and not approved by OEM. This means the OEM are fusing SHA256 public key hashes into the southbridge. For more details take a look at Intel Boot Guard architecture. It could be also confirmed by Secunet AG and Google. Regards Zaolin That's scary to say the least. No more Thinkpads for us... signature.asc Description: This is a digitally signed message part -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
On 02/06/2015 02:42 PM, Zaolin wrote: Hi, let's say goodbye to all Intel notebooks produced by OEM's which are not Google ( Chromebooks ). Maybe the haswell/broadwell notebooks of Lenovo without U/Y processor can be used ( Thinkpad tXX xXX ). It depends if they are supporting Intel Boot Guard on the southbridge and if they are locked down... Regards Zaolin On 02/06/2015 06:29 AM, Zaolin wrote: Hi, new thinkpad's can't be used anymore for coreboot. Especially the U and Y Intel CPU Series. They come with Intel Boot Guard and you are won't be able to boot anything which is unsigned and not approved by OEM. This means the OEM are fusing SHA256 public key hashes into the southbridge. For more details take a look at Intel Boot Guard architecture. It could be also confirmed by Secunet AG and Google. Regards Zaolin That's scary to say the least. No more Thinkpads for us... So the real question is: are there any AMD notebooks on the market with similar build quality to the old IBM Thinkpads? I've about had enough of Intel and their monopolistic ways. -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 http://www.raptorengineeringinc.com -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
On 02/07/2015 03:37 PM, Carl-Daniel Hailfinger wrote: On 07.02.2015 21:14, Timothy Pearson wrote: So the real question is: are there any AMD notebooks on the market with similar build quality to the old IBM Thinkpads? I've about had enough of Intel and their monopolistic ways. I saw AMD-based HP laptops (Probook/Elitebook) and they are nice (if you don't mind a miniscule return key on the keyboard). The build quality is comparable to newer Thinkpads (sharp edges included). The docking options are a bit limited, though. That said, I do _not_ know if HP is using anything similar to Boot Guard on those laptops. Judging from photos of an opened Elitebook 745 G2, there are two flash chips next to each other, so either it's some sort of Dual BIOS solution or possibly other parity checks or an EC accessing both flash chips. Before you spend 1000 USD on such a machine, it would be wise to make sure you are not being stopped by any AMD/HP equivalent of Boot Guard. Regards, Carl-Daniel We aren't looking at purchasing new laptops right now, but it's almost looking like the Chromebook might be one of the best options for a machine to run fully open-source software. Never used one so I don't know build quality or horsepower however. -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 http://www.raptorengineeringinc.com -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
On 07.02.2015 21:14, Timothy Pearson wrote: So the real question is: are there any AMD notebooks on the market with similar build quality to the old IBM Thinkpads? I've about had enough of Intel and their monopolistic ways. I saw AMD-based HP laptops (Probook/Elitebook) and they are nice (if you don't mind a miniscule return key on the keyboard). The build quality is comparable to newer Thinkpads (sharp edges included). The docking options are a bit limited, though. That said, I do _not_ know if HP is using anything similar to Boot Guard on those laptops. Judging from photos of an opened Elitebook 745 G2, there are two flash chips next to each other, so either it's some sort of Dual BIOS solution or possibly other parity checks or an EC accessing both flash chips. Before you spend 1000 USD on such a machine, it would be wise to make sure you are not being stopped by any AMD/HP equivalent of Boot Guard. Regards, Carl-Daniel -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
On 02/06/2015 06:29 AM, Zaolin wrote: Hi, new thinkpad's can't be used anymore for coreboot. Especially the U and Y Intel CPU Series. They come with Intel Boot Guard and you are won't be able to boot anything which is unsigned and not approved by OEM. This means the OEM are fusing SHA256 public key hashes into the southbridge. For more details take a look at Intel Boot Guard architecture. It could be also confirmed by Secunet AG and Google. Regards Zaolin That's scary to say the least. No more Thinkpads for us... -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
Hi, new thinkpad's can't be used anymore for coreboot. Especially the U and Y Intel CPU Series. They come with Intel Boot Guard and you are won't be able to boot anything which is unsigned and not approved by OEM. This means the OEM are fusing SHA256 public key hashes into the southbridge. For more details take a look at Intel Boot Guard architecture. It could be also confirmed by Secunet AG and Google. Regards Zaolin I should probably not post about any Thinkpads till I get to test the T410s port... but anyway has anybody considered a port for the incoming Broadwell Thinkpads - especially the T450s? It would definitely be a plus to know that there will be others hacking at it as well before buying ;) -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Plans for upcoming Broadwell Thinkpads
On Fri, 06 Feb 2015 11:16:48 -0600 Timothy Pearson tpear...@raptorengineeringinc.com wrote: On 02/06/2015 06:29 AM, Zaolin wrote: Hi, new thinkpad's can't be used anymore for coreboot. Especially the U and Y Intel CPU Series. They come with Intel Boot Guard and you are won't be able to boot anything which is unsigned and not approved by OEM. This means the OEM are fusing SHA256 public key hashes into the southbridge. For more details take a look at Intel Boot Guard architecture. It could be also confirmed by Secunet AG and Google. Regards Zaolin That's scary to say the least. No more Thinkpads for us... Is it used by Lenovo? I think I can boot a USB-Linux on a new Thinkpad within a friendly Lenovo Store. How can it tested? What registers must be read? Best, lynxis -- Alexander Couzens mail: lyn...@fe80.eu jabber: lyn...@jabber.ccc.de mobile: +4915123277221 pgp3dItOfZEaJ.pgp Description: OpenPGP digital signature -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot