libreboot not supporting post-2008 Intel hardware?

Blibbet blibbet at gmail.com
Mon Jan 11 10:31:09 PST 2016


Yes, USB Armories are nice. But they're like a dev board, not a laptop.

What I think we need is for Cyperpunk community to join Open Compute
Project and define the Stateless Laptop. A fat, modular laptop that let
you swap out the Intel/ARM dev board of the year, with a USB Armory or
Arduino or other device to act as IPMI BMC. Like the modularity of
blades/racks, but at the laptop level, like old laptops had bays where
you could put in optical drive or battery or hard drive. Maybe multiple
boards, like a cluster of RPI2s. OCP is for enterprises to build cheap
enterprise hardware, there is no effort to build a privacy/secure
citizen-focused device profile for OEMs to use.

> the joy of ARM is avoiding all the usual platform UEFI, CHIPSEC, etc!

Except UEFI is an option for ARM as well.

For AArch32, I presume it's used by APPL/MSFT/other vendors as a form of
DRM to keep others from removing their OS choice from their HW.

On AArch64, apparently it is there because server admins expect the UEFI
pre-OS env for servers, and AArch64 wants to get into the server market.

But unlike x86, UEFI is optional, U-Boot and coreboot are other options.
Linaro offers both UEFI and U-Boot, their UEFI is a fork of Tianocore,
with more ARM updates. I've not studied it closely, but I think there
are multiple blob-free ARM UEFI implemenations, at least in the Linaro
dev boards supported, and you can update the firmware on most dev boards.

Linaro is porting CHIPSEC to ARM (AArch64), as part of their port of LUV
(Linux UEFI Validation). CHIPSEC and BITS are not ported yet.
https://wiki.linaro.org/LEG/Engineering/luvOS

There is a lot of ARM/UEFI development going on in Linux and even
FreeBSD, UEFI is not Intel-centric.

I used to think that U-Boot was ARM-centric, but it also has Intel
support now. So coreboot, U-Boot, and UEFI are all options for both
Intel and ARM.

Last week at the RISC-V workshop, I hear that someone has already (or is
porting) UEFI to RISC-V.

Personally, I like CHIPSEC. It is a firmware vulnerability tool. Without
this tool, it'd be a lot harder to determine security profile of a
device. I wish it was available on other chips (and had chip-centric
security tests so it was useful). I wish CHIPSEC was available for
coreboot and U-Boot, not just BIOS and UEFI.




More information about the cypherpunks mailing list