
Librem 13 coreboot report: It’s Alive - sscarduzio
https://puri.sm/posts/librem-13-coreboot-report-february-3rd-2017/
======
josteink
> After that, I’ll work on disabling the Intel ME

I don't know anything about PureOS and I've never seen coreboot in action, but
this genuinely sounds like a selling point.

Intel HW without the dreaded ME would be super-nice.

~~~
ploxiln
PureOS is just a Debian derivative (which attempts to get FSF approval like
some other distros).

Purism has been talking up their work on a free firmware and disabled ME for
two years now. They haven't gotten anything working until now.

I like what they're trying to do, and (roughly) how. I bought a Librem 13 and
received it a year ago. But my overall impression is that they just didn't
have the familiarity and expertise they needed on the software and firmware
(and not enough money to buy enough expertise). Thus the slow and long-stalled
progress on the coreboot port, the very slow and still somewhat disappointing
development of the touchpad driver (which was the only driver they had to do
real work on), and the confused/misinformed promises about the ME for the
first year or so of the project.

But there isn't an alternative that's better in all dimensions, at the moment.

~~~
bubblethink
Isn't the 2015 Pixel laptop a good fit except for the limited storage ? I'm
guessing that it supports coreboot out of the box, probably has all drivers
upstreamed, and has a great display. If there were a way to upgrade the
storage, that would be the ideal laptop. Also, Google might release a new
Pixel laptop this year too.

~~~
igravious
It's not on this list:
[https://www.coreboot.org/Laptop](https://www.coreboot.org/Laptop)

Does it even have a supported chipset?

~~~
bubblethink
I'm pretty sure that both Pixel laptops run coreboot. This page says so:
[https://www.chromium.org/chromium-os/developer-
information-f...](https://www.chromium.org/chromium-os/developer-information-
for-chrome-os-devices/chromebook-pixel-2015) .I think Google is one of the
major contributors to coreboot. I hope they release a full fledged laptop with
expandable storage.

~~~
aeroevan
Can confirm, 2015 pixel is a great relatively linux friendly linux laptop
running coreboot. Until recently the sound driver wasn't in the upstream
kernel, but it is in 4.9 (but still isn't perfect).

But everything else is great.

~~~
igravious
Awesome. 'Tis pricey tho'.

------
awinter-py
It kills me that every device I own has a secret RPC-capable OS running on it.
Intel ME on my laptop, radio OS on my cell phone.

Why have hardware companies always wanted to bundle crappy software?

~~~
new299
By "radio OS" I assume you mean the baseband controller firmware?

It would be nice if it was open source, but it's a bit more understandable
than the Intel ME. The baseband firmware often has regulatory requirements the
rest of the phones doesn't have. It comes from a different vendor, and is
compartmentalized. I too would like it to be open source, but it seems like a
different situation.

~~~
emidln
The regulatory requirements are bullshit. I can build out of spec transmitters
in my garage. If I use one, I get in trouble with the FCC.

The requirements as they stand are nothing more than an excuse for shitty
networks to spend less on reliability and security while providing a
convenient backdoor for state-level actors.

~~~
tinus_hn
It's much more likely that a ton of people start installing dodgy firmware
they got off the internet than they start building jammers in their garage.

Imagine if such a firmware had a slider that boosts the transmitting power.
People would love it but the network as a whole would suffer.

~~~
emidln
How difficult do you think it is to build jamming equipment? If you are
technical enough to install new firmware, you can follow directions to block
cell phone calls in your immediate vicinity. It just takes a Google search and
a soldering iron.

------
tubehouse
A question about me_cleaner: can malware simply re-enable it? Or does using
me_cleaner "brick" the ME system permanently?

~~~
pgeorgi
It removes enough parts of the ME firmware that it's stuck in whatever mode
initialized by the ME's boot ROM (which is in-chip).

In principle it might be possible to upload code through an undocumented
interface and get it to boot up later. Nobody (outside Intel) knows.

