Hacker News new | past | comments | ask | show | jobs | submit login
System76 Will Ship Linux Laptops With Coreboot-Based Open-Source Firmware (forbes.com/sites/jasonevangelho)
570 points by Aissen on Oct 10, 2019 | hide | past | favorite | 271 comments

I am Jeremy Soller, Principal Engineer at System76.

Let me know if you have any questions. The source for this can be found here:


There are instructions there for building and testing the firmware in QEMU, you do not need to have our hardware to try it out.

I have one.

How are you claiming open source firmware when your hardware requires signed, closed source binaries to even begin to boot? I refer specifically to the Intel Management Engine, which incidentally is why we gave up on x86 many years ago.

How did you solve the GPU closed, signed firmware problem for discrete GPUs? How about the WiFi card firmware?

I understand your decision to try to keep compatibility with games and Windows, but the result is only partly open source, and that is not what these headlines read.

I know we would be interested in assisting System76 (or other prebuilt system OEMs) to start offering POWER products as true open source, owner controlled alternatives to Intel and AMD. For instance, we currently manufacture and sell mainboards that would be a perfect fit for your existing Thelio cases, that work very well with (optional) powerful AMD GPUs -- there's also a 2D HDMI graphics option for true blob-free operation. All you need to do is qualify our mainboard in your devices, and offer software support -- it's a very low risk investment all things considered but would allow System76 to sell truly open source systems vs. partly closed ones.

Is there some possible room for collaboration here? The GPU, WiFi, etc. firmware questions are honest questions -- the firmware is potential issue, and the more OEMs/ODMs that work this problem simultaneously in collaboration the higher the chance of a solution being found that will allow even those devices to be freed up and made secure.

You two, please, set up a super-open-source-software-based video call and start to get this done. Then just say the price and I'll pay.

I want a laptop where the all of the design files are open source. It would be worth a serious premium in addition to the premium I would pay for the open POWER system. The few we have now are maxed out at 4GB. Someone is going to do it...

Have you already seen the MNT Reform? https://mntre.com/reform/

Heh, I hadn't either. My dream machine has 4x NVMe, 128G of soldered on RAM (with power control), a real SDR, plenty of GPIO, ADC/DAC. 2x ethernet, serial, CAN, novena style fpga, second SOC cpu with dma... basically a hacked up LX2160A (for which the design files are available... but not open as far as I can tell). I tend to stick to a box for a long time... typing this on a t420s. I dont care about the battery, just give me enough time to move the plug or suspend it. Supercaps would be fine.

Watch out for the LX2160A -- if you intend to use certain items, like any of the onboard high speed networking, you have to load blobs. This was one reason we decided (after careful consideration, which included bringing a box up and working with the firmware for a while in parallel with the POWER efforts) not to use LSI or ARM CPUs in our systems.

Your requirements probably aren't too far off of one of our Blackbird systems -- I suspect it's just the form factor (micro-ATX) that's the problem. You might even be able to do the pull plug for minutes trick with a suitably sized lithium battery tucked inside the slimline chassis. ;)

Yep it's totally the form factor. I looked at it again when I found that NXP system (thanks to #olimex:)... half considered asking about getting rid of the ram slots, ATX connector, PCI's and various tower plugs and adding the ability to run 4+ drives while still fitting it in a laptop-ish case. Also as far as I can tell, you dont provide the design files... yet:) I'm throughly excited about your systems, but I dont need a desktop (or another 24+bay box) atm. I would expect to spend ~$4k for the board.

Yep, I figured as much. We'd love to do a laptop, we're literally just stalled on the GPU. This is where a consortium of ODMs and OEMs could possibly effect change, the combined buying power is probably enough to get custom GPU silicon sans-DRM and locking created. Only question is, does enough willpower exist from the other ostensibly open vendors at this time to actually work toward that goal with us? ;)

Provide a path to a $1300 laptop that is POWER based (and not crippled "slow 1 core SMT1" stuff from IBM's dead-bin) and you might entice System76 and Purism.

Your products target "Freedom, no matter the costs" while their products aim for "better than what the market has right now, at consumer friendly price points".

Both are important: they demonstrate that there's mass market appeal, you demonstrate that there's an achievable ultimate goal.

If you want to join forces, there needs to be a common story that works for both. Right now, their story isn't sufficiently Free-with-capital-F for you and your story isn't sufficiently consumer-compatible for them.

> Provide a path to a $1300 laptop that is POWER based (and not crippled "slow 1 core SMT1" stuff from IBM's dead-bin) and you might entice System76 and Purism.

I just gave them a path to a desktop that is POWER based, with very low up front costs (basically take their existing Thelio chassis, swap mainboards from x86 to POWER, do some software builds of Pop!_OS, and do a trial launch). I think that's a far more reasonable initial trial than going for a full laptop. It's also relatively consumer friendly, especially in today's cloud era where the proprietary apps people are using might just well be behind a web browser in the first place.

If they were a laptop-only company I'd agree with your assessment (I'm not happy with the GPU situation at all, that's the primary blocker for a libre laptop), but they're a laptop and desktop company. That means there's more ways they can test market owner controlled systems than a full up laptop design with massive design + tooling costs for an uncertain return.

If the financials of that make sense, I think it's certainly something they should make part of their portfolio: make a point, gauge interest, increase volume.

I suspect that the laptops are their mass market driver though. Note how S76 has laptops + desktops, Purism has laptops + phone stuff, and Pine64 has laptops, phones and watches.

All of them do laptops plus some excentricity that may or may not translate in good future business: desktop systems are excentric these days and apparently they're not even the most popular pick when branching out, phones are.

I hadn't, thanks for the link! It's an interesting possibility for a terminal device, though I'd prefer something open ISA -- if that was either POWER or RISC-V vs. ARM, I'd probably pick one up...

I think you need to go up one level, to the wholesalers who manufacturer the barebones systems. https://en.m.wikipedia.org/wiki/Clevo


For embedded and laptop devices, are there power devices or other options for truly free firmware?

The desktop price point on current boxes are still high, do you foresee those prices dropping in the future?

Will newer POWER architectures create a large workload for you or is it more simple?

- cal

Laptop is a large problem still -- mainly due to GPUs. With desktop, we don't have to deal with the issues associated with a soldered-down non-free GPU; the mainboard works blob-free if desired but the user already expects to install a discrete GPU if they need one. With laptops, the GPU has to be integrated, and there are no GPUs in production today that don't require signed firmware (this is due to the DRM contracts for Netflix and Disney+, that kind of thing).

Price point is not likely to drop until we reach a largely self sufficient critical mass of users, developers, and software. Only x86 has crossed that threshold right now, so it's clearly a high bar. Still, the more users we have, the more possibility for pricing drops in the future!

New POWER is near seamless from a software perspective, just like on x86. Upgrade kernel, keep using your existing software installs. And since POWER is now an open ISA, that software will basically keep working forever -- if you needed to reimplement it on a 22nd century FPGA due to lack of hardware, you're legally able to do so. This is not the case for x86 or ARM.

If you don't mind me asking, do you use a laptop for work/personally? And if you do, what do you use?

I've been looking for one and I have the same concerns you do, and right now the only thing I realistically see if I want completely open is a thinkpad x200/t400 flashed with libreboot.

I've actually given up on using laptops for now. I still have an old x201 and t400 but they don't get out much due to the Intel silicon vulnerabilities.

Nothing I do with secure data hard-requires that level of portability, and for insecure (tracked, DRMed, closed + signed firmware) mobile use a Lineage smartphone is good enough for what I do. A laptop with closed / signed firmware simply doesn't gain me anything worth having over the phone.

My personal desktop is a Blackbird. The couple of old x86 apps I can't easily ditch (because they are open source but need MVC APIs and I'm too lazy to write the shim layer) I just forward X over SSH to an old corebooted Opteron box.

Thanks for the thoughtful (and quick) response! That was sadly what I was afraid of. Normally I wouldn't bother but I'm going back to school, and sadly the Novena I have just isn't supported anymore (I tried updating u-boot/kernel myself for a while, ended up not being worth the hassle).

My best recommendation might be a bit odd, but here goes...

Can you put a POWER "base station" of sorts in your dorm / apartment and use a low power secure terminal, like a corebooted C201, to access it over an encrypted link?

I've done something like this when I had to travel last -- was able to maintain a stable link back to one of my POWER machines so the lack of local computing power on the laptop didn't matter. Really hate that Chromebook touchpad though. ;)

Heh, that's an interesting idea! I'll have to look into finding a C201. Finding a POWER base station shouldn't be too hard to find.

What OS do you run on the Blackbird?

I run Debian Buster.

Are ISAs patented or copyrighted?

IANAL, but this is what I've been told:

Both. Copyright applies to some aspects, patents to others, and then you also get into trademark rights. With the US having embraced effectively permanent copyright, ISAs will not be freely able to be implemented unless their owner expressly allows it (my understanding is that the Oracle vs. Google case solidified this thinking).

Fundamentally, that means you get to pick from RISC-V, POWER, or SPARC when selecting a well known ISA for your new device, or start signing licensing agreements (which always come with restrictions and oftentimes significant royalties).

The Oracle vs Google case was not precedent setting, it was a patent court deciding the copyright applied, that is not something that causes a precedent to be set.

Just wanted to give you some love. It must be really harsh for morale dealing with the OSS crowd who will always consider you don't do enough without recognizing that you are helping building a road where none existed before.

Kudos to you!

Honest question: why do you consider System76 to be building new roads by using locked hardware and offering partial open source firmware for it? Wouldn't the new roads kudos be more appropriately given to all of the folks that made real open hardware happen (RISC-V, OpenPOWER, etc.) years before this partly-open-source system announcement went out?

In my mind the RISC-V folks especially were real trailblazers in this space -- they took massive risks when no one, and I mean no one, was doing open source CPUs beyond soft cores. IBM focused more on open firmware, then eventually opened their ISA, but x86 vendors have had no such forward vision in their history -- the x86 vendors have followed in this space, not led, for well over a decade, and indeed both sides of the x86 duopoly (Intel and AMD) are both separately on record as having stated their goal is to take control away from the machine owner in whatever manner they need to in order to fulfill their DRM contracts.

Even with this laptop announcement, if I'm honest, more following is being demonstrated -- the coreboot user community had open source firmware ARM laptops (Chromebooks) available quite a long time ago, why weren't those hailed as building new roads when they appeared? Does anyone really think we would have reached a point where an x86 vendor would be trying to advertise even partly open source firmware without the pioneering efforts of the competing, truly open architectures?

To the downvoters: I'm guessing you wanted to run Windows 10 "safely" somehow, or sandbox your games. There's almost no other reason to be this stuck on x86; at the end of the day it's just a consumer architecture that some well known privacy disrespecting software requires to run. It's not even that great of an architecture from a technical perspective, it just happens to have the financial weight of the prosumer market behind it right now.

Here's reality:

This laptop won't stop Windows exfiltrating your data. These x86 systems are leaky, they require sizeable amounts of low level binary firmware to even boot, and proper isolation is near impossible. Try sticking a PCIe diagnostic system on an open PCIe slot and sending commands to the WiFi or Ethernet card -- most likely it'll respond [1]. Then consider the firmware in the various controllers attached to the PCIe bus, including your GPU.

It's probably a violation of your game's anticheat system to try to sandbox it. It's definitely a violation of the NVIDIA driver EULA to run it in a virtual machine, unless you pay the enterprise driver license fees and use a server grade adapter. The kind of adapter you won't usually find in a laptop, by the way.

This is a topic that I find very frustrating. We all know you want to do the above. It can't be done without license violations all over the place, or head-in-sand make-believe "security", on modern x86 hardware. No wishing, hoping, etc. will make this change.

[1] Yes, this is known to happen on specific x86 systems that I have personally tried (in that case, it was a malfunctioning GPU writing to the disk controller!). Invalid cross-device access was also tried on a POWER box, where the invalid accesses were blocked and logged as intended.

I gave that comment a downvote because I thought it was disrespectful.

System76 have been providing practical solutions for running free software on available hardware for years now. That does indeed deserve kudos, even from you.

Keeping a kilowatt of computing power running at all times at home and connecting to it with a dumb ChromeOS terminal as you're suggesting is quite honestly not a viable solution for many people. And excluding practicalities (which a real person, of course, cannot) it might even be worse for security depending on your threat model.

That may be. However, I was using Linux on bog-standard computers before System76 was even founded -- preinstalling Linux on a computer isn't exactly revolutionary, and it's in a completely different league from the work that has been required to bring up entire new CPUs (!) to compete with the increasingly locked x86 systems.

No idea where you're getting a kilowatt from. My desktop uses maybe 120W or so, with a lot of that going to the AMD GPU.

If we're going to trade barbs over ecological damage, what happens to all those Intel and AMD systems that would have been useable if they had just had updates to the locked/signed firmware, but are instead floating around in landfills because the vendor decided they wanted to enforce their control and not issue security updates?

> That may be. However, I was using Linux on bog-standard computers before System76 was even founded -- preinstalling Linux on a computer isn't exactly revolutionary

System76 is making free software computing more attractive and available. You might think of what they do as easier than what you do, and you might disagree with the way they prioritize security over other factors in their products, but I still think it's pretty bad of you to imply that what they're doing is not valuable to this community.

OK, I think I may have been misunderstood...

What they are doing in that space is valuable. However, with just a bit more tweaking, they could offer something a whole lot more valuable in parallel, and leave this whole semi-open x86 issue behind. If they were to offer even a couple of actually open source firmware systems, and indicate somewhere in the marketing that the x86 boxes are only partly open source, that would not only eliminate the entire controversy here but also allow them to take the next logical step in open software. If their core mission has basically been to make open source easy to consume, that's a worthy goal; why not go a bit further and make open source on open hardware with fully open firmware just as easy to consume?

Clearly there's demand, from the comments in this thread alone!

I'm a fan of what Raptor is trying to achieve but you perhaps need to go easy on the company Kool Aid. Hijacking another manufacturer's comment thread to push your own agenda is one thing, ranting and being disrespectful is quite another.

I wouldn't be here if I didn't see a bunch of headlines yesterday that made it sound like these new laptops have proper open firmware.

They don't. That's why I'm here, to provide the missing other half of the story.

Let me take this opportunity to ask you a question here after you making clear the problems you see.

Hardware becomes more complex and can include internal software that from a user perspective is just part of the hardware. But in fact, it is software running doing complex things outside of the oversight and control of the user.

Do you have plans to not just have open software but also open hardware? Do you hope to offer a device in the future with not just free software, but with the source files of the integrating hardware like the motherboard as well as of the chips like CPU and auxiliary ICs? Do you see a possibility to start with an open RSIC-V CPU?

Actually, yes! We're closely monitoring the development progress of the open toolchains for various FPGAs; with POWER ISA now being open for implementation by anyone anywhere, I could easily see a future where extremely sensitive work is seamlessly moved from a large closed ASIC like the current IBM POWER chips to a completely software compatible, but significantly slower, soft SoC running in an FPGA. Or even an ASIC, if methods are eventually developed to verify the ASICs match the input design files at scale (i.e. non-destructive testing).

This seamless transition is one of the key benefits of an open ISA in my mind; development and testing of algorithms can be handled on the closed but top of the line (i.e. extremely powerful) ASIC, then when sensitive data is being handled that same binary can literally be run without changes on the soft core or other slower, but open, system. You could even compile on the slower ultra-trusted system, and test the binary on the larger ASIC -- lots of interesting possibilities here!

That is exciting! Open and well-documented FPGAs are definitely useful and very interesting to have in a device. Have you looked into OpenPiton [0], PULP [1], BOOM [2], or lowRISC [3]? While I'm hopeful that you find these projects personally interesting, I'm also looking forward to eventually see them in devices. Sorry for not listing any open POWER CPU/SoC projects as I'm not aware of any. Please share if you know any.

[0] https://github.com/PrincetonUniversity/openpiton [1] https://github.com/pulp-platform [2] https://github.com/riscv-boom/riscv-boom [3] https://www.lowrisc.org/

Microwatt is the first fully open POWER core:


It's also structured very well, quite clean for learning purposes etc. The current goal so far as I know is to perfect this core, and fork for a more complex / powerful variant. Maybe by the time that's done, the open FPGA tooling will have caught up enough to be able to run a usefully fast (~200MHz) POWER soft core, all in FPGA logic...

I'd strongly prefer a ppc64 core over a RISC-V core for one simple reason: we have a wide deployed base of very powerful ppc64 machines, and not having to keep cross compilers and related environments around is a massive streamlining step that we don't even know the full effects of yet (it hasn't been legal until now to have the SoC under development running the same architecture as the high end workstations and servers used to develop [for] it). The demo of using mainline GCC on a POWER box to build a binary for the Microwatt (that would also run on the host with KVM, if desired, for fast trace and debug) was most impressive.

> It's probably a violation of your game's anticheat system to try to sandbox it

Funny enough I've heard claims recently that Steam/VAC detects KVM virtualization and temporary kicks from VAC games as a result.

I wouldn't be surprised -- it's a gaping hole for anticheat software if not addressed. In fact, long term the anticheat is going to have to require a completely locked-down (console-like) experience from boot firmware (ME/PSP attested) through OS and userspace, or it will not be effective.

Which is one reason why I don't rent games on Steam, and why I bought a PS4 instead. If I'm going to have to game on a completely locked down system, I vastly prefer to do it on a system that doesn't touch any of my personal data and for which I can still buy permanent, resalable (and yes, even lendable) games on physical media.

PC gaming hasn't interested me since Steam on Windows with mandatory anticheat became the primary way to play games.

Because not everything is about FSF-purity standards. Running a profitable company while providing as many open packages as possible is commendable. Pushing to open more is. But jeez, would it hurt to show some love to people who genuinely do care at least a bit about open firmware?

And yes, a lot of us do love OSS but also have clients who require windows compatibility. Some of us do deep learning and need good GPU/Cuda support. We all do compromises with OSS ideals, and it is GREAT to have people like System76 fill in that niche.

Otherwise the choice would be only between pure-FSF machine that run only some specific distribs of linux (I do own a novena, you know) or totally proprietary system that come only with windows and 50 GB of crapware. Without Systm 76, I would just be buying another DELL so thanks and kudos to them.

Thanks and kudos to the people who also uncompromisingly prepare an open and resilient ecosystem of open chips, open GPUs, open firmware.

But please do show some love to each other and dont get stuck in an absolutist position where you can't see the difference between people trying to find a market to OSS pieces and promoters of walled gardens.

I still don't understand why you would even care about the firmware if you're running Windows. To me, that would be like building a fortified, ultra-secure rear doorway into a run down barn with a gaping hole where the front doors used to be.

If these efforts were even potentially likely to result in open x86 systems someday, I wouldn't be as opposed to them as I am now. But when you have both x86 silicon vendors on record as being contractually and legally unable, let alone unwilling, to allow owner control, all I see is a massive waste of effort with a known incomplete (i.e. partly closed) endgame. Worse, that effort is detracting from other efforts that are providing fully open computing right now, today.

My recommendation has always been to use the commodity x86 world's greatest advantage if you have to use Windows: cost. Get the absolute cheapest possible Windows system you can find that still has enough power to support your clients, plan on replacing it every so often as Windows churns along, and actually invest in a secure, open computer for everything else.

x86 is a closed ISA with closed, locked, signed firmware. All appearances are that it will stay that way permanently, with just enough late-stage open firmware allowed to create sufficient marketing confusion in less technical circles. Why not select and embrace one of the open ISAs for non-Windows computing? Who knows, you might be helping make secure / non-hostile computing happen on a large scale just a little bit faster! :)

For the same reason I cared to run linux even before we had open BIOS. Would you have been shouting at young Torvalds that he was wasting his time trying to write a free OS in a world of proprietary hardware?

We won't get to a fully open ecosystem in a day. It wont be a single project, and the more experimental parts you add to the platform, the higher the cost you pay in instability, complexity of maintenance, and performances.

I am not always running windows. But I have it installed for when I have to test aginst it.

I am not a dissident, a journalist or a spy, so my threat model is not the NSA or PCC prying on my contact list.

My threat model is the scenario "Microsoft and a random hardware vendor team up to make sure <Technology X> can never work on linux" which history has shown to be a credible one.

Actors like System 76 fight against it and I am grateful.

Getting CPUs, motherboards, GPU and drive drivers provably clean and incapable of spying is a magnitude harder, starts being feasible, but so far I am not in a category where I absolutely need that. I am pretty happy that some people start offering that too but it helps no one to pretend that people working on these parallel lines are somehow opposed. That's a self-defeating attitude!

>Would you have been shouting at young Torvalds that he was wasting his time trying to write a free OS in a world of proprietary hardware?

Yeah. It wouldn't have stopped him, probably just made him want an open platform even more.

Why no AMD CPUs? I just don't buy anything Intel and I'm for some time looking at System76, but each time I go build a setup I remember why I gave up the last time around.

Also, with the price difference between the two it would be a more interesting hardware using this difference to acquire more RAM.

Relatedly: why no AMD GPUs? AMD's much more cooperative with Linux than Nvidia is or probably ever will be at this rate, and performance is great even with the FOSS drivers (as I've observed on both my Dell Precision 7510 and the Threadripper + Radeon rig I built about a year ago).

Like, it's kinda maddening that "the" household name in Linux laptops (if there is such a thing) has zero laptops with an AMD GPU as an option.

AMD GPUs require AtomBIOS which contains bytecode (that is: blobs) to initialize the GPU. If you look at the Linux drivers, they come with an AtomBIOS bytecode interpreter for that purpose.

There was some confrontation over that 10 years ago or so (see radeon vs. radeonhd drivers, one point of view is described at https://libv.livejournal.com/27799.html) and the people in charge of Linux GPU drivers decided to go with AtomBIOS.

> AMD GPUs require AtomBIOS which contains bytecode (that is: blobs) to initialize the GPU. If you look at the Linux drivers, they come with an AtomBIOS bytecode interpreter for that purpose.

I'm failing to see how this is any worse than the current situation with Nvidia drivers, especially if System76 is preinstalling them. You'll need blobs either way. You'll arguably need far more of them for an Nvidia GPU than an AMD GPU.

ACPI also works this way, no?

Right, but ACPI has a standard (even if using the standard has onerous restrictions) and so firmware projects like coreboot can (and do) implement their own.

For AtomBIOS, you have a single vendor virtual machine environment (bytecode + semantics) describing whatever they need in a custom form. There's no other documentation for the things out there than AtomBIOS speciment, making reimplementation rather complex.

Seems to just be that System76 laptops to date are all based on Clevo designs and Clevo does not make any laptops with AMD chips.

Are the mobile AMD GPU options all that great? The RX 5500M that's coming out soon looks interesting.

The reasons for going with Nvidia are:

  * Nvidia is more power efficient. This is really critical for mobile devices
  * Nvidia has CUDA, which is important for (among other things) folks that use machine learning frameworks
  * System76 has put in work to make using Nvidia GPUs more seamless on Linux (pre-installing the drivers, etc.)
Zen 2 really gave AMD the power-efficiency over Intel. Intel's 10nm is still largely absent from the market, and even then I'm not sure how much more efficient the 10nm process is.

I don't think the same can be said for Navi vs. Nvidia's architecture. Also, Nvidia is working on their own 7nm based GPUs.

Fair points all around.

> Are the mobile AMD GPU options all that great?

I haven't had issues with them, even with high-performance stuff like gaming and CAD (can't speak much to machine learning, though).

> Nvidia has CUDA, which is important for (among other things) folks that use machine learning frameworks

What's stopping them from using OpenCL? Whether by using an ML library that actually supports OpenCL outright (e.g. Caffe, PlaidML) or using something like Hipify to convert from CUDA to OpenCL, that shouldn't be a limiting factor.

We initially went with OpenCL to maximize optionality, e.g., back then, GPUs were just getting into the cloud, and we were thinking of eventually getting Graphistry running on FPGAs as well. However, we had to bring a bunch of stuff to the JS world, and ultimately, we wasted a ton of time & money here and with minuscule eco-system support. Intel & AMD's SW arms are very narrow in what they actually support, so if you aren't doing some precise deep learning thing or legacy fortran whatever, sorry.

Back then, the case was unclear because so little stuff existed outside of the MPI & graphics worlds. Today, for most engineering leaders today, the CUDA ecosystem, and emerging productivity layers like RAPIDS is quite rich. They make OpenCL a niche & risky call. The goal should be writing ~100X more code than the OpenCL ecosystem is giving you, it's just surface level.

> I haven't had issues with them, even with high-performance stuff like gaming and CAD (can't speak much to machine learning, though).

Good to know. I have a laptop with the Ryzen 3500U and the Vega 8 integrated graphics. I love it for what I use it for (light gaming) but I'm not familiar with the higher-end mobile GPUs.

> What's stopping them from using OpenCL? Whether by using an ML library that actually supports OpenCL outright (e.g. Caffe, PlaidML) or using something like Hipify to convert from CUDA to OpenCL, that shouldn't be a limiting factor.

I assume just familiarity? That's just what the ML people that I know use.

I would really like to see OpenCL take a dominant position in the GPU compute space, regardless of the GPU manufacturer that has best support for it.

I think we're still a little ways off from a tipping point towards OpenCL. I think it will be accelerated with Intel's launch of the Xe discrete graphics.

Basically AI mainly use cuda. Yes there are libraries. But for the moment for most of us ... I still have to stay in high Sierra for that in my old Mac Pro. Other platform ... open CL for machine learning and AI, not sure anyone doing this. Leela zero do havr some success.

I suspect it's because AMD's resurgence is so recent and these things need long lead times for procurement, development, and validation.

I'm less familiar with laptops: Do Intel and AMD CPUs even share a common socket?

Intel and AMD CPUs do not share a common socket (or chipset) on server, desktop, or mobile platforms. I think the last shared socket was Socket 7 [0], released back in 1995.

0: https://en.wikipedia.org/wiki/Socket_7

I didn't realize that. I guess it shows that I talk to more people building desktops than I have myself.

AMD and Intel do not share a socket.

Not only do Intel and AMD processors not share the same socket, processors change socket from generation to generation.

Socket? Ha! Slot 2 forever! Muahahahaha! >:-D

Can't speak for System76, but I got the AMD Thinkpad (A485), and I'm honestly disappointed as hell and now I understand why you don't see the Ryzens on laptops too much.

The power management is an absolute joke (the thing has two batteries and barely lasts 2 hours total), suspend works maybe 20% of the time, and the OS actually freezes on it every now and then leaving no trace in syslog. I'd much rather get an Intel now if I had a choice.

The A485 was their first attempt with the first mobile Ryzen release. The T495s (latest mobile release) should be way better.

For reference, I had a Ryzen 1800x and it had the same OS freeze issue. The latest Ryzen CPU hasn’t had any issue with 0% down time for months.

I have an E495 (would have gotten the T495 if it didn't have soldered RAM and/or if it still offered a second battery), and it does okay. I think I get 3-5 hours battery (haven't measured it), and I'm considering getting an external battery pack before I need the extra battery life.

The E495 uses a newer rev of their chips and is completely usable (not as good as Intel) despite still not being on 7nm. I expect the next gen to be very competitive with Intel.

That being said, I'm really disappointed at the direction Lenovo is going by trying to make everything thin. I want a powerful laptop (compiling, light gaming) and I'm fine with some extra thickness, but I want don't want anything bigger than 14". If I want thin, I can go for the X models or the T...s models, but for some reason, the regular T line is getting thinner as well, and losing a lot of the reasons I have for getting them. I ended up with the E series because I don't want soldered RAM and I'm not paying a premium for a laptop that has much of what I want removed.

If System76 can deliver a decent Ryzen laptop (want those cores) with a good keyboard and open firmware, I'll pay. I'm happy with it being thick, provided it's not too wide (needs to fit in my bag). But all I see from System76 is mediocre laptops with open source bits, and that's just not my cup of tea.

What distro? I have a T495s and I haven't had any issues with it running Arch.

Yea, something seems fishy. My E485 (one 3-cell battery) gets 3-4 hours on Arch

You poor bastard. I’m running arch on an X1 6th and getting 8 hours+

I mean, they're very different laptops and anyway, if this is a competition, I get ~10-11 hours with a 9 cell in my x220 on arch.

What Ryzen are you specifically referring to?

Afaik newer generations have Intel beat on performance/watt, particularly in HT heavy applications and at least on desktop.

Being able to put out more FLOPs at max pinned wattage, doesn’t imply that you’ll take in fewer watts at idle. Power consumption isn’t linear.

I'm not talking about "more FLOPs at max pinned wattage", that would be Intel. I'm talking about efficiency as in performance delivered per watt used and on that metric Ryzen has Intel beat on desktop.

So it stands to reason those new Ryzen chips would also perform very well in laptops.

[0] https://www.tomshardware.com/reviews/amd-ryzen-9_3900x-vs-in...

No, you’re misreading what I said. My point was that the metric AMD has Intel beat in is “performance per watt under load”. With Ryzen, each watt you spend will get you more FLOPs than the same marginal watt will get you on an Intel chip. It’s like Ryzen is a car with more torque, that can turn each cc of gasoline burned into more force, and so get you further down the road. But that doesn’t mean that Ryzen idles as low as an Intel chip; i.e. that the Ryzen car would end up burning less gasoline over an hour of city driving.

Ryzen can be more power-efficient in e.g. a server (constant near-100% load profile) while also being less power-efficient in a laptop (constant near-idle load profile.) People who talk about the Ryzen power efficiency numbers are only talking about how it performs in the server-like test context (or, often, a gaming context, where the measurement they’re using is just “what sort of PSU do you need to power this thing at max load.”) As is evidenced by sibling posts in this thread, Ryzen doesn’t fare so well in the laptop-like test context in practice.

Leaving HT enabled in 2019.

You're bold. :)

Not a single one of those exploits has ever been seen in the wild.

We don't have to lock our doors, this is a safe community.

Security isn't even the only good reason to disable HT.

I have a similar experience with the A285. Battery life is disappointing with Windows 10, and significantly more so with Ubuntu and variants.

Probably because AGESA is a blob. Once AMD will return to supporting coreboot, it would be a better option. There was recently some indication, that they are interested.


Intel is equally blobby (FSP, ME).

Works with coreboot though somehow. AGESA prevents it as far as I know, since it does some stuff that coreboot has to be doing. I'm not that familiar with details, may be some coreboot experts can comment.

coreboot on modern Intel requires (some amount of) ME firmware (without which the x86 core wouldn't even turn on) + some parts of the Intel FSP binaries.

coreboot on modern AMD requires (some amount of) PSP firmware (without which the x86 core wouldn't even turn on) + some parts of AGESA which were most recently shipped as "BinaryPI".

The situation is comparable, just that Intel has ~7 years of dealing with coreboot through Chromebooks now, while AMD dropped the ball after a great start and only picked it up again recently. If AMD sticks to the current trajectory, Intel and AMD would be similarly well supported in coreboot (with a similar amount of blobs required) at some point in the near future.

If you're aiming for fully blob-free operations, look for chips not newer than the early 90s. If you can live with not having loadable blobs (while boot ROMs on the CPU die are acceptable), that extends into the late 2000's, but requires some care when selecting your gear.

I wouldn't put any hopes on RISC-V when it comes to avoiding blobs because all higher performance variants will use the same "strings attached" high performance memory and bus controller function blocks whose developers will mandate a certain level of blobbiness.

> requires some care when selecting your gear

Doesn't that mostly boil down to "avoid anything newer than Ivy Bridge/Bulldozer"?

> high performance memory […] controller function blocks

There are DDR4 controllers with FOSS training code out there :) https://github.com/MarvellEmbeddedProcessors/mv-ddr-marvell/...

Here's POWER's training code for DDR4:


pgeorgi has a valid point in that if you go for the cheapest off the shelf building block type DDR4 solution for your silicon design (won't name names here, but it's a widely known vendor in the silicon block space), those controllers come with mandated binary-only firmware. IBM (and apparently Marvell?) both didn't use that cheap off the shelf solution and also decided to release their training code. Kudos to both companies for bucking the trend here!

That cheapest COTS block also has the advantage of being battle tested by the big customer base.

Since you presumably have pretty good contacts into IBM: ever asked if they'd consider pooling resources with other vendors around their interconnects in an open forum?

Not sure if DDR4 (or USB, or even PCIe 4.0) silicon is a huge differentiator for them, and those protocols all thrive on interoperability: no need for IBM (or Marvell, for example) to figure out all the issues with real world peripherals on their own.

The general answer is yes and yes. That's why OMI / OpenCAPI are being released as standards, with RTL / HDL. I think at this point there would be more appetite for a next gen interface like DDR5 vs. DDR4 to be released, but I'm just speaking personally from general knowledge here.

Coreboot integrates plenty of blobs via its blobs repository, so "Coreboot builds" does not imply "blob-free".

Then AGESA must be posing some problem for it.

The ancient AGESA open sourced well over a decade ago, then closed down a few years later right about when the PSP started to appear on AMD platforms?

Or do you mean the modern AGESA binary that has zero support whatsoever in coreboot right now?

I mean AGESA that's used for new AMD CPUs.

OK, that makes sense. And yes, it causes problems for coreboot -- AIUI there are no modern AMD systems supported, because AMD has not allowed use of the AGESA blob in that way.

You might be mistaking coreboot for libreboot, the coreboot fork that rejects all proprietary blobs.

Maybe because they don't have mobile versions of their new Zen 2 based chips yet. I'm planning on nursing my current laptop until those are out and make it into laptops. But I figure that is at least a year out as they haven't even announce any mobile Zen 2 chips yet.

How do you avoid the Intel chips in networking? Intel has often-used Ethernet and WiFi chips.

Recognized the username. Blown away that the same person leading Redox-OS[0] is also in a leadership role at System76!!!

[0] https://github.com/redox-os/redox/graphs/contributors

Yes, that is me. Here's the right link though ;-)


Indeed very cool. I was recently surprised to see so much Rust via Pop_os.

Are you familiar with the ThinkPad x210?

Have you thought of addressing the market of people wanting a small (12 to 13 inch), robuste, laptops with trackpoint and no arbitrary memory limitation?

Lenovo has abandoned that market, and there's enough demand for people to create and sell kits for it. Could System 76 fill that gap?

I have an x210. The main reasons I bought it were the keyboard and the screen (2880x1920, which is a 3:2 aspect ratio). If you want a small laptop with 32GB of RAM, the X390 and L390 seem like decent options.

I have an x270 that I consider to be the best road-warrior laptop they ever made.

I was sad when they got rid of the dual battery in the x280.

I needed to upgrade my x220. The newer X series is almost as big as the T series, and is really limited in terms of memory. I ended up getting a T480 which is nice at home, but too big on the road.

I looked really hard at System76, but I need a trackpoint. I also looked at the x210, and at the time I thought that was too much work, I'm starting to think it might be worth it.

My biggest issue with the x210 is that it's hard to find decent batteries. All the 3rd party batteries I've bought have degraded to <50% of their design capacity within 6 months. I need to buy some decent 18650 cells and replace the low quality ones in the aftermarket batteries.

I have this exact problem, both me and my wife are still on X200s, but we've only one decent battery between us, and that's unlikely to last long.

Is replacing the cells enough, though? Isn't there a controller that needs resetting as well?

When I looked at it (a fees months ago), 16 GB soldered memory was the only option. Also, no ethernet port.

This. I just want a small light laptop with a good keyboard that wasn't made in the 00s.

System76 has been so great for the Linux laptop community, thank you for your work on that! I got the Galago Pro this past holiday and it has been so perfect for me. :) I hope you guys continue to offer such a great range in hardware configurations. That's what convinced me to go for one of your laptops over the Razer/Dell products since their RAM limit was 16GB when I was shopping around.

Glad to hear that. I certainly like working with laptops, desktops, and servers across a wide spectrum of hardware - from the Galago Pro to the Thelio Massive


With only needing the Intel FSP, does that disable the Intel ME? And what other peripherals need closed firmware?

You also are not here:


I say that because I have been in the market for a laptop, and I am looking for a free(dom) based laptop. I looked there and it led me down the path of a Purism laptop.

Have you also thought about adding some sort of hardware kill switches for Cameras/microphones/Radios?

The laptops which we will be delivering with open firmware will require the FSP and Intel ME, with the Intel GOP driver being an optional component to enable graphics acceleration in UEFI. The ME is disabled by way of a HECI message early in the boot process, so there are no runtime ME components similar to using the HAP bit on older ME versions.

I will get https://www.coreboot.org/users.html updated as soon as possible.

This "disablement" is rather meaningless/misleading. The proprietary ME firmware is instrumental in the boot process and part of the chain of trust. Any 'disablement' of it (really, just a message sent to the ME firmware asking it politely to stop doing anything) after booting is after the horse has bolted.

I wonder if there's a hardware method to disable ME, something involving the processor lines on the motherboard, before it even gets powered on?

The ME is partly responsible for powering up the main CPU. That kind of thing wouldn't be possible without a reimplementation of the ME from the start.

Which, it should be noted, is impossible due to Intel's hardware-enforced signature checks.

Even if a key were to be stolen from Intel it would then be illegal to use in all Western nations. The ME is off limits to everyone other than Intel and its partners, enforced by both the hardware signatures and some of the most heavily enforced (in terms of consequences) legislation on the face of the planet.

Of course that won't stop malware authors, who couldn't care less about replacing the ME firmware to make it secure, but do care very much about the fact that they can hack into the stock, signed Intel ME firmware, then install their malware in a nearly impossible to detect position.

> I will get https://www.coreboot.org/users.html updated as soon as possible.

That would be https://review.coreboot.org/c/homepage/+/35957

> Intel GOP driver being an optional component to enable graphics acceleration in UEFI

libgfxinit works even on Kaby Lake now.. but I see that you're using some ridiculously new 10th-Generation stuff for new laptops.

> HECI message early in the boot process, so there are no runtime ME components similar to using the HAP bit on older ME versions

Hm, I haven't heard of the HAP bit being gone?

Also, you can still remove extra ME modules, right?

A few things are going on here.

libgfxinit support for Comet Lake is coming. The Intel GOP driver is a bit different than this, though. There is an Intel PEIM graphics driver that comes from the PSP, that provides a software-rendering framebuffer similar to what libgfxinit does. The Intel GOP driver provides some hardware acceleration, which is useful especially for HiDPI systems but not critical to device functionality.

The HAP bit does not have an effect since ME version 12. ME 12 was used on Coffee Lake systems, and ME 14 is used on Comet Lake systems. These support a different method of disablement using a HECI message, presumably to make dynamic disabling of the ME easier to do. Our firmware always sends this message, having the same effect as setting the HAP bit.

me_cleaner does not appear to function on version 14 of the ME. As soon as it does, we will also utilize me_cleaner to remove ME modules.

>The ME is disabled by way of a HECI message early in the boot process, so there are no runtime ME components similar to using the HAP bit on older ME versions.

But why would I believe this? It seems you're selling snake oil. You can't really call it open firmware if there's still a lot of closed firmware in it.

That's like saying you can't call Linux open source because it bundles closed firmware for WiFi, for example...

The ME could certainly still be active, that is true, but with modern x86 platforms attempting to disable the ME or PSP using the documented method is the best that can be done.

A very large amount of the work the firmware does is done by open source code in either Coreboot, EDK2, or the System76 firmware applications. It is my opinion that this definitely does count as open firmware.

With nonCPU blobs there is (usually) a memory boundary. Would the bus between the devices be exploitable? Perhaps, but at least it could be hardened, which is not the case with the ME controller. How much the ME controller actually participates in the boot process is irrelevant as long as its position within it can completely and undetectably compromise the entire system.

You should look at the libreboot project and read their blurb on why they do not support post-2013 processors.

Trying to sell the devices described as open is harmful to the term. They're not. Perhaps the only devices which are at this time are the IBM POWER processors and the Raptor CS motherboards, discounting any silicon backdoors, and in the case of the Raptor motherboard, the ASpeed BMC.

Anything that you connect to the system bus can compromise the system.

Of course, ME has easier time doing that. But any ROM you can't inspect, any binary blob you load can do that.

I suppose that if you want this level of impenetrability, you have to go with everything custom. Could your memory controller scheme against you and alter RAM contents when a backdoor pattern is encountered? Do you trust IBM to not put a backdoor or a kill switch in your POWER9?

Implement your CPU, memory, bus, and disk controllers, NIC logic, etc, in FPGA. Build your own RAM with controllers you program, don't trust DIMM manufacturers. Write your own or adopt open booting software, same with firmware for the peripheral devices.

You'll get a very high security computer where a backdoor has basically nowhere to hide.

Alas, it won't fit the restrictions of a laptop.

This might be a stupid question, but would adoption of RISC V help fix this issue?

> would adoption of RISC V help fix this issue?

If you're in the market for some slow CPU, maybe. For high performance stuff the creator will likely have to license some function blocks that come with strings attached.

I'd love to see a fully open RISC-V core with a DDR4 interface (and USB2/3 for all kinds of interfaces), but somehow I just don't see that happening before DDR4 is all but obsolete: those interfaces aren't trivial to build (so that they work with all kinds of stuff) and few folks have the equipment to test their Verilog (or whatever) that would implement these high speed controllers against real devices.

For my secure computer, yes please. I don't care how many extra milliseconds (or minutes) it takes to make a cryptocurrency transaction.

I do care that the in-memory key can not be read and transmitted without my OS' knowledge.

I have other computers for games and development and servers, and the NSA can have my steam password and already have my work email.

Not really. Closed firmware exists for reasons that aren't x86-specific so almost all ARM and RISC-V systems will have some form of closed firmware. One problem with x86 is that it's limited to ~3 companies while any company can use ARM or RISC-V so more diversity is possible.

> You can't really call it open firmware

I can implement IEEE1275-1994 as fully closed sourced code and call it open firmware.

> if there's still a lot of closed firmware in it.

Downthread you mention "With nonCPU blobs there is (usually) a memory boundary", which I'll take as the boundary you made for yourself in these matters.

With this boundary, the amount of "closed" firmware doesn't matter. The right 8 bytes at the right place and time are enough. Guess what:

> But why would I believe this? It seems you're selling snake oil.

The initial bootstrap is basically always implemented in a boot ROM (whether you see it or not) and it could decide to implement a backdoor unless some conditions are met.

According to your criterion all computing out there more modern than Z80 or 65816 era stuff is insufficient.

> I can implement IEEE1275-1994 as fully closed sourced code and call it open firmware.

Hardly. You can call it Open Firmware(TM), not open firmware.

I implemented OF over 15 years ago, and even back then the OF trademark had lapsed. Just tried again and I can't seem to find it.

And? (TM) is used to denote unregistered trademarks, as opposed to (R) for registered trademarks.

Which is in any case irrelevant. Open Firmware != open firmware.

The Open Firmware Working Group's website at https://www.devicetree.org/open-firmware/home.html mentions the OpenBoot(tm) trademark, but uses Open Firmware without any signifier. (and they should know)

Given that there's apparently no protection at all, I see no reason why I'd have to adhere to your wish to use 1275's way of writing O and F in upper case. So yes, I _can_ call it open firmware.

I don't think you understand how this works. My calling it "Open Firmware" has nothing to do with its trademarked status. It is a proper noun.

Open Firmware != open firmware.

> You can call it Open Firmware(TM), not open firmware.

let's shorten the other thread, since you just reiterate the same claim all the time without backing it up: I reject your prescriptivism just like I reject snagglegaggle's.

No one who downvoted actually read my posts, see the above comments that are functionally the same but were upvoted.

Initial bootstrap can be ROM, can be closed, but need not be. Stop compromising and accepting the status quo. The IBM POWER systems by Raptor have open firmware at every level. Is the CPU design open? Not entirely, but it is overall better, and I'm not trying to mislead people about it like the sales rep in this thread.

Your firewire example is disingenious, and no, I would disagree that it is open. Charlatans like System76 abuse the terms to sell their products taking advantage of the goodwill of those who do not know better.

The update to users.html was merged and will be there shortly: https://review.coreboot.org/c/homepage/+/35957/1

I would really love if the system76 laptops had hardware kill switches for the camera and the microphone. If the camera switch also physically occludes the lens, that would be great.

Hi :)

As few people already pointed out, it would be nice to see some laptops with AMD CPUs.

For me personally, I would also love having trackpoint, have it on my thinkpad and did not use touchpad once.

OT, but I would love a tenkeyless keyboard option for the larger models.

Same here :)

Just wanted to give a shout out and say my new System76 machine is awesome and the customer support has been top notch so far. The hardware support and updates have been great and the PoPs distro is great. Thanks for a great product.

I'm pretty happy with my Dell with Ubuntu, but it's really good to know there are other options out there, and I'll definitely be looking at these next time I need a new system.

Thanks for your work!

Good to hear! If you want to play around with the firmware, you can still do so in virtualization using the qemu model.

You guys probably need a song if you're going to outdo open firmware (Google the open firmware song)!

How durable are those laptops when compared to other brands? Do you engineer those laptop a little like ibm did for thinkpads (if I remember, some of them had military rating for dust, temperature etc)? How repairable are they?

How difficult was it for those companies to provide components that were OSS friendly? What is the main hurdle? Does it increase costs? Did you experience fightback from providers to make this project happen?

They're certainly no less durable than most consumer laptops. Our hinges in particular have a reputation for being nice and tight for a long period of time. They aren't ruggedized or anything (like a toughbook), but they'll last a good long while if you aren't super rough with your electronics. Mine gets tossed in a bag at the end of the day and toted around on my back via motorcycle, and I've never felt nervous about that at all.

They're also really repairable; there are no proprietary/uncommon screw heads and no glue holding parts down. All of the major electronic components which can be socketed are, CPUs on mobile when soldered a few years ago unfortunately, and you can't really get them socketed anymore). Memory, Wireless, Storage, Battery, etc. are all user-replaceable, and generally repairs don't require bringing the laptop into a service center for repairs.

> Mine gets tossed in a bag at the end of the day and toted around on my back via motorcycle, and I've never felt nervous about that at all.

Glad to hear that you are using your devices outside of a clean room. Whenever I throw my work-issued Macbook in my bag and ride home, it's got dirt in the keys by the time I get home. I was the first in the office to need a keyboard replacement...

I have this phenomenon too: The macbook 2013 has a sealing rubber around the screen when you close it down to the keyboard, yet after transport, there is dust on the screen. I’ve always wondered whether something about the shape or the design sucked the dust into the screen-keyboard void when the lid is closed.

Glad to hear of this change.

However, on a semi-related note, will the issue where a firmware update on dual-boot system (popOS and Windows) consistently breaks systemd-boot, forcing a start into Windows, be addressed in the foreseeable future?

I've recently updated the documentation [1], as this issue plagued me multiple times.

[1] https://github.com/system76/docs/pull/205

The NVRAM is preserved on firmware updates with this new firmware, so that could fix this issue but I have not encountered it before. Usually it is recommended to install Windows first, and then install Pop!_OS - so that the Windows bootloader has not taken over the default location. Is that how you installed?

If I recall correctly, I did that (have had my Gazelle for several months now). popOS! is using LUKS + LVM, Windows Bitlocker. systemd-boot lives on /boot/efi on one nvme SSD, Windows on another. The LUKS/LVM setup also caused a headache, as the installer (at the time) was not able to handle a custom partition layout for the EFI bootloader for the purpose of dual-booting Windows.

I'm not too familiar with the intricacies of the firmware upgrade process (and if it happens, I generally need my laptop and try to fix it as fast as possible ;)), but on every previous firmware update, I had to update the initramfs, run the bootctl installer and in some cases, mess with the systemd-boot loader configs.

What about oreboot, the Rust version of coreboot? I know you have a history with writing Rust code, so are you looking at oreboot as an alternative to coreboot for these purposes, as well?

I can't answer the technical side of that really well (IIRC something about targetting different things or something), but I wanted to comment that the name (Coreboot without the C) is genius. There is an Oreboot sticker on my fridge.

A bit of a double meaning here too:

Rust is actually just hematite (ferric oxide), which is a type of iron ore!

oreboot does not support x86 at this time, and does not plan to.

There's a stated reason for that by the oreboot project -- it's because you can't have a fully open source boot firmware on x86 systems.

Do you plan on offering laptops that are 16:9 or 3:2, rather than the 1080p? That's probably the last thing keeping me on a Mac, the panel ratio.

1080p is 16:9. I presume you meant 16:10 (which is also my preference)

I don't understand why we need another competing standard for such a small difference. Given how small the difference is, I'm in favor for whichever one is more common to avoid black bars below media or other ill-fitting content. As far as I can tell, 16:9 is much more common so I am happy to stick with that on any device and resolution.

I often have two editors in vertical columns side by side while I work, and it's nice to have a wider screen. Unfortunately with 16:10, they don't usually add to the vertical resolution but rather subtract from the horizontal resolution (2880x1800 16:10 versus 3200x1800 16:9).

What about 1920x1080 (16:9) vs 1920x1200 (16:10) and 2560x1440 (16:9) vs 2560x1600 (16:10)? I have seen it as the norm that height gets added rather than width subtracted.

For anything like text editing, the extra vertical space really does make a difference, even more so in portrait mode.

This becomes less noticeable at higher resolutions and larger sizes (e.g 32”+ @4k native).

If you mostly watch video — sure, you'll be happy with 16:9. For work, 16:9 on small devices SUCKS SO MUCH. Way way too short.

Because I want my computer to be optimised for productivity, not watching YouTube.

An extra few percent is not going to help significantly, but it will create a noticeable box around media. So a small upside with a (for you) just as small downside.

If we want taller screens, then we should use 16:12 or so. If 16:10 is the perfect ratio and 16:9 is just off, then I honestly don't think it can be bad enough to justify the cost of change, though I am of course willing to be convinced by research.

I've no problem with that, I still use 3 5:4 panels at the office. But so far 16:10 was the best that you can get for desktop machines at the very least.

is it possible to replace coreboot by the fully free libreboot (without blobs)? what will stop working if you do that?

No, it is not possible to boot a Comet Lake Intel CPU without blobs.

That's a very sad state of affairs.

Will it be possible to install this open firmware on existing Galago/Darter laptops bought before this came out?

We will be looking into supporting older models starting with the darp5 and galp3-c.

Any plans to make gpu passthrough officially supported for your laptops?

Does your website have a public repo?

seems from github like there's rust in here? how did you pick rust & how has it gone?

Pretty much all compiled code at System76 is currently written in Rust if possible. There's obviously still some C that gets written, but Rust is the de facto standard language here now.

Recently there was a discussion about Huawei MateBook X Pro, which also seems to be a great Linux notebook:


In that discussion, several other good Linux notebooks were also discussed, including System 76. But it was reported there that the quality is quite bad:

> but the quality is reportedly bad (flaky hardware, too-fast power drain, reflash bios to toggle discrete graphics (!), slow support) https://www.linuxjournal.com/content/review-system76-oryx-pr...

> Mine is in the System 76 repair shop right now for the third time. Extremely unsatisfied with Oryx Pro materials and build quality. Oh it's back for the third time because when they replaced the top case last time, they installed a defective touch pad. Never again.

I wonder if that has been improved, as I'm really interested in a high quality Linux notebook.

It's worth noting that stories like this are the extreme minority of cases. We have a great many customers and the overwhelming majority of computers we sell live out their entire (long) lives without any sort of incident, major or minor. However, when someone buys a computer and everything works as expected, that's not really all that notable because there's nothing interesting about that, and so you don't really here a ton of "works as expected" stories to counteract the negative ones.

I can't really find more than maybe 10-20 unique public cases of a System76 computer having serious problems. I don't want to toot our horns too much here, but that's just not very many people compared to our entire userbase. We're a company with the resources to develop open source firmware; it takes a lot more support from your customers than could be afforded by 10-20 (or 100, 1000, etc.) people to do that.

If you look hard enough, it's not hard to find examples of any computer manufacturer having issues with occasional units. That's just the nature of manufactured products (especially high-tech electronics). No company has a 0% failure rate, and any that claims to is lying. However, you can be reasonably certain that any company that's been around for a decade and a half (or longer) has a lot fewer failures than successes

Yes every manufactured product will have its percentage of issues. I think it is how you handle the failures and the customers that will be important moving forward.

I can not speak to the original quote but my experience as not been amazing. My 4k Oryx Pro has rebooted randomly since the second month I have owned it. I sent it back 3 times already, ran tests per support and even reinstalled PopOs many times. It still has randomly rebooted. My last interaction with support was just past the year mark of when I bought it and I was asked to pay to replace the last item (the battery, just about everything else was replaced).

I love using PopOs. I love the 4k screen I have and the Oryx. I dont love writing this or the response I sent to support about the request for paying for it. It gives me pause when recommending System76 to a coworker/friend and I will be looking around when when the time comes to get a new laptop. Support was helpful when I had a linux issue early on but the rest of year long interaction was about the reboots.

I'm deeply sorry we couldn't get that issue resolved.

While I have no experience with System76 and the quality of your devices, I doubt you can make any claims about the number of incidents with confidence. I have owned many devices that have had various quality issues that didn’t rise to the level where I felt it was worth going through some warranty procedure that may or may not alleviate the issue after spending an unknown amount of time & money on it. I don’t like the idea that the manufacturers of those devices take the absence of a complaint as confirmation that the computer has lived a long life without any sort of incident, major or minor.

I'm sure you're correct that not every fault gets reported to us; even among those that do, the customer doesn't always decide to take the action and get the computer fixed, depending on the problem and the solution. That said, I'm reasonably confident that most issues with our hardware do result in some communication between the user and us.

They don't make the hardware, all their laptops are rebadges of Clevo/Sager


I bought a Clevo rebadge called a Metabox here in Australia and have all kinds of problems with it. Keys that stick down, headphone jack busted, one of the USB not working, a few other things. I never sent it back on warranty because I would have to buy a new machine to work on while it was away anyhow. I'll just put up with the problems until the next upgrade cycle.

It sits on my desk now with an external keyboard, external USB hub, and external DAC for the headphones to work.

I haven't worked with Clevo, but apparently they provide quite some flexibility. A vendor can use their own choice of keyboard, extra buttons, ports placements, hinges, ...

I guess Clevo would even be up to designing a new PCB around a different CPU by a different vendor, but "use this type of keyboard" will be much cheaper to commission than "swap out the CPU vendor".

So I'd expect keyboard issues to be more up to Metabox choosing the cheapest option for that part, rather than a systemic Clevo failure.

Isn't sager more like an alternative to system76, also a rebadged clevo?

I'm typing this on my second System76 laptop, and my first one (which is still running, in retirement as the home entertainment system) lasted over 5 years as my principal. So, something like 6-7 years of System76 as my principal laptop, and no issues of that sort or any other.

I’ve had my oryx pro for a year now with no problems. I’m not supper easy on hardware. It’s build quality is decent ( my work machine is a 13 in Mac book pro, which is better built, but the oryx isn’t bad.). It even able to run the unreal engine dev kit.

I know it isn't as mobile, but you may want to consider a Mini ITX with a portable screen.

These computers runs blobs in the firmware and are not fully open source. I understand that modern users want modern performance, and that there is only a niche market for a librebooted computer (mostly due to performance), and as a company, it's systems76's responsibility to meet the market. But solutions exist, and if you are trying to market an open source computer, then give me an open source computer. What I hate most is how the top comment is from Jeremy Soller, but they are literally using this forum as a marketing platform, only responding to the queries that potray their initiative as good, and ignoring the literal highest comment directly under their post. This is so disingenuous, give me true libre laptop. (C-f tpearson-raptor on this post, they even offers a real solution from raptor to try and make this real). I'm grossed out.

> but they are literally using this forum as a marketing platform

Almost every post on HN is for marketing. The net positive System76 is doing outweighs the negatives we have in today's software world. Be happy it's not BIOS-as-a-service that requires a subscription and is funded by a VC.

> that there is only a niche market for a librebooted computer (mostly due to performance), and as a company, it's systems76's responsibility to meet the market

They have no responsibility of the sort.

I just meant in terms of aligning with their profit motive; i guess the correct word is incentive, rather than responsibility. I see your point

I'm not able to update my post, so I'll leave my edit here:


If I wanted an ALMOST foss laptop, I would buy a laptop and coreboot it myself. The reason that it's exciting for a company to be doing something like this is because they have leverage in their decisions that I don't as a customer (custom cpu, custom components, choosing components with open firmware that already have good interoperability on the platform etc)

You might be ascribing quite a bit more leverage to System76 than they actually have here. No one is going to get Intel or AMD to allow open PSP/ME firmware -- AIUI even Google, with the truckloads of chips they buy, isn't able to influence that decision at either x86 vendor. Plus, System76 isn't the ODM -- that's Clevo from what I understand, so their influence on the two x86 CPU vendor(s) will be so far removed as to be quite insignificant IME.

Now, offering something else (ARM, RISC-V, POWER, anything but x86) as a truly open source alternative, then seeing if there was any reaction, might start to apply some small degree of leverage. Definitely there would be more potential opportunities to meaningfully discuss design goals with silicon vendors other than Intel and AMD. Who knows, maybe this could still happen...it'd be pretty easy / cheap to get some POWER desktop offerings lined up based on existing mainboards, and Clevo might be persuaded to do an ARM laptop design based on one of the Chromebook SoCs... ;)

With our baseline blob-free systems, we picked parts that were firmware-free, had open firmware, or could have open firmware written in the future. This is why we don't have onboard 100Gbe, Thunderbolt, or other interfaces that would require relinquishing control of the system to an external vendor. However, the resulting products are quite functional as both PCs and servers, with no real complaints or concerns over the I/O given the multiple PCIe Gen 4 slots available. My understanding is that very few ODMs do this, as they don't want to make that tradeoff, but this is how you apply leverage to silicon vendors long term. And you know what? It's working (outside the GPU sphere at least) -- Raptor isn't the only one pushing hard on these topics from the OpenPOWER side, and so far we've been able to get the silicon we need for our current product lines.

> You might be ascribing quite a bit more leverage to System76...

This may be true, but I think that selling corebooted computers is literally just a marketing gimmick. If a computer ('s motherboard) is corebootable, I can coreboot it myself, or lacking the technical skills, ebay have it done for ~$50 (maybe with video proof that the flashed rom is what is expected by showing hashes)

I don't expect ANYONE to be able to make intel or amd do anything about this situation, which is why I acknowledge your point:

> Now, offering something else (ARM, RISC-V, POWER, anything but x86) as a truly open source alternative...

I would love to see a POWER laptop, but I don't have the technical knowledge or money to help make this happen.

What I think is holding this back the most is that there are very few people with an ecosystem where they can compile all their own programs, meaning that 99% of computer users won't be able to make use of the general purpose computer underneath, because the software they NEED for their work absolutely will not run on it.

As a user however I think freedom is paramount, I'm about to finish up my CS undergrad, and about 3 years ago I became aware of the issues surrounding freedom in computing (literally never brought up in any of my classes), and I bought all the components needed and librebooted myself a thinkpad x200, which I've been faithfully using with parabola/debian ever since. Thankfully this as a platform was within my financial reach.

> With our baseline blob-free systems...

I laud the efforts of raptorpcs, but these systems are completely out of my reach. My previous sentence should show that I'm willing to compromise a lot to have freedom (no usb 3.0, I stopped playing games that have proprietary code, rebuilt my ecosystem so as to never have to move away from totally libre software etc)

I recognize how the fact that these machines exist means that a motivated company can choose to have a free system and that's great!

What I'm looking for as a normal user though is a LAPTOP that has these features, and that's why I get hype when someone claims to have one, but it's always a dissapointment, eg. purism.

I feel like I'm ranting, but it's honestly a little unclear what I'm responding to.

I love what System76 is doing, but I have to say that the name Pop OS is just horrible. It just screams "toy" and sounds like a name that would come out of some fly by night junkware vendor. The exclamation mark makes it even worse. It's almost as bad as ending a name with "-ster."

Naming is hard, but almost anything would be better. If in doubt I'd go with something bland like "System76 Linux."

I bring this up because for the past 20 years closed silos and locked down platforms have won almost entirely on the basis of UI/UX and polish. System76's hardware looks good at first glance, but everything else matters too. An OS name that says "this is a toy and will be useless for real work" is a real problem for wider adoption. Even worse the name tends to transfer via mental association onto the hardware, conveying the idea that this laptop will fall apart.

Agree. Also their webpage for Pop!_OS[1] should show front-and-center what the GUI/Desktop looks like, not the logo of the OS name. They should take note of elementary's landing page.[2]

- [1] https://system76.com/pop

- [2] https://elementary.io

The Pop page on system76.com is just bizarre. It leads with things that are really niche interests and you have to scroll way down to get to what the desktop looks like.

My 30 second impression is "this is for children who want to program toy robot kits."

I am posting this criticism in the hopes that it's constructive, since I do like what system76 is doing. I use a Mac right now but I'd consider their laptops as one of the first possibilities if I ever abandoned the Mac platform.

Yeah I agree but I've been using it for 5 months now and it's great and I can't say I care about the name that much anymore.

I tried to get through this article, but the popups and advertising widgets made the page unreadable. A more accessible article can be found here:


BYO software is my #3 consumer electronics question (after form factor & 'does it work at all')

and drivers are an important frontier of this. SO TIRED of downloading blobs to have wifi on linux. AFAIK there isn't even a usb wifi dongle that has an open source wifi driver, much less a commercial wifi chipset.

even companies that are in theory dedicated to quality are teetering on the edge of using software to enable planned obsolescence -- and also releasing unpleasant product changes in line with security updates.

coreboot particularly interesting because of the TOTP work people have been doing on the TPM for tamper detection.

Most Wi-Fi blobs are not blob drivers, they're firmware that runs on the Wi-Fi card.

For Intel Wi-Fi, FreeBSD includes the firmware out-of-the-box, many Linux distros do the same I'm sure.

Yeah, the actual Intel WiFi driver is afiak open source. It's the firmware that's not.

wait what's the difference? driver runs in kernel, firmware runs in card?

I think it is, or includes, the baseband firmware for the actual wifi radio. I believe, but I'm not 100% sure, that the FCC has specific restrictions on how baseband radio firmware gets distributed.

You, and everyone else for that matter, can go and buy a software defined radio (SDR) and play with a radio to your hearts liking. If there is a restriction on redistribution of open down to the radio firmware WiFi devices, then it's dumb. If there is none, please don't spread incorrect speculation that there is.

> You, and everyone else for that matter, can go and buy a software defined radio (SDR) and play with a radio to your hearts liking.

You almost certainly cant transmit legally, though (unless you have a amateur radio license, which lets you do all sorts of stuff with useful amounts of power).

That depends heavily on where you're transmitting (i.e what frequency and bandwidth you use) along with the power you're transmitting at.

First, as a ham radio operator, no, you can't just go and start blasting away from an SDR even in the ham bands. You have to follow strict rules, including a non-commercial content rule and you must not use encryption. The ham bands are for people to experiment with new radio technologies and more importantly communicate with one another using those technologies on a hobbyist level -- encryption and commercial use does not help those goals.

That being said, there are chunks of radio spectrum that are effectively "public domain" where you can transmit within certain ERP (effective radiated power) limits without the ham band restrictions on content, protocol, etc. Traditional WiFi lives in one -- the block set aside for microwave cooking devices, and therefore with a near-unusable noise floor for anything but short range communication like household WiFi.

"manufacturers are encouraged to design their systems to permit such software upgrades while ensuring security of the portion that controls compliance with the FCC technical requirements"


are there tools for parsing the firmware bin? are they a threat vector?

is it like a settings file?

Every modern computer has many independent processors, and they all need to execute software from somewhere. Many of these independent processors load their software from some sort of onboard memory, others rely on the main processor to load their software. The second case is what these blobs are for the most part.

>are there tools for parsing the firmware bin?

Binwalk, IDA pro, etc. All the normal reverse engineering tools.

>are they a threat vector?


>is it like a settings file?

No, it's code executing on the WiFi card.

> are there tools for parsing the firmware bin?

Besides a hex editor, probably not.

> are they a threat vector?

As much as any other opaque software (i.e. not FOSS or otherwise transparent around source code auditing by arbitrary third parties). That is, in short: yes.

> is it like a settings file?

No, it's more like the operating system for the wireless card itself, running on the card's own microprocessor.

I bought a purism laptop years ago, and it had zero blobs. It also had really really standard hardware: no special screws to open the case, standard memory, m.2 and hard drive, a standard power supply with a barrel jack, etc.

I believe system76 was less expensive but had blobs. Unsure about the hardware details.

Oh? Zero blobs, so no ME or PSP? No FSP or AGESA? No EC firmware or integrated GPU firmware?

Sorry, I call BS on that unless it was a long time ago, as in Core 2 Duo era.

I have a purism 13 first version. I didn't have to unblock non-free repos when installing linux at first. (I now run arch)

As to booting, it originally shipped with a bios, but later offered coreboot which I believe disabled the ME.




Your laptop is Broadwell according to the coreboot source.

Sorry, that means you've got a ME. Part of one (the BUP) but a required ME nonetheless:


They said it was neutralized.


I see now why your comment was so strongly worded...

"I know we would be interested in assisting System76 (or other prebuilt system OEMs) to start offering POWER products as true open source, owner controlled alternatives to Intel and AMD"

Although what you're doing is laudable, I think your form of communication might alienate the kinds of people who might support your mission.

It was that strongly worded because I've been fighting the "neutralized" rumor ever since it was started (presumably to try to save x86 market share among security conscious people, given its origin). I'm tired of doing so, and it's unfortunately showing, which means I'll probably have to stop talking about it. That's a loss for everyone, especially those who might unknowingly trust their lives to a hostile machine in certain repressive regimes and pay the ultimate price as a result.

This "neutralized" or "disabled" ME rumor is extremely persistent over literally years, probably due to feeding on what people want to hear versus what the reality of the situation is. Every time it's propagated not only does the person that believes it not get what they think they got, but it harms anyone trying to push for truly open computing vs. half-open computing.

The Cambridge English Dictionary states the following primary definition for the word "neutralize":

"1. to stop something from having an effect"

If you were to actually do that to the ME on a modern Intel system (or the PSP on a modern AMD system), here's what you would see:

<blank screen>

This is because the system will not come out of reset until at least the BUP (and for newer systems more ME modules as well) have started. Those modules are signed, proprietary binaries for which source code will never be released per Intel's statements.

So, we have an apparent conflict. How can the ME be "neutralized", according to the standard English definition, while your machine still starts (thereby proving the ME has had at least some required effect prior to coreboot launching)?

You seem to know and care a lot about this, but your writing style is really off-putting to less informed users. Consider adjusting your approach to educating people about how open source low level software works and doesn't work.

I was being snarky in this particular post. Normally I don't do that, but I kinda got tired of saying the same thing over and over and tried something new. Didn't mean to offend, only challenge.

Atheros chipsets tend to not require any non-free code (be it on the driver or firmware side), including their USB wifi dongles. I've had mediocre (at best) experiences with them, however, what with frequent stability and signal strength issues on what I'm pretty sure to be the hardware side (though I've found this is true of pretty much every wifi chipset out there, so I guess it's okay relatively-speaking).

This used to be true, but since Qualcomm bought them out, they have done a complete 180 and basically reverted to totally closed designs (closed firmware, closed drivers, no spec sheet). The 9xxx chip-sets (which are only 802.11n) are the last ones designed before Qualcomm took over, the 10xxx chip-sets (802.11AC+) are closed and completely locked down, you cant even change your MAC address its all stuffed into a giant psuedo-driver firmware blob.

Are there any "open" 802.11ac chipsets? A quick search didn't find any.

No, closest thing is the mediatek chip-sets that at least dont enforce wifi parameters via firmware (fullmac vs softmac).

Things are getting worse, not better, on many fronts when it comes to user freedom and control over their devices. Apparently many responsible engineers in this area lack the ethical consideration of their work. The more I see this, the more I worry about bridges, airplanes, and every other piece of technology that is developed by engineers that may or may not have ethical principles.

Good thing the people building bridges and airplanes are Professional Engineers and everyone can call themselves anything they want except for P. Eng.

Do you have any examples of useful devices?

Well that sucks.

>there isn't even a usb wifi dongle that has an open source wifi driver

Qualcomm atheros?

they have OSS firmware for some devices, but not recent ones it seems like?


I spent a lot of time deliberating on what to replace my 13” MBP with. The idea of more open hardware is attractive, but both system76 and purism fell short (mainly battery life)

I ended up going with a Lenovo x1 carbón extreme and threw ArchLinux on it. The trackpad is worse, and battery life isn’t quite as good (I feel like I can optimize this, but haven’t had the chance yet), but it’s such a capable machine. I feel quite happy with it.

> battery life isn’t quite as good

powertop --auto-tune is a good first start in my experience.

yeah and tlp - although my guess is i think the nvidia graphics are hurting you here

I was leaning towards making the same switch this year and giving up my mid-2015 MBP. I've read so many stories like yours and decided against it.

It took some work, but I convinced my employer to spring for a Darter Pro. I'm pretty happy with it. My previous laptop was a 2016 Dell XPS 13. I've found the larger screen on my Darter to be a lot easier to work on. Though, I do spend most of my time docked with multiple monitors.

My only real complaint is that when the fan ramps up, it is really loud. Loud enough to distract from meetings.... I haven't dug into the different tools for fan control much yet, but if anyone from System76 sees this, it'd be awesome if you implemented a nice ui for that.

Sweet. I hope they're working on POWER9 and RISC-V offerings, too. The x86/amd64 monoculture needs to go.

It's not a laptop, but the Talos II workstation runs on POWER9 and has open firmware.


It uses OpenBMC firmware, now under The Linux Foundation.

EDK2 is also open source, a UEFI implementation. Looks like Coreboot has been around about as long as EFI, and supports most of the same architectures.

So is the Coreboot advantage argument mainly that it's simpler than UEFI?

That last sentence is a bit nonsensical. Apples and oranges. Coreboot is not a standardized interface for OS boot loaders, Coreboot is only low-level early initialization code. Coreboot loads a payload… like EDK2.

Thanks. I'm aware of Raptor CS. I was hoping System76 might offer some competition.

I would love to buy an open, linux-based laptop to replace my aging 11" MBA but these are huge laptops - the smallest has a 14" screen.

Should I be looking at the Pinebook 11" ?

There’s the pinebook pro going out now. It’s not going to blow you away with its speed, but it’s much better than the OG pinebook

Pinebook pro is 14" following the apple model of "more power must have a bigger screen".

But it's a pretty low end system intended for experimentation. The store page warns you not to buy it if you are picky about hardware quality.

There are a lot of great deals on MacBook 12's now that it's end of line. I think you'll probably find the Pinebook 11" seriously lacking in power.

Otherwise consider a Surface Laptop! The 3:2 aspect ratio is surprisingly sticky

I own a pinebook. It's a fun little machine, but if you need anything other than light web browsing (without javascript) and basic text editing it's insufficient. It's also based on an Allwinner SoC that only has ok Linux support: https://linux-sunxi.org/Main_Page.

Also, the keyboard is cramped and has an odd layout.

The Galago is actually about the same size as 13 inch laptops a few years ago. Bezel reduction has contributed a lot to shrinking laptops.

install linux on the MBA? Its kept my 2011 13" alive and kicking

I wish their shipping costs to Germany wouldn’t be that expensive. Hardware + tax + shipping costs is just way too expensive. I wanted to buy an Oryx Pro recently, but had to go for another model (non System76) because of this.

Worst company to buy a Linux laptop from. I attempted to purchase a laptop from them in the past and got hit with crazy duties even though the wording on the site made it appear that there were none.

Simply better to buy a certified Dell laptop such as: Latitude 7490 or Latitude 7480

I had the same experience with Darter Pro. Also the laptop's touchpad wasn't working properly from the beginning. When I contacted them, they kept asking me to try a lot of things on my own. I tried them for a while. I am developer, I like trying to fix things on my own upto certain extent. But when I pay crazy amount for something to someone, I expect them to fix it.

Also the display stopped working after a week and they blamed me for cracking the screen, even though I kept the laptop in a bag all the time.

The support was bad too. I would get response from different person on same support request for every new message. It bothered me because it looked like the new person who replied next time had no idea about the history of the support request.

What country did you order to?

Canada. I'm aware there's duties but when I had ordered their website made it seen like they handled these.

I refused to pay the extra like $150 for the laptop and sent it back.

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact