coreboot time (as per cbtime) : 1.5s, followed by kernel and system boot in (as per systemd-analyze) :
Startup finished in 2.244s (kernel) + 611ms (userspace) = 2.856s
I'm using grub2 as a payload, and that's what I call a fast boot for a debian Wheezy (details on http://www.coreboot.org/pipermail/coreboot/2014-July/078215....)
But you can use other payloads too - even chainloading them from grub!
"stealing the VGA bios" in column 4 is not mandatory if your hardware supports native video init, and today I just succeeded in replicating the video support using SeaBIOS (cf http://www.coreboot.org/SeaBIOS and http://www.coreboot.org/pipermail/coreboot/2014-February/077...), which means that I can now load a standard grub and maybe other operating systems should I want to use them on the X60, without any blackbox blob - who knows what may be hidden in these blobs.
Why is that interesting? Because in the default bios (cracked open with bios-extract, Phoenix BIOS "Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for ThinkPad") there is Computrace backdoor as option rom 2E (cf http://securelist.com/analysis/publications/58278/absolute-c...).
If I ever need to do things on a windows machine, I don't want bios rootkits - and coreboot makes that possible, thank you :-)
If you like playing with operating systems, boot, etc. coreboot is very cool.
The X60 is a good option, too.
Looks like the hardware support situation haven't improve a single bit since the last time I looked into coreboot. That's a pity.
How well does the computer work, when it is supported? Are there stability issues? Is performance the same? Do all of the same devices work, as with proprietary BIOS?
When it is supported, there are different outcomes. The individual board pages on the wiki can offer more details. The X60 is especially well supported because of a combination of factors:
1. Lenovo was actually pretty helpful
2. Lots of coreboot hackers have worked on the machine for years
3. Lots of other linux hackers have also worked on various parts (which improves the support for all the devices)
So without doing any research, my understanding is that the X200s and to a lesser degree the X230 cannot achieve that level of support, mostly because it would take the coincidence of all that work coming together. But it's not all bad: the Chromebooks are getting that work done by a group of paid engineers, and there is a recent addition to the supported laptops (not fully open, but close; not amazing hardware, but decent) - the HP m6-1035dx.
I got an HP m6-1035dx on ebay, and my experience is that everything works fine. I suggest throwing away the mini PCIe wireless card it comes with and putting in a better one, but I haven't brought it up on the coreboot mailing lists because it's not really coreboot's fault. HP just built a cheap laptop and so it has a junk wifi card.
Hopefully that helps? Cheers!
Either way it's not so hard to remove that option ROM and reflash the BIOS. ;)
Also, which tool would you use to remove this option rom? CBMROM does not works on phoenix firstbios, and the phoenix editor tools don't work on the 2 Mb image.
I'd be delighted to know, just because I have that it's still there on my "reference" motherboard (used to test whether issues are due to coreboot or not)
phdecomp + phnxdeco worked to unpack the BIOS into its modules; it shouldn't be difficult to reassemble it without the Computrace module and fix up the checksum, then reflash. But on the other hand, since the C&C server can be modified, maybe it might be more fun to activate it after pointing it to a server I own, and then I get a free backdoor that I can use...
Also, in Blackhat 2014 Anibal (one of the original core researchers) will present a complete reversing of the computrace protocol.
I have no idea on how to reassemble the pieces into a working bios. It's not just a checksum, that's for people doing SLIC ie replacing or adding stuff at the bottom. A missing table in the middle might cause problems. Isn't there an index too?
Anyway, the alternative hack you suggest would be quite a cool one :-) I didn't know it was possible to change the address of the c&c in the option rom (IIRC, it's like packed in an EFI header, then again - I just don't know which tools to use), but if it's, I'd be quite interested - even more if the computrace protocol has ben reverse engineered ;-)
Feel free to contact me by email!
A very dangerous piece of propietary software preinstalled in all corporate laptops that you cannot deactivate, uninstall or even patch. It may not be a rootkit, but surely can be used as one.