Coreboot is a free and open source software. The project aimed at replacing the proprietary BIOS firmware and blobs. Unfortunately, Coreboot does not run on the modern laptop (except Chromebooks) due to Intel ME and other closed source technologies.
Purism vendor sells Linux preloaded on the Librem 13 and the Librem 15 laptops. Purism claims to follow a strict belief in users’ rights to privacy, security, and freedom. Untile today Librem bios was not freed. However, the coreboot port for the Librem 13 v1 is 100% done. It means you can have blob free Coreboot running on a full-fledged modern laptop. The laptop comes with Hardware Kill Switches that physically sever the circuit at the hardware level for Wireless & Bluetooth, Camera & Microphone. The specs are as follows:
The Librem 13 v1 Specs
- Intel i5-5200U CPU (15W), 2 Core (4 Threads)
- Intel HD Graphics 5500
- Max 16GB DDR3L 1600MHz RAM
- 720p 1.0 Mega pixels Webcam
- Intel HD Audio
- 13.3″ 1920x1080p Matte IPS @ 60Hz Screen
- mSATA3 (250GB, 500GB, 512GB SSD options)
- Atheros 802.11n Wireless
- Radio hardware killswitch
- Microphone and Camera hardware killswitches
- 2 USB 3.0 Ports
- 1.4kg (3.0lbs) Weight
Why is this a good new for all of us?
Coreboot with modern hardware is excellent news for all of us. I can not wait to hear running a modern laptop without the Intel ME engine. Many consider the Intel Management Engine as a backdoor due to shady practices of closed source system:
- It has full access to memory, TCP/IP stack without your knowledge
- It can send and receive network packets without your permission
- Moreover, the worst thing is you cannot disable Intel ME on newer Intel Core2 CPUs.
How hard is it to remove Intel ME?
The ME has a single independent CPU, code, ram, network access and other stuff connected to control your laptop. It has complete access to and control over the PC or laptop. Intel made it pretty hard to remove the ME. From the article:
The ME’s boot program, stored on the internal ROM, loads a firmware “manifest” from the PC’s SPI flash chip. This manifest is signed with a strong cryptographic key, which differs between versions of the ME firmware. If the manifest isn’t signed by a specific Intel key, the boot ROM won’t load and execute the firmware and the ME processor core will be halted.
The ME working with Core 2 processors (Q43, Q45, GM45 and the like) can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash memory space. libreboot does this on the Intel 4 Series systems (GM45, GS45, G41, etc) that it supports, such as the Libreboot X200 and Libreboot T400.
I went through all of our test matrix and verified that everything works as expected. I ran prime95 for 28.5 hours without issues and verified that the CPU/GPU temperatures remain acceptable under both heavy CPU load (prime95) as well as heavy GPU load (uncapped glxgears) …and eventually came to the conclusion that our coreboot release is done, stable and working.
For more information visit the official Purism site here.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
|Category||List of Unix and Linux commands|
|Firewall||Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|