Uncategorized

A Life Without Vendors Binary Blobs, part1

This blogpost will be about my first steps with coreboot and libreboot and a life with as few proprietary firmware blobs as possible. My main motivation were the latest headlines about fancy firmware things like Intel ME, Computrace and UEFI backdoors. This post is not intended to be about a as much as possible hardened system or about coreboot/libreboot being more secure, but rather to be able to look into every part of software running on that system if you want to.[…]A followup will involve different payloads like SeaBios or Tiano Core (UEFI) to be tested, maybe I can get even more from this old piece of hardware! So look out for my next blog post about my journey into coreboot! -Jann

https://insinuator.net/2017/08/a-life-without-vendors-binary-blobs/

 

Standard
Uncategorized

librecore

Phoronix has a new article about librecore, a free-as-in-freedom firmware project:

librecore is a distribution of Free/Libre firmware recipes for compiling and generating firmware for devices. The intended targets for the firmware include only those which can be run in total freedom by the user. This means that librecore firmware is distributed as source code, and does not include any binary blobs. The purpose of this project is to push the limits of software freedom in boot firmware. librecore is free firmware not unlike coreboot however with a different focus. While we collaborate with coreboot and share mature code to further these goals, our focus is more around maintainability and feature completeness of more libre hardware platforms such as POWER, SPARC, RISC-V and other non-x86 ISA’s.

https://github.com/librecore-org/librecore-org.github.io

http://librecore.info/

http://www.phoronix.com/scan.php?page=news_item&px=Librecore-Formation

https://www.phoronix.com/forums/forum/hardware/motherboards-chipsets/925901-librecore-aiming-to-be-a-better-libre-spin-of-coreboot

Read the Reddit thread and the Phoronix Forums for more background beyond the main article.:

“[…]I am one of the core developers of librecore and I can confidently say everything you wrote in your article about our project is complete speculative garbage. The librecore and libreboot projects are completely independent projects that have no relationship what-so-ever. The librecore project is a fork from coreboot by some original coreboot developers such as myself with different technical objectives.[…]”

(Not to be confused with librecores (plural):

https://www.librecores.org/

Standard
Uncategorized

FOSDEM

The other day I mentioned that coreboot was going to be at FOSDEM’17.

https://firmwaresecurity.com/2017/01/05/coreboot-at-fossdem/

(I mistakingly called it FOSSDEM instead of FOSDEM. And I mistakingly pointed to the FOSDEM’16 expo layout, ignore that.) 😦

In addition to coreboot presence, there are also multiple interesting presentations, including (but not limited to):

https://fosdem.org/2017/schedule/event/libreboot/
https://fosdem.org/2017/schedule/event/abusing_chromium_ec/
https://fosdem.org/2017/schedule/event/sniffing_usb/
https://fosdem.org/2017/schedule/event/secure_safe_embedded_updates/
https://fosdem.org/2017/schedule/event/terrible_bsp/
https://fosdem.org/2017/schedule/event/lava_laboratory/
https://fosdem.org/2017/schedule/event/testing_with_volcanoes/
https://fosdem.org/2017/schedule/track/internet_of_things/
https://fosdem.org/2017/schedule/event/panopticon/
https://fosdem.org/2017/schedule/event/securing_qemu_guest/
https://fosdem.org/2017/

Standard
Uncategorized

Libreboot and GNU: update

A few months ago a GNU/Libreboot issue occurred, and I just got around to blogging about it the other day. Well, a few days, later, there is an update from FSF. Also see comment from a reader of previous post, for good background.

https://firmwaresecurity.com/2017/01/02/libreboot-and-the-gnu-project/

https://firmwaresecurity.com/2017/01/02/libreboot-and-the-gnu-project/#comments

http://www.phoronix.com/scan.php?page=news_item&px=GNU-Libreboot-RMS

https://news.ycombinator.com/item?id=13329287

Standard
Uncategorized

Libreboot and the GNU project

Over the last few months, the Libreboot project has been having some issues with the GNU project. Quoting the Libreboot home page:

FSF, GNU and RMS: Libreboot is no longer a GNU project. Please honour this immediately, and formally declare that libreboot is no longer a GNU project. Leah is *NOT* stepping down as Libreboot’s maintainer, she is simply taking Libreboot away from GNU. Libreboot will still be developed as always, under the same standards of freedom as before, just *without GNU*. She has not forked libreboot.

https://libreboot.org/gnu/
https://libreboot.org/why-not-gnu/
http://www.phoronix.com/scan.php?page=news_item&px=Libreboot-Not-GNU
http://www.phoronix.com/scan.php?page=news_item&px=FSF-RMS-Statements-Libreboot
http://www.fsf.org/news/free-software-foundation-statement

Cat herding is difficult. I could see how the FSF would have issues with not having Libreboot, GRUB and GNU/Linux as part of their “full stack”.

Standard
Uncategorized

Libreboot introduction and Lenovo X60/X200 tutorial

There’s a talk from Kyle Rankin of Final Inc, on using Libreboot. It covers coreboot, Intel ME, Intel AMT, and covers replacing Lenovo X60 and X200 firmware with Libreboot, as well as covering use of Arduino as part of the reflashing solution.

http://greenfly.org/talks/security/libreboot.html

https://github.com/bibanon/Coreboot-ThinkPads/wiki/Hardware-Flashing-with-Raspberry-Pi

Standard
Uncategorized

Linux Journal: Thinkpad X60 and Libreboot

Kyle Rankin has a new article in Linux Journal, entitled “Libreboot on an X60, Part I: the Setup”. Excerpt:

In my next couple articles, I’m going to walk through the journey that brought me to the X60 running Libreboot that I’m using to type this column. In this first part, I discuss the setup, including what Libreboot is, what hardware it currently supports and some of the risks around flashing your BIOS. If I haven’t scared you off by the end of this article, in future articles, I’ll cover how to download Libreboot and verify its integrity, how to flash the BIOS itself in detail with sample script output and how to modify the default GRUB bootloader. If you can’t wait until next month, a lot of my process is based on the excellent guide provided at https://github.com/bibanon/Coreboot-ThinkPads/wiki/ThinkPad-X60.

Full article:
http://www.linuxjournal.com/content/libreboot-x60-part-i-setup

https://github.com/bibanon/Coreboot-ThinkPads/wiki/ThinkPad-X60

Standard