As far as I know it’s also less documented. People have dug really deep into Intel ME that they even found a bit that disables most of the ME.
On the other hand AMD is planning to use coreboot compatible open firmware in the next EPYC generation. Knowing AMD, it will eventually come to the consumer market too. (We’ll see if it will be available before Red Hat drops x11)
Also there was a phoronix article recently that Intel is too messing around with Coreboot on Xeon.
By “desirable motherboard” in this context I mean a standard ATX (or standard size variants) motherboard with a currently supported socket and chipset commonly available on the consumer market. To run Intel 13th or 14th gen, or Ryzen 7000 or 9000. I don’t know if you can just buy an MSI or Asrock etc. board and expect to run Coreboot on them.
What’s the advantage of coreboot? Soothes paranoia mainly. Both Intel and AMD platforms have little black boxes in them that run a separate little OS beneath Windows or Linux that has Ring 0 or similar low-level access to the hardware and could theoretically man in the middle anything done on the machine. Intel’s is MINIX based, it’s called the Intel Management Engine, and it genuinely is a little bit bile inducing reading what it has access to. AMD does have a simlar technology.
In terms of performance, system stability etc? Very little. Once the kernel is loaded and in control of the hardware the BIOS doesn’t effect much AFAIK.
I’m not very familiar with it but I’ve not heard much about even AM4 boards being supported. I think of Coreboot (or it’s completely binary blob free fork LibreBoot) and I think of either Purism or System76 and in both cases for their laptops.
===
This kind of thing (the “main” operating system is built atop a secret basement full of god knows what) isn’t restricted to x86 either. On a Raspberry Pi, Linux running on the ARM cores is a second class citizen to ThreadX running on the VideoCore processor.
Thank you laying all of this out. I keep hearing about these issues but how did we get here and why is this being a concern now or am I just learning about it?
My understanding of things like the IME is that its reason for being is mostly benign, it lets enterprise-level IT departments do things like boot computers from across the network and stuff like that. It has no real use to home customers on their private PCs, but it’s included on all systems to simplify engineering; it handles a lot of the early boot process. And it’s always running. The privacy enthusiasts out there who carry a copy of TAILS on their keychains just in case aren’t fond of the fact that there’s a proprietary OS with unrestricted access to memory and networking just sitting there with no way of auditing or monitoring what it was doing.
This has been a thing for AWHILE now, and the whole coreboot thing…Intel, board manufacturers etc. keep their data so locked up that it’s a challenge to build anything that works, so it’s a miracle we have things like Coreboot at all. They largely concentrate on laptops IIRC, and it’s rare to see full fat desktop motherboards that work with Coreboot.
My understanding is there are few desirable motherboards that support Coreboot.
Don’t like Intel Management Engine? or processors that shit themselves? go AMD.
AMD has the Platform Security Processor. While it supposedly doesn’t have network access, it’s still a block box with full access to all memory.
As far as I know it’s also less documented. People have dug really deep into Intel ME that they even found a bit that disables most of the ME.
On the other hand AMD is planning to use coreboot compatible open firmware in the next EPYC generation. Knowing AMD, it will eventually come to the consumer market too. (We’ll see if it will be available before Red Hat drops x11)
Also there was a phoronix article recently that Intel is too messing around with Coreboot on Xeon.
i think amd said plan bring open source agesa to consumer after epyc.
What would be an example of a desirable mobo and what is the benefit of the coreboot?
Any am4 options?
By “desirable motherboard” in this context I mean a standard ATX (or standard size variants) motherboard with a currently supported socket and chipset commonly available on the consumer market. To run Intel 13th or 14th gen, or Ryzen 7000 or 9000. I don’t know if you can just buy an MSI or Asrock etc. board and expect to run Coreboot on them.
What’s the advantage of coreboot? Soothes paranoia mainly. Both Intel and AMD platforms have little black boxes in them that run a separate little OS beneath Windows or Linux that has Ring 0 or similar low-level access to the hardware and could theoretically man in the middle anything done on the machine. Intel’s is MINIX based, it’s called the Intel Management Engine, and it genuinely is a little bit bile inducing reading what it has access to. AMD does have a simlar technology.
In terms of performance, system stability etc? Very little. Once the kernel is loaded and in control of the hardware the BIOS doesn’t effect much AFAIK.
I’m not very familiar with it but I’ve not heard much about even AM4 boards being supported. I think of Coreboot (or it’s completely binary blob free fork LibreBoot) and I think of either Purism or System76 and in both cases for their laptops.
===
This kind of thing (the “main” operating system is built atop a secret basement full of god knows what) isn’t restricted to x86 either. On a Raspberry Pi, Linux running on the ARM cores is a second class citizen to ThreadX running on the VideoCore processor.
Thank you laying all of this out. I keep hearing about these issues but how did we get here and why is this being a concern now or am I just learning about it?
My understanding of things like the IME is that its reason for being is mostly benign, it lets enterprise-level IT departments do things like boot computers from across the network and stuff like that. It has no real use to home customers on their private PCs, but it’s included on all systems to simplify engineering; it handles a lot of the early boot process. And it’s always running. The privacy enthusiasts out there who carry a copy of TAILS on their keychains just in case aren’t fond of the fact that there’s a proprietary OS with unrestricted access to memory and networking just sitting there with no way of auditing or monitoring what it was doing.
This has been a thing for AWHILE now, and the whole coreboot thing…Intel, board manufacturers etc. keep their data so locked up that it’s a challenge to build anything that works, so it’s a miracle we have things like Coreboot at all. They largely concentrate on laptops IIRC, and it’s rare to see full fat desktop motherboards that work with Coreboot.
Main user base linux thinkpad enjoyer?
afaik it’s just the msi pro -a z690/z790 boards