What are the pro and cons of Librebooting your BIOS?
>>55498303
I would also like to know
>>55498303
Pro: no botnet
Con: a few hours of research/work
Pro is freedom. Look up the latest eufi security issues on lenovo (and others) thanks to them coping the eufi code from Intel without updating it.
>>55498449
It's not just Lenovo, HP and Gigabyte are affected too.
>>55498429
what was the original pic on the right? I'd really like to know what guys actually want
>>55498487
miranda kerr i think
>>55498446
so aside from the work, there are no significant hardware incompatibilities or issues with modifying BIOS.
>>55498479
Yeah, you gotta protect those chinese cartoons from getting remotely wiped out
>>55498303
Pro: freedom
con: works on limited hardware
>>55499057
This. It wont work almost any hardware.
Can't use any processor made after 2008. So that leaves you with celron and Pentium processors
>>55498487
Bacon.
>>55498479
>(and others)
>>>/v/
>>55499174
Stop slandering Lenovo.
>>55498303
Con:
require a very specific hardware to work (in some cases)
hard to install (in some cases (the x60 can be instated with software only, but for the X200 you need a external flasher))
Compatibility is not 100% depending in your hardware/software choices
Pro:
Freedom
nonbotnet
no wifi card whitelist (on notebooks)
Libreboot is more flexible over the original BIOS
Con:
Need correct hardware and time to understand what you are doing
Possibility of damaging your hardware if not properly handling the procedure
The Libreboot project will stagnate as new hardware on X86 is incompatible with it
Pro:
Most importantly, a freed BIOS with blobs disabled
Faster boot time
Removal of hardware whitelists if applicable
encrypted boot
>>55499135
>celron and Pentium
well, there are some C2D systems supported I think
>>55498303
you're trading one specific set of hardware and software for another (apple/apple or thinkpad + gnu/linux)
stupid question:
Is it still possible to dual boot GNU/Linux systems with Libreboot?
>>55500340
Windows+(gnu/linux) will not work, but 2 GNU/Linux install on a same system will probably work
Is coreboot as good? I might do it to my x220. I heard it's technically proprietary as it's nearly impossible to libreboot systems past 2008-2009
>>55500412
>Windows+(gnu/linux) will not work
that's by design obviously, no clue why anyone would want Windows after installing Libreboot
>but 2 GNU/Linux install on a same system will probably work
I'm almost sure it will too. Will write up a guide once I figure out how to configure the built in GRUB for 2 OSes
>>55500436
>I heard it's technically proprietary as it's nearly impossible to libreboot systems past 2008-2009
that's correct
based on that fact, imo coreboot misses the point and is not worth the trouble
Also, it's more difficult to install than Libreboot
>>55498303
Libreboot halved the boot time on my x200. The lenovo BIOS took a long time to load, libreboot puts the GRand Universal Bootloader right on the BIOS chip.
Libreboot removes backdoors in Intel chips newer than 2009(AMD newer than 2013). The main reason to install it is to have a completely libre computer, because you can know every single line of code that executes on it.
>>55498449
My boss says "eufi" as well.
It is "Unified Extensible Firmware Interface".
>>55500447
It should pull any grub.cfg you write just fine.
>>55500493
>Libreboot removes backdoors in Intel chips newer than 2009(AMD newer than 2013)
pretty sure everything after 2008 is not supported
>>55500531
I assumed so. Just wondering if someone has done it
>>55500549
Yes, but for example, the Core 2 Duo in the x200 comes with Intel ME, which Libreboot removes.
>>55500493
Doesn't Libreboot remove the ability to access bios settings though? How do I turn on shit like waking on charger plug and fn/ctrl swap?
>>55500570
Certain C2D series had an option to disable Intel ME. Later than that you have no option to, IIRC.
>>55500549
I think he meant "older", not "newer"
>>55500617
yeah
>>55500605
>How do I turn on shit like waking on charger plug and fn/ctrl swap?
chances are you are not going to care about the extra bios features if you're installing libreboot
Also, those things can be done in a good OS so there is no need to do them at the BIOS level
>>55500658
Tell me how wake on charger plug can be done within the OS?
I'm talking turning on the machine
a script based on ACPI events? never done it but this doesn't seem too hard on GNU/Linux
>>55500814
forgot to quote
>>55500685
would anyone be interested in a long picture filled novice-oriented guide for hardware flashing the X200?
>>55500332
Yup, i got one
>>55500924
yea, kinda
>>55498303
FREE AS IN FREEDOM MOTHERFUCKER
>>55500814
But the OS isn't even active when the machine is powered down. How can it run such a script to detect when the charger is plugged in like the BIOS chip can?
>>55501092
the same way your computer knows to wake from suspend on a button press
plugging in AC is an event just like a button press
>>55501115
But it's not from suspend, it's from fully powered down, full shutdown, that's not an OS running state
>>55501172
oh, you said waking so I assumed suspend
that would require a low level implementation that's probably not worth it
Libreboot is also pointless to install if you're going to use proprietary repos imo
It really is the final evolution of freedum
just a quick thought,/g/ being obsessed with freedom is really reminding me of gw and the patriots,you niggers are literally memeing mgs into reality
>>55501320
/g/ is mostly /v/ these days anyway
>>55501278
The freedom to not be able to turn on your laptop by plugging in the charger
You can change some BIOS settings using nvramtool in libreboot
>>55501362
It is all free software, so you can program that into the rom if you want. It would take a lot of time and effort though.
>>55501362
you're confusing freedom with freedum
also, I doubt a Thinkpad with support for that BIOS feature supports Libreboot in the first place
>>55500493
>Libreboot removes backdoors in Intel chips
This is interesting, how do you remove a hardware backdoor?
>>55501362
my laptop doesn't do this, why is this a big deal
if you're plugging it in, what's the extra effort of pressing a button as well?
>>55501362
Try adding it to a non libre laptop that doesn't support it. Beyond impossible.
With this, you could do it yourself if you wanted.
>>55501397
My understanding is that (at least on the x200), Intel ME required software in the BIOS to work, and libreboot removed that software. ME is basically lying dormant, because it can not be used without the proprietary BIOS.
>>55501472
Isn't the point of a hardware backdoor that it can't be alleviated through software?
>>55501483
How can you utilize the hardware backdoor without software?
It's not a direct hardwire from your laptop to Intel HQ. It has to communicate the info by using routines in the BIOS. With that gone, the backdoor is unusable.
>>55498303
anyone have a link or atleast the name of those amd soc serverboards with coreboot or libreboot.
>>55501483
everything is controlled by software to some extent so it's a matter of modifying the computer at a low level to make it properly function without that software
Libreboot does this with ME for certain versions by removing it entirely from the flash memory space
Shittel noticed that this was possible and decided to sign their ME firmware after giving it the power of hardware initialization. Because newer versions of ME are signed by Intel it's impossible to have a workaround for Libreboot
>>55501506
>How can you utilize the hardware backdoor without software?
The microcode in the actual hardware processor, right? Isn't that the point of the ME? That when your software gets fucked, you can still do damage control?
If there's microcode in the hardware to communicate with basic networking, it doesn't need any software to talk to "Intel HQ."
>It has to communicate the info by using routines in the BIOS
I thought BIOS basically just did some basic tests and loaded shit into memory for booting an OS.
>>55501545
Oh okay, that makes sense.
>>55501552
>I thought BIOS basically just did some basic tests and loaded shit into memory for booting an OS.
Shit into memory such as ME
If the microcode communicates with the Management Engine but with no means to do so since the functionality is nixed from BIOS, then it effectively does fuck all
>>55501545
in short, on newer versions of ME, if the ME boot ROM doesn't detect firmware on the SPI mem with a valid intel signature it tells the computer to shut down
I'm not exactly sure what makes it hopeless to have a workaround for this situation but I am pretty sure that it has to do with the difficulty of reverse engineering a free replacement
If someone could clarify why Libreboot can't work on newer ME versions please clarify
>>55501610
Because as you said yourself, it looks for an Intel-signed package in SPI flash and if it doesn't find it, the machine is power cycled. Since the Libreboot project, and no one else besides Intel for that matter, has access to the private keys, no one can sign anything that could be flashed. Libreboot is dead.
>>55498487
AMD drivers.
>>55501722
but what technical detail prevents libreboot from writing a complete free replacement to the Intel ME? Why can't you just overwrite anything written by Intel into the machine and start from scratch? Is it just too great of a labor effort?
forgive my technical ignorance
>>55498779
There are quite a few downfalls for librebooting. Why don't you look them up like someone that doesn't need to be spoonfed by people on the internet.
>>55501985
Signature, even if they are able to write a fully free replacement to all components, they need to get the same key from Intel to be able to make the processor accept the replacement software. Intel will probably never release this key.
>>55501362
Libreboot focuses in being a free BIOs replacement but also being simple. It's only start the devices them load grub. it is possible to add these option on Libreboot yourself (probably using the base libreboot + SeaBios), but right now it is not its focus (they are trying to fix bugs and find more hardware).
>>55498779
>>55502620
Man, there are some. depends on the board, the exact chipset used... try it on hardware that others already tried or prepare for many butthurt and broken boards.
I need to build a USB debug adapter "USB EHCI debug dongle", cause my laptop isnt hacked yet. chipset unsupported and no similiar configs. Im on my own.
BUT, I wont have a whitelist for wificards ;)
>>55500605
>>55500658
You have full controll of the system with libreboot, swap scancodes or whatever? either do it in OS or write your own code. probably someone already did that
For the X200: https://www.coreboot.org/pipermail/coreboot/2015-August/080281.html
So either coreboot/libreboot and you are probably a arch or gentoo user.
Pro: removes a potential avenue of attack
Con: is itself a potential avenue of attack, barring code-review
>>55506969
All software is a potential point of attack.
