Open Source Bios - Is it worth it ?

>>61270878
What do you want to get out of it?

>>61270878

if your machine supports libreboot (big if) then the only downside to using it over coreboot is that it might be an older version and might require some manual work arounds

otherwise libreboot is literally just coreboot deblobbed with some independent fixes but mostly focuses on making the install process painless

>trannyboot

What if freedom wasn't a concern? Will there still be a benefit to flashing it?

>>61271146
I just want to become a 1337 h@x0®.

>>61271191

>chosing your functional, non-political technology based on the producers irrelevant individual persuasion

>>61270878
>libreboot
not sure if i'd rather run bios coded by a tranny with serious issues and causing drama every week or the stock chink bios on my thinkpad

>>61270878
LibreBoot only applies to certain thinkpads with core duo or less.
You may not have a choice

>>61270878
>risking to brick your device for freedom
Not worth imo

>>61271473
>irrelevant individual persuasion

It would be irrelevant if the freak didn't go out of its way to ram the shit down everyone's throat.

>REEEEEEE STALLMAN ISN'T RESPECTING THE FREEDOM OF XIR. I KNOSSOS WHAT XIR WILL DO, XIR WILL GO ON AN AUTISIC RANT THAT ALIENATES EVERYONE

>>61272555
If you have the tools to flash libreboot you have the tools to restore the original bios

>>61272649
Wrong, you can flash it from the OS on some laptops

>>61272657
If you're autistic enough to have an x60, then you have a BBB or a Rpi

>>61272683
shit, you're right

>>61272683
Or even just a $2 ch341a flasher from China.

>>61271445
Full full disk encryption, if you flash the grub payload you don't need an unencrypted /boot on your disk. Faster boot times too.

>>61272715
>>61271445
It'll allow you to install non-whitelisted but supported devices if your machine has such a thing.

File: 1490248736880.jpg (57KB, 798x777px) Image search: [Google]

57KB, 798x777px

A-M-DDEEEEEE

>>61272706
>flashing with a Chinese botnet

I seriously hope you don't do this.

>>61272730
AMD has its own version of AMT/ME.

Do you have a Thinkpad X200, T60, T400 or such? With an Intel GPU?

If so, Libreboot.
If not, Coreboot.

>>61272732
You can re-flash it from software after installation since it removes the write-protection.

>>61271445

then use coreboot, libreboot is literally coreboot but with no nonfree blobs and no microcode, changes that come to libreboot first eventually make it to coreboot (or sometimes libreboot changes make it to coreboot first while the libre changes require additional developer time, especially in the case where libreboot devs pay to port boards to coreboot/libreboot)

this shouldn't be that difficult to grasp

>>61272533

work is being done to try and make some more recent thinkpads libreboot compatible but at always projects like libreboot (and/or gnu) do not compromise at all so they may not ever be fully endorsed by libreboot

if you want to do this on your own machine you can run me_cleaner for a 99% free machine with only a *tiny* portion of intel's management engine remaining, purism are selling laptops with this ran at a huge markup - me_cleaner isn't quite within the gnu (or by extension libreboot) guidelines but for 99% of people that might consider using libreboot it's good enough

>>61272641
>It would be irrelevant if the freak didn't go out of its way to ram the shit down everyone's throat.

and this had any impact on you using libreboot/coreboot how exactly?

>>61272555

if you're flashing from within libreboot/coreboot or flashing on the laptops that support flashing libreboot/coreboot in software from stock bios then you risk soft booting but in 100% of cases you can flash externally using bbb/rpi/literally any linux based spi flasher and """recover""" the machine to a working state (if you don't back up the stock bios you lose it for good, they're tied to the hardware in some way)

>>61272729

yeah but most laptops have a stock bios for this, it shouldn't be considered a selling point

File: 1493450646238.jpg (391KB, 1014x1024px) Image search: [Google]

391KB, 1014x1024px

>>61272737
THAT'S WHY I POSTED THE PREVIOUS PICTURE TO SHOW MY ANGER
HERE IS ANOTHER PICTURE

THEY SHOULD OPEN IT SINCE THEY'RE RELEASING ACTUAL ENTERPRISE CPUS ANYWAY
REGULAR CUSTOMERS DON'T NEED IT

>>61272743
As of last year, the dedicated GPU laptops are compatible. Libreboot just disables the dedicated GPU and uses integrated.

>hardware remote management features in consumer hardware
>encrypted firmware that you can't replace
really makes you wonder

>>61272928
I'm sure Intel and AMD spent millions of dollars developing and installing their remote management tools just because it was a fun thing to do. Nothing to see, go back to sleep.

>>61270878
If you can, but good luck finding hardware that it supports.

>>61273132
>I'm sure Intel and AMD spent millions of dollars developing and installing their remote management tools just because it was a fun thing to do.

it was a business/server orientated feature from the start to further provide the ability to remotely automate common tasks outside of the operating system (changing bios features/flashing bios firmware) as well as to provide some slightly tangible security benefits (secureboot precursor/tpm stuff) that eventually saw some use in marking it as a premium feature to mobile (read: laptop/tablet) users who you know, might want to remotely shut down/lock out their pc when it's stolen, but nice strawman, nobody is implying they developed it for fun or with no inherent use case

>>61273250
Such use cases aren't used by the vast majority of people who buy computers. There's no reason for them to include this malware in all their processors, especially when they refuse to allow users to disable it.

>>61270878
There is no reason not to use libreboot.
It is more secure then the regular bios.
It is faster than the regular bios.
I have yet to have problems with it.
It allows you to install with /boot/ encrypted.
It allows you to require any kernel to be GPG signed.
Its free as in freedumbs.

>>61273314
How to install libreboot on T400, I have raspberry pi if it is needed for flashing

>>61273313
>There's no reason for them to include this malware in all their processors

I agree

>especially when they refuse to allow users to disable it.

to be fair, the way to 'disable' it is to not buy a computer/laptop/motherboard chipset with the vpro or other amt interfaces, that way every chip is still going to have the management engine but it should be isolated from the os in a meaningful way - the recent exploit was with the management engine interface after all

>>61273428
There's no effective way to disable it besides Libreboot and the recent work around. After a decade of widespread use, Intel finally admitted this year that ME is vulnerable to hackers. Of course, there's really no way to fix the vulnerability from Intel's side because even it doesn't have the source code for all of ME.

>>61273314
>It is more secure then the regular bios.
How so?

>It is faster than the regular bios.
Boot times never bothered me.


>It allows you to install with /boot/ encrypted.
That's pretty nice but usually it's everything else except boot that needs encrypted and Grub already allows that right?

>It allows you to require any kernel to be GPG signed
If you're going to put some kernel piece in your OS then you should already know exactly what and from where you are putting it. Signatures are pointless here.

>>61273390
https://libreboot.org/docs/install/t400_external.html

You can do it through software on some thinkpads but the t400 needs external flashing with a beagel bone black allthough I think a rassbery pi would work aswell.

>>61273456

Doesn't ME need OS support to access the HDD? And even if they can access it without it, how are they going to get the data out of there? They still need support from the OS.

>>61273531
>How so?
You know what is in it because you can look at the source code. Old thinkpad bios hasn't been audited for a while and probally has backdoors in it anyway.

>Boot times never bothered me.
Me neither. I just listed that because some people like a 2 second boot up.

>That's pretty nice but usually it's everything else except boot that needs encrypted and Grub already allows that right?
It allows you to install with everything on your hard drive encrytped. Grub.cfg is stored on the flash chip.

>If you're going to put some kernel piece in your OS then you should already know exactly what and from where you are putting it. Signatures are pointless here.
I think its more so that attackers couldn't boot live USB's and mess with you.

>>61273562
ME has direct memory access and network access. It can rip out your encryption keys and send them to an attacker without you ever knowing. It can also turn your computer on and copy your entire hard drive without you lifting a finger.

It was designed as a way to keep corporate employees in check and it's turned into a gaping security hole.

>>61273565
>probally has backdoors in it anyway.

But it would still need OS support to do anything meaningful.

>I think its more so that attackers couldn't boot live USB's and mess with you.

So it assumes someone has physical access to your PC. I see, most people worry only about remote access.

>>61273590
How does it connect to my router?
Intel introduced the new EAS instruction, that way they can know when someone is encrypted something, ofc you could just compile your encryption software without using the EAS instruction (how we've been doing until now), that way your encryption won't stand out like a soar thumb.