2019-01-31 17:01:50 +01:00
|
|
|
|
# Distributions
|
|
|
|
|
|
|
|
|
|
coreboot doesn't provide binaries but provides a toolbox that others can use
|
|
|
|
|
to build boot firmware for all kinds of purposes. These third-parties can be
|
|
|
|
|
broadly separated in two groups: Those shipping coreboot on their hardware,
|
|
|
|
|
and those providing after-market firmware to extend the usefulness of devices.
|
|
|
|
|
|
2019-02-05 23:39:43 +01:00
|
|
|
|
|
|
|
|
|
## Hardware shipping with coreboot
|
2019-01-31 17:01:50 +01:00
|
|
|
|
|
2023-10-12 14:08:30 +02:00
|
|
|
|
### Nitrokey
|
|
|
|
|
|
|
|
|
|
[Nitrokey](https://nitrokey.com) is a german IT security hardware vendor which
|
|
|
|
|
offers a range of laptops, PCs, HSMs, and networking devices with coreboot and
|
|
|
|
|
[Dasharo](https://dasharo.com/). The devices come with neutralized Intel
|
|
|
|
|
Management Engine (ME) and with pre-installed [Heads](http://osresearch.net) or
|
|
|
|
|
EDK2 payload providing measured boot and verified boot protection. For
|
|
|
|
|
additional security the systems can be physically sealed and pictures of those
|
|
|
|
|
sealings are sent via encrypted email.
|
|
|
|
|
|
2022-04-06 09:55:35 +02:00
|
|
|
|
### NovaCustom laptops
|
|
|
|
|
|
|
|
|
|
[NovaCustom](https://configurelaptop.eu/) sells configurable laptops with
|
|
|
|
|
[Dasharo](https://dasharo.com/) coreboot based firmware on board, maintained by
|
|
|
|
|
[3mdeb](https://3mdeb.com/). NovaCustom offers full GNU/Linux and Microsoft
|
|
|
|
|
Windows compatibility. NovaCustom ensures security updates via fwupd for 5 years
|
|
|
|
|
and the firmware is equipped with important security features such as measured
|
|
|
|
|
boot, verified boot, TPM integration and UEFI Secure Boot.
|
|
|
|
|
|
2019-02-05 23:39:43 +01:00
|
|
|
|
### ChromeOS Devices
|
|
|
|
|
|
2019-02-07 06:40:45 +01:00
|
|
|
|
All ChromeOS devices ([Chromebooks](https://chromebookdb.com/), Chromeboxes,
|
|
|
|
|
Chromebit, etc) released from 2012 onward use coreboot for their main system
|
|
|
|
|
firmware. Additionally, starting with the 2013 Chromebook Pixel, the firmware
|
2021-05-13 11:58:16 +02:00
|
|
|
|
running on the Embedded Controller (EC) – a small microcontroller which provides
|
|
|
|
|
functions like battery management, keyboard support, and sensor interfacing –
|
2019-02-07 06:40:45 +01:00
|
|
|
|
is open source as well.
|
2019-01-31 17:01:50 +01:00
|
|
|
|
|
2019-02-06 22:04:19 +01:00
|
|
|
|
### PC Engines APUs
|
|
|
|
|
|
|
|
|
|
[PC Engines](https://pcengines.ch) designs and sells embedded PC hardware that
|
|
|
|
|
ships with coreboot and support upstream maintenance for the devices through a
|
|
|
|
|
third party, [3mdeb](https://3mdeb.com). They provide current and tested
|
|
|
|
|
firmware binaries on [GitHub](https://pcengines.github.io).
|
|
|
|
|
|
2021-07-05 17:03:15 +02:00
|
|
|
|
### Star Labs
|
|
|
|
|
|
|
|
|
|
[Star Labs](https://starlabs.systems/) offers a range of laptops designed and
|
|
|
|
|
built specifically for Linux that are available with coreboot firmware. They
|
2022-07-13 11:11:44 +02:00
|
|
|
|
use edk2 as the payload and include an NVRAM option to disable the Intel
|
|
|
|
|
Management Engine.
|
2021-07-05 17:03:15 +02:00
|
|
|
|
|
2021-05-13 12:08:34 +02:00
|
|
|
|
### System76
|
|
|
|
|
|
|
|
|
|
[System76](https://system76.com/) manufactures Linux laptops, desktops, and
|
|
|
|
|
servers. Some models are sold with [System76 Open
|
|
|
|
|
Firmware](https://github.com/system76/firmware-open), an open source
|
2022-07-13 11:11:44 +02:00
|
|
|
|
distribution of coreboot, edk2, and System76 firmware applications.
|
2021-05-13 12:08:34 +02:00
|
|
|
|
|
2021-05-13 12:05:10 +02:00
|
|
|
|
### Purism
|
|
|
|
|
|
|
|
|
|
[Purism](https://www.puri.sm) sells laptops with a focus on user privacy and
|
|
|
|
|
security; part of that effort is to minimize the amount of proprietary and/or
|
|
|
|
|
binary code. Their laptops ship with a blob-free OS and coreboot firmware
|
|
|
|
|
with a neutralized Intel Management Engine (ME) and SeaBIOS as the payload.
|
|
|
|
|
|
2019-01-31 17:01:50 +01:00
|
|
|
|
## After-market firmware
|
|
|
|
|
|
|
|
|
|
### Libreboot
|
|
|
|
|
|
2019-02-05 23:39:43 +01:00
|
|
|
|
[Libreboot](https://libreboot.org) is a downstream coreboot distribution that
|
|
|
|
|
provides ready-made firmware images for supported devices: those which can be
|
|
|
|
|
built entirely from source code. Their copy of the coreboot repository is
|
|
|
|
|
therefore stripped of all devices that require binary components to boot.
|
2019-01-31 17:01:50 +01:00
|
|
|
|
|
2022-04-06 10:32:03 +02:00
|
|
|
|
|
|
|
|
|
### Dasharo
|
|
|
|
|
|
|
|
|
|
[Dasharo](https://dasharo.com/) is an open-source based firmware distribution
|
|
|
|
|
focusing on clean and simple code, long-term maintenance, transparent
|
|
|
|
|
validation, privacy-respecting implementation, liberty for the owners, and
|
|
|
|
|
trustworthiness for all.
|
|
|
|
|
|
2022-12-16 09:05:27 +01:00
|
|
|
|
Contributions are welcome,
|
|
|
|
|
[this document](https://docs.dasharo.com/ways-you-can-help-us/).
|
2022-04-06 10:32:03 +02:00
|
|
|
|
|
2019-02-05 23:39:43 +01:00
|
|
|
|
### MrChromebox
|
2019-01-31 17:01:50 +01:00
|
|
|
|
|
2019-02-05 23:39:43 +01:00
|
|
|
|
[MrChromebox](https://mrchromebox.tech/) provides upstream coreboot firmware
|
|
|
|
|
images for the vast majority of x86-based Chromebooks and Chromeboxes, using
|
2022-07-13 11:11:44 +02:00
|
|
|
|
edk2 as the payload to provide a modern UEFI bootloader. Why replace
|
2019-02-05 23:39:43 +01:00
|
|
|
|
coreboot with coreboot? Mr Chromebox's images are built using upstream
|
|
|
|
|
coreboot (vs Google's older, static tree/branch), include many features and
|
|
|
|
|
fixes not found in the stock firmware, and offer much broader OS compatibility
|
|
|
|
|
(i.e., they run Windows as well as Linux). They also offer updated CPU
|
|
|
|
|
microcode, as well as firmware updates for the device's embedded controller
|
|
|
|
|
(EC). This firmware "takes the training wheels off" your ChromeOS device :)
|
2019-01-31 17:01:50 +01:00
|
|
|
|
|
2019-02-06 17:16:36 +01:00
|
|
|
|
### Heads
|
|
|
|
|
|
|
|
|
|
[Heads](http://osresearch.net) is an open source custom firmware and OS
|
|
|
|
|
configuration for laptops and servers that aims to provide slightly better
|
|
|
|
|
physical security and protection for data on the system. Unlike
|
|
|
|
|
[Tails](https://tails.boum.org/), which aims to be a stateless OS that leaves
|
|
|
|
|
no trace on the computer of its presence, Heads is intended for the case where
|
|
|
|
|
you need to store data and state on the computer.
|
|
|
|
|
|
|
|
|
|
Heads is not just another Linux distribution – it combines physical hardening
|
|
|
|
|
of specific hardware platforms and flash security features with custom coreboot
|
|
|
|
|
firmware and a Linux boot loader in ROM.
|
2019-02-18 11:36:26 +01:00
|
|
|
|
|
|
|
|
|
### Skulls
|
|
|
|
|
|
|
|
|
|
[Skulls](https://github.com/merge/skulls) provides firmware images for
|
|
|
|
|
laptops like the Lenovo Thinkpad X230. It uses upstream coreboot, an easy
|
|
|
|
|
to use payload like SeaBIOS and Intel's latest microcode update.
|
|
|
|
|
|
|
|
|
|
It simplifies installation and includes compact documentation. Skulls also
|
|
|
|
|
enables easy switching to [Heads](#heads) and back.
|