Frequently Asked Questions about the libreboot project Over time, there have been many questions asked about libreboot. In the past, these updates were handled by the operating system kernel, but on all recent systems it is the boot firmware that must perform this task. sending malformed USB descriptors, which is how the tyrant DRM on the Playstation 3 was broken, so that users could run their own operating system and run unsigned code). Note that systems assembled from separately purchased mainboard and CPU parts are unaffected, since the vendor of the mainboard (on which the boot firmware is stored) can't possibly affect the

Some proof of concepts have been demonstrated. The librem does have coreboot support, but it's pretty meaningless (it's shimboot, which means that coreboot is just incorporating blobs. If you have an Intel based system affected by the problems described below, then you should get rid of it as soon as possible. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine.

Given the current state of Intel hardware with the Management Engine, it is our opinion that all performant x86 hardware newer than the AMD Family 15h CPUs (on AMD's side) or libreboot, coreboot) impossible on some boards. Early anecdotal reports indicate that AMD's boot guard counterpart will be used on most OEM hardware, disabled only on so-called "enthusiast" CPUs. Any Intel system that has the proprietary FSP blob cannot be trusted at all.

You can also right-click the Catalyst icon in your system tray and select Catalyst Control Center or perform a Start menu (or Start screen) search for Catalyst Control Center. A USB NIC can also be used, which does not have DMA. Intel doesn't provide anywhere near as many options in its graphics control panel, but you can still tweak some common settings. How To Change Graphics Card Settings Windows 7 All current libreboot systems work without microcode updates (otherwise, they wouldn't be supported in libreboot).

In 2014, they stopped releasing source code and started releasing AGESA as binary blobs instead. Select The Preferred Graphics Processor For This Program Missing Back to top of page Will the Purism Librem laptops be supported? #librem Probably not. Moving forward, Intel hardware is a non-option unless a radical change happens within Intel.

Alternatively, you can use kernel version 4.2 or older, if you wish to use libreboot 20150518 or earlier.

To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to This doesn't affect libreboot at the moment, because all current systems that are supported only have older versions of USB available. On debian systems, a workaround is to restart the networking service when you connect the ethernet cable: sudo service network-manager restart On Parabola, you can try: sudo systemctl restart network-manager Back to top of page How do I program an SPI flash chip with the Raspberry Pi? #rpi See ../docs/install/rpi_setup.html.

The following guides (which also cover full disk encryption, including the /boot/ directory) show how to set a boot password in GRUB: ../docs/gnulinux/encrypted_debian.html and ../docs/gnulinux/encrypted_parabola.html Back to top of page This is the same technology used in mobile phones, for remote network access (e.g. Back to top of page Hi, I have , is it supported? #randomhardware Most likely not. Wifi is a different technology, and entirely unrelated.

Do I need to re-flash when I re-install a new distribution? You should not use Windows, because it is non-free and therefore bad for freedom. Since the FSP is responsible for the early hardware initialization, that means it also handles SMM (System Management Mode).

Intel has been shown to be extremely uncooperative in general. A common issue with desktop hardware is the Video BIOS, when no onboard video is present, since every video card has a different Video BIOS. That makes it software.

Intel distributes this blob to firmware developers, without source.

CPUs are extremely complex, and difficult to get right, so the circuitry is designed in a very generic way, where only basic instructions are handled in hardware. Documentation is in the git repository. The PSP is an ARM core with TrustZone technology, built onto the main CPU die.

Even Google, which sells millions of chromebooks (coreboot preinstalled) have been unable to persuade them. The attack surface becomes much smaller, but a malicious drive could still attempt a "fuzzing" attack (e.g. See Back to top of page What about ARM? #arm Libreboot has support for some ARM based laptops, using the Rockchip RK3288 SoC.

They might provide limited information (datasheets) under strict corporate NDA (non-disclosure agreement), but even that is not guaranteed. However, you're not limited to the options built into games -- the graphics control panels bundled with graphics drivers allow you to tweak options from outside PC games. The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. See .../docs/gnulinux/grub_boot_installer.html Back to top of page Do I need to re-flash when I re-install a distribution? #reinstallos Not anymore.

This means that you do not have to install a boot loader on the HDD or SSD, when installing a new distribution. Check the suppliers page for more information. Back to top of page The source code for this page is available from a git repository. Due to the signature verification, developing free replacement firmware for the ME is basically impossible.

