This page serves as historical reference for Purism’s actions to bring coreboot support to its line of products. If you are looking for a general introduction to coreboot, or downloads and instructions for using coreboot on Purism Librem devices, see our coreboot page.

Prologue

“A beginning
is a very delicate time.”

In the summer of 2014, a few months prior to the launch of Purism, Todd Weaver posted to the coreboot mailing list for input on possible hardware choices to run a fully freed coreboot on, and to offer contract work to the coreboot community. Various coreboot contributors pointed out that there were no great hardware choices out there to meet these requirements. Near the end of 2014, Purism was formed, and the Purism team decided to go with an Intel platform with the “least nasty” long-term CPU choice, including the long-term goal to free the binaries according to Purism’s freedom roadmap. Purism determined that the binaries can technically be freed, and that the Management Engine (ME) is not needed to operate a Librem 13 properly (through testing within the 30 minute shutdown limit). Stefan Reinauer mentioned that if the Management Engine is not needed for system operation, it could possibly be “disabled”, avoiding the cryptographic signature verification issue altogether.

Initial Negotiations and Development Work

Purism began discussions with Intel regarding the creation of a “ME-less” CPU design as a backup plan to freeing the binary. Purism CEO Todd Weaver also met with Stefan Reinauer, Ron Minnich, David Hendricks to discuss the best approach to move forward.

In the middle of 2015, Purism then brought on a coreboot developer requesting to remain anonymous, working under the pseudonym “Larry Moberg”. Anonymous Larry began testing coreboot and publish his findings regularly on the coreboot and Purism blogs. After three months of progress, anonymous Larry disappeared (stopped working and ended any communication with Purism or the public).

Todd Weaver met again with various coreboot contributors (including Stefan Reinauer, Ron Minnich, David Hendricks, and a few others), handing them four Purism Librem 13 units to help continue the porting efforts. Using this donated hardware, Duncan Laurie made an initial port of the Librem 13 v1 to coreboot. Purism was notified that the essentials of the port were done and that Purism should test, finalize and package it as a product (note: there is a big difference between “It should work” and “It has been tested, bugfixed, packaged and shipped as a product).

Priorities and Resources Constraints

Throughout 2016, Purism focused on three key actions in parallel:

  • Prioritize on building and shipping products to customers, with a heavy focus on managing challenges in the supply chain and satisfying customers, in order to gain leverage (see also our Business Challenges page)
  • Running a ME-less CPU design petition to provide to Intel, to show the demand for ME-less CPUs
  • Find a talented, reliable and independent coreboot developer who can take on the task of finishing the Librem 13 v1 coreboot port and doing the port for other models.

At the end of 2016, Purism hired Youness Alaoui to pick up from where Duncan left off, and run the last mile: finish and test the coreboot port, build a preconfigured ROM, write documentation and findings about the whole process, write instructions on how to configure/build/flash it, and create the entire package required for easy one-click distribution to users. The porting and testing work was completed in February 2017 for the Librem 13 v1.

Furthermore, Purism tested and demonstrated the Librem 13 v1 running coreboot with a neutralized Intel Management Engine binary.

Current Work and Future Plans

Our coreboot port is already factory-preloaded with all laptops shipping in 2017 (such as the Librem 13 v2 and Librem 15 v3). We are continuing work on these fronts as well:

  1. Finish testing, packaging and officially release coreboot for the previous models Librem 13 “v1”
  2. Backport to the previous model Librem 15 “v1″/”v2”
  3. Finish reverse engineering work towards freeing the remainder of the Intel ME binaries
  4. Continue to push Intel for a ME-less design, or consider alternative architectures (such as RISC-V, i.MX6, etc.) as potential solutions.

You can follow the progress in the firmware & BIOS category of our blog.


Liked what you read here? Check out the rest of our materials in our “Why Purism?” section.