Blob Matrix

From coreboot
Jump to navigation Jump to search

The wiki is being retired!

Documentation is now handled by the same processes we use for code: Add something to the Documentation/ directory in the coreboot repo, and it will be rendered to Contributions welcome!


This the the Blob Matrix. What is the Blob Matrix? It is a table in which we define, for different systems, what blobs there are. The goal is to have a common reference of types of blobs. Until we're sure we have the right list we don't need the matrix yet.

Consider, for example, the Google Pixel laptop. We can identify the following CPUs that affect coreboot or that it uses: EC, ME, main CPU.

For this example, we have the following blobs: ME, blob from Intel (replaceable, signed); main CPU: microcode (not practically replaceable), MRC (not practically replaceable), VGA BIOS (replaceable, proof of concept in repo).

Here is another system, the Snow Chromebook. It has an EC and a main CPU. The blobs are main CPU: BL0 (not replaceable), and BL1 (replaceable, signed).

My old x60, with coreboot on it: EC: EC OS (not replaceable); main CPU: microcode, BIOS, VGA BIOS

Let's consider the first coreboot systems, the l440gx, PowerPC, and Alpha

The l440GX had no CPUs save the main CPU, and all of linuxbios was open. There was no ACPI or SMM.

The PowerPC was, similarly, blob free.

We think the Alpha had an EC, which was closed and had a blob; it was otherwise blob free.

Blob Matrix

Mainboard Chipset Blobs Notes
EC ME / Signed & Type Mask ROM Reset vector / Signed? Microcode VGA SMM ACPI Runtime
Google Pixel Sandybridge FLOSS

{{#ifeq: high | high

Yes / Yes; Unknown medium-high Yes / Yes; Unknown medium Yes / Yes; Unknown Yes / Yes; Unknown

}} }} }}

No No Yes Yes No No No
Intel Galileo Quark No EC No ME Yes Yes<ref name="Galileo-signatures">We make a key, Intel signs the key, we use the signing tool to sign our binary.
The signing utility is part of the BSP on

The Customer is required to provide a public RSA key that is derived from a Private key that conforms to the following:

  • Each RSA keypair shall be 2048 bits in length.
  • Each RSA keypair shall be formatted as an ASN1 RSAPrivateKey DER certificate as defined in the RSA PKCS#1 document.

We expect to receive a .pem file that contains only the public components of the Customer RSA 2048 key. </ref>

Yes Yes Yes Yes Yes: EFI
  • x60
  • x60s
  • x60t
i945 Yes, probably inside the ec's flash. No ME None Yes <ref name="microcode">Intel microcode, some CPU do work without it, but they will be affected by the erratas fixed by the microcode. Note that selecting "Include CPU microcode in CBFS (Do not include microcode updates)" often still includes the microcode. The microcode is removed by </ref> Can be replaced<ref name="patches-remaining">Can be replaced in coreboot. Some remaining patches need to be merged.</ref> None None None