End Users

Getting started

coreboot is a replacement for your BIOS / UEFI with a strong focus on boot speed, security and flexibility. It is designed to boot your operating system as fast as possible without any compromise to security, with no back doors, and without any cruft from the 80s. It was originally designed for large super-computers with thousands of nodes, but it will run on your desktop, headless internet server, laptop, tablet or your favorite IoT device.

Why should I use coreboot?

In general because it leads to freedom on machines. Most firmware written today is completely closed source and the code bases are growing. Years ago a computer needed 100kb of compiled code in order to run the southbridge, now around 8mb of code are shipped in modern hardware.

Open Source

coreboot is built on the principles of Open Source Software. Many of the engineers working on coreboot have also worked on the Linux kernel. Instead of keeping improvements to one system a secret from all other vendors, in coreboot, these improvements are shared across the board, providing end users with a much better, much more stable firmware.

Flexibility

The primary flexibility that coreboot offers is through the use of different payloads. We support legacy OS boot through SeaBIOS, network boot with an integrated iPXE ROM, or the latest UEFI payload. Customized payloads can be created using the BSD licensed libpayload toolkit.

Also, with coreboot, you can do things like easily add your own boot splash screen in jpg format. You can boot so fast that there's not even time to show a splash screen. You can get a debug console showing your boot log over serial ports, USB, the SPI bus, or even using the PC speaker. Or you can boot quickly and just retrieve the entire boot log once your operating system is up and running.

Security

coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.

Safety

coreboot engineers have worked on many safety critical software projects. The architecture of coreboot is designed to have an unbrickable update process. Updating firmware should be no more dangerous than installing your favorite app on your mobile phone.

Performance

coreboot is designed to boot quickly. For desktops and laptop machines, it can frequently boot to the start of the operating system in under a second. For servers, it can cut minutes off of the boot time. Some vendors have demonstrated a decrease in boot time by more than 70% when compared to the OEM BIOS.

coreboot Distributions / Community Images

coreboot is a source-only distribution, and as such requires building an image from source for your specific board/device.

Alternatively, the coreboot community provides many binary distributions which are ready to flash on to your system:

• Canoeboot: an easy to use blob-free coreboot distribution based on Libreboot, provides GRUB/U-Boot/SeaBIOS payloads on supported x86/amd64 and ARM64 mainboards.
• Dasharo: open-source based firmware distribution focusing on clean and simple code, long-term maintenance, transparent validation, privacy-respecting implementation, liberty for the owners, and trustworthiness for all.
• Heads: a coreboot distribution with advanced security features using Linux as a payload.
• Libreboot: an easy to use free/opensource coreboot distribution with an emphasis on removing binary blobs while supporting much newer hardware, providing GRUB/SeaBIOS/U-Boot payloads on supported x86/amd64 and ARM64 mainboards.
• MrChromebox: custom coreboot firmware and utilities for your Chromebook/Chromebox.
• Skulls: easy to install, easy to use coreboot images for Thinkpad laptops.
• System76 Open Firmware: an open source distribution of firmware utilizing coreboot, EDK2, and System76 firmware applications.

How to get hardware with coreboot?

At the moment it's not so easy to get consumer hardware on the market. But there are vendors shipping coreboot right away with their hardware.

Consumer platforms

The easiest way to get coreboot is to purchase a system with coreboot pre-installed. You can get coreboot pre-installed on many systems out there.

• Google Chrome OS devices are the biggest deployment of devices which ship with coreboot. Additionally, the now-discontinued OnHub and Pixel C tablet run coreboot as well.
• Minifree Ltd sells laptops and desktop computers with Libreboot pre-installed, along with Debian Linux, other distro or your choice of BSD. The owner of Minifree Ltd also founded Libreboot and uses profits to fund Libreboot development.
• NovaCustom sells configurable laptops with Dasharo coreboot based firmware on board, maintained by 3mdeb. NovaCustom offers full GNU/Linux and Windows compatibility. NovaCustom ensures security updates via fwupd for five years and the firmware is equipped with important security features such as measured boot, verified boot, TPM integration and UEFI Secure Boot.
• Protectli is dedicated to providing reliable, cost-effective, and secure computer equipment with coreboot-based firmware tailored for their hardware. It comes with the Dasharo firmware, maintained by 3mdeb. Protectli hardware has verified support for many popular operating systems such as Linux distributions, FreeBSD, and Windows. Support includes Debian, Ubuntu, OPNsense, pfSense, ProxMox VE, VMware ESXi, Windows 10 and 11, and many more.
• Purism manufactures security focused laptops designed chip by chip to work with free/libre and open source software. Purism laptops are the only independently-made, brand new, high-performance laptops on the market specifically meant to pair recent technologies with coreboot and a neutralized Intel Management Engine.
• Star Labs offers a range of laptops designed and built specifically for Linux that are available with coreboot firmware. They use Tianocore as the payload and include an NVRAM option to disable the Intel Management Engine.
• System76 manufactures Linux laptops, desktops, and servers. Some models are sold with System76 Open Firmware, an open source distribution of firmware coreboot, EDK2, and System76 firmware applications.
• Technoethical sells hardware with the Libreboot distribution of coreboot installed. They are based in EU and US and they ship worldwide.

Embedded or business solutions

• X-ES sells PCI-E based solutions.
• PC-Engines ships coreboot on their APU platforms.
• Pfsense is making use of coreboot.
• Raptor Engineering builds complete free software based solutions like TALOS.
• Portwell Another hardware vendor building coreboot based systems.