End Users
Getting started
coreboot is a replacement for your BIOS / UEFI with a strong focus on boot
speed, security and flexibility. It is designed to boot your operating
system as fast as possible without any compromise to security, with no back
doors, and without any cruft from the 80s. It was originally designed for
large super-computers with thousands of nodes, but it will run on your desktop,
headless internet server, laptop, tablet or your favorite IoT device.
Why should I use coreboot?
In general because it leads to freedom on machines. Most firmware written
today is completely closed source and the code bases are growing. Years ago
a computer needed 100kb of compiled code in order to run the southbridge,
now around 8mb of code are shipped in modern hardware.
Open Source
coreboot is built on the principles of Open Source Software. Many of the
engineers working on coreboot have also worked on the Linux kernel. Instead
of keeping improvements to one system a secret from all other vendors, in
coreboot, these improvements are shared across the board, providing end
users with a much better, much more stable firmware.
Flexibility
The primary flexibility that coreboot offers is through the use of different
payloads. We support legacy OS boot through SeaBIOS, network boot with an
integrated iPXE ROM, or the latest UEFI payload. Customized payloads can be
created using the BSD licensed libpayload toolkit.
Also, with coreboot, you can do things like easily add your own boot splash screen
in jpg format. You can boot so fast that there's not even time to show a splash
screen. You can get a debug console showing your boot log over serial ports,
USB, the SPI bus, or even using the PC speaker. Or you can boot quickly and
just retrieve the entire boot log once your operating system is up and running.
Security
coreboot comes with a minimal Trusted Computing Base which reduces the general
attack surface. It also supports a secure boot process called VBOOT2. It’s written
in MISRA-C standard and provides other languages like Ada for formal verification
of special properties. Also the use of platform features like IOMMU, flash
protections and deactivated SMM mode increases the security as well.
Safety
coreboot engineers have worked on many safety critical software projects. The
architecture of coreboot is designed to have an unbrickable update process.
Updating firmware should be no more dangerous than installing your favorite
app on your mobile phone.
Performance
coreboot is designed to boot quickly. For desktops and laptop machines, it can
frequently boot to the start of the operating system in under a second. For
servers, it can cut minutes off of the boot time. Some vendors have demonstrated
a decrease in boot time by more than 70% when compared to the OEM BIOS.
coreboot Distributions / Community Images
coreboot is a source-only distribution, and as such requires building an image from source for your specific board/device.
Alternatively, the coreboot community provides many binary distributions which are ready to flash on to your system:
- Canoeboot: an easy to use blob-free coreboot distribution based on Libreboot, provides GRUB/U-Boot/SeaBIOS payloads on supported x86/amd64 and ARM64 mainboards.
- Dasharo: open-source based firmware distribution focusing on clean and simple code, long-term maintenance, transparent validation, privacy-respecting implementation, liberty for the owners, and trustworthiness for all.
- Heads: a coreboot distribution with advanced security features using Linux as a payload.
- Libreboot: an easy to use free/opensource coreboot distribution with an emphasis on removing binary blobs while supporting much newer hardware, providing GRUB/SeaBIOS/U-Boot payloads on supported x86/amd64 and ARM64 mainboards.
- MrChromebox: custom coreboot firmware and utilities for your Chromebook/Chromebox.
- Skulls: easy to install, easy to use coreboot images for Thinkpad laptops.
- System76 Open Firmware: an open source distribution of firmware utilizing coreboot, EDK2, and System76 firmware applications.
How to get hardware with coreboot?
At the moment it's not so easy to get consumer hardware on the market. But
there are vendors shipping coreboot right away with their hardware.
Consumer platforms
The easiest way to get coreboot is to purchase a system with coreboot pre-installed.
You can get coreboot pre-installed on many systems out there.
-
Google Chrome OS devices are the biggest deployment of devices which ship with coreboot.
Additionally, the now-discontinued OnHub and Pixel C tablet run coreboot as well.
-
Minifree Ltd sells laptops and desktop computers with Libreboot pre-installed, along with Debian Linux,
other distro or your choice of BSD. The owner of Minifree Ltd also founded Libreboot and uses profits to fund Libreboot development.
-
NovaCustom sells configurable laptops with Dasharo
coreboot based firmware on board, maintained by 3mdeb. NovaCustom offers full GNU/Linux
and Windows compatibility. NovaCustom ensures security updates via fwupd for five years and the firmware is equipped
with important security features such as measured boot, verified boot, TPM integration and UEFI Secure Boot.
-
Protectli is dedicated to providing reliable, cost-effective, and secure computer equipment
with coreboot-based firmware tailored for their hardware. It comes with the Dasharo
firmware, maintained by 3mdeb. Protectli hardware has verified support for many popular operating systems
such as Linux distributions, FreeBSD, and Windows. Support includes Debian, Ubuntu, OPNsense, pfSense, ProxMox VE, VMware ESXi,
Windows 10 and 11, and many more.
-
Purism manufactures security focused laptops designed chip by chip to work with free/libre and open
source software. Purism laptops are the only independently-made, brand new, high-performance laptops on the market specifically
meant to pair recent technologies with coreboot and a neutralized Intel Management Engine.
-
Star Labs offers a range of laptops designed and built specifically for Linux that are
available with coreboot firmware. They use Tianocore as the payload and include an NVRAM option to disable the Intel Management Engine.
-
System76 manufactures Linux laptops, desktops, and servers. Some
models are sold with System76 Open Firmware,
an open source distribution of firmware coreboot, EDK2, and System76 firmware applications.
-
Technoethical sells hardware with the Libreboot distribution of coreboot installed.
They are based in EU and US and they ship worldwide.
Embedded or business solutions
- X-ES sells PCI-E based solutions.
- PC-Engines ships coreboot on their APU platforms.
- Pfsense is making use of coreboot.
- Raptor Engineering builds complete free software based solutions like TALOS.
- Portwell Another hardware vendor building coreboot based systems.