coreboot is a replacement for your BIOS / UEFI with a strong focus on boot speed, security and flexibility. It is designed to boot your operating system as fast as possible without any compromise to security, with no back doors, and without any cruft from the 80s. It was originally designed for large super-computers with thousands of nodes, but it will run on your desktop, headless internet server, laptop, tablet or your favorite IoT device.
In general because it leads to freedom on machines. Most firmware written today is completely closed source and the code bases are growing. Years ago a computer needed 100kb of compiled code in order to run the southbridge, now around 8mb of code are shipped in modern hardware.
coreboot is built on the principles of Open Source Software. Many of the engineers working on coreboot have also worked on the Linux kernel. Instead of keeping improvements to one system a secret from all other vendors, in coreboot, these improvements are shared across the board, providing end users with a much better, much more stable firmware.
The primary flexibility that coreboot offers is through the use of different payloads. We support legacy OS boot through SeaBIOS, network boot with an integrated iPXE ROM, or the latest UEFI payload. Customized payloads can be created using the BSD licensed libpayload toolkit.
Also, with coreboot, you can do things like easily add your own boot splash screen in jpg format. You can boot so fast that there's not even time to show a splash screen. You can get a debug console showing your boot log over serial ports, USB, the SPI bus, or even using the PC speaker. Or you can boot quickly and just retrieve the entire boot log once your operating system is up and running.
coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.
coreboot engineers have worked on many safety critical software projects. The architecture of coreboot is designed to have an unbrickable update process. Updating firmware should be no more dangerous than installing your favorite app on your mobile phone.
coreboot is designed to boot quickly. For desktops and laptop machines, it can frequently boot to the start of the operating system in under a second. For servers, it can cut minutes off of the boot time. Some vendors have demonstrated a decrease in boot time by more than 70% when compared to the OEM BIOS.
At the moment it's not so easy to get consumer hardware on the market. But there are vendors shipping coreboot right away with their hardware.
The easiest way to get coreboot is to purchase a system with coreboot pre-installed. You can get coreboot pre-installed on many systems out there.
The coreboot community has strong supporters providing help with getting coreboot on to your system.