Libreboot
Coreboot distribution with no proprietary code
From Wikipedia, the free encyclopedia
Libreboot (briefly known as GNU Libreboot[3][4]) is a free and open-source software project based on coreboot, aimed at replacing some of the proprietary BIOS or UEFI firmware on supported x86-64 and AArch64 computers. Libreboot performs the basic machine setup such as CPU initialization or memory controller initialization necessary to load and run a 32-bit or 64-bit operating system, such as Linux or BSD. It was tested on FreeBSD, NetBSD, and OpenBSD.[5]
| Libreboot | |
|---|---|
| |
 ThinkPad X200 running Libreboot | |
| Original author | Leah Rowe |
| Developer | Leah Rowe |
| Initial release | 12 December 2013 |
| Stable release | |
| Preview release | 20241008 (October 8, 2024) [±][2] |
| Written in | C, Shell, Python |
| Type | Open-source firmware |
| License | GNU General Public License, version 3 |
| Website | libreboot |
| Repository | |
Characteristics
Libreboot is established as a distribution of coreboot, but with some[6] proprietary binary blobs removed from coreboot.[7] Libreboot makes coreboot easy to use by automating the build and installation processes.[8][9][10][11]
On some devices, Libreboot developers have reverse engineered the firmware from Intel and created a utility to create a free firmware that meets the specifications from Intel.[12] Hardware support includes but is not limited to the ASUS KGPE-D16,[13] ThinkPad T400,[14][15] X60[8][9] and X200.[15][16] Libreboot is officially endorsed by the upstream coreboot project.[17]
Installation
Internal flashing is possible, but it's recommended to have a working external flashing setup that could be used to recover from mistakes when flashing internally.[18]
It is strongly advised not to use the CH341A programmer, as it can easily damage BIOS chips. For safety, use the Raspberry Pi Pico with a crocodile clip or adapter.[19]
Installation usually goes as follows:
- Compile or download the necessary tools and dependencies
- Build or download the BIOS image
- Insert binary files if the image has been downloaded from a repository
- Flash your images with flashprog or internally[20][21]
Security
Probably the most famous feature of Libreboot, and one that also highly impacts the security and possibly the privacy of the user, is that on most machines, Libreboot disables the Intel Management Engine by default. On older machines (before ME version 6.0), the Intel ME code could be entirely removed from the flash memory, thus completely disabling the ME. This is the case on devices like the ThinkPad X200 or ThinkPad T400. On newer devices, the Intel ME is needed to boot the machine, because of this, the ME is not completely disabled, but rather put into a inactive or "disabled" state after the machine boots.[22]
Other optional security features include, but are not limited to:
- Full disk encryption
- Software flash memory write protection[23]
History
The Libreboot project was started in December 2013[7] as a distribution of coreboot, which excludes non-free binary blobs. Coreboot began as LinuxBIOS in 1999 at Los Alamos National Labs (LANL), and was renamed "coreboot" in 2008.[24]
Libreboot has been endorsed by the Free Software Foundation, and was an official part of the GNU Project starting in May 2016. In January 2017, the project's maintainer Leah Rowe pulled Libreboot from the GNU Project, after a months-long dispute with the Free Software Foundation which oversees GNU.[25][26]
Reception
In 2015, Kyle Rankin stated in Linux Journal that Libreboot "greatly simplified and automated" the flashing process, "with a few caveats".[8][9] In 2016, Bryan Cockfield stated in Hackaday that Libreboot installation was "harrowing" and "not as easy as you'd think".[10]