Well, it was an idea. Feel free to use it for Summer of Code or some such.
--emi On Fri, Oct 14, 2016 at 1:41 AM, Matt DeVillier <[email protected]> wrote: > I don't mean to speak on behalf of the project, just letting you know some > of the obstacles of trying to distribute or validate firmware images. > > If I were better organized, I'd post hashes of my firmware images as well > as the hashes of all the blobs used, which is probably as good as you can > get ATM > > On Thu, Oct 13, 2016 at 3:58 PM, Emilian Bold <[email protected]> > wrote: > >> Sad to hear Coreboot cannot provide this info. Is there some downstream >> project I don't know about that could provide this? >> >> Maybe Google will take pity on the poor Chromebooks and provide some kind >> of firmware update themselves after the EoL. >> >> >> --emi >> >> On Thu, Oct 13, 2016 at 10:35 PM, Matt DeVillier < >> [email protected]> wrote: >> >>> but then you get into the situation where coreboot (org) is providing >>> hashes for binary firmware it didn't build / isn't providing / can't easily >>> validate. And pulling that from a live system like is done with board >>> status isn't easily done, for multiple reasons. That's one of the reasons >>> for the "rom-o-matic" GSoC project (where users would provide the blobs, >>> and a firmware image would be build in real-time using a known good commit >>> hash, config, etc), but I'm not sure the status on that >>> >>> Funny you mention the C710, as I'll be releasing updated firmware for >>> it, both UEFI and Legacy versions, supporting both SB/IVB variants, in the >>> next few days. You will be able to reproduce it yourself using my posted >>> sources, build scripts, and the blobs extracted from my firmware. >>> >>> On Thu, Oct 13, 2016 at 2:22 PM, Emilian Bold <[email protected]> >>> wrote: >>> >>>> Just listing SHA hashes of the recommended ROMs for a given Chromebook >>>> would be an improvement. >>>> >>>> The hash is sufficient to verify a build / download. But it has to come >>>> from Coreboot. >>>> >>>> Actually, this would be a nice project for someone from Google. >>>> >>>> I can only volunteer testing a build on my Acer C710 (which is probably >>>> the only Chromebook with upgradeable RAM and disk). >>>> >>>> >>>> >>>> --emi >>>> >>>> On Thu, Oct 13, 2016 at 6:49 PM, Matt DeVillier < >>>> [email protected]> wrote: >>>> >>>>> well, in order for that to happen, someone would have to take >>>>> ownership of that - are you volunteering? =) >>>>> >>>>> There's also the issue of blobs that can't be redistributed, which is >>>>> AIUI one of the reasons why coreboot doesn't offer compiled firmware. >>>>> Additionally, some models (ie, Chomeboxes) require persistence of parts of >>>>> the stock firmware in order to maintain their unique ethernet MAC address, >>>>> so having users simply download and manually flash a compiled firmware >>>>> manually is highly suboptimal. This is why I implemented the flashing >>>>> script (well that, and to provide some basic sanity checks that users >>>>> weren't flashing the wrong firmware, had write-protect disabled, etc) >>>>> >>>>> On Thu, Oct 13, 2016 at 10:14 AM, Emilian Bold <[email protected] >>>>> > wrote: >>>>> >>>>>> I think EoL Chromebooks are a good opportunity for Coreboot to >>>>>> present itself to end users. >>>>>> >>>>>> Right now Chromebooks use Coreboot but nobody knows that. >>>>>> >>>>>> But once a Chromebook reaches EoL people will either throw it away or >>>>>> use it with the insecure and outdated browser version they have until it >>>>>> breaks. >>>>>> >>>>>> People would appreciate that it's possible to keep the device and use >>>>>> a modern Linux with up-to-date browser by only installing a dedicated >>>>>> Coreboot ROM. >>>>>> >>>>>> A per-device wiki page would be great! Something to show how to >>>>>> install it, etc. >>>>>> >>>>>> A ROM sha-256 (and a link) is also essential to know what to grab (or >>>>>> if your build was good). >>>>>> >>>>>> I'm actually the one that started the reproducible builds thread last >>>>>> time precisely because I could not get the same ROM image as the ones >>>>>> posted online and I was wondering what I did wrong and if I would brick >>>>>> my >>>>>> laptop or not. >>>>>> >>>>>> >>>>>> >>>>>> --emi >>>>>> >>>>>> On Thu, Oct 13, 2016 at 5:53 PM, Matt DeVillier < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Emi, >>>>>>> >>>>>>> I think this is what you're looking for: https://www.coreboot.org/ >>>>>>> Supported_Motherboards >>>>>>> It contains the commit hash, build config, and a few other logs for >>>>>>> each device/commit. It is user submitted though, since there doesn't >>>>>>> exist >>>>>>> a test setup for every supported device. >>>>>>> >>>>>>> Right now, I'm the main builder/distributor of upstream coreboot >>>>>>> firmware for ChromeOS devices; I support all Haswell, Broadwell, and >>>>>>> some >>>>>>> Baytrail devices, the former with both UEFI and Legacy Boot variants. >>>>>>> When >>>>>>> time permits, I'll expand that to cover the rest of the Baytrail >>>>>>> devices, >>>>>>> then move on to adding support for Skylake. No plans for Braswell >>>>>>> support >>>>>>> unless I acquire a device on which to test. >>>>>>> >>>>>>> John Lewis has some upstream firmware for the older >>>>>>> SandyBridge/IvyBridge models, but his Haswell firmware is build from >>>>>>> Google's tree/branches not upstream. He also has no plans for any >>>>>>> future >>>>>>> upstream firmware. >>>>>>> >>>>>>> cheers, >>>>>>> Matt >>>>>>> >>>>>>> On Thu, Oct 13, 2016 at 6:49 AM, Emilian Bold < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> Now that Coreboot has reproducible builds, could you provide a list >>>>>>>> of build hashes for Chromebooks that are or will soon reach End of >>>>>>>> Life? >>>>>>>> >>>>>>>> I see on https://support.google.com/chrome/a/answer/6220366?hl=en that >>>>>>>> 2 Chromebooks will reach End of Life in 2016 and 3 more in 2017 then 7 >>>>>>>> in >>>>>>>> 2018. I assume the number will increase each year. >>>>>>>> >>>>>>>> I know that Coreboot does not distribute builds, but the little >>>>>>>> Custom roms section on https://www.coreboot.org/users.html seems >>>>>>>> insufficient. >>>>>>>> >>>>>>>> It's easy making a build, you just need to have the certainty you >>>>>>>> did it well. Or that the one you are downloading is correct. >>>>>>>> >>>>>>>> Posting an official SHA-256 hash for a ROM would solve this. >>>>>>>> >>>>>>>> --emi >>>>>>>> >>>>>>>> -- >>>>>>>> coreboot mailing list: [email protected] >>>>>>>> https://www.coreboot.org/mailman/listinfo/coreboot >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
-- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
