Reading this, I’m very happy to use Coreboot on all my x86 computers :)
I still have to run AMD PSP on one of my PC, though.
It’s also very unfortunate that Talos campaign didn’t work out. I’m curious what they are about to do with their POWER plans.
They can’t do anything without a pile of money. They picked the wrong source of funding at the start, though. My scheme should I ever get in a position for it was to convince a bunch of cloud vendors or other big companies to fund a high-performance, non-Intel chip. Throw in some extra security tech compatible with open-source software. I was thinking along lines of CHERI or Watchdog-Lite CPU’s w/ trusted boot, encrypted RAM, and open-source management system. A pile of performance and security whose units they’d get back at cost thanks to their initial investment. At least until I got patent sued. :)
It is not just CPU firmware. On Intel 8260 wifi and up the wifi device firmware image is signed and hardware will refuse unsigned images. My guess is the FCC rule changes about locking down RF caused this. The firmware only allows AP mode on 2GHz, not on 5GHz.
I have the hifive1 Arduino sized RISC-V hardware, it’s very powerful for embedded size hardware, I hope they make desktop sized systems soon.
Also, why not purchase a secure boot signing key from Microsoft and set up a web service to sign anything?
Is that possible?
You’d probably have to sign a contract with MS saying “I won’t sign anything that I haven’t manually reviewed” or something even more restrictive. If you break the contract, you’ll have to pay damages.
They’ll also add your promiscuous signing key to the blacklist so that up-to-date machines won’t accept it.
I think Red Hat has a key that works: https://mjg59.dreamwidth.org/12368.html