Issue #540 has been updated by Nicholas Chin.
The reason there is no coreboot support for (Intel) ThinkPads newer than Haswell is because of Intel Boot Guard, an optional feature introduced with Haswell which prevents firmware that isn't signed by the vendor (so, coreboot) from booting. Once enabled, it cannot be disabled, as its configuration is permanently fused into the chipset. Boot Guard is intended to be the hardware root of trust from which all subsequent trust (like UEFI secureboot) is based on. It's generally been assumed that all ThinkPads Broadwell and newer have Boot Guard enabled, and generally it's not something listed in product pages. It's also not clear if every variant/configuration of a given model will have Boot Guard, but it's likely safe to assume that if one particular variant has it enabled then the vast majority will also have it. It is possible to check whether Boot Guard is enabled using tools like intelmetool, and there's a list of the BootGuard status of various systems here: https://github.com/felix singer/bootguard-status That said, there is some work being done to exploit known vulnerabilities in the Intel ME to bypass Boot Guard on Sky Lake/Kaby Lake (see https://review.coreboot.org/c/coreboot/+/82053), but such an exploit would need to be ported to Broadwell's ME firmware, and that's if it is even vulnerable to the same public vulnerability that allows Boot Guard bypass. HP doesn't use Boot Guard and instead uses their own hardware root of trust solution known as HP Sure Start, but it (or at least the version on the 820 G2) does have vulnerabilities that allow it to be bypassed (refer to https://doc.coreboot.org/mainboard/hp/hp_sure_start.html) ---------------------------------------- Feature #540: Support for Lenovo ThinkPad X250 - the competitor to the shortly added HP EliteBook 820 G2 https://ticket.coreboot.org/issues/540#change-1852 * Author: akjuxr3 akjuxr3 * Status: New * Priority: Normal * Category: board support * Target version: none * Start date: 2024-05-22 * Affected hardware: Lenovo Thinkpad X250 ---------------------------------------- Coreboot now have support for the HP EliteBook 820 G2. This is great, but sadly the keyboard is for a person using Thinkpad keyboards forever not usable. The Thinkpad X250 is the competitor to the HP EliteBook 820 G2. https://www.notebookcheck.net/Face-Off-HP-EliteBook-820-G2-vs-Lenovo-ThinkPad-X250-vs-Dell-Latitude-12-E7250.144831.0.html The X250 also have a Full-HD IPS screen. This would also fix the problems many people have with the X230 and spend much time and effort to get a Full-HD IPS screen running in the X230. Nico Huber have(had?) such a X250: https://review.coreboot.org/c/coreboot/+/23820/7#message-04cf9f804c1292f457c61c71e63eaddaff083202 Other coreboot developer also seem to have a X250: https://review.coreboot.org/c/coreboot/+/51179 Have someone taken a deeper look into the Thinkpad X250? Is there something special why suddenly the HP EliteBook 820 G2 got supported instead of a typical Thinkpad like it was the case for years at coreboot? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
