Yeah I've switched to Coreboot with SeaBIOS and ME Cleaner for my x86 laptops. For desktop use I've pre-ordered the Talos 2 workstation that uses POWER9 without any microcontroller backdoors. I'm currently waiting for more news on the Librem 5 smartphone before I put any money into it, though I am definitely considering the $600 package so I can get one early next year.
Bypass is the wrong word to use. The goal is to cripple or totally disable the ME so that you can have secure low level hardware that doesn't access your memory (including the BIOS EEPROM) and OS networking stacks without your permission. As things stand you can cripple the ME on most Core i series processors from Intel by using a program called ME Cleaner on GitHub which strips down the ME firmware to remove AMT and all of the other potentially malicious stuff that access the things mentioned above. The most critical fix is the removal of its networking capabilities so that it can't phone home, and it removes like 90% of the attack surface for skids at Starbucks. The ME will still run but it only does power management and basic hardware initialization. This is about as good as it gets if you don't want to use 10 year old hardware.
Microcode is not the same as the BIOS or Intel ME controller firmware or AMT interfaces. You still have non-free CPU microcode even with Libreboot. You're just as uninformed as the other guy.
The BIOS is only there to start critical low level hardware like the CPU cores and then search for a kernel or bootloader and start it. Libreboot is more than a BIOS replacement because it takes out all of the ME firmware and permanently disables it. IIRC it uses hardware fuses so it's a one time deal.
Coreboot uses proprietary blobs so that your hardware works. It's not ideal but it's better than being radical freetard who can't make their display sleep or has to use a 15 year old netbook. The best you can do is isolate it so that things that you don't want connecting to the internet can't do so. The Intel ME is the biggest hurdle we face today and we'll just have to deal with it until we can get RISC-V consumer CPUs that are faster than 300MHz with boards to match.
Landon Sanchez
Based Stallman
Robert Collins
Librecore and Libreboot have different scopes. Libreboot isn't just Coreboot without the proprietary stuff, it also includes documentation and scripts to make installation as easy and smooth as possible. Leah calls it a distribution of Coreboot, because Libreboot is to Coreboot sort of what Trisquel is to Linux. That also means that Libreboot might rebase on Librecore at some point, because Librecore's scope is more similar to Coreboot's than to Libreboot's. They're not competing for the exact same niche. If you know what you're doing Librecore could be a viable replacement for Libreboot, similar to how you don't actually need a distro to put a working GNU/Linux system together. Libreboot hasn't had a release for almost a year, but its git repository seems active: notabug.org/libreboot/libreboot
Landon Morgan
Every processor already runs it's own preloaded microcode itself, probably flashed through test pads on the factory for each stepping, and it is not a problem (as all proprietary hardware thing) neither for FSF or Libreboot project as they state, microcode updates however, reside in "firmware/software domain", that means they are either stored in EEPROM flash/as kernel module/GRUB payload on disk and loaded by BIOS/UEFI/coreboot/GRUB or kernel itself during every startup sequence, depending on system implementation. Microcode doesn't run and allocate system memory for itself like Management Engine does. The problem rather is "Do I trust this binary blob Intel released after event X, would it make my system more vulnerable or more secure, I can't really tell because it is proprietary binary package, but people say it really fixes pi computation hangups or broken virtualization, it probably won't fuck with my kernelspace/userspace activities too, so I should give it a bite of a bullet, instead of buying a new CPU with said microcode hardcoded in" This is similar to plugging USB devices to your system. The device interactions are handled by libre driver, it's firmware doesn't share system memory, but the firmware is 100% proprietary, is stored on internal flash memory of said device and can be updated through reflashing over SPI or debug mode over USB. Think of proprietary microcode in your BIOS chip as a firmware update for external device (CPU), your CPU however is handled by free software and firmware (ME removed, kernel modules are free) but done on every startup because CPU itself has no free non-volatile memory due to security concerns.
Asher Walker
any verified source to prove the origin of these words?
Is that really a function of Libreboot software is it a supplementary function of the process of installing Libreboot?
I still stand by my argument that it isn't Libreboot's purpose to bypass (cripple, disable) the hardware ME. The best it can do is to bypass the ME in old Intel computers as it uploads free firmware to the ME that renders it disabled.
Once again, microcode is completely unnecessary in booting any system. Microcode is a part of the CPU itself and operates completely without any need to touch any part of the BIOS. If you want to update the CPU microcode, the only time this can happen is at the immediate beginning of the boot sequence. If you do not update the microcode, then the microcode does not affect the boot process.
I'll need further elaboration on what this means. I find it unbelievable that a brand new Intel CPU that is never connected to the Internet will not boot at all or it will be extremely unstable simply because of the fact that it will never receive any updates in the microcode.
Wyatt Wood
Yeah I've never seen issues like memory corruption on newer intel cpus that haven't seen the Internet. I know there are some bugs in the newer chips that may cause the cpu to hang and those are fixed with microcode updates. Maybe that?
Evan Howard
Yes, it is. Libreboot is coreboot without ME, without AMT and any other proprietary binary (they reverse engineered the VGABIOS for example) + GRUB as bootloader payload. But disabling ME comes at a cost, for example no quad-core CPU support of buggy virtualization. Obviously, Libreboot works on old computers without asymmetric signatures in BIOS. Microcode update file itself does not affect the boot in any way, the update process however, does. Does copying photoshop.exe file from your hdd to thumb drive affect the freedom of running software on your PC? No, it doesn't. This is what basically happens when microcode updates are applied to CPU on every boot. The microcode is loaded to volatile memory inside CPU and runs only there, not in RAM unlike ME or AMT. Usually the microcode updates are added by OEMs in their boot firmware (UEFI/BIOS) during board development process. There is a very long road between CPU engineering sample release and motherboard sales start, about 2 years or so. So there is a probability of buying motherboard with fixed CPU bugs after these patches been applied on production.
Thomas Brooks
that's some weapons-grade autism that you actually even considered it was real fucking hell, Holla Forums.
