Hi everybody, so I'm a current developer, I like to program in C, I'm the maintainer for a little touchscreen library project.

Also I work for Ginsing Auditorium Systems in Austria, who support my trip to Fossum this year, which is awesome. And I started this little project, and I hope you all want to install Coboot on your laptops today. Also I use Tor, I do that too, I use it every day, it's great, don't underestimate that.

So I think a project has really won, you know, when you use it as a work. So in that sense, let's curl an image and coboot your laptop. We're talking about the X230 only here, but that's just because it happens to be

the laptop I own. There's no reason at all why we wouldn't port this project to any laptop supported by Coboot today. That is a totally useless slide, you know, the laptop, you can look it up, it's old,

I like it. So we're going to use the Coboot project. That's all we're going to use. What's that? It's a replacement for your BIOS. It can build a replacement for your proprietary vendor BIOS. It's free software, it's great, it does hardware initialization and is built in a quite modular

way so you can choose how it looks to you. It can look like a UEFI system to you and you choose that using so-called payloads. So just like there's the Linux kernel and most of us would leave the job of configuring

the thing, figure out a working configuration and build the thing to distributors. And there's nothing different with Coboot. So it's all there, but how to configure, how to build, plus with Coboot you won't

build an x86 binary you run, you build a binary image, you would then figure out how to flash to your motherboards flagship. So there are Coboot distributions right now.

One is called Libreboot, you might have heard of that. There's the heads firmware project, which is an awesome project. You have to check that out and there are more distributions actually, I've heard of one,

I can't remember the name right now today. They all release binary images you can grab and they are ready to run on your motherboards SPI flash.

So how do we fit into this picture? You will see that it's a really boring project. I'm sorry, but you are in a really boring talk. Because that's the first git commit of our project and all it is, is me back upping

my configuration for my Coboot build. So that's all, and I honestly thought that that's it and that repository is done. I will change the config, a few times I change a reflash, but I was wrong. So we tried to make Coboot as easy to install for you as possible and once you have that

install as easy to use as possible, really boring actually. So as soon as we support the thing, you shouldn't have any excuse anymore to run the vendor bias. So we include a build system, we build reproducibly, which is important when you release binary

images. We don't expect you to trust a random binary. We don't offer any security feature whatsoever at runtime. All you could argue is that we build from free software, which is great, and we give

you the opportunity to flash your system any time you want to a long good state, but you cannot say anything more. For more, take a look at the HAZ project, that's awesome. What do we mean by easy to install? Well, for these laptops usually, for first time installation of Coboot, you need to disassemble

the thing, unfortunately, but that's the case, so we try to document this as good as possible. So if you don't know what to do after reading our readme, we have done something wrong. We even tried to tell you where you can buy this clip or whatever and how to connect

and whatever. In this case, using a Raspberry Pi in case you have that lying around. If you don't, we offer a different, we support a different option that is even cheaper. But once you have that connected for your first time installation, all you have to do

with our project is run one script per chip, and that's it. In this case, we have two chips and two scripts, top and bottom, and you're done. And reboot and Coboot is installed. Once you have it flashed and running, it should be easy to use, and it is. We simply use CBIOS, and that's nothing except when you press escape, like it says here,

it gives you a boot menu and that's it. In case you have a USB life stick or something connected, you can choose to boot that. So I mentioned we support the X230 only right now, but I would gladly help you port

it over to your Coboot supported laptop. It's really easy. You just need a little bit of time. Also, for the X230, we release two different images.

So you have the choice between basically that's ugly looking visually, but built from 100% free software except for the Intel microcode update binary, or looking really awesome and really beautiful, but including the Intel's proprietary video BIOS as part of the build.

But also, I have to say that this might as well be just a configuration issue, and we can improve this. I'm glad for any help there. If you have a better configuration than we have, please say so.

So what do we release? We just try to release about once a month and just take Coboot's master branch at the day of the release. That's actually how we are supposed to use the Coboot project. We take the latest version of all the components we include, which is CBIOS and Intel's microcode update,

which results in some upstream work. We ensure that the latest versions of these components are in Coboot's repository, so this sometimes needs to patch Coboot. Patches are usually accepted really quickly. Also, when we do a release and test on our laptop, we contribute to Coboot's board status project

that also is part of the Coboot repository, which results in this supported motherboards wiki page you can search for. So in this way, we make sure that the laptop we support will be supported,

will stay supported by Coboot. So I wanted to do a little demo until I figured you won't see anything when I reboot. So I record it.

So what we have here is just a release table extracted, and that's it, with some preparations from our documentation. We run an X230 script that's called X230 because you run it on the X230, you want to install Coboot.

That's our main script for updating the skulls image when you already have your first time installation done, when you're already running one. But it's really just executing the script and choosing which version, which of the two set images you want to flash.

In this case, I'm using the free one, which you will see in a second doesn't look very well, whatever. But there are people who value that a lot, that you don't include binaries. So you see, we don't use, even Grub doesn't see the correct frame buffer size,

but as soon as Linux takes over, things are fine. So, functionality wise, it's okay, but we can do better. It just should be easy for you to get something working as quickly as possible, and as seamlessly as possible.

So I do the same thing again, essentially, with the other image. And a really nice person from GitHub recently drew a logo for us.

We have included it now, and you will see that. So here you see the scripts, there are scripts called external run. They are only for your first time installation process because you don't run it on the machine you are installing Coboot to, you run it externally. So that's basically the concept. Except there are just scripts, the images, and documentation, and that's it.

Flash that. So, and you see, after your first time installation process, we by default provide you with a setup that you don't need to disassemble your laptop. You can update just by flashing online, if you will.

And that's it. And with that, I can even take questions. Thank you very much.

Yeah. I was wondering why you need to make a physical access to the chip for the first installation, while you are able to do it by software after that. Yeah.

The reason for that is, in this particular case, there are multiple different mechanisms Flash chips provide for write protection. In this case, there's an Intel file descriptor, a part of the Intel

file descriptor that needs to be changed in order to disable this write protection. But, yeah, we won't be allowed to access this, to write to this memory, until,

in this case, you flip this bit, and you can do this by flashing externally. There are so many different other write protection mechanisms, but in this case, it's doable. But you need to disassemble. Are there any other questions?

Is there any possibility to edit more settings in the BIOS?

Like, for example, virtualization settings, RAM, or any other thing like we see in common BIOS in the proprietary bus? Is there a possibility to have settings you can change as part of?

Yes, actually there is, and we include a corporate payload that does exactly that. We include that by default. Now you can do some basic settings, like USB power always on, and some settings you can do.

But you have to flash it again to apply the new settings? No, you don't. Oh, okay. No, you don't. Okay, thanks. All right. Oh, I have one minute left. One last question.

This laptop's flash. The question was how big the image is. We do a little trick here.

We release an image that is 4 meg, but the flash chip is actually 16 meg, 12 meg, sorry. So we just put the thing into our toggle that we flash, because we select the region we flash.

Can the flash be made read-only after flashing? Yes, we support choosing to write protect, to again write, re-protect the whole thing as part of our script, just as a command line up here.

Then you are forced to disassemble, but... You said that in this closed version there was four BIOS from Intel.

Do you have a source version of the four BIOS, and is it a full four BIOS? I have no idea about this BIOS thing. Okay, a replacement for Intel's video BIOS. Yes, exactly.

That's part of the C BIOS project, and that's called CVGA BIOS. That's a part of the C BIOS project. They built that. They write that. Okay, so that's not something different. For example, I remember that there was always the firmware issues with some drivers and something, and it's something different completely.

I'm not sure I got that, but it's really a replacement for Intel's video BIOS. It's really a drop-in replacement by the C BIOS project. Thank you. Thank you for the questions. Let's thank the speaker again.