What is Coreboot and is it absolutely essential to have for a private and secure laptop / desktop running Linux?
We are sometimes asked re: our Ghost Laptop offerings if they are running Coreboot, as people have heard someone, somewhere, mention that it’s “preferred”.
The short answer to this question re: our current Ghost Laptop offering is, “No, our Ghost Laptops do not offer Coreboot.”
…but what is Coreboot and what does it actually do?
Coreboot is a free and open-source firmware replacement for the proprietary BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface) found in most computers. It is designed to initialize the bare hardware, load a payload (such as an operating system or a boot loader), and provide a minimal Trusted Computing Base (TCB) to reduce the attack surface.
Simple translation = Coreboot is a relatively new open source alternative to the widely used and adopted proprietary firmware system (what allows the hardware to speak to the operating system and other hardware components) that’s been deployed in the vast majority of laptops, desktops and servers for decades.
We are definitely fans of Coreboot and want to see it offered on many more options available in the marketplace.
Our opinion at this time, however, is that unless you’re a super-spook or high valued target for government or private interests, the gained value of using Coreboot vs the existing proprietary BIOS or UEFI system for the added expense just isn’t there… yet.
This is primarily because:
- The limited # of devices that support Coreboot currently is a major problem because the laptops and desktops that do support Coreboot are extremely expensive right now. Close to 2-3x more expensive in most cases.
- Most people can’t explain what exactly Coreboot is actually protecting them against. To this extent, Coreboot vs BIOS/UEFI as firmware is a far more complicated topic than many make it out to be. “It’s safer because it’s open source” doesn’t really cover it. As such, there is a lot of oversimplification and misinformation about what the major benefits of Coreboot are from a security perspective and what access a 3rd party can even gain via the existing proprietary options should they even have the technical capabilities and time to even attempt to crack a computer via the firmware layer… which only a select few individuals/organization in the world have the capabilities to accomplish.
- Coreboot solves for a digital security problem set that the vast majority of consumers aren’t even facing… or will likely ever face.
The average consumer’s primary concern right now should be removing Apple, Microsoft and Google from the operating system layer of their devices. Leveraging an affordable device that is running a more user friendly version of Linux is a huge step in the right direction and should be priority.
The next major concern is learning how to then be more careful about what applications you install and run on your device. The browser you use (hopefully Brave) is a big piece of this equation.
The last major issue is related to how and what you use to access the internet. Again, your browser is also a big piece of this equation.
The 3 topics mentioned above cover 99% of the major issues we face as a society from BigTech harvesting and stealing our information all day, every day.
Note, the firmware used on your device is not on this list.
Worrying about your firmware, for the majority of consumers just starting their digital privacy journey, is like like wanting to learn black belt techniques to take down an enemy when you haven’t even mastered your initial basic moves!
As discussed at length within our post, Is Going Ghost and Digital Privacy a Myth?, if someone has the means and motive they will be able to hack and crack into your digital life regardless of how many barriers you put up.
Hence, for the majority of consumers, we believe purchasing a device running Coreboot is NOT essential.
It’s a nice to have that would throw up additional barriers to a nefarious actor trying to crack into your device, HOWEVER, if someone is at the stage that they are now attempting to hack into your device via the firmware layer, you have MUCH bigger issues on your hands as you’re now dealing with someone that is very determined and will likely find another way to gain access to your digital life.
This opinion doesn’t help us sell more expensive devices that use Coreboot, but it is what it is.
Of course if you have an informed opinion on this topic, I’d love to hear it!