Chromebooks give you full flashing & serial console access for both AP (main CPU) and EC over an SBU cable, run open source firmware on both AP and EC (modulo FSP/AGESA), even run open source firmware on the root of trust (you can't replace that one with an unsigned build on a retail device but you can study it for sure).
Apple silicon Macs have the main CPU cores fully in control, with zero external peripherals having full DMA access to system RAM (everything goes through IOMMU), and have an interesting secureboot architecture that allows different security levels on different OS installations (you can run unsecured Linux side-by-side with a fully Netflix-ready macOS).
I have much worse news about the typical Intel BootGuard'ed PC laptop.
Kinda, but not completely. The problem is really with the hardware, switching OS can only alleviate but not resolving it.
But really, we don't have choices unless we want to stay with fairly old platforms.
Chromebooks give you full flashing & serial console access for both AP (main CPU) and EC over an SBU cable, run open source firmware on both AP and EC (modulo FSP/AGESA), even run open source firmware on the root of trust (you can't replace that one with an unsigned build on a retail device but you can study it for sure).
Apple silicon Macs have the main CPU cores fully in control, with zero external peripherals having full DMA access to system RAM (everything goes through IOMMU), and have an interesting secureboot architecture that allows different security levels on different OS installations (you can run unsecured Linux side-by-side with a fully Netflix-ready macOS).
I have much worse news about the typical Intel BootGuard'ed PC laptop.
that's the thing, it doesn't really matter
it's not YOUR OS, it's their product, you not forced to use any of their products
linux and voila, you got your freedom back
Kinda, but not completely. The problem is really with the hardware, switching OS can only alleviate but not resolving it. But really, we don't have choices unless we want to stay with fairly old platforms.
Unless you support Linux-first hardware vendors.
3 replies →