I recently found out about the existence of core/libre boot and decided I wanted to use coreboot on my Laptop. Since the wiki is pretty outdated, I would be interested in somebody’s opinion who used it recently. Until know the only reason I would use it, is because of the fast boot times, other than that I a also interested in:
You do not need to build Coreboot using Nix in order to use Coreboot with NixOS. The nix-coreboot repository you linked to appears to be for the former: building Coreboot itself. NixOS generally does not manage the system firmware in a declarative fashion, so how Coreboot is built is not important for actually using it with NixOS; instead, you will likely need to manually flash a build of Coreboot for your machine to the system EEPROM.
As for why you may prefer Coreboot over BIOS or traditional UEFI:
Coreboot has a smaller surface area compared to traditional UEFI. UEFI is an entire operating system with modular drivers and its own system services. On the flip side, Coreboot remains minimally resident once the machine is booted; Coreboot mainly exists to just do the boot process, and then disappears afterwards. This makes Coreboot less “bloated” and should give it better security posture.
While EDK2, the basis for most UEFI firmware, is open source, almost all traditional BIOS and UEFI firmware is closed source and inspecting what is actually happening during the boot process is challenging. (To clarify: even when EDK2 is the basis, OEMs and hardware vendors will still have tons of closed-source code and firmware blobs in their UEFI implementations.)
However, there are caveats. Coreboot is flexible, but it is not as friendly. It does not provide a UI or even a specific boot process: it just does the minimum hardware initialization and boots into whatever payload it is configured to boot into, and almost everything else is handled by that payload. This will leave you without the usual options that you would get, including features such as overclocking. Even more notably, it is exceedingly unlikely that you have any hardware that will readily boot into Coreboot. The main exception is Chromebooks, and some laptops from System76. As far as I know, all Chromebooks ship with Coreboot as the default firmware. Generally, running Coreboot on devices that don’t ship with it by default is a very advanced task. Sometimes, it will require you to connect directly to the system EEPROM and perform ICSP.
As far as using NixOS with Coreboot goes, I don’t actually know how many people have done this, though I’m sure it’s non-zero. The most sensible approach would probably be to use GRUB 2 as a Coreboot payload, since NixOS is capable of managing a GRUB 2 setup. It should also be possible to use LeanEFI to directly boot a Linux kernel with EFIstub, but there will be no way to select generations. In either case, I’m sure the configuration would need to be quite non-standard. I tried to search to see if I could find any NixOS-on-Coreboot users, but I couldn’t find any with a few cursory searches. So unfortunately, if you did want to endeavor to do this, you may very well be one of the first to try, and it’s possibly non-trivial.
On the other hand, if you use EDK2 as a Coreboot payload, which I assume is what many people do, then you’re effectively just using Coreboot as an open source bootchain, a full alternative to UEFI; the end result will be quite similar to any other UEFI setup, and the advantage will mostly just be that it is open source and you may compile it yourself. I don’t own any Coreboot-capable devices currently, but I assume Linux laptops that ship with Coreboot from vendors like System76 most likely ship with an EDK2 payload since it is going to support any random Linux distribution that supports AMD64, since EFI is the standard on AMD64.
Thank you a lot for the quick and in depth reply! It sounds like a really difficult task, since I am not very knowledgeable about the specifics and my devices have not for support it, I will probably not try it in the near future.
I really learned a lot from your answer, thanks for the explanation.
No problem! That seems like it’s probably for the best. I think Coreboot is a very cool project, but trying to get it running it on arbitrary machines is not for the faint of heart (I have tried and not gotten very far myself.)
it’s just a flake that builds Coreboot with Tianocore EDK2 for a Protectli VP4670.
If nothing else, it’d be useful for the patches and workarounds that I had to do to “massage” the build into working.
I’ve intentionally tried to separate the generic Coreboot nix code from the Protectli config/blobs, so it should be easier to adapt to other Coreboot-supported targets (I haven’t done that because that’s the only Coreboot-compatible device I have).
(I have tried and not gotten very far myself.)