yeah, there is a chance. I’d suggest you read carefully all of my previous technical blog post on coreboot just to get familiar with the whole thing. You can find my posts on the right sidebar here : https://puri.sm/coreboot/timeline/
Well, both coreboot and ME disablement would work on the l15v2, but the ME disablement would be much easier to achieve than the coreboot port, since all you’d need to do is run me_cleaner on it. So ‘steps’ would be : flashrom to dump your ME, run me_cleaner on the rom (use -s to tell it to set the disable bit), then flashrom to flash it back. Then reboot and cross your fingers and start praying that it doesn’t brick it.
Yeah, I don’t know ‘when’. And no, you didn’t have the wrong expectations, because yes, it also felt like it’s right around the corner for me too. I did do one attempt at it. Did the port, thought it would work, flashed it, it bricked the l15v2 that I had. I restored it with the hardware flasher, and was trying to understand why it failed to boot from the log files I had, but didn’t finish that and got sidetracked by something else. For now, I think that the priority is on other tasks and I haven’t had time to go back to that work. It’s really all about man power and how much stuff I can achieve every week. So… “when” will it start… I have no idea, for now my priority is on the FSP reverse engineering, so maybe if enough l15v2 users start bugging us about the coreboot port, the priorities will change.
It’s not that we don’t want to do it, it’s still planned, but since l15v2 isn’t being sold anymore, I think the priority will most often go to the current products in favor of retrofitting older products.
The script builds coreboot from source. You can either trust the script and trust the coreboot source code, or you can read the source to know what it does. The hashes contained in it are just the hashes for the binary blobs themselves, there is nothing that can be checked on those (we don’t know if they are malicious or not) and those files are taken directly from your own machine. The only other hash is the resulting binary of the coreboot rom file after it gets built from source. You don’t need to trust that hash, you only need to trust the source code of coreboot, since the hash verifies the result of the compilation from source.
As for the root privileges, you don’t need to run it as root, but it will call ‘sudo’ for a few commands. You can look up ‘sudo’ in the script, there are 3 instances of it, first is the call to ‘flashrom’ to dump the rom (to extract the binary blobs from it), then a call to ‘sudo dmidecode’ which is used to get the serial number from your current machine, then a final call to ‘flashrom’ to write the built coreboot rom into the flash. The rest is executed without root priviledges, and I usually run it as a normal user.