I just successfully updated Coreboot on my 13v2 following the directions at puri.sm/coreboot. It now appears to be version 4.8.1-Purism-3. I trust this is the latest and greatest Coreboot available for my system. However, I do see references to Coreboot 4.9 elsewhere. Do I in fact have the correct version?
Also, a couple of more questions (if you are still reading)…
For some reason, I was under the impression that updating Coreboot would ‘unlock’ the TPM chip but after checking with the tpm-tools command ‘tpm_version’, it doesn’t appear that I have a TPM chip to unlock (sad face). However, I saw some posts from others who have v3 machines that had the same tpm_version output as me (and we know that they do have a TPM chip). So is it possible that I have a TPM chip and tpm_version is throwing an error… or was I mistaken in assuming that a Coreboot update could unlock a non-existant chip? I could swear that I saw mention of 13v2 machines having TPM chips (only certain machines?) that were non-functional merely because of the lack of a Coreboot update. It was one of the reasons I was motivated to update Coreboot.
Second, the other assumed benefit of updating Coreboot was microcode that fixes Spectre and Meltdown vulnerabilities. I checked prior to updating Coreboot and my machine was at risk for CVE-2018-3640:KO, CVE-2018-3639:KO, CVE-2018-3615:KO. After the update, the same vulnerabilities appear to exist. Was I incorrect to assume that microcode fixes for Spectre and Meltdown are part of the latest Coreboot update?
Oh yeah - I used PureOS Live from a bootable USB to update Coreboot and I am currently running Debian from my HD. Not sure if that is relevant.
Thanks for taking the time to read this.