Flashing coreboot on the existing Librem 13 v1 and Librem 15 v2

Thanks for the explanation!

As an aside, I am trying to understand the rationale for this kernel option. In order for an attacker to use Flashrom to perform internal flashing, they would have to have root level access. But if they have root level access, then they can modify the kernel to disable CONFIG_STRICT_DEVMEM and CONFIG_IO_STRICT_DEVMEM. I suppose the need for the attacker to do that, and perhaps also to reboot the computer, has the benefit to the defender that these extra steps would slow the attacker down and make their attack less stealthy.

The issue isn’t one of security, it’s one of licensing. Coreboot on broadwell systems only works with an “MRC” binary, which is only created by Google for their chromebook machines. The file isn’t available for download publicly and it’s not licensed so it can be redistributed by us. So basically providing those files would be equivalent to ‘piracy’ (copyright infringement) or at the very least a license violation. That’s why we don’t and can’t provide those files and that’s why we instead provide a script which will download the chromebook recovery image directly from google’s servers and extract the coreboot image in it, then extract the MRC file from it.

As far as I know, flashrom works fine with recent kernels even without the iomem=relaxed option. I haven’t seen any kernel versions in which flashrom doesn’t work (either with iomem=relaxed or without it for recent versions).