Updating Coreboot when running another distro?


#1

Sadly, the last update bricked my Librem 13V3.
It locked the screen, and after a hard reboot, it wouldn’t even show the crypsetup password screen, so I switched to Kubuntu. I’ll go back to PureOS once I’m more proficient at Linux.
Until then, I want to make sure that the Coreboot stays updated, so I added the pureos green repo to the Software and Updates app but it needs a Authentication Key. I’ve searched, but I can’t seem to find it.
When I sudo apt update, I get this

W: GPG error: https://repo.pureos.net/pureos green InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2B4A53F2B41CE072
E: The repository 'https://repo.pureos.net/pureos green InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Does anyone know where to find the key?
More importantly, is my premise about how Coreboot is updated even accurate? (I’m still learning Linux.)
Appreciate any help
Cheers


#2

Phyzog,

The last Coreboot update was released in February with instructions on compiling it. Not by apt-get update.

https://puri.sm/posts/february-2018-coreboot-update/

As far as doing an update & upgrade. I wouldn’t recommend it. I had to update Chromium on Pure Os, which requires download from the debian source lists. After a full upgrade with Debian sources, it broke something with LUKS (Prompting twice for decryption passwords)

But to answer your question, Purism does have this keyring posted on the Github Repo. Not sure how far it will get you or whether it is up to date.


#3

Thank you very much. I appreciate you taking the time to help.
I’ll follow those links. I need to learn everything I can about this stuff.


#4

If you want to avoid bricking your computer, you might look into something like https://nixos.org/ - it has atomic upgrades and you can always rollback your configuration.


#5

Doesn’t GuixSD has the same functionality?
The advantages of GuixSD would be that it has no systemd and is FSF-endorsed.


#6

Haven’t used GuixSD but that sounds right. I’m OK with systemd, and I prefer access to a wide range of software.

There’s other options to allow for rollback too that I haven’t messed around with - for example https://github.com/teejee2008/timeshift or snapper in openSUSE https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.snapper.html


#7

I actually had the same issue as OP. It was a legit Pure OS update that froze the boot screen. Nothing he did that bricked it. I got around it by booting in Advanced mode with a previous Kernel.

I’m going to check out both of the above distributions. Easy roll back in a production environment is gold.