Microsoft System Security Director: Windows 11 can get along well with Coreboot

Even if UEFI SecureBoot is kept enabled and TPM thresholds and other security requirements are met, Windows 11 systems can run well on open-source Coreboot through related operations. Coreboot, formerly known as LinuxBIOS, is a software project designed to replace proprietary firmware in computers, with lightweight firmware designed to perform only the minimal amount of tasks required to load and run a modern 32-bit or 64-bit operating system.

join us on telegram

Over the past Christmas break, Microsoft’s director of enterprise and operating system security, David Weston, used his spare time and time off to get Windows 11 running on devices with an open-source firmware stack. On this adventure, he used Coreboot porting to the Supermicro X11SCH motherboard (Intel Coffee Lake era), which was carried out by 9elements security.

The TianoCore EDK II UEFI implementation uses Microsoft’s Project Mu. Yesterday David Weston shared that his project was a success. He was able to get Windows 11 running on an open-source firmware stack, including UEFI SecureBoot, standalone TPM2 and other related security features to meet Windows 11 hardware requirements. Weston, in turn, has been following along, praising the Coreboot project.

Currently, supported boards and other related resources can be found at Coreboot.org. Unfortunately, aside from Google Chromebooks, most Coreboot-capable motherboards that are available and not too expensive end up being several generations of old Intel hardware and some System76 laptops. Intel’s FSP still needs blobs, and for those who want a truly free software system, the big winners are still Raptor Computing Systems and their POWER9 platform.

Leave a Comment