Hackability is always at odds with physical security.
The general rule of thumb for the security-paranoid is that once you lose sight of your device, you should assume it's been owned (any imaginable variant/combination of evil maid, DMA exploit thru a physical port, etc).
In recent years there has been a steady push to raise the bar (TPM, SecureBoot, etc). Whether that's effective for protecting the median user's privacy and security is a separate matter, but the side effect is of course that this is increasingly becoming a hurdle for power users, enthusiasts, OS developers, etc.
ARM Macs are at a very weird spot on this spectrum. On one hand, we have a new, bespoke, and undocumented system architecture, and keeping a macOS partition is a requirement to continue receiving firmware updates; on the other, Apple has left a clearly labeled escape hatch for OS developers, and kept it from accidentally breaking. You can't have a fully libre boot chain, but it's not like Lenovo (or most other PC vendors) would endorse that either.
It's just more straightforward and robust that way, because you won't be exploiting anything but using a product as the (ROM chip)manufacturer intended. Software's come too complicated these days.
Yeah, I have a Chromebook where the process to switch to coreboot was basically unscrew a write-protect screw (AIUI newer models might not even need that) and then you just run an installer script. That's a (...kinda) different particular firmware, but the process works. It just depends on your hardware.
As an aside, I'm surprised that the author's suggesting that 16GB is a sweet spot for a configuration – I'm not sure that's true today (I don't think it is for quite a few workloads on top of heavy webengine apps), but I doubt it'll be true in five years.
This is coming from an M1 MBP user with 32GB who, even with aggressive paging in and out of an uber-fast disk, manages to fill about ~20GB on a regular basis.
And then seeing people say >I don't understand it either, a 16 GB DDR5 stick costs like $50
50 bucks is a lot of money to a whole lot of people. Yes, actual computations and compilation etc take a lot of memory, but there is so much memory wasted through js bloat, it's just sad. But if you take a little effort and optimize your system, then 16GB is still more than enough and "just works"
Anyone considering a T480 is not at all interested in performance at this point in time. Modern chips are going to be substantially more capable and use less power.
32 is great for editing and such, but I do assume that one would be using linux, and in that case, I can consistenly open over 100 tabs in firefox and do programming and have electron apps open on the side on KDE plasma with no issues, no out of memory errors. Things do get squeezy and noticeably slow at those extremely heavy workloads; for heavy tasks of course get 32 but if 16 can do you that far its fine.
I even won a hackathon with 16gb of ram on an X230, if I can do that and be productive even at home its enough. macOS is just very RAM heavy, theres always at least 50 weirdly names background processes active.
I have a T480 as my main machine, but after skimming this blog post I am still not sure why would I want to flash libreboot on it, what will it improve?
For this particular model, not much, other than having a partially open source bios. That can provide better security and bug fixes compared to the original bios, but that's the sort of thing that'll be mostly transparent to you. You can make this a robust system like chromebooks with verified boot or use a project like heads, but these require quite a bit of effort. For older models, there used to be more practical benefits too such as removing wifi whitelists.
Hi! Big fan of linuxlaptopprices - it's exactly what I've been looking for. Have you considered adding a "ships to" filter? I live in Alaska and I'm looking to replace my T14s with bad soldered memory, but a lot of the listings don't ship to AK/HI.
What are some of the most significant challenges you've encountered when transitioning an existing system to Libreboot on a T480, particularly regarding hardware compatibility and performance optimization? Additionally, how do you ensure the integrity and security of the system during and after the installation process?
Nice. Somewhat tempting to upgrade from my ivy bridge, but then I'm reminded that intel's last decade has been such a dumpster fire that everything from the last decade may be more or less the same. What does libreboot mean these days ? Does T480 do native RAM init ? Or does it still need FSP ? It may be easier to use coreboot directly. I don't think libreboot does anything more than coreboot these days. This is also exciting as T480 is the same as T25, so you may be able to use T25's keyboard with it. That's the old style keyboard that they don't make any more.
>T480 is the same as T25, so you may be able to use T25's keyboard with it
The mod is complicated and very, very expensive. But possible, if you can find one in your preferred layout, which is very doubtful at this point - they've all been snapped up by people doing what you describe.
I do use the T25 keyboard on my T480. Is it nice? Oh hell yes. Was it worth the time and expense? Absolutely not, unless you are a serious keyboard nerd and have more money than sense. Which I did, at the time.
i believe that raminit isnt done via a blob anymore. you might as well read the official docs.
coreboot isnt even in the main tree yet! you have to use libreboot unless if you want to hunt down mate kukri's branch and go off that. you also have to use deguard to disable intel boot guard. It is more work than ivy bridge, which is why I use libreboot; its all done for you, its reliable and updates are done by someone else (you dont have to update your own payload yourself and recompile and retinker etc).
[+] [-] solatic|1 year ago|reply
I had a nice chuckle at this. Buying chip clips? A separate Raspberry Pi to wire everything together and perform the flashing process?
Is there really no chance of some kind of click-and-reboot process, same as how official proprietary firmware gets updated?
[+] [-] rollcat|1 year ago|reply
The general rule of thumb for the security-paranoid is that once you lose sight of your device, you should assume it's been owned (any imaginable variant/combination of evil maid, DMA exploit thru a physical port, etc).
In recent years there has been a steady push to raise the bar (TPM, SecureBoot, etc). Whether that's effective for protecting the median user's privacy and security is a separate matter, but the side effect is of course that this is increasingly becoming a hurdle for power users, enthusiasts, OS developers, etc.
ARM Macs are at a very weird spot on this spectrum. On one hand, we have a new, bespoke, and undocumented system architecture, and keeping a macOS partition is a requirement to continue receiving firmware updates; on the other, Apple has left a clearly labeled escape hatch for OS developers, and kept it from accidentally breaking. You can't have a fully libre boot chain, but it's not like Lenovo (or most other PC vendors) would endorse that either.
[+] [-] deaddodo|1 year ago|reply
[+] [-] Almondsetat|1 year ago|reply
[+] [-] bubblethink|1 year ago|reply
[+] [-] numpad0|1 year ago|reply
[+] [-] devops99|1 year ago|reply
[+] [-] yjftsjthsd-h|1 year ago|reply
[+] [-] nxobject|1 year ago|reply
This is coming from an M1 MBP user with 32GB who, even with aggressive paging in and out of an uber-fast disk, manages to fill about ~20GB on a regular basis.
[+] [-] dailykoder|1 year ago|reply
And then seeing people say >I don't understand it either, a 16 GB DDR5 stick costs like $50
50 bucks is a lot of money to a whole lot of people. Yes, actual computations and compilation etc take a lot of memory, but there is so much memory wasted through js bloat, it's just sad. But if you take a little effort and optimize your system, then 16GB is still more than enough and "just works"
[+] [-] dewey|1 year ago|reply
Unused memory is wasted memory, so makes sense to always have a lot in memory. Doesn't mean that you'd have a worse experience with 16GB.
[+] [-] whalesalad|1 year ago|reply
[+] [-] daghamm|1 year ago|reply
[+] [-] jsndnx|1 year ago|reply
Not having enough RAM slows you work to a halt, I would always go a tier down in CPU or GPU to have enough RAM
And it's also easy to expand later
[+] [-] ezntek|1 year ago|reply
32 is great for editing and such, but I do assume that one would be using linux, and in that case, I can consistenly open over 100 tabs in firefox and do programming and have electron apps open on the side on KDE plasma with no issues, no out of memory errors. Things do get squeezy and noticeably slow at those extremely heavy workloads; for heavy tasks of course get 32 but if 16 can do you that far its fine.
I even won a hackathon with 16gb of ram on an X230, if I can do that and be productive even at home its enough. macOS is just very RAM heavy, theres always at least 50 weirdly names background processes active.
[+] [-] merpkz|1 year ago|reply
[+] [-] bubblethink|1 year ago|reply
[+] [-] chgs|1 year ago|reply
[+] [-] opengears|1 year ago|reply
[+] [-] Propelloni|1 year ago|reply
[+] [-] dailykoder|1 year ago|reply
it will make you (as of now) unable to use thunderbolt and therefore a dock. Maybe you see that as improvement. I kinda like my thunderbolt
[+] [-] axiologist|1 year ago|reply
[+] [-] mkasberg|1 year ago|reply
I recently built https://linuxlaptopprices.com/, inspired by diskprices.com.
[+] [-] tmiku|1 year ago|reply
[+] [-] morjom|1 year ago|reply
[+] [-] 71bw|1 year ago|reply
[+] [-] morgansolis|1 year ago|reply
[+] [-] markus_zhang|1 year ago|reply
[+] [-] dokyun|1 year ago|reply
[+] [-] bubblethink|1 year ago|reply
[+] [-] dTal|1 year ago|reply
The mod is complicated and very, very expensive. But possible, if you can find one in your preferred layout, which is very doubtful at this point - they've all been snapped up by people doing what you describe.
I do use the T25 keyboard on my T480. Is it nice? Oh hell yes. Was it worth the time and expense? Absolutely not, unless you are a serious keyboard nerd and have more money than sense. Which I did, at the time.
[+] [-] ezntek|1 year ago|reply
coreboot isnt even in the main tree yet! you have to use libreboot unless if you want to hunt down mate kukri's branch and go off that. you also have to use deguard to disable intel boot guard. It is more work than ivy bridge, which is why I use libreboot; its all done for you, its reliable and updates are done by someone else (you dont have to update your own payload yourself and recompile and retinker etc).
[+] [-] stefantalpalaru|1 year ago|reply
[deleted]