1# Distributions 2 3coreboot doesn't provide binaries but provides a toolbox that others can use 4to build boot firmware for all kinds of purposes. These third-parties can be 5broadly separated in two groups: Those shipping coreboot on their hardware, 6and those providing after-market firmware to extend the usefulness of devices. 7 8 9## Hardware shipping with coreboot 10 11### ChromeOS Devices 12 13All ChromeOS devices ([Chromebooks](https://chromebookdb.com/), Chromeboxes, 14Chromebit, etc) released from 2012 onward use coreboot for their main system 15firmware. Additionally, starting with the 2013 Chromebook Pixel, the firmware 16running on the Embedded Controller (EC) – a small microcontroller which provides 17functions like battery management, keyboard support, and sensor interfacing – 18is open source as well. 19 20### Nitrokey 21 22[Nitrokey](https://nitrokey.com) is a german IT security hardware vendor which 23offers a range of laptops, PCs, HSMs, and networking devices with coreboot and 24[Dasharo](https://dasharo.com/). The devices come with neutralized Intel 25Management Engine (ME) and with pre-installed [Heads](http://osresearch.net) or 26EDK2 payload providing measured boot and verified boot protection. For 27additional security the systems can be physically sealed and pictures of those 28sealings are sent via encrypted email. 29 30### NovaCustom laptops 31 32[NovaCustom](https://novacustom.com) sells configurable laptops with 33[Dasharo](https://dasharo.com/) coreboot based firmware on board, maintained by 34[3mdeb](https://3mdeb.com/). NovaCustom offers full GNU/Linux and Microsoft 35Windows compatibility. NovaCustom ensures security updates via fwupd for 5 years 36and the firmware is equipped with important security features such as measured 37boot, verified boot, TPM integration and UEFI Secure Boot. 38 39### PC Engines APUs 40 41[PC Engines](https://pcengines.ch) designs and sells embedded PC hardware that 42ships with coreboot and support upstream maintenance for the devices through a 43third party, [3mdeb](https://3mdeb.com). They provide current and tested 44firmware binaries on [GitHub](https://pcengines.github.io). 45 46### Protectli 47 48[Protectli](https://protectli.com) is dedicated to providing reliable, 49cost-effective, and secure computer equipment with coreboot-based firmware 50tailored for their hardware. It comes with the [Dasharo](#dasharo) 51firmware, maintained by [3mdeb](https://3mdeb.com/). Protectli hardware has 52verified support for many popular operating systems, such as Linux distributions, 53FreeBSD, and Windows. Support includes Debian, Ubuntu, OPNsense, pfSense, 54ProxMox VE, VMware ESXi, Windows 10 and 11, and many more. 55 56### Purism 57 58[Purism](https://www.puri.sm) sells laptops with a focus on user privacy and 59security; part of that effort is to minimize the amount of proprietary and/or 60binary code. Their laptops ship with a blob-free OS and coreboot firmware 61with a neutralized Intel Management Engine (ME) and SeaBIOS as the payload. 62 63### Star Labs 64 65[Star Labs](https://starlabs.systems/) offers a range of laptops designed and 66built specifically for Linux that are available with coreboot firmware. They 67use edk2 as the payload and include an NVRAM option to disable the Intel 68Management Engine. 69 70### System76 71 72[System76](https://system76.com/) manufactures Linux laptops, desktops, and 73servers. Some models are sold with [System76 Open 74Firmware](https://github.com/system76/firmware-open), an open source 75distribution of coreboot, edk2, and System76 firmware applications. 76 77## After-market firmware 78 79### Dasharo 80 81[Dasharo](https://dasharo.com/) is an open-source based firmware distribution 82focusing on clean and simple code, long-term maintenance, transparent 83validation, privacy-respecting implementation, liberty for the owners, and 84trustworthiness for all. 85 86Contributions are welcome, 87[this document](https://docs.dasharo.com/ways-you-can-help-us/). 88 89### Heads 90 91[Heads](http://osresearch.net) is an open source custom firmware and OS 92configuration for laptops and servers that aims to provide slightly better 93physical security and protection for data on the system. Unlike 94[Tails](https://tails.boum.org/), which aims to be a stateless OS that leaves 95no trace on the computer of its presence, Heads is intended for the case where 96you need to store data and state on the computer. 97 98Heads is not just another Linux distribution – it combines physical hardening 99of specific hardware platforms and flash security features with custom coreboot 100firmware and a Linux boot loader in ROM. 101 102### Libreboot 103 104[Libreboot](https://libreboot.org) is a downstream coreboot distribution that 105provides ready-made firmware images for supported devices: those which can be 106built entirely from source code. Their copy of the coreboot repository is 107therefore stripped of all devices that require binary components to boot. 108 109### MrChromebox 110 111[MrChromebox](https://mrchromebox.tech/) provides upstream coreboot firmware 112images for the vast majority of x86-based Chromebooks and Chromeboxes, using 113edk2 as the payload to provide a modern UEFI bootloader. Why replace 114coreboot with coreboot? Mr Chromebox's images are built using upstream 115coreboot (vs Google's older, static tree/branch), include many features and 116fixes not found in the stock firmware, and offer much broader OS compatibility 117(i.e., they run Windows as well as Linux). They also offer updated CPU 118microcode, as well as firmware updates for the device's embedded controller 119(EC). This firmware "takes the training wheels off" your ChromeOS device :) 120 121### Skulls 122 123[Skulls](https://github.com/merge/skulls) provides firmware images for 124laptops like the Lenovo Thinkpad X230. It uses upstream coreboot, an easy 125to use payload like SeaBIOS and Intel's latest microcode update. 126 127It simplifies installation and includes compact documentation. Skulls also 128enables easy switching to [Heads](#heads) and back. 129