Microsoft's Director of OS Security Gets Coreboot Playing Nicely With Windows 11
It turns out with enough maneuvering that Microsoft Windows 11 can run well with the open-source Coreboot even with keeping UEFI SecureBoot enabled and meeting Windows 11's TPM requirements and other security measures.
David Weston who is a Director of Enterprise and OS Security at Microsoft took it on as a holiday project for getting Windows 11 running atop a device with the open-source firmware stack. For this adventure he was using the Coreboot port to the Supermicro X11SCH motherboard (Intel Coffee Lake era) that was carried out by 9elements security.
The TianoCore EDK II UEFI implementation he was using was Microsoft's Project Mu.
Yesterday David Weston shared that his project was a success:
He was able to get Windows 11 running on the open-source firmware stack, including with UEFI SecureBoot, discrete TPM2, and other related security functionality in place for meeting Windows 11's hardware requirements. In turn Weston has been following up with a lot of praise for the Coreboot project.
The list of currently supported boards can be found at Coreboot.org along with other resources. Unfortunately besides Google Chromebooks, most of the supported Coreboot motherboards that enjoy retail availability and not too costly end up being several generations old Intel hardware and the likes of some System76 laptops. Intel's FSP still requires blobs while for those wanting a truly free software system the big winner is still Raptor Computing Systems with their POWER9 platforms.
David Weston who is a Director of Enterprise and OS Security at Microsoft took it on as a holiday project for getting Windows 11 running atop a device with the open-source firmware stack. For this adventure he was using the Coreboot port to the Supermicro X11SCH motherboard (Intel Coffee Lake era) that was carried out by 9elements security.
Holiday project — first Windows 11 @coreboot_org device? Courtesy of @9eSec @Supermicro_SMCI x11sch-f coffeelake port. Plan is to get it booting W11 with all the trimmings (edk2 secureboot, etc) pic.twitter.com/Yr7bXPCFXV
— David Weston (DWIZZZLE) (@dwizzzleMSFT) December 7, 2021
The TianoCore EDK II UEFI implementation he was using was Microsoft's Project Mu.
Yesterday David Weston shared that his project was a success:
It works! Windows 11 running OPEN SOURCE firmware with @coreboot_org and @9eSec EDK2 UEFI. Supports Secureboot (my own PK) and discrete TPM2, VBS, Etc. System meets all hardware requirements. Thanks to @nablahero for the port and @_miczyg_ for all the newb questions!! https://t.co/jjcXoXZKNI pic.twitter.com/8c1XL7374s
— David Weston (DWIZZZLE) (@dwizzzleMSFT) January 17, 2022
He was able to get Windows 11 running on the open-source firmware stack, including with UEFI SecureBoot, discrete TPM2, and other related security functionality in place for meeting Windows 11's hardware requirements. In turn Weston has been following up with a lot of praise for the Coreboot project.
The list of currently supported boards can be found at Coreboot.org along with other resources. Unfortunately besides Google Chromebooks, most of the supported Coreboot motherboards that enjoy retail availability and not too costly end up being several generations old Intel hardware and the likes of some System76 laptops. Intel's FSP still requires blobs while for those wanting a truly free software system the big winner is still Raptor Computing Systems with their POWER9 platforms.