Note the following machines of course aren't true free-design devices! Instead, these are refurbished and modified machines that carry a Coreboot Firmware and as few proprietary code as possible in their BIOS chips.
Regarding Intel’s integrated proprietary Manageability Engine (IME) which pops up severe privacy issues, mind these important categories:
- Machine free of IME hardware on board (ZC-T60, ZC-X60/X60s)
- Machine compromised with integrated IME hardware on board...
- ...and IME firmware untouched
- ...but IME firmware stripped down (ZC-X230, ZC-X230t, ZC-T430, ZC-T430s)
- ...but IME firmware deleted (ZC-X200, ZC-T400)
Please read The Intel Management Engine: an attack on computer users' freedom by Denis GNUtoo Carikli and Molly de Blanc in order to get precise details.
This machine is very common when it comes to delete proprietary blobs in the BIOS chip. It runs blobfree, however the Intel Manageability Engine (IME) architecture still is on board and we don't know exactly about its hardcoded capabilities.
ZC-X200 | Dual Core | 8GB RAM | 8MB Flash, IME Firmware deleted
Same as ZC-X200, but socketed CPU, integrated disk slot, touch-pad, more ports, stereo speakers, etc...
ZC-T400 | Dual Core in Socket | 8GB RAM | 8MB Flash, IME Firmware deleted
This is an old laptop that still is very interesting for it offers modern 64bit support while lacking the annoying IME architecture:
[...] many Intel computers manufactured in 2006 have the ancestor of the Management Engine which is disabled from the start, such as the Lenovo Thinkpads X60, X60s, X60 Tablet and T60, and many more. — Denis GNUtoo Carikli Contributions
If you have a strong stance on trust rather than performance, use this machine.
ZC-T60 | Dual Core in Socket | 3GB RAM | 2MB Flash | Free of IME!
Very performant laptop with dual core processor, two threads per core; IME firmware is not yet deleted but stripped down with ME_Cleaner. Note the heads project may run on this type of machine to gain improved security, but we haven't tried it, yet.
ZC-X230 | Dual Core, 2 Threads per Core | 16GB RAM | 12MB Flash, IME Firmware stripped down, CPU Microcode Updates required
ZC-X230 with Qubes R4.0
Zerocat’s Coreboot Configuration has been adjusted to provide the GRUB2.02 Bootloader with full authentication support, chainloading SeaBIOS as a secondary payload to allow for booting the Qubes R4.0 OS Installer from CD or USB-Stick.
ZC-X230 with Qubes R4.0 OS Installer
We tried to install Qubes on a few ZC-X230, but probably ran into issues due to a blobfree configured Coreboot-BIOS with a missing CPU Microcode Update File... See Zerocat’s Qubes R4.0 Installation Guide.
These machines gain ethical qualities, as the power of manufacturers and users is balanced by:
- usage of free licensed Coreboot firmware
- no usage (or usage of a reduced set) of proprietary binary blobs
- no usage (or usage of a reduced set) of IME’s proprietary firmware
- usage of Zerocat’s toolchain scripts and their free documentation
- usage of Zerocat’s RYF-Certified Chipflasher
Feel free to review or reproduce this approach and get convinced about its integrity.
Development and Testing
Since development of the true free-design chipflasher is still active, these machines are continued to be flashed for testing purposes. Please support the development with your hardware in case you can spare it — don't expect to get your machine back, though --- it is urgently required for future test cycles.
Devices of Special Interest
- Lenovo ThinkPad X1 Carbon
- Lenovo ThinkPad X200, X200s, X200 Tablet
- Lenovo ThinkPad X201
- Lenovo ThinkPad X220, X230, X230 Tablet
- Lenovo ThinkPad T400, T400s
- Lenovo ThinkPad T420, T430, T430s
- Lenovo ThinkPad T500, T520
- IBM ThinkPad T60, with Intel or ATI GPU
- IBM ThinkPad X60/X60s — 64bit
Flash services as well as ready made laptops are offered for purchase in Zerocat’s Online Shop. If no related sales page is available, feel free to request one.