Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
There may be other protections to restrict SPI flash access for security reasons (so you might not be able to flash your custom firmware in the OS), but worst case you can use a HW flasher (or maybe USB flashback). Still, this doesn't address the elephant in the room - platform initialization code might be open-sourced, but that isn't everything. You'll still need to figure out the board-specific stuff (the Super I/O chip, chipset GPIOs, other peripherals, etc.). Using coreboot as an example, Intel provides the Firmware Support Package blob to handle platform initialization. I think AGESA is somewhat similar to this, though Intel publicly releases the binaries for use in coreboot/etc. Thanks to the FSP, coreboot has support for recent Intel chipsets. However, there is only support for two recent consumer boards: the MSI PRO Z690-A WiFi DDR4 and DDR5.
There may be other protections to restrict SPI flash access for security reasons (so you might not be able to flash your custom firmware in the OS), but worst case you can use a HW flasher (or maybe USB flashback). Still, this doesn't address the elephant in the room - platform initialization code might be open-sourced, but that isn't everything. You'll still need to figure out the board-specific stuff (the Super I/O chip, chipset GPIOs, other peripherals, etc.). Using coreboot as an example, Intel provides the Firmware Support Package blob to handle platform initialization. I think AGESA is somewhat similar to this, though Intel publicly releases the binaries for use in coreboot/etc. Thanks to the FSP, coreboot has support for recent Intel chipsets. However, there is only support for two recent consumer boards: the MSI PRO Z690-A WiFi DDR4 and DDR5.
Source code, including the firmware and actual hardware design
It's very easy to load new PKs into UEFI. You can use efitools to load the keys into your UEFI. There are instructions on that page for generating keys (ctrl+f Creating, using and installing your own keys). Keep in mind that efitool is unsigned (obviously), so you'll need to disable Secureboot before running an EFI Shell and running
From there you'll need to get an EFI Shell. There may be one built into your system, but you can also get one here from Tianocore (aka, the people mostly making UEFI). Neither this EFI Shell nor Keytool.efi (the thing you need to load the keys) are signed of course, so you will need to turn off SecureBoot to continue. From there just run Keytool with your new keys, turn back on SecureBoot, and move on with your life.