Open hardware security is more important than ever, and in this episode of Nerding Out with Viktor, we dive deep into the role Coreboot plays in BIOS security, transparency, and firmware trust.

Joining host Viktor Petersson are two of the most respected voices in the coreboot community: Matt DeVillier (aka Mr. Chromebox), known for his extensive work on Chrome OS firmware at Purism and AMD, and David Hendricks, a long-time contributor who helped bring coreboot to Google’s Chrome OS and has also worked at Facebook and Amazon.

Together, they explore:
*The history and purpose of coreboot
*How it differs from U-Boot and legacy BIOS
*Why coreboot is foundational to secure, open hardware
*The difference between Verified Boot vs. UEFI Secure Boot
*Recent BIOS vulnerabilities like LogoFail and PixieFail
*The role of SBOMs and firmware reproducibility
*Supply chain risks and the case for firmware-level trust
*Adoption pathways for companies looking to switch to coreboot
*How coreboot supports circular economy and device upcycling
*The reality of RISC-V and the open hardware movement

This is a must-watch for security professionals, hardware developers, and anyone interested in the future of trustworthy computing, from the motherboard up.

Useful Resources:
Discover more about coreboot (www.coreboot.org/), including consultant links (coreboot IBVs), hardware vendors using coreboot, and extensive documentation at coreboot's homepage.
Explore MrChromebox.tech (mrchromebox.tech/) for Matt DeVillier's (Mr. Chromebox) custom distribution of coreboot.
Access Converged Security Suite (github.com/9elements/converged-security-suite), a suite of tools designed for provisioning Bootguard, enhancing the security of your devices.
Utilize goswid (github.com/9elements/goswid), a tool for generating Software Bill of Materials (SBOM) within coreboot, ensuring firmware transparency and integrity.
For developers and enthusiasts, find comprehensive information on Chrome OS Devices (www.chromium.org/chromium-os/developer-information…, including those powered by coreboot, at Developer Information for Chrome OS Devices. Note that almost all recent x86 and ARM models of ChromeOS devices use coreboot, with the exception of the earliest models.

--------
Timestamps
00:00 - Intro to Open Hardware Security & Coreboot
04:00 - The Origin Story of Coreboot
07:30 - BIOS Pain Points That Sparked the Coreboot Movement
16:00 - Where Coreboot Is Used Today (Chromebooks, Servers, More)
20:00 - Why BIOS Security Matters More Than Ever
23:00 - Secure Boot: Google Verified Boot vs. UEFI Secure Boot
29:00 - Firmware Signing, Key Control, and Supply Chain Trust
33:00 - Firmware Updates: fwupd, UEFI Capsules, and Adoption Challenges
36:30 - Why Supply Chain Security Begins with Firmware
40:00 - SBOMs, Reproducible Builds, and Firmware Transparency
45:00 - The Reality of BIOS Supply Chain Complexity
50:00 - How to Adopt Coreboot: Consulting, ODMs, and Manufacturing
57:00 - Is RISC-V the Future of Open Hardware?
01:08:00 - Chromebooks, E-Waste, and Sustainable Computing
01:11:00 - Final Thoughts