I am looking to build a Linux gaming machine with open source firmware and Intel ME disabled. Is this viable?
Is there any FOSS UEFI for MSI MPG B550 gaming edge WiFi?
Yes, probably. It is possible to flash and use dasharo (a downstream fork of coreboot) onto a modern MSI Z790A motherboard, which gets you pcie gen 5, 14th gen intel, and so on. I’m not sure if the necessary code to get it running has been upstreamed into coreboot yet. https://docs.dasharo.com/unified/msi/overview/
From there, you can use corna’s me_cleaner to disable (and clean) the management engine. There are reports of it working on alder lake: https://docs.dasharo.com/unified/msi/overview/
Here’s a full tutorial on disabling your ME on modern systems: https://github.com/mostav02/Remove_IntelME_FPT?tab=readme-ov-file#neutralizing-me-and-flashing-via-fpt
To be honest, though, I wouldn’t bother unless you’re doing it for fun. I’m not sure if this entire process necessarily works on the Z790+14th gen intel anyway.
The BIOS does a lot less than you’d expect, it doesn’t really have an impact on gaming performance. For what it’s worth, I’ve been gaming in a VM for years, and it uses the TianoCore/OVMF/EDK2 firmware, and no issues. Once Linux is booted, it doesn’t really matter all that much. You’re not even allowed to use firmware services after the OS is booted, it’s only meant for bootloaders or simple applications. As long as all the hardware is initialized and configured properly it shouldn’t matter.
You’d think so but IIRC when Phoronix tested it, Coreboot would always significantly underperform compared to the regular firmware. It wasn’t much but the effect was measurable.
Yeah it’ll depend on how good your coreboot implementation is. AFAIK it’s pretty good on Chromebooks because Google whereas a corebooted ThinkPad might have some downsides to it.
The slowdowns I would attribute to likely bad power management, because ultimately the code runs on the CPU with no involvement with the BIOS unless you call into it, which should be very little.
Looking up the article seems to confirm:
The main reason it seems for the Dasharo firmware offering lower performance at times was the Core i5 12400 being tested never exceeded a maximum peak frequency of 4.0GHz while the proprietary BIOS successfully hit the 4.4GHz maximum turbo frequency of the i5-12400. Meanwhile the Dasharo firmware never led to the i5-12400 clocking down to 600MHz on all cores as a minimum frequency during idle but there was a ~974MHz.
I’d expect System76 laptops to have a smaller performance gap if any since it’s a first-party implementation and it’s in their interest for that stuff to work properly. But I don’t have coreboot computers so I can’t validate, that’s all assumptions.
That said for a 5% performance loss, I’d say it counts as viable. My games VM has a similar hit vs native. I’ve been gaming on Linux well before Proton and Steam and have taken much larger performance hits before just to avoid closing all my work to reboot for break time games.
I’ve been gaming in a VM for years
Tell us more about your setup! I’m assuming you have 2 GPUs and are passing one to the VM for Windows gaming? Is it even worth doing nowadays now that Kernel AC games are banning VMs anyway?
Yes dual GPU. I set that up like 6 years ago, so its use changed over time. It used to be Windows but now it’s another Linux VM.
The reason I still use it is it serves as a second seat and is very convenient at that. The GPU’s output is connected to the TV, so the TV gets its own dedicated and independent OS. So my wife can use it when I’m not. When the VM isn’t running I use the card as a render offload, so games get the full power of the better card as well.
I also use it for toying with macOS and Windows because both of those are basically unusable without some form of 3D acceleration. For Windows I use Looking Glass which makes it feel pretty native performance. I don’t play games in it anymore but I still need to run Visual Studio to build the Windows exes for some projects.
This week I also used the second card to test out stuff on Bazzite because one if my friends finally made the switch and I need to be able to test things out in it as I have no fucking clue how uBlue works.
BIOS doesn’t matter for gaming as long as you don’t use modded GPU drivers.
While many comments here are correct that it would affect less than you’d expect, there are things that may not be covered.
For example:
- there’s no setting for hyperthreading
- no way to disable SATA drives, in case you’d like to be selective
- you’ll need to reflash the BIOS if you want to change boot order permanently
Also, make sure you have the correct video BIOS.
My understanding is there are few desirable motherboards that support Coreboot.
Don’t like Intel Management Engine? or processors that shit themselves? go AMD.
AMD has the Platform Security Processor. While it supposedly doesn’t have network access, it’s still a block box with full access to all memory.
As far as I know it’s also less documented. People have dug really deep into Intel ME that they even found a bit that disables most of the ME.
On the other hand AMD is planning to use coreboot compatible open firmware in the next EPYC generation. Knowing AMD, it will eventually come to the consumer market too. (We’ll see if it will be available before Red Hat drops x11)
Also there was a phoronix article recently that Intel is too messing around with Coreboot on Xeon.
i think amd said plan bring open source agesa to consumer after epyc.
AMD has a similar technology tho
What would be an example of a desirable mobo and what is the benefit of the coreboot?
Any am4 options?
By “desirable motherboard” in this context I mean a standard ATX (or standard size variants) motherboard with a currently supported socket and chipset commonly available on the consumer market. To run Intel 13th or 14th gen, or Ryzen 7000 or 9000. I don’t know if you can just buy an MSI or Asrock etc. board and expect to run Coreboot on them.
What’s the advantage of coreboot? Soothes paranoia mainly. Both Intel and AMD platforms have little black boxes in them that run a separate little OS beneath Windows or Linux that has Ring 0 or similar low-level access to the hardware and could theoretically man in the middle anything done on the machine. Intel’s is MINIX based, it’s called the Intel Management Engine, and it genuinely is a little bit bile inducing reading what it has access to. AMD does have a simlar technology.
In terms of performance, system stability etc? Very little. Once the kernel is loaded and in control of the hardware the BIOS doesn’t effect much AFAIK.
I’m not very familiar with it but I’ve not heard much about even AM4 boards being supported. I think of Coreboot (or it’s completely binary blob free fork LibreBoot) and I think of either Purism or System76 and in both cases for their laptops.
===
This kind of thing (the “main” operating system is built atop a secret basement full of god knows what) isn’t restricted to x86 either. On a Raspberry Pi, Linux running on the ARM cores is a second class citizen to ThreadX running on the VideoCore processor.
Thank you laying all of this out. I keep hearing about these issues but how did we get here and why is this being a concern now or am I just learning about it?
My understanding of things like the IME is that its reason for being is mostly benign, it lets enterprise-level IT departments do things like boot computers from across the network and stuff like that. It has no real use to home customers on their private PCs, but it’s included on all systems to simplify engineering; it handles a lot of the early boot process. And it’s always running. The privacy enthusiasts out there who carry a copy of TAILS on their keychains just in case aren’t fond of the fact that there’s a proprietary OS with unrestricted access to memory and networking just sitting there with no way of auditing or monitoring what it was doing.
This has been a thing for AWHILE now, and the whole coreboot thing…Intel, board manufacturers etc. keep their data so locked up that it’s a challenge to build anything that works, so it’s a miracle we have things like Coreboot at all. They largely concentrate on laptops IIRC, and it’s rare to see full fat desktop motherboards that work with Coreboot.
They largely concentrate on laptops
Main user base linux thinkpad enjoyer?
afaik it’s just the msi pro -a z690/z790 boards
deleted by creator
I’m not sure why it wouldn’t be it doesn’t change how Linux works at runtime does it?
yeah i play ksp and rainworld with coreboot+disabled ME thinkpad t430 and it’s fine (coreboot has no performance penalties)
the only thing coreboot broke in my instance was the passive (cpufreq) powersave cpu scaler for my cpu, but I could just switch to the active (intel_pstate) powersave cpu scaler which is better anyway
are there modern desktop motherboards/chipsets/bioses that let you disable ME though? the z690/z790 are the only ones that I know can run coreboot (ignoring laptop motherboards), but I thought that still had to run ME?
How would the lack of passive CPU powersaving affect things on your end?
passive/active are just 2 modes you can select between and active is simply better so for me there’s literally 0 problems
