coreboot releases are currently done on a roughly quarterly release cycle.

In general these releases are done for OEM/ODMs and other groups who want a "stable" release base. If you are a developer or end user, we recommend that you use the master branch of the coreboot repository.

Get the coreboot source from the git repository

$ git clone

Release archives

Release Date Source Source
Blobs Blobs


The releases are signed with a PGP/GPG signature. To verify the release, run:

$ gpg --verify coreboot-4.16.tar.xz.sig coreboot-4.16.tar.xz

If you get a message saying "Can't check signature: No public key", copy the key value and fetch it from the keyserver.

$ gpg --receive-keys 574CE6F6855CFDEB7D368E9D19796C2B3E4F7DF7

Then rerun the verification step.

Note that the warnings "This key is not certified with a trusted signature!" and "There is no indication that the signature belongs to the owner." are normal


Keys used to sign the binaries as of 4.20:

1504DB83B93905F5160EB3FD86EB211649573F59 - Jason Glenesk (coreboot developer) <>

D0BB76A6FB81653A2B175BC2DB682C092C49D476 - Patrick Georgi <>

7642F206B20B77DAEB5B611A53C88CBFBC4F65F3 - Angel Pons <>

EB51718A2D22AB1DA92C74B11F991B62CCC9259B - Patrick Georgi <>

3D705758E41EB17A3D28754941050E818DCB9057 - Patrick Georgi <>

390DCF788BF9AA504F8FF1E2C29E9DA6A0DF8604 - Alexander Couzens <>

574CE6F6855CFDEB7D368E9D19796C2B3E4F7DF7 - Martin Roth (coreboot developer) <>

Go back to the main page