coreboot
Coreboot is an open source replacement for the proprietary BIOS or UEFI shipped by your board vendor. Google uses coreboot as the firmware on all chromebooks since 2012. Previously, Googled used a heavily modified Insyde H2O UEFI for the first generation Intel Pineview chromebooks. U-Boot was used as the boot firmware for the first generation Samsung Exynos chromebook. All of Google's modifications to coreboot are open source, and most end up in upstream coreboot.
Boot Security
Most modern systems implement a vendor-specific firmware security mechanism. This can be Intel BootGuard, AMD Platform Secure Boot, or the various implementations on ARM chips. All of these systems rely on one-time fuses to burn in keys to the chip. If the firmware binary fails the signature check, the cpu will refuse to boot. Google took a different approach. The first stage of coreboot (BOOTBLOCK) is stored in a write-protected region of the SPI flash. Each subsequent stage is signed and verified by the previous stage. Not only does this allow for a vendor-neutral secureboot model, but it also allows the user to freely modify the firmware on their device (something which the vendor implementations do not allow for).
Compiling custom firmware
While you can use upstream coreboot, the MrChromebox fork includes many fixes which have not yet landed in upstream. It also includes a convenient build script to simplify the process. The following instructions assume you are running something debian-based, but can be applied to most other distros.
# Install build dependencies
sudo apt install bison build-essential curl flex git gnat imagemagick libncurses5-dev m4 nasm python-is-python3 uuid-dev zlib1g-dev libssl-dev
# Clone the source
git clone https://github.com/MrChromebox/coreboot
cd coreboot
# Build the cross-compile toolchain
make crossgcc-i386 CPUS=$(nproc) # AMD Ryzen platforms additionally need crossgcc-arm
# Compile the firmware
./build-uefi.sh <board name>
# The script will output the built rom to ../roms/
