diff --git a/resources/coreboot/cros/blobs.list b/resources/coreboot/cros/blobs.list
new file mode 100644
index 0000000000000000000000000000000000000000..05d3ee48ce60f0948a7ce16e921c3379906e76fd
--- /dev/null
+++ b/resources/coreboot/cros/blobs.list
@@ -0,0 +1,22 @@
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch05000119.c
+3rdparty/arm-trusted-firmware/plat/mediatek/mt8173/drivers/spm/spm_hotplug.c
+3rdparty/arm-trusted-firmware/plat/mediatek/mt8173/drivers/spm/spm_mcdi.c
+3rdparty/arm-trusted-firmware/plat/mediatek/mt8173/drivers/spm/spm_suspend.c
+3rdparty/arm-trusted-firmware/plat/rockchip/rk3368/drivers/ddr/rk3368_ddr_reg_resume_V1.05.bin
+3rdparty/chromeec/test/legacy_nvmem_dump.h
+3rdparty/vboot/tests/futility/data/bios_link_mp.bin
+3rdparty/vboot/tests/futility/data/bios_peppy_mp.bin
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch0500000B.c
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch0500001A.c
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch05000029.c
+src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbSmuFirmware.h
+src/vendorcode/amd/agesa/f14/Proc/GNB/PCIe/Family/0x14/F14PcieAlibSsdt.h
+src/vendorcode/amd/agesa/f15tn/Proc/CPU/Family/0x15/TN/F15TnMicrocodePatch0600111F_Enc.c
+src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GnbSmuFirmwareTN.h
+src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieAlibSsdtTNFM2.h
+src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieAlibSsdtTNFS1.h
+src/vendorcode/amd/agesa/f16kb/Proc/CPU/Family/0x16/KB/F16KbId7001MicrocodePatch.c
+src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/AlibSsdtKB.h
+src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/GnbSamuPatchKB.h
+src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/GnbSmuFirmwareKB.h
+3rdparty/chromeec/third_party/bmi260/accelgyro_bmi260_config_tbin.h
diff --git a/resources/coreboot/default/blobs.list b/resources/coreboot/default/blobs.list
new file mode 100644
index 0000000000000000000000000000000000000000..05d3ee48ce60f0948a7ce16e921c3379906e76fd
--- /dev/null
+++ b/resources/coreboot/default/blobs.list
@@ -0,0 +1,22 @@
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch05000119.c
+3rdparty/arm-trusted-firmware/plat/mediatek/mt8173/drivers/spm/spm_hotplug.c
+3rdparty/arm-trusted-firmware/plat/mediatek/mt8173/drivers/spm/spm_mcdi.c
+3rdparty/arm-trusted-firmware/plat/mediatek/mt8173/drivers/spm/spm_suspend.c
+3rdparty/arm-trusted-firmware/plat/rockchip/rk3368/drivers/ddr/rk3368_ddr_reg_resume_V1.05.bin
+3rdparty/chromeec/test/legacy_nvmem_dump.h
+3rdparty/vboot/tests/futility/data/bios_link_mp.bin
+3rdparty/vboot/tests/futility/data/bios_peppy_mp.bin
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch0500000B.c
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch0500001A.c
+src/vendorcode/amd/agesa/f14/Proc/CPU/Family/0x14/F14MicrocodePatch05000029.c
+src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbSmuFirmware.h
+src/vendorcode/amd/agesa/f14/Proc/GNB/PCIe/Family/0x14/F14PcieAlibSsdt.h
+src/vendorcode/amd/agesa/f15tn/Proc/CPU/Family/0x15/TN/F15TnMicrocodePatch0600111F_Enc.c
+src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GnbSmuFirmwareTN.h
+src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieAlibSsdtTNFM2.h
+src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieAlibSsdtTNFS1.h
+src/vendorcode/amd/agesa/f16kb/Proc/CPU/Family/0x16/KB/F16KbId7001MicrocodePatch.c
+src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/AlibSsdtKB.h
+src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/GnbSamuPatchKB.h
+src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/GnbSmuFirmwareKB.h
+3rdparty/chromeec/third_party/bmi260/accelgyro_bmi260_config_tbin.h
diff --git a/resources/scripts/update/module/coreboot b/resources/scripts/update/module/coreboot
index 2e78636b08be2a96d87b1fcb392a7feada44299b..706184121ec5451f7e37d7228ea0230b1ff01f7e 100755
--- a/resources/scripts/update/module/coreboot
+++ b/resources/scripts/update/module/coreboot
@@ -27,6 +27,16 @@ _board=""
 cbtree=""
 cbrevision=""
 
+# NODELETE= ./download coreboot
+# usage: NODELETE= ./download coreboot
+# if you do this, .git* won't be removed, nor will blobs
+# this is useful for working on patches to a coreboot tree,
+# in git, then then add in the build system
+nodelete="false"
+if [ "x${NODELETE+set}" = 'xset' ]; then
+	nodelete="true"
+fi
+
 cbcfgsdir="resources/coreboot"
 
 main()
@@ -49,6 +59,7 @@ main()
 		download_coreboot_for_board "${board}"
 	done
 
+	censor_blobs
 	rm -f ${cbcfgsdir}/*/seen
 }
 
@@ -153,7 +164,7 @@ prepare_new_coreboot_tree()
 		|| err "cannot cd to coreboot/${cbtree}"
 	git reset --hard ${cbrevision} \
 		|| err "cannot reset coreboot revision for tree, ${cbtree}"
-	git submodule update --init --checkout \
+	git submodule update --init \
 		|| err "cannot update coreboot submodules for tree, ${cbtree}"
 
 	for patch in ../../"${cbcfgsdir}"/"${cbtree}"/patches/*.patch; do
@@ -174,6 +185,84 @@ prepare_new_coreboot_tree()
 	)
 }
 
+censor_blobs()
+{
+	if [ "${nodelete}" = "true" ]; then
+		return
+	fi
+
+	printf "Doing this to coreboot: https://en.wikipedia.org/wiki/Book_burning\n"
+	printf "Whatever you do, don't read: https://libreboot.org/news/policy.html\n"
+
+	rm -Rf coreboot/coreboot/
+	rm -Rf coreboot/.git* coreboot/*/.git* \
+			coreboot/*/3rdparty/*/.git*
+	rm -Rf coreboot/*/util/nvidia/cbootimage/.git*
+
+	# Also delete that nasty evil documentation that
+	# tells users how to install coreboot, because those
+	# evil coreboot people recommend blobs sometimes. /s
+	rm -Rf coreboot/*/Documentation
+
+	# it's basically book-burning. GNU FSDG policy == censorship.
+	# https://en.wikipedia.org/wiki/Book_burning
+
+	# there is a much better way:
+	# https://libreboot.org/news/policy.html
+
+	# but this version of libreboot is designed for the FSF
+	# to use in their GNU Boot project.
+
+	# and i guarantee you, they will remove the above comments
+	# if they fork this code.
+
+	# *they* will call it FREEDOM.
+
+	# but it's not. they're removing your freedom to choose.
+	# and censoring everything they don't like.
+
+	# they will decide what is good for you.
+	# they will decide against you.
+	# and if you fell for their propaganda, you'll feel
+	# pure. despite the fact that your machine is still
+	# full of blobs, even if the boot flash is blob-free.
+	# see:
+	# https://libreboot.org/faq.html#what-other-firmware-exists-outside-of-libreboot
+
+	# this, despite the fact that libreboot is a free software
+	# project. they call it non-free. the truth is written here:
+
+	# https://libreboot.org/freedom-status.html
+
+	for cbdir in coreboot/*; do
+		if [ ! -d "${cbdir}" ]; then continue; fi
+		cbtree="${cbdir##coreboot/}"
+		cbtree="${cbtree%/}"
+		if [ ! -d "coreboot/${cbtree}" ]; then continue; fi
+		bloblist="resources/coreboot/${cbtree}/blobs.list"
+		if [ -f "${bloblist}" ]; then
+			for blobfile in $(cat "${bloblist}"); do
+				printf "Deleting blob: 'coreboot/%s/%s'\n" \
+						"${cbtree}" "${blobfile}"
+				rm -f "coreboot/${cbtree}/${blobfile}"
+			done
+		else
+			printf "WARNING blobs.list unavailable for %s" \
+				${cbtree} 1>&2
+		fi
+		rmlist="resources/coreboot/${cbtree}/rm.list"
+		if [ -f "${rmlist}" ]; then
+			for rmentry in $(cat "${rmlist}"); do
+				printf "Deleting directory to save space: "
+				printf "'coreboot/%s/%s'\n" \
+						"${cbtree}" "${rmentry}"
+				rm -Rf "coreboot/${cbtree}/${rmentry}"
+			done
+		fi
+	done
+
+}
+
 err()
 {
 	printf "ERROR: %s: %s\n" $0 $1 1>&2