Libreboot or Canoeboot?
- Inicie sesión ou rexístrese para enviar comentarios
I recently notice that mentions of Libreboot were change to Canoeboot by user knife at: https://trisquel.info/en/wiki/samsung-chromebook-v1-kevin-support-group
Please be patience with me, I really believe I understand Leah's position in the matter, or at least I think I do, but I do preferred Libreboot position over Canoeboot.
I followed the instructions listed at the Libreboot site https://libreboot.org/docs/install/chromebooks.html so I was sure I was installing Libreboot and not Canoeboot. But now that knife as made some changes I'm not sure anymore.
I don't really mind that Libreboot was change to Canoeboot for any other reason, I just want to know if I was mistaken when I thought I was installing Libreboot which, unless I'm mistaken, for this model it could be just a branding difference being the code the exact same.
I, really, really, don't mind if the change was made by someone that supports Canoeboot over Libreboot. In my opinion, it is not needed to impose one over the other in this particular case, and I really really do not want to start a fight with anyone. Again I think enough has been written bout that. If someone notice that I'm misunderstanding something, please share a link with useful information instead, a forum post for example.
I must say that I respect Leah and her work. I think that we are all passionate about our ideals and believe, I'm always happy to see her post on this forum even after all the discussions. And I hope she is reading this post as well. And I'm just hoping that we can all, including her of course be professionals and not to take anything personal. I can ensure every one I'm not.
Again I don't want to start a fight, but I also noticed that the changes I submitted to the Libreboot site to include the instructions to install Trisquel, were deleted as well. I'll be sending a message on the Libreboot mailing list as well, but if Leah could see this message and let me know here that will be awesome as well. I'll report back if I know of anything before that. Thank you.
Canoeboot.
Libreboot added nonfree code.
It is against the Community Guidelines.
"The manuals we distribute will not recommend or suggest non-free software."
So you are saying that the official Trisquel position now is that this forum will ONLY support systems with known, un-patched CPU vulnerabilities via disabled microcode updates?
Seems like a bridge too far, and like something that could invite liability.
"un-patched CPU vulnerabilities via disabled microcode updates?"
Isn't this what Wikipedia explains what Linux-libre does?:
"Linux-libre does not suggest the user install CPU microcode update bundles, since the code is proprietary.[21] Microcode update bundles have been used in the mainline Linux kernel version, among other things, to mitigate hardware vulnerabilities."
>"Linux-libre does not suggest the user install CPU microcode update bundles"
I'm sure you are right. Seems like each user has to make their own decision. Not all are going to be in agreement with Stallman that there is a free software difference between default microcode and updated microcode. In the end, all are non-free. We are not required to all agree with Stallman on every point of minutia. I think @jxself has sometimes given the example of one of the PDP-10's where CPU microcode was completely user programmable, as an example of actual software freedom.
I am a translator!
I don't recall any detail but I remember reading explanations about the Trisquel kernel including mitigations of security issues that people claim to be fixed by microcode updates. So it does not look like anyone here is suggesting to ignore security issues.
The GNU FSDG don't require that you have an entirely free system, just to only distribute and only suggest installing free software. Canoeboot does this, and I am not aware that this would make using Trisquel with Canoeboot insecure.
Libreboot claims to promote free software but suggests installing any non-free software that is necessary to make your hardware entirely functional and for which there is no properly working free software replacement. To me, the appreciation of properly working is largely subjective (like, is a graphics card properly working without hardware accelation?), and Libreboot encourages people to install non-free software without even thinking about it.
The issue of promoting free software while users's hardware has problems to work that way is not ignored by the GNU project, there is even the suggestion at https://www.gnu.org/philosophy/install-fest-devil to deal with it in some educational way.
I've just read this, and if this is Stallman's view on installing non-free drivers then Stallman appears to be a lot more relaxed on the subject than many of our Trisquel forum members:
>"My new idea is that the install fest could allow the devil to hang around, off in a corner of the hall, or the next room. (Actually, a human being wearing sign saying “The Devil,” and maybe a toy mask or horns.) The devil would offer to install nonfree drivers in the user's machine to make more parts of the computer function, explaining to the user that the cost of this is using a nonfree (unjust) program."
>"The install fest would tolerate the devil's presence but not officially sponsor the devil, or publicize the devil's availability. Therefore, the users who accept the devil's deal would clearly see that the devil installed the nonfree drivers, not the install fest. The install fest would not be morally compromised by the devil's actions, so it could retain full moral authority when it talks about the imperative for freedom."
>"I remember reading explanations about the Trisquel kernel including mitigations of security issues that people claim to be fixed by microcode updates"
Yes and no. Some spectre and meltdown mitigations (and the other vulnerabilities like these) are included in the kernal, and are not non-free. However, the security mitigations that only come from Intel with Intel's microcode updates would not be included.
I just ran spectre-meltdown-checker to see if there are still vulnerabilities on my computer. It reported in the summary everything was okay to my surprise. Is there any other kernel checkers?
You can read about the various Intel microcode security issues in their release notes on github: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases
I don't know of a specific kernel checker for the various vulnerabilities that are dealt with in microcode and not in the kernel. I think you just have to assume that if you are not applying the microcode updates that you are knowingly vulnerable to the exploits that are reported in the release notes, and you'd better take steps to ensure that no adversary gets their hands on your device (although keeping your adversary's hands off your computer applies whether you apply microcode or not).
I am a translator!
you just have to assume that if you are not applying the microcode updates that you are knowingly vulnerable to the exploits that are reported in the release notes
Looking through the list would already take time, then trying to understand what the vulnerabilities (there might not be any actual known exploitation of them) even more time. I tried having a look, I could not find that specific information for the listed vulnerabilities but maybe I did not search well enough.
keeping your adversary's hands off your computer applies whether you apply microcode or not
Indeed, like one would do with anything private written on paper.
Excellent, that was exactly what I wanted to know. I was sure it was the other way around, but I'm happy to know.
Please correct me if mistaken, but I'm pretty sure this model (chrombook kevin) does not require any "micro codes" (sorry I really don't know what I'm talking about). So in this specific case Libreboot and Canoeboot would be the same.
I do believe is good to promote the correct name that follow the trisquel's community guidelines for sure.
Thank you.
Now I see, looking at https://canoeboot.org/ it says:
Canoeboot is a special fork of Libreboot, maintained in parallel to it by the same developer (Leah Rowe), who maintains both projects. Canoeboot removes all binary blobs from coreboot, thereby providing a fully Free Software coreboot distro, unlike Libreboot which has a more pragmatic Binary Blob Reduction Policy
OK, sounds good. Thank you for the clarification.
Its still better to use libreboot than the stock bios even freedom wise.
There is far more libre code in libreboot than in the stock bios.
Thus, while it not free enough for the FSF, its still miles better *IF* you have to choose between stock bios and libreboot is the other option.
OK, I just find my answer about why the instructions that I added to install trisquel in the libreboot page were deleted here:
https://codeberg.org/libreboot/lbwww/commit/fb174b833b4ce1d61e74854e5329342c374e26c4
EDIT: Woops! I meant to use this link https://codeberg.org/canoeboot/cbwww/commit/4176e9c65616a51b182105ad3667624e1bc44e6b
That's where Leah explains it, not the other one.
I think it's reasonable, unlike the Debian instructions mine linked the manual at the Trisquel wiki, and I agree that some one interested on Trisquel will look in the forum. I won't use the "g" word mentioned by Leah because I don't want to promote it xD, I would have used: anyone can "duckduckgo" the instructions if they are interested on Trisquel.
BTW a friend of mine point me to gnuboot:
https://www.gnu.org/software/gnuboot/index.html
Chromebook kevin is not listed as supported yet.
Hello arielenter.
The answer to your question is:
Libreboot or Canoeboot? – NO!
BIOS or UEFI? – NO!
GnuBoot – YES!
And the whole problem we’ve been talking about for 10 or 30 years isn’t Libreboot—it’s the hardware.
Tomorrow, a powerful computer will appear with a free processor, graphics card, and other components, and Trisquel will be installed not by 1% of users worldwide but by 25% (for example), because it will simply be advantageous from a practical standpoint—in terms of security, privacy, and confidentiality—to install a free distro, with fewer attack surfaces..
We all have to make compromises because there is NO powerful, modern, freely available hardware!
Canoeboot is libre, don't be rude.
As for BIOS and UEFI, I agree
If GnuBoot is a yes, Canoeboot is too unless you like discriminating for no reason.
Thanks a lot Zoma,
sam-d16: I did mention that a friend point me to gnuboot right after I made the post:
https://trisquel.info/es/forum/libreboot-or-canoeboot-0#comment-182776
But as mentioned, my chrombook kevin is not supported yet.
Still, I agree on Zoma that free software is free software. At the end, it was what made it posible to fork Libreboot into gnuboot, and thanks to it Leah also created Canoeboot, even if it might have been reluctantly.
Since I'm probably not going to ever get advantage of having access to the code (you never know), other than the fact that I can be sure the bios is not doing anything malicious, I use Canoeboot (or even Libreboot) as a badge of honor. Seeing the picture of the project when ever I start the computer is special to me. To me is like a statement to myself mostly, I give you that.
> NO powerful, modern, freely available hardware!
This computer indeed is not very powerful at all. That doesn't mean I don't enjoy my self using it though. I know it's not for every one. I think the guys at the FSF agree with me because last time I was at the libre planet in Boston there were a lot of x200 and t400 laptops there. I know is not a long lasting solution, but it is one we can enjoy today, while keep fighting for the future.
To tell you the true I was quiet upset of seeing my Libreboot contribution on how to install Trisquel taken down from the Libreboot website, but after reading Leah's reasoning https://trisquel.info/es/forum/libreboot-or-canoeboot-0#comment-182775 I thought it was understandable. For instance, I would prefer having Canoeboot and Gnuboot badge instead of Libreboot when the computer starts, only for the meaning of it.
I think Leah is not threaded too fairly in this forum. I acknowledge that she might not be easy to get along with either. But I'm really happy she still post here once in a while. I myself respect her. She develops free software after all, which to me, it means we can disagree on things but still benefit all, like what happened with Gnuboot. Since the project of a free boot https://www.fsf.org/campaigns/free-bios.html was published by the fsf, I have always dreamed with it, and thanks to Leah it is now posible (even if it's not a long lasting solution), and for that I can not thank Leah enough, and hope to keep seeing her in the forums. Thank you.
Hello Arielenter
What is Liya doing? She’s making a compromise!
Why is she compromising by adding proprietary software? To use more powerful computers and sell them to her customers—that’s the whole answer to your question.
If she were thinking about clean code and the [LIBRE] philosophy, she wouldn’t be compromising.
Why do many users compromise by installing Libreboot or Canoeboot? Because they want more powerful, modern
hardware, and secondly, they want more control compared to proprietary UEFI and BIOS.
There may be other reasons as well. I am 500% certain that developers like Lia are being monitored
and perhaps even collaborated with by certain agencies (presumably)
sam-d16 I respect your take. What more powerful computers have been added to Libreboot? I'm curious.
Did you not read what I wrote?
Canoeboot is free software.
If you want to say libreboot is compromising have at it.
I imagine people who use libreboot in its current state, just want something that has its backdoors shut off and not need any proprietary bits to run it. I don't count microcode or disabled intel me images as proprietary. Non-free yes, but to me proprietary means it has dangerous anti features on doing who knows what.
That's why I am okay with libreboot.
But regardless, canoeboot is libre.
Oh sorry Zoma, I was talking about what user sam-d16 was talking about when he wrote:
> Why is she compromising by adding proprietary software? To use more powerful computers and sell them to her customers—that’s the whole answer to your question.
Since I haven't seen that happening so far, or has it? If it has I'll love to know.
> I am 500% certain that developers like Lia are being monitored
I would think we are all being monitored now. The US if I remember correctly has spying, which is known as PRISM.
>and perhaps even collaborated with by certain agencies (presumably)
Why should we go this far? This sounds paranoid.
>"And the whole problem we’ve been talking about for 10 or 30 years isn’t Libreboot—it’s the hardware.
Tomorrow, a powerful computer will appear with a free processor, graphics card, and other components, and Trisquel will be installed not by 1% of users worldwide but by 25% (for example), because it will simply be advantageous from a practical standpoint—in terms of security, privacy, and confidentiality—to install a free distro, with fewer attack surfaces.."
That computer already exists - the Raptor Talos II computer. However, almost no free software advocates that I know of use one (it's a bit pricey, probably $5,000 or more for a decent rig). And I don't know that anyone has managed to install Trisquel on one, although it could theoretically be done.
There are 2 users, maybe the only 2 users, that I'm aware they run it.
I am a translator!
The main board is certified RYF, but for the ready to use computers, it isn't clear to me whether the graphics card, that is an option, works entirely with free software or not.
Hello Andy.
You might be surprised, but there is a user like that—or maybe even a few of them ))
I saw them actively posting on their forum.
Here’s a photo of the user.
As for the Raptor Talos II, you’re right, but I was thinking of a slightly different context—meaning that a computer like that could be owned by a high school student, a college student, a teacher, or any ordinary user. The Raptor Talos II is extremely expensive, and as I see it, given the current global situation, this computer will only get more expensive. What we’re arguing about right now will become a reality very soon.
I am a member!
@arielenter
Hello,
After reading your initial post: icarolongo made first changes. Thank you! As he already said, Canoeboot is preferred. So I made the next changes, including the wiki you mentioned.
I think for a successful documentation an open eye on the community is needed. I know talks about the documentation are very rare, so often changes are made without announcing them.
If somebody wants to contribute, please do it, and see if the idea will survive. I am also very happy if somebody have the time to revise some of my or other peoples writings. That's how it works.
Just wanted to say this, and yes, I often read the forum. :)
Thanks for your contributions.