osboot or libreboot?

42 risposte [Ultimo contenuto]
riveri
Offline
Iscritto: 07/27/2021

I want to buy a laptop with no proprietary blobs anywhere and since I don't know how to install libreboot I was considering buying from minifree website. I see now that Leah Rowe ships the computers by default with osboot and note libreboot. They claim it's an improved version of libreboot. But it says it allows proprietary blobs so im confused.

"osboot development started on December 11th, 2020, forked from the Libreboot 20160907 build system. osboot is similar philosophically to Libreboot, but with one difference: Libreboot only allows support for boards where the firmware can be 100% Free Software as per what is installed to the boot flash. Libreboot complies fully with FSF/GNU criteria defining what free software is.

osboot merely prefers this, but allows binary blobs. osboot will accept any board that coreboot supports. The coreboot software supports literally hundreds of computers, but on most of them it is not entirely free software, but instead relies on added binary blobs typically provided by the hardware manufacturers. E.g. mrc.bin for raminit (initialization of memory controller) and other initialization tasks."

Doesn't this allow for potential exploits? I don't understand. What should I buy?

jxself
Offline
Iscritto: 09/13/2010

libreboot, of course. :)

libreleah
Offline
Iscritto: 04/03/2017

Libreboot is still a fine choice. I'm actively developing both osboot and Libreboot.

They are both fundamentally the same (in that they are coreboot distributions making it easier for people to switch away from otherwise fully proprietary firmware), with only minor differences in their automated build systems and certain features or quirks that they have. I view Libreboot nowadays as essentially a curated osboot, with osboot being reference/upstream.

I intend to keep both projects as similar as possible. The osboot firmware merely supports more hardware (due to not banning binary blobs, which is what libreboot does) and on hardware that libreboot also supports, includes microcode updates by default, for better system stability and adherence to manufacturer specifications.

I think osboot is superior, due to increased system stability as a result of microcode updates being included by default (and it reaches out to the wider community, bringing more people into coreboot, which could even help Libreboot in the future), but it's also true that the average user will probably be happy with Libreboot, if they have hardware that is supported.

Libreboot will always exist and thrive, by my hand. So will osboot.

PrimeOrdeal
Offline
Iscritto: 09/15/2019

I wish I had more time to learn about the technical detail. All I would like to say is that I use a Libreboot laptop from libreleah running Trisquel since 2.5 years pretty much every day for my business (email, Libre Office, scientific programming, internet, meet.jit.si video calls, gimp photo edit, etc) and I never had any problems. Thanks Leah, on this basis you are recommended!

Lef
Lef
Offline
Iscritto: 11/20/2021

According to this osboot will use blobs, even if they are not needed:

https://trisquel.info/en/forum/minifree-now-offering-quadcore-modded-laptops#comment-163314

Since you want no blobs, you want libreboot and ask for Trisquel or one of these:
https://www.gnu.org/distros/free-distros.html
https://libreplanet.org/wiki/Incoming_distros

Potential exploits can be anywhere. I will not tell you that by using a blob you open yourself to an exploit because that is not always true and reduces all decisions to a one sided look on "security". Those who swear by security will often tell you to use non-free software. It's true non-free software can be more secure than free software (iPadOS might be more "secure" than Trisquel, Facebook might be more "secure" than the Trisquel forum), but when evaluating your security you must also factor in your freedom. Between choosing a less secure life in a house you build or life in a secure jail cell, choose freedom.

If you really need a jail cell, what matters is not so much the software you run but whether you connect it to the internet or your attacker can get physical access to it. If your threat is a government taking your laptop at a border checkpoint you should assume nothing can help you. If your threat is not getting a browser exploit from visiting a website, using NoScript will basically make any computer safe. If your threat is not getting a virus from a bad pdf you open, the BIOS really doesn't have any factor in that.

andyprough
Offline
Iscritto: 02/12/2015

>"If your threat is not getting a virus from a bad pdf you open, the BIOS really doesn't have any factor in that."

There's a project on github called "Dangerzone" that tries to turn a questionable pdf into a "safe pdf". I haven't tried it yet but it looks workable. Qubes will also do this, and Dangerzone appears to take some of their ideas from Qubes. I'll probably try it soon and report on any success/failure.

Legimet
Offline
Iscritto: 12/10/2013

Libreboot only supports the small number of computers that don't require blobs, while osboot is for those that do, and it is still a lot better than a completely proprietary BIOS. I'm not sure what's the difference between Coreboot and osboot.

libreleah
Offline
Iscritto: 04/03/2017

It is explained on the osboot homepage. actually, the libreboot homepage says more or less the same thing. Deblobbing is only a minor aspect of what Libreboot does, in regards to coreboot.

Here is a quote from today's osboot homepage:

osboot uses coreboot for hardware initialization. However, coreboot is notoriously difficult to compile and install for most non-technical users. There are many complicated configuration steps required, and coreboot by itself is useless; coreboot only handles basic hardware initialization, and then jumps to a separate payload program. The payload program can be anything, for example a Linux kernel, bootloader (such as GNU GRUB), UEFI implementation (such as Tianocore) or BIOS implementation (such as SeaBIOS). While not quite as complicated as building a GNU+Linux distribution from scratch, it may aswell be as far as most non-technical users are concerned.

osboot solves this problem in a novel way: osboot is a coreboot distribution much like Debian is a GNU+Linux distribution. osboot provides an automated build system that downloads, patches (where necessary) and compiles coreboot, GNU GRUB, various payloads and all other software components needed to build a complete, working ROM image that you can install to replace your current BIOS/UEFI firmware, much like a GNU+Linux distribution (e.g. Debian) provides an ISO image that you can use to replace your current operating system (e.g. Windows).

libreleah
Offline
Iscritto: 04/03/2017

Hi

You can still request Libreboot and Trisquel, and it shall be done. Libreboot will continue to be developed, fully inline with FSF criteria.

I'll clear this up on minifree.org aswell, and on osboot.org, after I write this post:

On the X200, T400, X200T, W500 and other GM45-era thinkpads that Libreboot supports, the only different osboot has is this:

It includes CPU microcode updates by default. I always considered microcode to be a non-issue, since the CPU already has burned-in, but older, buggier microcode anyway. These processors are designed with reconfigurable logic gates, and the microcode configures these gates to implement an instruction set. There only so much you can do to deviate from the specification, before you introduce basically an alien CPU with some similarities to x86, but what would happen in practise is that software would behave in a very unpredictable manner.

Microcode is the only different between osboot/libreboot, and systems that libreboot also supports. I regard these as beneficial, because they fix bugs and make the CPUs more reliable. In my opinion, the difference in freedom is negligible to non-existent, because of the context I've just described. On these particular systems mentioned, the updates also fix stability issues with hardware-based virtualization, which in my view is greatly beneficial because it aids in free software development (able to run many operating systems on one machine).

The FSF doesn't promote my company anymore. I'm still an avid free software activist but I'm going my own way nowadays. osboot and libreboot are both actively maintained, and I have great plans for both projects.

Here is a paste that of what I just wrote on the Minifree FAQ:

What is osboot?

From now on, laptops come with osboot by default, but you can still request Libreboot when ordering. osboot is an improved fork of Libreboot, also maintained by Leah Rowe. Development on this project started in December 2020. See https://osboot.org/

Unlike Libreboot, osboot includes CPU microcode updates by default. On systems that Libreboot also supports, this is the only difference. Intel CPUs have configurable logic gate arrays inside them, which the microcode configures to implement an instruction set. This is referred to as *micro programming*.

Intel CPUs have microcode burned into them, read-only, but with an update mechanism during boot time, where you can change the microcode that is loaded. Intel provides microcode updates, freely redistributable, via their Git page:

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/main/intel-ucode

osboot is based on coreboot, which in turn pulls down from this repository. However, Libreboot does not include any of these files.

Libreboot was created at a time when Leah Rowe, founder of Minifree, was in close cooperation with the FSF. I, Leah Rowe, am still an avid free software activist, but I've never considered the microcode an issue. These days, I still actively maintain Libreboot but also work on osboot now, and I'm going my own way, independently of the FSF.

A full account of all the differences between osboot and libreboot is described here:

https://osboot.org/#how-is-osboot-different-versus-libreboot

Lef
Lef
Offline
Iscritto: 11/20/2021

> The FSF doesn't promote my company anymore.

I'm not aware of the internal dynamics here (and there's no need to spill if there are), but if there's not something blocking it I would encourage it. I respect that you're going independent but the way I see it it would probably only help your business (or not, I could be wrong). From what I understand Timothy Pearson also "goes independent" of the FSF, but we all know of him in part because he gets the stupid sticker from the FSF, and also of course because he does actually make free hardware.

It always seemed odd to me that your company wasn't listed, since your company always had the most price competitive deals on librebooted laptops and buying from you would continue to incentivize you to continue libreboot development.

libreleah
Offline
Iscritto: 04/03/2017

The current situation with the FSF is very strange and precarious.

I've been doing just fine regardless. I've successfully adapted.

If there's something I can do to help them, I'm at their disposal.

libreleah
Offline
Iscritto: 04/03/2017

I just remembered something. This might actually convince a few people.

Here are some examples of where lack of microcode updates affected Libreboot, forcing Libreboot to work around changes made upstream in coreboot, changes that were *good* and made coreboot behave in a more standards-compliant manner as per Intel specifications. Libreboot had to *break* coreboot to retain certain other functionalities:

https://browse.libreboot.org/lbmk.git/plain/resources/coreboot/default/patches/0012-fix-speedstep-on-x200-t400-Revert-cpu-intel-model_10.patch?id=9938fa14b1bf54db37c0c18bdf...

https://browse.libreboot.org/lbmk.git/plain/resources/coreboot/default/patches/0018-Revert-cpu-intel-Configure-IA32_FEATURE_CONTROL-for-.patch?id=4b7be665968b67463ec36b9afc...

These patches revert *bug fixes* in coreboot. These bug fixes happen to break *other* features, when microcode updates are not applied, but coreboot correctly considers the no-microcode situation to be technically invalid. The coreboot code is correct.

In Libreboot, our only choices were: broken reboot + broken speedstep on some machines, or break something *else* to fix these. In both cases, coreboot was correcting something upstream, to fix old, non-compliant behaviour in the coreboot logic. The most optimal solution is to *not* apply the above patches, but Libreboot does it anyway because it has no viable alternative. The above patches are *technically incorrect*.

osboot does not need the two patches listed above, since it includes the microcode updates. Part of the reason why osboot exists is because I intend to keep my promise to the FSF, as far as Libreboot is concerned, but I also wanted to make something that is technically superior. Thus, osboot was born.

osboot is superior to Libreboot, in every way. Though, the libreboot way of doing things is a fun technical challenge :)

PublicLewdness
Offline
Iscritto: 03/15/2020

It's sad that we have to make these choices between having more potential privacy (no closed source blobs) and having bugs fixed. It's not your fault of course, you're doing the best you can be asked to do in offering both choices to customers.

SkedarKing
Offline
Iscritto: 11/01/2021

To be honest, if using osboot means that there are some harmless blobs onboard, that do barely any damage or use osboot which seems to be the more secure option, while also being more stable, etc...

If that is the case, I think I myself would use osboot... especially since, I am sure you will have intel me disabled by default anyhow along with any other dangerous backdoors.

At least until something non-x86 becomes available that I find interesting/reasonable.

Such as this...

https://mastodon.social/@mntmn/107344865606636074

Although I understand that some besides you find this a problem...

Either way,

do tell me when your next osboot release is out. :)

riveri
Offline
Iscritto: 07/27/2021

Does osboot require its own hardware modification, or we can flash between osboot and libreboot to try boot?

What would be the best option to run a bitcoin full node?

libreleah
Offline
Iscritto: 04/03/2017

hello there.

i'll clarify this on minifree.org after i've posted this:

yes, you can easily switch between osboot/libreboot, with a single flashrom command from your gnu+linux system

disassembly and special steps like external reflashing are only needed if you've got lenovo's firmware on there

riveri
Offline
Iscritto: 07/27/2021

I don't know which one should I buy.

Also its not clear to me the flashing process. To flash between coreboot distributions it has to be done by disassembling the laptop and doing this whole process? to update versions too? when would you need to do that? just once and when the default bios is removed, you can just download rom files and test coreboot distros without having to open the laptop?

Goat_Avenger
Offline
Iscritto: 03/24/2020

1: As far as I know, any stock BIOS on any Thinkpad must be externally flashed first; after that point, Coreboot can be configured to leave write access to the chip unlocked and flashrom can be used to internally reflash the device (no disassembly).
--
Summary: Libreboot and OSboot are virtually identical, and it makes no difference to your freedom or privacy, either choice, in the grand scheme of things. OSboot just supports newer hardware; but, going forward, future new hardware that comes out may implement designs that completely eliminate any possibility of true freedom, so hedge your bets now.
--
As for libreboot vs. osboot, in my opinion, it doesn't really matter at this point. Libreboot compatible devices can run without ANY Intel Management Engine code; for the AMD devices, this is not a concern. So the plus to that, is being 100% free from Intel's dubious Management Engine. OSboot, which runs on newer devices where the Intel ME code can't be completely removed, to my knowledge, cleans the ME, so only the boot logic is what remains. In my personal experience, this is acceptable and a hedged bet against aging hardware. As far as microcode goes, I don't know much about it, beyond the fact I believe it's implementation is mainly used to fix problems with the silicon's design after it has made it to market; this is not unlike when a car manufacturer may have you bring your car back to the dealer to fix some part that has been found to be faulty and needs to be replaced before it eventually causes a problem. Microcode is implemented to address design flaws. Some one can correct me if that's wrong.

For me, a cleaned/disabled Intel ME is acceptable, and microcode updates are acceptable; they are proprietary, but they are just an unavoidable aspect of x86 design. As far as security goes, if you want security, learn to use a type writer and avoid owning anything digital. If I could afford to do that, it seems it might actually be an interesting venture to go full analog. Personally, I don't think security is something we should worry about. We need to worry about freedom; and one part of freedom is ensuring our rights are intact. Article 12 of the Universal Declaration of Human Rights, I think, spells things out very clearly, and is a worthy standard to try and uphold. Unfortunately, it becomes increasingly impossible to avoid waiving your rights, if you want to participate in society at large (not to mention the blatant violations already occurring); but, that's a big issue beyond the scope of what is being discussed here; it is related, however.

So just pick what you prefer, in my opinion. Either of the two Coreboot distributions gives you greater freedom; and in theory, greater privacy. Libreboot could be said to be 100% free, and OSboot could be said to be 99.999% free. I don't see much of a difference there, in my opinion. The optimal choice is buying a raptor computing device or hoping that RISC-V comes to save the day, some day; but, raptor PCs are very expensive and not mobile, and RISC-V may or may not deliver when it comes to principles of freedom in computing, they are lax permissive/neutral in their dealings (to the best of my understanding).

So, take your pick, doesn't make a difference. The most important thing is to be aware of, and in recognizance of, the threats to our human rights; and be in understanding of how Free Software helps to play a pivotal roll in protecting individual autonomy, freedom, and privacy.

SkedarKing
Offline
Iscritto: 11/01/2021

Hmm, I disagree actually, osboot is probably more like 95% free compared to libreboot which is 100%, however, that's not due to any backdoors being enabled, its because of certain blobs, in use which libreboot doesn't have enabled.

Although, as long as the blobs don't connect remotely or do barely anything, I honestly don't care one bit...

Either way, I feel more safe. even with that, then a libreboot bios which is 100% free, due to the increased stability and very likely privacy/security.

By likely, I would say, its probably more like a 2x or at the very least a 1.5x boost.

But if Leah reads this, she can feel free to tell me if I am wrong or not.

In either case, I just don't want any remote backdoors in my systems more than anything else. As for any backdoors that aren't remote, I don't think that is escapeable without ditching x86 as a whole and moreover it might even require Risc-V and beyond...

So yeah, freedom, security/privacy, all hard to achieve to 100% at once.

Especially on the hardware level...

Though as someone who uses Hyperbola, I think its the freest distro, yes its radical in some ways people may not like, but for me it is the best out there, the least bloated and the most potential for security/privacy, etc...

To each their own though, as I know not everyone will agree with me.

Aka, it is your choice what you believe or don't believe.

libreleah
Offline
Iscritto: 04/03/2017

i don't think an arbitrary number is really useful

on hardware that libreboot also supports, osboot merely adds microcode updates. which i explain about on the FAQ at minifree.org

osboot is more *stable* on libreboot-compatible hardware, due to microcode updates fixing cpu bugs, but that's about it really. i'd say osboot is equally free on these, because i (against the fsf's advice) actually tell people that microcode updates do not hurt your freedom (because the cpu already has older microcode anyway. may aswell just install the update)

fun fact: libreboot merely excludes the microcode updates, but the logic in coreboot for enabling them is still there. you can insert microcode updates, using cbfstool, to any libreboot rom ever released:

cbfstool libreboot.rom add -f cpu_microcode_blob.bin -n cpu_microcode_blob.bin -t microcode

you can easily switch between osboot/libreboot, if the hardware also supports libreboot

as for other hardware:

i don't find the intel fsp stuff from coreboot very interesting and might just skip that in osboot. same for amd's binary pi stuff

in osboot, my main plans on x86 are: boards that are "mostly free". for instance:

* sandybridge/ivybridge platforms

* haswell platforms (mrc.bin needed, but hell from #coreboot is reversing that. mrc.bin does raminit and many other tasks)

* a few amd platforms where it's mostly free init but a few extras are needed (e.g. smu firmware)

embrace pragmatism, especially since libreboot hardware is harder to find nowadays. i haven't managed to port any newer x86 systems lately, and i'm switching my focus to non-x86 in libreboot land. in osboot land though, x86 is still perfectly viable for another few years at least.

instead of saying 100% this, 95% that, i think what we need is some sort of document defining each system, saying what's what, and let the user decide. that's what osboot is all about

of course, libreboot is all about that 100%, and will continue to be so, but libreboot's 100% only talks about what goes in the boot flash. what about ec firmware? and that's just one example

edit:

and you should definitely actively choose microcode updates, on your system. i strongly recommend osboot instead of libreboot. osboot is the project i would have started, all those years ago, but the fsf wanted to do business with me back then. i actually helped klemens nanni start the autoboot project in 2015 (see autoboot.org on wayback machine), but autoboot died. osboot is autoboot's spiritual successor

osboot is superior. it has better goals. it brings more people into coreboot, especially when i start adding more machines from coreboot. i'm not interested in creating a little pond for the fsf to bathe in. i want to bring in more people to the wider coreboot community

osboot's goals are better because of that. and this may even lead to more hardware being suitable for libreboot in the future, because many of those people i'm bringing in (on osboot) may become inspired and start actually hacking coreboot. libreboot's policies (copied from the fsf's policies) actively hurt the movement.

this is not to say that libreboot is useless though, and i don't really regret it at all. i will continue developing libreboot in addition to osboot. osboot's non-existence, until i started it in december 2020, is a great shame, but now it does exist. and i think the current situation is ideal.

we can have that more complete and colourful world, with beautiful shades of grey (instead of just black and white), while still having libreboot for those who want to go all the way. i respect that, and want that option to continue to exist, so i'm keeping the libreboot project alive, even if osboot is quickly becoming my main focus these days

osboot is for the rest of us. and everything written above is pretty much what it says on the osboot homepage too

95% free is better than zero

SkedarKing
Offline
Iscritto: 11/01/2021

Fair enough, you would know better than me the actual differences.

Although, the bios itself I meant was 100% free for libreboot, not the hardware outside of the bios... ;)

Either way, appreciate you correcting me on this, I really don't want to mislead people.

Considering, that amd made some of their hardware, aka the newer stuff, with a more libre license, does this help in freeing it for osboot?

I assume its still a long ways off for a long time, but I just was curious.

Btw, yes I think the FSF and GNU as a whole needs to take security/privacy as seriously as freedom. I feel like they don't do this anywhere near as much as they should, regarding non-proprietary software.

Just because something is libre, doesn't mean it is perfection personified or even, reasonably good, OpenBSD sadly has most gnu distros, even libre ones beat on security/privacy.

I guess I will also say, there are indeed more shades of grey then I probably realize, not to say some darkness and light doesn't exist, but a good majority of it is indeed grey.

As for the 95% being better than zero, that is how I feel as well.

Hope you keep yourself and your two projects, osboot and libreboot stay around for a very long time.

Edit: typos

libreleah
Offline
Iscritto: 04/03/2017

Thank you for your encouragement. I really appreciate it, and I wish you well too.

OpenBSD is actually a really amazing project and they've contributed a lot to freedom over the years, especially in reverse engineering specifications of various hardware, and it is also host to many important projects such as LibreSSL or OpenSSH. They're currently working on a cool new project called Got; it's a cleaner re-implementation of Git, compatible with Git repositories, but with a UI that suits their workflow better.

In many ways, OpenBSD is superior. The copyleft vs permissive issue is a sticking point for some people, but I have no problems steering people to OpenBSD, depending on their needs. In fact, I sometimes help people install it on IRC.

GNU+Linux and BSD are both fine choices. Additionally, there exist non-GNU Linux such as busybox+musl with linux (see: OpenWrt, Alpine etc - and distros in the middle like void that offer musl but are still otherwise GNU+Linux)

There is plenty of choices for free software users.

SkedarKing
Offline
Iscritto: 11/01/2021

there was an interesting article I read once:

https://www.unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd.html

Scroll down to, BSD is the place to be

Although, OpenBSD is probably the only one that has my interest, because they take security and privacy to a paranoid level.

LibreSSL, sndio, xenocara are all awesome

Although, I really wish that more people would help the Hyperbola project to liberate some of it. ;)

Either way, there are alot of choices, not sure how many are to my prefered level, but meh to each their own.

Avron

I am a translator!

Offline
Iscritto: 08/18/2020

https://www.unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd.html

I am not a licensing expert but I have the impression that several things are incorrect in what the article says:
- is it really so that some features cannot be supported in the Linux kernel because of the GPL?
- why can't there be devices relying on non-free code in GNU/Linux if so many GNU/Linux distributions support such devices and drivers/firmware?

In general, I tend to find the advice from the author not that accurate (also reading other posts).

Legimet
Offline
Iscritto: 12/10/2013

Note that OpenBSD isn't 100% free, as it contains some nonfree firmware. Of course, the same is true of Linux.

SkedarKing
Offline
Iscritto: 11/01/2021

This is one of the problems, although, forking OpenBSD and making it libre will be much harder than making a libre distro, but it has way more potential for actual security/privacy.

Hyperbola however is doing things in a specific order, I don't completely understand it, but I imagine the devs know way more.

SkedarKing
Offline
Iscritto: 11/01/2021

Well, it depends how you feel about freedom manipulators, aka, like say, do you consider redhat's software policy reasonable.

I myself, think they have found a very manipulative cunning way to break freedom, without using non-free licenses... aka, breaking backwards compatibility and influencing people to adopt their services, despite their seemingly bloated size and potential mindfield of issues.

I tend to think most of this is accurate, however, I also believe that BSD also gets stuff wrong, such as non-free trash being added/non-free firmware

OpenBSD may not be entirely libre, but it takes security to an insane level, by default, then if the user wants certain things, they can enable them.

I prefer that idea over the current situation...

Although, I will also add, FreeBSD as I said before, is infected by some problems just like the gnu/linux.

NetBSD? it is made in usa... so its kind of dubious for me to trust it, same with DragonflyBSD and FreeBSD for that matter,

Long story short, I feel like gnu/linux is slowly becoming a sinking ship that I will try to abandon within the 5-10 years.

I would hope HyperbolaBSD will by then be stable or at least close to it.

Secure by default, minimalism system calls, less bloat, are things I tend to have interest in in addition to freedom in general, I will not abandon Hyperbola though, because I have zilch experience with OpenBSD, also I am not sure how good their qemu support is among other new software apps.

Either way, I don't know how many people will agree with me, but its ultimately up to the user to determine, which is more important, a libre distro, that feels like it has psuedo freedom that has potential security issues, something that isn't fully free that is backdoor free or something else entirely.

A good example of what I am thinking the situation is, say you have the best ecc curve on an OS but even if it doesn't have a backdoor, it has a small amount of non-free parts like OpenBSD which seem to be mostly harmless.

Compare that to this other operating system where everything is freely licensed, but it has something like RSA 2048, or worse...

That's how the author of that article might see things this way. I know I see the situation somewhat similar.

If you don't think this is a problem, then I cannot convince you of anything.

I am just speaking my peace on what I see as problematic. You are free to see it differently of course, just make sure you know what you are getting into long term, especially if you opperate any servers.

Legimet
Offline
Iscritto: 12/10/2013

Backwards compatibility (which GNU/Linux has never been good at) and security holes aren't freedom issues. And Red Hat isn't forcing anyone to use their software. You're free to use one of the non-systemd distros.

I have nothing against BSD, but it isn't more free than GNU/Linux.

Adrian Malacoda

I am a member!

Offline
Iscritto: 12/26/2010

The article seems to argue that Linux being under the GPL is bad because it prevents ZFS from being integrated into it. This is true, but glosses over the fact that it was Sun Microsystems' decision to release ZFS under CDDL, which is not compatible with the GPL. Thus, the blame for ZFS not being legally able to be used in Linux rests entirely on Sun (and later Oracle).

Edit: the rest of this article, and other articles on this website, are not worth my time IMO.

SkedarKing
Offline
Iscritto: 11/01/2021

hmm, I guess I missed a few things...

The majority of it, I agree with, but things like that, I missed.

Although, I still am very much puzzled why you don't at least want to read the whole thing, just to see what you agree with...

Welp, w/e...

Adrian Malacoda

I am a member!

Offline
Iscritto: 12/26/2010

Also re. non-free firmware in Linux, my understanding is that firmware is not considered "part of Linux" as it is (as far as I know) kept in a separate source code tree, typically packaged separately, and loaded from the filesystem at boot time and installed onto the respective device. It runs entirely on the device, completely separate from Linux, and is not a "derivative work" of Linux. Drivers (i.e. kernel modules), which *do* run in Linux, are a bit more of a gray area, I think. My understanding - and correct me if I'm wrong - is that certain proprietary device drivers could indeed be GPL violations but Linux copyright holders including Linus will turn a blind eye on occasion.

SkedarKing
Offline
Iscritto: 11/01/2021

Supposedly, certain BSD's, are better at mitigating non-free firmware risks, such as OpenBSD, I have no idea how the gnu/linux sphere handles this issue, but I assume unless they are removed completely in the case of the libre kernel, then it is not nearly as good.

One of the Hyperbola developers described OpenBSD as firejail for the whole OS, except it is way more effective/secure.

Thus, a libre version of OpenBSD would be extremely awesome.

I tend to think Linus turns a blind eye more than occasionally unless he gets a huge outcry.

All the stuff that linux-libre has ever had to exclude is probably a good example. Either way... who knows what the future holds.

Legimet
Offline
Iscritto: 12/10/2013

Mostly true, but there are still 5 firmware blobs that are included in the Linux source code.

PublicLewdness
Offline
Iscritto: 03/15/2020

"i'm switching my focus to non-x86 in libreboot land"

This has peaked my interest for the long term. Lots of interesting projects out in ARM/RISC-V land.

riveri
Offline
Iscritto: 07/27/2021

My goal is to improve a Bitcoin setup. I use 2 laptop setup, one for cold storage without ethernet card and any wireless stuff to generate keys and another to sign and broadcast transactions. I use ElementaryOS Linux distro on both.

I was thinking of ways to improve, so the next step would be to get rid of the propietary bios and install a distro like Trisquel or PureOS. Then I learned about libreboot, then I learned about how libreboot has outdated microcode that could compromise security, and how coreboot has updated microcode that patches stuff like Spectre but in return you lose the 100% free thing (even tho default microcodes aren't open source so technically it wouldn't be 100% but whatever).

At this point im not sure what to do. Coreboot has many distros? how many are there? where can I learn this stuff?

I would just like the hardware part done for me because im busy and im also not sure if I could do it without bricking the laptop.

The microcode part, it begs the question.. how do we know that the new microcode updates don't include backdoors of sorts? back in 2008, im assuming things weren't as sophisticated, now while it fixes things, how do I know if it doesn't have something to tamper with RNG and compromise generation of bitcoin private keys, encryption passwords and so on?

SkedarKing
Offline
Iscritto: 11/01/2021

anything with osboot/coreboot + me cleaner on it,

has an almost free software bios, also, the backdoor that used to be on, aka intel me, is completely disabled.

As long as you get a device with coreboot/osboot and intel me disabled, you should be fine, especially with ivy bridge processors.

X230, or T430 if it has quad core, are good choices imo.

Edit: I should also mention, you will need the old wifi card replaced with an ath9k one, but with intel me disabled, this is absolutely possible especially with coreboot/osboot based devices.

riveri
Offline
Iscritto: 07/27/2021

Do you know any business doing Coreboot mods for the x230? I know the Nitrokey one, but im not sure what this nitrokey thing it ships with it's about. I just need the laptop. They ask for email and password. It says "The PGP key will be generated with the following information. Leave the fields empty to avoid creating the PGP key with personal information:". Do I leave it empty?

https://shop.nitrokey.com/shop/product/nitropad-x230-67

Thoughts? If I can trust these guys I may pick one. What Coreboot distribution it ships with? Also what is "Heads"? it says they use this too.

https://osresearch.net/

On the pic it uses a smartphone for 2fa, so im not sure about this, since you would now need to depend on a smartphone to generate the 2fa code.

Any other people except nitrokey are doing the x230 Coreboot offer?

libreleah
Offline
Iscritto: 04/03/2017

In fact, I currently offer the X230 with osboot on https://minifree.org/

However, osboot has GNU GRUB in the flash, just like Libreboot (it also provides SeaBIOS as an option).

Heads has a minimal linux+busybox system in flash, with u-root. See: https://www.linuxboot.org/ https://github.com/u-root/u-root

I'm happy to install Heads, on request, though I don't really advertise this on the site (except on the send-in installation service) since I have pride in my own project (osboot). I'm planning to do something with Alpine Linux at a later date, in flash, with u-root, similar to what Heads does, but I will do it within the osboot project. Though I want a more general purpose / live rescue system in the flash (that's why I'm doing the 16MB flash upgrades. By default, the X230 has 12MB flash in total).

Alpine Linux is a small distro, using busybox and musl libc (instead of GNU, which is much larger in size), and I see great potential in it as a distro to go in the boot flash, on coreboot systems. It's a very tiny distro, with a very nice package manager (apk-tools).

Lots of people use it for Docker stuff, but I easily see it being a very powerful distro to go in flash, on coreboot systems. That's all for the future though. For now, if you want linux-in-flash, I recommend Heads.

SkedarKing
Offline
Iscritto: 11/01/2021

Think Leah could help you with that below, if you can ship one to her, especially,

I got my T430 from Nitrokey, heads is a bit of a pain, but the security is really good supposedly.

I got my t430 from them, for one reason:

Only seller of coreboot/coreboot based laptop, with ivy bridge and me cleaner and a quad core on it.

;)

X230 does have a better battery by 2-3 hours...

EDIT: I will also add though, that its screen is smaller even if its battery life lasts 2 hours longer. ;)

riveri
Offline
Iscritto: 07/27/2021

Im considering the nitropad x230. Do you know how to set it up so I can use 2 drives, one external SSD and one internal HDD, and pass the tamper protection? I've read on the website but im not sure. You have to sign all the different boot partitions so the usb key recognizes it as valid I think, I just dont know to do step by step.

Also im not sure about the whole thing. Heads makes you stand out so much from the crowd. Tamper protection is great but it looks weird that you need an usb key to make the laptop work.

SkedarKing
Offline
Iscritto: 11/01/2021

Don't think you can have 2 drives internally... One external one can work, but it is more of a pain in the butt to load it, also, the tamper protection, seems to only be annoying, when you upgrade certain core programs, such as the linux kernel itself, but yes, it is annoying, but of course, you can change it to a different type of, bios, if you really want to, but it does void the warranty, so meh... idk.

You are probably better off ordering from zerocat.org if you don't enjoy that. Or, sending an x230 to be tweaked to your liking, via their flash service.

Aka, remove the microphone/webcam and add an ath9k wifi card, etc...

That being said, I might do the same, but I will wait for osboot to be sufficiently ready. ;)

alphul9
Offline
Iscritto: 12/31/2021

libreboot bro, It's the real freedom.

libreleah
Offline
Iscritto: 04/03/2017

For your reference:

Libreboot and osboot policies are now defined, unambiguously, whereas before it was ambiguous:

https://osboot.org/news/policy.html

https://libreboot.org/news/policy.html

This should clear up any and all confusion as to where each project places its priority.