[coreboot] [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

Patrick Georgi patrick at georgi-clan.de
Fri Sep 20 13:49:49 CEST 2013


Am 2013-09-20 11:51, schrieb Eugen Leitl:
> The Intel Atom-based MinnowBoard is a new UEFI dev platform, and it's
> Linux-based, and targets hackers; it uses Intel's definition of "Open
> Hardware", mainly meaning no NDAs involved. It is much cheaper and
> smaller than the above box.
> http://minnowboard.org/
> http://uefidk.intel.com/content/minnowboard-uefi-firmware
To wit, its download page is guarded by a long, non-free EULA: 
http://uefidk.intel.com/content/minnowboard-uefi-firmware-eula
Some of the components also seem to be binary-only.

> Both of these boxes let you reflash your system firmware with your
> custom build of BSD-licensed TianoCore UEFI.
BSD-licensed TianoCore + heaps of binary modules that are currently only 
available under NDA.
They'd also require some additional code (probably binary only?) to make 
Tiano resembling something like a complete and secure implementation.

> <soapbox>
> There is a large OEM/ODM/IBV/IHV/ISV ecosystem that currently runs the
> hardware, and it is UEFI-centric. IMO, focusing only on fringe
> Lemote/Coreboot technology is not a good bet.
coreboot is your only bet on x86 if you aim for open source firmware. It 
can be combined with TianoCore to provide the UEFI APIs to the user 
(read: Operating System), but TianoCore alone won't do since it lacks 
hardware initialization drivers (that coreboot provides).

> Personally, I wish EFF/FSF and other open/free tech groups would form
> a Linaro-like firmware group and produce their own UEFI firmware
> image, as an option for OEMs.
Personally, I wish people wouldn't wish for someone else to start 
groups, but do it themselves for a change.

However that brings the risk of seeing that things aren't quite as 
simple and might ultimately fail.
Of course, soapboxes and arm chairs are much more comfortable and 
comparably risk-free.

> There needs to be some Free Boot alternative to Secure Boot, with
> certs from EFF/FSF/etc and the open source distro vendors, not just
> OEMs/MSFT in the firmware, and it needs to target booting from a
> handful of main open source distros, not just 1 commercial OS. Else,
> UEFI will turn Personal Computers into Windows PCs, ending the era of
> General Purpose computing.
"main open source distros" is not enough since it creates a gatekeeper 
model. "Secure Boot" (which is really a Verified Boot) without physical 
user override doesn't cut it.

ChromeBooks, using coreboot, provide a mostly* Open Source Verified Boot 
model with physical user override (with two override modes: safe via dev 
mode switch, and complete via jumper).

* (blame Intel)

tl;dr: Comparing coreboot, Lemote, UEFI and Tianocore isn't as easy as 
people seem to believe.


Regards,
Patrick



More information about the coreboot mailing list