Dons Deals

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Friday, 4 January 2013

Coreboot, formerly known as LinuxBIOS - The Solution to the Secure Boot Fiasco

Posted on 17:08 by Unknown

TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco



by Rex Djere on December 29, 2012 · 3 comments
in TLWIR


Summary: Is it possible that the recent attempts to push secure boot onto computer users was a response to the growing hardware vendor support for coreboot back in 2011? This is only speculation on my part, but I suspect that this might be the case. Coreboot is a badly needed solution that can restore freedom to  PC users while updating the outdated PC BIOS technology.

What is CoreBoot?
Coreboot is a free software replacement for the BIOS currently found in most computers. It is also a better alternative than UEFI/secure boot because it gives the owner of a computer the freedom to do whatever they want. If you buy a Windows 8 PC with secure boot, AND you want to enable secure boot, you are met with certain restrictions. Secure boot uses public key cryptography to restrict what operating system(s) can boot on a PC with secure boot enabled. The concept behind secure boot is good from a security standpoint, but if you want to use it AND use GNU/Linux, you have to use a cryptographic key signed by Microsoft. Microsoft could revoke this key at any time, effectively giving them the ability to prevent you from using GNU/Linux and secure boot at the same time. NO ONE should be able to dictate to you, the PC owner, what you can or cannot do on your computer system, in my humble opinion. Coreboot offers the same security benefits as secure boot, and it maintains the user’s freedoms.

The “Reddit” Arguments
Read on the Site...
TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco

Why We Need Coreboot
UEF/secure boot supports the effective duopoly that currently exist in PC hardware. AMD and any other company, such as a motherboard manufacturer, who does not get on the UEFI train is effectively locked out. To me, it is pretty clear that UEFI/secure boot encourages those who make a certain set of decisions, and punishes those who make another set of decisions. I won’t spell out all of my conclusions here. However, I came to them by studying the history of EFI and UEFI paying close attention to Apple’s shift from open firmware to UEFI. I looked at who created EFI, who financed EFI, and who stands to gain financially if UEFI/secure boot are implemented on x86 PCs.
In 2011, AMD began to dive deeply into supporting coreboot. On February 28, 2011, they released technical details of source code that AMD released in support of the coreboot project [1]. On May 6, 2011, AMD pledged to support booting with coreboot in all of its future microprocessors [2]. This revolution would have given the average PC user a lot more freedom, and a lot more control, over their computer system. A few months after this revolution started, it was announced that Windows 8 would be released with a version of secure boot that would turn back the hands of time, and greatly restrict what a PC user was able to do. I suspect that AMD’s support of coreboot scared someone. I believe that pressure was applied to AMD to get them to join the UEFI Board of Directors. THe UEFI Board has no members from the Free Software Community [5]:
  • Intel
  • Lenovo
  • AMD
  • Insyde
  • American Megatrends
  • Apple
  • Dell
  • IBM
  • Microsoft
Let us review the various PC firmware systems in the context of Richard Stallman’s Four Essential Freedoms [3]:
Freedom
Firmware
coreboot secure boot bios
The freedom to run the program, for any purpose. Yes No Yes
The freedom to study how the program works, and change it so it does your computing as you wish. Yes No No
The freedom to redistribute copies. Yes No No
The freedom to distribute copies of your modified versions to others. Yes No No
*Based on outdated technology. No No Yes

Table 1: The PC Firmware Freedom Matrix   *Not one of the four essential freedoms.
Table 1 clearly shows that coreboot best protects the freedoms of the PC user. Now, let us revisit the question from earlier: Why in the world would anyone have thought that UEFI/secure boot was a better solution? If you look at Table 1, can anyone give me a rational reason why UEFI/secure boot would be a superior alternative to coreboot? Faster boot time? More secure? Better for the consumer? What was the MOST likely motive for picking secure boot? I would would love to hear any responses to these question in the comments.

What You Can Do
There are at last 2 petitions created to protect the freedoms of PC user, one by the Free Software Foundation, and the other one on WhiteHouse.gov. Signing them would send a powerful message to the PC and motherboard industries that coreboot is a better choice than secure boot.
  • FSF petition: http://goo.gl/OXba3
  • White House.gov petition: http://wh.gov/Rt33
Ronald G. Minnich, one of the co-authors of coreboot, has been a vocal opponent of secure boot, as has the Free Software Foundation. Minnich explains coreboot far better than I could in this 2008 video.

Thank you for reading The Linux Week in Review 51!

References
[1]. AMD Guest Blogger. (2011, February 28). Technical details on amd’s coreboot source code release. Retrieved from http://goo.gl/Qd0FE
[2]. Jones, Marc. (2011, may 6). Amd commits to coreboot. Retrieved from http://goo.gl/hOYyP
[3]. Stallman, Richard. (no date). The free software definition. Retrieved from http://goo.gl/8BDDQ
[4]. Linuxbsdos. (2012, November, 21). German govt comes out against Trusted Computing and Secure Boot. Retrieved from http://goo.gl/X12fl
[5]. UEFI. (no date). Uefi – board of directors. Retrieved from http://goo.gl/TD5Ws

Tagged as: bios, coreboot, freedom, secureboot, uefi
Comments
Go there...
http://beginlinux.com/blog/2012/12/tlwir-51-coreboot-the-solution-to-the-secure-boot-fiasco/

coreboot is a Free Software project aimed at replacing the proprietary BIOS (firmware) found in most computers. coreboot performs a little bit of hardware initialization and then executes additional boot logic, called a payload.
With the separation of hardware initialization and later boot logic, coreboot can scale from specialized applications that run directly from firmware, run operating systems in flash, load custom bootloaders, or implement firmware standards, like PC BIOS services or UEFI. This allows for systems to only include the features necessary in the target application, reducing the amount of code and flash space required.
coreboot currently supports over 230 different mainboards. Check the Support page to see if your system is supported.
coreboot was formerly known as LinuxBIOS. 

Read More...
http://www.coreboot.org/Welcome_to_coreboot 

Download coreboot

Jump to: navigation, search
Note: These snapshots are for people, who use Linux as operating system and are able to build software from the source code.
There is no easy to install package for people who want to quickly try out a new BIOS on their computer, yet. However, we provide some images for the QEMU emulator to test coreboot (and some payloads) on your Linux, Mac OS X, and Windows computers (without having to do any hardware changes). But please note that these images can not be used on any mainboard, they will only work in QEMU!

Snapshots

There is an archive of coreboot snapshots available at qa.coreboot.org. A new tar.bz2 file is created whenever the repository changes.

Git

coreboot has switched to using Git for version control. Please see the Git page for much useful information on how to work with Git and gerrit in coreboot.
Old subversion repository references that still apply will continue to be kept here.

Git clone 

Go there...
http://www.coreboot.org/Download_coreboot

QEMU

Jump to: navigation, search
You can easily try out coreboot using QEMU, without having to actually flash the BIOS chip on your real hardware.

Contents

  • 1 Tutorials
  • 2 Ready-made QEMU images
    • 2.1 coreboot v2 + SeaBIOS
    • 2.2 coreboot v3 + FILO
    • 2.3 coreboot + libpayload + coreinfo
    • 2.4 coreboot v3 + invaders
    • 2.5 coreboot v3 + libpayload + tint
    • 2.6 coreboot v3 + Memtest86
    • 2.7 coreboot v3 + OpenBIOS
  • 3 Debugging

Tutorials

  • QEMU Build Tutorial — Starting a Debian GNU/Linux system via coreboot + a Linux kernel, or via coreboot + FILO.
  • Booting FreeBSD using coreboot — Booting FreeBSD via coreboot + ADLO.

Ready-made QEMU images

Below is a list of various downloadable QEMU images you can use to try out coreboot.
You need a patched version of vgabios-cirrus.zip for these images to work fine, the version in QEMU's CVS repository does not yet work. The image from Debian's QEMU package (/usr/share/qemu/vgabios-cirrus.bin) is already patched and works, too.

coreboot v2 + SeaBIOS


SeaBIOS payload.
SeaBIOS is an open-source legacy BIOS implementation which can be used as a coreboot payload. It implements the standard BIOS calling interfaces that a typical x86 proprietary BIOS implements.
The QEMU image uses coreboot v2 (r4917) and SeaBIOS (9eebe66a9978165cfa91f2266c97fa5d0aa6ef2e, 2009-11-04) with the following changes to the default src/config.h:

Go there...
http://www.coreboot.org/QEMU

Build HOWTO

Jump to: navigation, search

make menuconfig in coreboot
This page describes how you can build a coreboot image for your specific mainboard.

Contents

  • 1 Requirements
  • 2 Building a payload
  • 3 Building coreboot
  • 4 Known issue
  • 5 Flashing coreboot

Requirements

  • gcc / g++
  • make
  • ncurses-dev (for make menuconfig)
Optional:
  • doxygen (for generating/viewing documentation)
  • iasl (for targets with ACPI support)
  • gdb (for better debugging facilities on some targets)
  • flex and bison (for regenerating parsers)

Building a payload

First you need to download the source code for the payload of your choice and build it.
Instructions for building the various payloads are not covered on this page, please see Payloads and the wiki page for the respective payload for details.
The result of this step should be an ELF file (e.g. filo.elf, or coreinfo.elf) which you can use with coreboot (see below).

Building coreboot 

Read More...
http://www.coreboot.org/Build_HOWTO

I tried out a build for Qemu, to see how it would go. Everything went perfectly, in the Command Line. And my build was done rather quickly. I just followed the instructions, one by one. But, when I tried to run my resulting "coreboot.rom" file in Qemu. Nothing happened. It didn't boot up. But, I have had problems with allot of ISO and IMG files too, in Qemu lately. So, the problem is probably with my Qemu install. I'm running Fedora 14 and Qemu use to work just fine on many ISO's. But, it has not been working on very many lately. So, I don't know for sure, what's going on here. No errors, no nothing. Just nothing happening, when I click Start in Qemu. I don't have a new Motherboard that actually needs Coreboot. So, I guess I'll try it again later... 





 
Don
 
CoreBoot - Linux Boot for Windows 8 UEFI Secure Boot "BIOS"
TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco
coreboot (aka LinuxBIOS): The Free/Open-Source x86 Firmware - YouTube
Download coreboot - coreboot
QEMU - coreboot
Build HOWTO - coreboot
Download Coreboot - Google Search
status:open project:coreboot | review.coreboot Code Review
Build HOWTO - coreboot
flashrom
Payloads - coreboot
SeaBIOS - coreboot
Build HOWTO - coreboot
Downloads - flashrom
flashrom

Windows 8 UEFI Secure Boot "BIOS"
Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot | ZDNet
Stand up for your freedom to install free software — Free Software Foundation — working together for free software
Will your computer's "Secure Boot" turn out to be "Restricted Boot"? — Free Software Foundation — working together for free software
Linux Top 5: Microsoft's Secure Boot Gambit
Red Hat Engineer Calls out Windows 8 Secure Boot as a Linux Risk
Red Hat Engineer Calls out Windows 8 Secure Boot as a Linux Risk - InternetNews.
Red Hat engineer renews attack on Windows 8-certified secure boot • The Register
Linux Today - Windows 8 Secure Boot: Two Linux Distros Respond
Windows 8 Secure Boot: Two Linux Distros Respond | PCWorld Business Center
Worried About Win 8 Secure Boot? So Is the Free Software Foundation | PCWorld Business Center
Linux Foundation: Secure Boot Need Not Be a Problem | PCWorld Business Center
mjg59 | Implementing UEFI Secure Boot in Fedora
mjg59 | Ubuntu ODM UEFI requirements for secure boot
Linux Today - Canonical, the FSF and the Ongoing Secure Boot Saga
Linux News: Community: Canonical, the FSF and the Ongoing Secure Boot Saga
Linux Today - Fedora Linux Moves Forward with UEFI Secure Boot Plans
Fedora Linux Moves Forward with UEFI Secure Boot Plans | PCWorld Business Center
Microsoft confirms UEFI fears, locks down ARM devices
mjg59 | Handling UEFI Secure Boot in smaller distributions
ubuntu-bios-uefi-requirements.pdf (application/pdf Object)
Free Software Foundation urges OEMs to say no to mandatory Windows 8 UEFI cage » OnlySoftwareBlog
PCH Search & Win: Unified Extensible Firmware Interface...
free software foundation urges oems to say no to mandatory windows 8 uefi cage - Google Search
Extensible Firmware Interface (EFI) and Unified EFI (UEFI)
Linux Today - Linux Foundation proposes to use UEFI to make PCs secure and free
R.I.P. BIOS: A UEFI Primer | PCWorld Business Center
Hardware neutrality: UEFI strikes again and again | TechRepublic
Red Hat Linux paying to get past UEFI restrictions on Windows 8 | TechRepublic
UEFI - Home
Free Software Foundation urges OEMs to say no to mandatory Windows 8 UEFI cage | ZDNet
Linux Foundation proposes to use UEFI to make PCs secure and free | ZDNet
Any comment on the Ubuntu UEFI ruckus?
Unified Extensible Firmware Interface - ArchWiki
Matthew Garrett provided an overview of his UEFI Secure Boot "shim" workaround - Google Search
Linux Today - Microsoft mum on reasons for secure boot
Microsoft mum on reasons for secure boot
Linux Today - Linux Foundation Steps Into Windows 8 Secure Boot Flap
Technology News: Community: Linux Foundation Steps Into Windows 8 Secure Boot Flap
Linux Today - Delays beset the Linux Foundation's Secure Boot workaround
Delays beset the Linux Foundation's Secure Boot workaround | PCWorld
Linux Today - ITwire: Secure Boot Microsoft Shows Up Linux
Secure boot: Microsoft shows up Linux
mjg59 | Secure Boot bootloader for distributions available now
Linux Today - Coreboot: the Solution to the Secure Boot Fiasco
TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco
Linux Today - Free Software Foundation vs Microsoft Windows 8 Secure Boot
Free Software Foundation vs Microsoft Windows 8 "Secure Boot" | The VAR Guy
Linux Today - Linux Foundation releases Windows Secure Boot fix
Linux Foundation releases Windows Secure Boot fix | ZDNet
 
  • Recent Posts on http://beginlinux.com

    • Getting Started With Scribus
    • TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco
    • TLWIR 50: A Case Study on Line Printing from GNU/Linux to a Wifi Printer
    • OpenOffice.org vs LibreOffice
    • Linux Podcast Clients
    • Looking Over OpenSUSE 12.2
    • TLWIR 49: RELIABLY Printing From GNU/Linux to a Windows 7 Printer
    • A Tour of Linux Gaming
    • Desktop Tutorials
      • Debian
      • Ubuntu
      • Linux Mint
      • OpenSUSE
      • PCLinuxOS
      • Fedora
    • Server Tutorials
      • Ubuntu
      • CentOS
      • Nagios
      • Postfix
      • Web Server
      • DNS Server
      • Firewall
      • FTP Server
      • Proxy Server
      • Regular Expressions
      • Samba
      • Server Management
      • Server Security
      • Virtualization
      • Web Server


Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • ZigBee - a specification for a suite of high level communication protocols used to create personal area networks built from small low-power digital radios
    ZigBee From Wikipedia, the free encyclopedia Jump to: navigation , search ZigBee ...
  • Open Sorce Hardware - The Wandboard is a low cost board based on the i.MX6 multicore ARM Cortex-A9 family of processors. In consists of a core module based on the EDM standard and a simple to extend baseboard
    Here's an Open Source Wandboard - Freescale i.MX6 ARM Cortex-A9 Opensource Community Development Board. The Wandboard is a low ...
  • 1967 Chevy Camaro Complete Rebuild - Videos, HowStuffWorks Videos "NAPA Videos"
    Video Playlist - West Coast Customs Shop, Completely Tears Down a 1967 Chevy Camaro and then does a Complete Rebuild...
  • Installing and Updating GRUB 2 in Fedora Linux
    This Page has allot of info on Installing, Updating and Trouble Shooting Grub 2 in Fedora Linux. There are some good How To's for...
  • Dynaco Stereo 400 Power Amplifier - Dead Channel Fix - Dynaco Repairs For PC-28 Amplifier Boards
    My Dynaco Stereo 400 Amp... The Page Below these e-mails with Kevin Boales. Looks like the one that I found. Back in ...
  • Open source PLC's - PLC (programmable logic controller)
    Here's some Great Looking Open source PLC Projects. The OSPLC Small & Large Bricks are open-source PLC (programmable logic ...
  • Running a PXE Boot Server in Parted Magic
    Here's some good info on Running PXE Boot Server in Parted Magic... Don PXE – Parted Magic PXE PXE: the "classic" way ...
  • Building a Brushless Motor Controller using an ATmega Chip - by Davide Gironi
    Here's a very in depth Article on Building a Brushless Motor Controller using an ATmega Chip - by Davide Gironi... Do...
  • How To Clean or Replace The (potentiometer or "pot") Controls On Your Guitar Amplifier
    How To Clean The Controls On Your Amplifier 3 Author: Teslaphonics ...
  • VUE32 - open source controller for the peripherals of an electric car
    This open source controller for the peripherals of an electric car. Looks like it could save an EV Builder allot of time and ...

Blog Archive

  • ▼  2013 (354)
    • ►  December (12)
    • ►  November (33)
    • ►  October (23)
    • ►  September (46)
    • ►  August (52)
    • ►  July (36)
    • ►  June (45)
    • ►  May (17)
    • ►  April (38)
    • ►  March (19)
    • ►  February (22)
    • ▼  January (11)
      • DDClient is a Perl client used to update dynamic D...
      • Web, the Open Source Web Browser, by Gnome
      • TI SimpleLink TI CC3000 WiFi module and Vincent's ...
      • Tutorial on how to update from Fedora 17 to Fedora...
      • GRUB2 runlevel 3 – Howto Change runlevel on GRUB2
      • Copyright Trolls Strike Again! - Your video is blo...
      • A guide to teaching NoSQL databases to undergradua...
      • Terms of Service; Didn't Read
      • Java Vulnerability Note VU#625617 - Java 7 fails t...
      • Coreboot, formerly known as LinuxBIOS - The Soluti...
      • Rescatux and Super Grub Disk
  • ►  2012 (145)
    • ►  December (27)
    • ►  November (31)
    • ►  October (14)
    • ►  September (15)
    • ►  August (48)
    • ►  July (10)
Powered by Blogger.

About Me

Unknown
View my complete profile