Summary: Is it possible that the recent attempts to push secure boot onto computer users was a response to the growing hardware vendor support for coreboot back in 2011? This is only speculation on my part, but I suspect that this might be the case. Coreboot is a badly needed solution that can restore freedom to PC users while updating the outdated PC BIOS technology.
What is CoreBoot?
Coreboot is a free software replacement for the BIOS currently found in most computers. It is also a better alternative than UEFI/secure boot because it gives the owner of a computer the freedom to do whatever they want. If you buy a Windows 8 PC with secure boot, AND you want to enable secure boot, you are met with certain restrictions. Secure boot uses public key cryptography to restrict what operating system(s) can boot on a PC with secure boot enabled. The concept behind secure boot is good from a security standpoint, but if you want to use it AND use GNU/Linux, you have to use a cryptographic key signed by Microsoft. Microsoft could revoke this key at any time, effectively giving them the ability to prevent you from using GNU/Linux and secure boot at the same time. NO ONE should be able to dictate to you, the PC owner, what you can or cannot do on your computer system, in my humble opinion. Coreboot offers the same security benefits as secure boot, and it maintains the user’s freedoms.
The “Reddit” Arguments
Read on the Site...
TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco
Why We Need Coreboot
UEF/secure boot supports the effective duopoly that currently exist in PC hardware. AMD and any other company, such as a motherboard manufacturer, who does not get on the UEFI train is effectively locked out. To me, it is pretty clear that UEFI/secure boot encourages those who make a certain set of decisions, and punishes those who make another set of decisions. I won’t spell out all of my conclusions here. However, I came to them by studying the history of EFI and UEFI paying close attention to Apple’s shift from open firmware to UEFI. I looked at who created EFI, who financed EFI, and who stands to gain financially if UEFI/secure boot are implemented on x86 PCs.
In 2011, AMD began to dive deeply into supporting coreboot. On February 28, 2011, they released technical details of source code that AMD released in support of the coreboot project [1]. On May 6, 2011, AMD pledged to support booting with coreboot in all of its future microprocessors [2]. This revolution would have given the average PC user a lot more freedom, and a lot more control, over their computer system. A few months after this revolution started, it was announced that Windows 8 would be released with a version of secure boot that would turn back the hands of time, and greatly restrict what a PC user was able to do. I suspect that AMD’s support of coreboot scared someone. I believe that pressure was applied to AMD to get them to join the UEFI Board of Directors. THe UEFI Board has no members from the Free Software Community [5]:
Table 1: The PC Firmware Freedom Matrix *Not one of the four essential freedoms.
Table 1 clearly shows that coreboot best protects the freedoms of the PC user. Now, let us revisit the question from earlier: Why in the world would anyone have thought that UEFI/secure boot was a better solution? If you look at Table 1, can anyone give me a rational reason why UEFI/secure boot would be a superior alternative to coreboot? Faster boot time? More secure? Better for the consumer? What was the MOST likely motive for picking secure boot? I would would love to hear any responses to these question in the comments.
What You Can Do
There are at last 2 petitions created to protect the freedoms of PC user, one by the Free Software Foundation, and the other one on WhiteHouse.gov. Signing them would send a powerful message to the PC and motherboard industries that coreboot is a better choice than secure boot.
Thank you for reading The Linux Week in Review 51!
References
[1]. AMD Guest Blogger. (2011, February 28). Technical details on amd’s coreboot source code release. Retrieved from http://goo.gl/Qd0FE
[2]. Jones, Marc. (2011, may 6). Amd commits to coreboot. Retrieved from http://goo.gl/hOYyP
[3]. Stallman, Richard. (no date). The free software definition. Retrieved from http://goo.gl/8BDDQ
[4]. Linuxbsdos. (2012, November, 21). German govt comes out against Trusted Computing and Secure Boot. Retrieved from http://goo.gl/X12fl
[5]. UEFI. (no date). Uefi – board of directors. Retrieved from http://goo.gl/TD5Ws
Tagged as: bios, coreboot, freedom, secureboot, uefi
Why We Need Coreboot
UEF/secure boot supports the effective duopoly that currently exist in PC hardware. AMD and any other company, such as a motherboard manufacturer, who does not get on the UEFI train is effectively locked out. To me, it is pretty clear that UEFI/secure boot encourages those who make a certain set of decisions, and punishes those who make another set of decisions. I won’t spell out all of my conclusions here. However, I came to them by studying the history of EFI and UEFI paying close attention to Apple’s shift from open firmware to UEFI. I looked at who created EFI, who financed EFI, and who stands to gain financially if UEFI/secure boot are implemented on x86 PCs.
In 2011, AMD began to dive deeply into supporting coreboot. On February 28, 2011, they released technical details of source code that AMD released in support of the coreboot project [1]. On May 6, 2011, AMD pledged to support booting with coreboot in all of its future microprocessors [2]. This revolution would have given the average PC user a lot more freedom, and a lot more control, over their computer system. A few months after this revolution started, it was announced that Windows 8 would be released with a version of secure boot that would turn back the hands of time, and greatly restrict what a PC user was able to do. I suspect that AMD’s support of coreboot scared someone. I believe that pressure was applied to AMD to get them to join the UEFI Board of Directors. THe UEFI Board has no members from the Free Software Community [5]:
- Intel
- Lenovo
- AMD
- Insyde
- American Megatrends
- Apple
- Dell
- IBM
- Microsoft
Freedom |
Firmware
| ||
coreboot | secure boot | bios | |
The freedom to run the program, for any purpose. | Yes | No | Yes |
The freedom to study how the program works, and change it so it does your computing as you wish. | Yes | No | No |
The freedom to redistribute copies. | Yes | No | No |
The freedom to distribute copies of your modified versions to others. | Yes | No | No |
*Based on outdated technology. | No | No | Yes |
Table 1: The PC Firmware Freedom Matrix *Not one of the four essential freedoms.
Table 1 clearly shows that coreboot best protects the freedoms of the PC user. Now, let us revisit the question from earlier: Why in the world would anyone have thought that UEFI/secure boot was a better solution? If you look at Table 1, can anyone give me a rational reason why UEFI/secure boot would be a superior alternative to coreboot? Faster boot time? More secure? Better for the consumer? What was the MOST likely motive for picking secure boot? I would would love to hear any responses to these question in the comments.
What You Can Do
There are at last 2 petitions created to protect the freedoms of PC user, one by the Free Software Foundation, and the other one on WhiteHouse.gov. Signing them would send a powerful message to the PC and motherboard industries that coreboot is a better choice than secure boot.
- FSF petition: http://goo.gl/OXba3
- White House.gov petition: http://wh.gov/Rt33
Thank you for reading The Linux Week in Review 51!
References
[1]. AMD Guest Blogger. (2011, February 28). Technical details on amd’s coreboot source code release. Retrieved from http://goo.gl/Qd0FE
[2]. Jones, Marc. (2011, may 6). Amd commits to coreboot. Retrieved from http://goo.gl/hOYyP
[3]. Stallman, Richard. (no date). The free software definition. Retrieved from http://goo.gl/8BDDQ
[4]. Linuxbsdos. (2012, November, 21). German govt comes out against Trusted Computing and Secure Boot. Retrieved from http://goo.gl/X12fl
[5]. UEFI. (no date). Uefi – board of directors. Retrieved from http://goo.gl/TD5Ws
Tagged as: bios, coreboot, freedom, secureboot, uefi
Comments
Go there... http://beginlinux.com/blog/2012/12/tlwir-51-coreboot-the-solution-to-the-secure-boot-fiasco/
coreboot is a Free Software project aimed at replacing the proprietary BIOS
(firmware) found in most computers. coreboot performs a little bit of
hardware initialization and then executes additional boot logic, called a
payload.
With the separation of hardware initialization and later boot logic, coreboot can scale from specialized applications that run directly from firmware, run operating systems in flash, load custom bootloaders, or implement firmware standards, like PC BIOS services or UEFI. This allows for systems to only include the features necessary in the target application, reducing the amount of code and flash space required.
coreboot currently supports over 230 different mainboards. Check the Support page to see if your system is supported.
coreboot was formerly known as LinuxBIOS.
Read More...
http://www.coreboot.org/Welcome_to_coreboot
With the separation of hardware initialization and later boot logic, coreboot can scale from specialized applications that run directly from firmware, run operating systems in flash, load custom bootloaders, or implement firmware standards, like PC BIOS services or UEFI. This allows for systems to only include the features necessary in the target application, reducing the amount of code and flash space required.
coreboot currently supports over 230 different mainboards. Check the Support page to see if your system is supported.
coreboot was formerly known as LinuxBIOS.
Read More...
http://www.coreboot.org/Welcome_to_coreboot
Download coreboot
Note: These snapshots are for people, who use Linux as operating system and are able to build software from the source code.There is no easy to install package for people who want to quickly try out a new BIOS on their computer, yet. However, we provide some images for the QEMU emulator to test coreboot (and some payloads) on your Linux, Mac OS X, and Windows computers (without having to do any hardware changes). But please note that these images can not be used on any mainboard, they will only work in QEMU!
Snapshots
There is an archive of coreboot snapshots available at qa.coreboot.org. A new tar.bz2 file is created whenever the repository changes.Git
coreboot has switched to using Git for version control. Please see the Git page for much useful information on how to work with Git and gerrit in coreboot.Old subversion repository references that still apply will continue to be kept here.
Git clone
- Go there...
- http://www.coreboot.org/Download_coreboot
QEMU
You can easily try out coreboot using QEMU, without having to actually flash the BIOS chip on your real hardware.Contents |
Tutorials
- QEMU Build Tutorial — Starting a Debian GNU/Linux system via coreboot + a Linux kernel, or via coreboot + FILO.
- Booting FreeBSD using coreboot — Booting FreeBSD via coreboot + ADLO.
Ready-made QEMU images
Below is a list of various downloadable QEMU images you can use to try out coreboot.You need a patched version of vgabios-cirrus.zip for these images to work fine, the version in QEMU's CVS repository does not yet work. The image from Debian's QEMU package (/usr/share/qemu/vgabios-cirrus.bin) is already patched and works, too.
coreboot v2 + SeaBIOS
SeaBIOS is an open-source legacy BIOS implementation which can be used as a coreboot payload. It implements the standard BIOS calling interfaces that a typical x86 proprietary BIOS implements.The QEMU image uses coreboot v2 (r4917) and SeaBIOS (9eebe66a9978165cfa91f2266c97fa5d0aa6ef2e, 2009-11-04) with the following changes to the default src/config.h:
Go there...
http://www.coreboot.org/QEMU
Build HOWTO
This page describes how you can build a coreboot image for your specific mainboard.Contents |
Requirements
- gcc / g++
- make
- ncurses-dev (for make menuconfig)
- doxygen (for generating/viewing documentation)
- iasl (for targets with ACPI support)
- gdb (for better debugging facilities on some targets)
- flex and bison (for regenerating parsers)
Building a payload
First you need to download the source code for the payload of your choice and build it.Instructions for building the various payloads are not covered on this page, please see Payloads and the wiki page for the respective payload for details.
The result of this step should be an ELF file (e.g. filo.elf, or coreinfo.elf) which you can use with coreboot (see below).
Building coreboot
Read More...http://www.coreboot.org/Build_HOWTO
I tried out a build for Qemu, to see how it would go. Everything went perfectly, in the Command Line. And my build was done rather quickly. I just followed the instructions, one by one. But, when I tried to run my resulting "coreboot.rom" file in Qemu. Nothing happened. It didn't boot up. But, I have had problems with allot of ISO and IMG files too, in Qemu lately. So, the problem is probably with my Qemu install. I'm running Fedora 14 and Qemu use to work just fine on many ISO's. But, it has not been working on very many lately. So, I don't know for sure, what's going on here. No errors, no nothing. Just nothing happening, when I click Start in Qemu. I don't have a new Motherboard that actually needs Coreboot. So, I guess I'll try it again later...
Don
- CoreBoot - Linux Boot for Windows 8 UEFI Secure Boot "BIOS"
- TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco
- coreboot (aka LinuxBIOS): The Free/Open-Source x86 Firmware - YouTube
- Download coreboot - coreboot
- QEMU - coreboot
- Build HOWTO - coreboot
- Download Coreboot - Google Search
- status:open project:coreboot | review.coreboot Code Review
- Build HOWTO - coreboot
- flashrom
- Payloads - coreboot
- SeaBIOS - coreboot
- Build HOWTO - coreboot
- Downloads - flashrom
- flashrom
- Windows 8 UEFI Secure Boot "BIOS"
- Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot | ZDNet
- Stand up for your freedom to install free software — Free Software Foundation — working together for free software
- Will your computer's "Secure Boot" turn out to be "Restricted Boot"? — Free Software Foundation — working together for free software
- Linux Top 5: Microsoft's Secure Boot Gambit
- Red Hat Engineer Calls out Windows 8 Secure Boot as a Linux Risk
- Red Hat Engineer Calls out Windows 8 Secure Boot as a Linux Risk - InternetNews.
- Red Hat engineer renews attack on Windows 8-certified secure boot • The Register
- Linux Today - Windows 8 Secure Boot: Two Linux Distros Respond
- Windows 8 Secure Boot: Two Linux Distros Respond | PCWorld Business Center
- Worried About Win 8 Secure Boot? So Is the Free Software Foundation | PCWorld Business Center
- Linux Foundation: Secure Boot Need Not Be a Problem | PCWorld Business Center
- mjg59 | Implementing UEFI Secure Boot in Fedora
- mjg59 | Ubuntu ODM UEFI requirements for secure boot
- Linux Today - Canonical, the FSF and the Ongoing Secure Boot Saga
- Linux News: Community: Canonical, the FSF and the Ongoing Secure Boot Saga
- Linux Today - Fedora Linux Moves Forward with UEFI Secure Boot Plans
- Fedora Linux Moves Forward with UEFI Secure Boot Plans | PCWorld Business Center
- Microsoft confirms UEFI fears, locks down ARM devices
- mjg59 | Handling UEFI Secure Boot in smaller distributions
- ubuntu-bios-uefi-requirements.pdf (application/pdf Object)
- Free Software Foundation urges OEMs to say no to mandatory Windows 8 UEFI cage » OnlySoftwareBlog
- PCH Search & Win: Unified Extensible Firmware Interface...
- free software foundation urges oems to say no to mandatory windows 8 uefi cage - Google Search
- Extensible Firmware Interface (EFI) and Unified EFI (UEFI)
- Linux Today - Linux Foundation proposes to use UEFI to make PCs secure and free
- R.I.P. BIOS: A UEFI Primer | PCWorld Business Center
- Hardware neutrality: UEFI strikes again and again | TechRepublic
- Red Hat Linux paying to get past UEFI restrictions on Windows 8 | TechRepublic
- UEFI - Home
- Free Software Foundation urges OEMs to say no to mandatory Windows 8 UEFI cage | ZDNet
- Linux Foundation proposes to use UEFI to make PCs secure and free | ZDNet
- Any comment on the Ubuntu UEFI ruckus?
- Unified Extensible Firmware Interface - ArchWiki
- Matthew Garrett provided an overview of his UEFI Secure Boot "shim" workaround - Google Search
- Linux Today - Microsoft mum on reasons for secure boot
- Microsoft mum on reasons for secure boot
- Linux Today - Linux Foundation Steps Into Windows 8 Secure Boot Flap
- Technology News: Community: Linux Foundation Steps Into Windows 8 Secure Boot Flap
- Linux Today - Delays beset the Linux Foundation's Secure Boot workaround
- Delays beset the Linux Foundation's Secure Boot workaround | PCWorld
- Linux Today - ITwire: Secure Boot Microsoft Shows Up Linux
- Secure boot: Microsoft shows up Linux
- mjg59 | Secure Boot bootloader for distributions available now
- Linux Today - Coreboot: the Solution to the Secure Boot Fiasco
- TLWIR 51: Coreboot: the Solution to the Secure Boot Fiasco
- Linux Today - Free Software Foundation vs Microsoft Windows 8 Secure Boot
- Free Software Foundation vs Microsoft Windows 8 "Secure Boot" | The VAR Guy
- Linux Today - Linux Foundation releases Windows Secure Boot fix
- Linux Foundation releases Windows Secure Boot fix | ZDNet