Presentation is loading. Please wait.

Presentation is loading. Please wait.

Libreboot Free boot firmware for ARM, POWER and x86

Published byArabella Manning Modified over 7 years ago

Similar presentations

Presentation on theme: "Libreboot Free boot firmware for ARM, POWER and x86"— Presentation transcript:

1 Libreboot Free boot firmware for ARM, POWER and x86
Speaker: Leah Rowe

2 What is libreboot? Free boot firmware (replaces “the BIOS”)
Iniatilizes hardware and starts a bootloader for the OS Many people use free OS, but with non-free BIOS. Libreboot provides them with a libre replacement, with source code. Boot firmware is required for booting your OS Libreboot supports desktops, laptops and servers on ARM and x86 (OpenPOWER is a future ambition).

3 Goals We want everyone to use free software (we think proprietary software should not exist) Support more hardware (work with coreboot) Make libreboot the default firmware on all computers (including OEM systems) Easy for non-techies (and well-documented) Coreboot is difficult to build/install for most people

4 What is the problem with non-free BIOS/UEFI firmware?
No freedom for users (four freedoms missing) Tyrant devices: some firmware prevents other OS (game consoles, mobile devices and increasingly, PCs) Sometimes prevents *other firmware* (e.g. libreboot) Backdoors (SMM rootkits, out-of-band OS e.g. ME/PSP, automatic remote software updates) Bugs (e.g. broken USB support, instability, slow startup) – you can't fix it. Did we mention that you have no freedom?

5 History of Libreboot Started in December 2013, for hardware endorsement program “RYF” Respects Your Freedom (Free Software Foundation) – Gluglug/Minifree – supported hardware expanded over time, and continues growing. Automated build system first implemented soon after Initially only supported ThinkPad X60, but expanded over time to support many laptops/desktops/servers

6 GNU project Libreboot joined GNU briefly, and was a member between 14 April 2016 to 15 September 2016 Libreboot quit the GNU project on 15 September and became a non-GNU project again. R. Stallman formally confirmed Libreboot’s departure from GNU, on 5 January 2017, after resisting. Several disagreements with GNU practises, and then the FSF did something nasty. There was no way we would stay in GNU. We are still a free software project, with the same goals. More info, including about why Libreboot left GNU:

7 How Libreboot is funded
Ministry of Freedom (Minifree) sells laptops, desktops and servers with Libreboot and a free OS (Debian) preinstalled Leah Rowe runs Libreboot and Minifree, and she is the founder of both of them. Company focuses exclusively on libre hardware Website here:

8 Components of Libreboot (git repository) - abstract
Documentation (written in HTML, being converted to RST) Automated build system – written in BASH Download script downloads/patches dependencies (coreboot, flashrom, grub, depthcharge, vboot, etc) Builds dependencies, and the ROM images for installation Release scripts generate release archives Utilities – ich9gen (written in C), coreboot-libre (BASH), grub-assemble (BASH), etc. Used by the build system.

9 Components of libreboot (more detailed)
Coreboot – provides hardware initialization Also possible to integrate other boot firmware (u- boot, petitboot, pmon, etc) but we don't do that yet Payloads (GRUB, depthcharge) Utilities (flashrom, bucts, ich9gen/ich9deblob, coreboot-libre, grub-assemble, etc) Utilities from coreboot itself (cbfstool, GCC, etc – yes, coreboot has its own GCC toolchain)

10 coreboot Performs hardware initialization
Started in 1999 as “Linux BIOS” Hardware became self-describing. Linux kernel didn’t need the BIOS anymore. LinuxBIOS put a kernel “payload” in the boot flash, and handled all functions. People started adding payloads besides Linux Around 2004 renamed to coreboot

11 The problem with coreboot?
Bits of proprietary software (some of coreboot is free, some is not) Most coreboot systems still require blobs (more on this in later slides) Difficult to install, and lots of risks Have to build from src. Confusing build/installation instructions. Have to build other software (payloads, utils, etc) Most people give up before they even attempt to install coreboot Bricks are common, for those who do attempt it.

12 Not a fork of coreboot! Comparison: ISO images for your favourite GNU/Linux distribution Everything done for you in advance, easy to install use the OS Friendly community user support for helping users that get stuck Libreboot is: ROM images for your libreboot system Everything built for you in advance, and fully tested Easier to install and use the firmware Good documentation, friendly user support (IRC/ ) Libreboot is a coreboot distribution

13 Deblobbing coreboot The utility we maintain for this is called “coreboot- libre” Scripts search source code looking for paterns that look like blobs (lots of magic numbers, binary files, etc) We decide which files are blobs and which are not, and maintain lists for the scripts to delete. Libreboot supports less hardware than coreboot (due to lack of binary blobs) This method is inefficient, however...

14 Librecore http://librecore.info/ Not part of Libreboot project
Started in December 2016 Fork of coreboot focused on libre hardware Provides some deblobbing in-tree, instead of using scripts Much more efficient long-term than deblob scripts Has attracted many libre-focused coreboot developers already

15 Blob: the entire hardware initialization! (Intel/AMD)
Most new x86 coreboot ports are completely blobbed up (hw init, plus extra blobs) Intel FSP / AMD AGESA/PI perform hw init (CPU/RAM/etc) – these are binary blobs AMD provided src, but then stopped Can also be malicious (SMM rootkits, etc) We call this “shimboot”

16 Blob: Video BIOS Initializes the display (text/framebuffer)
Specific to a given chipset Not provided in coreboot, but by manufacturer (libreboot has free video BIOS on systems that it supports) Some GPUs don’t need it (e.g. some Nvidia chipsets, some Intel chipsets)

17 Blob: Intel Management Engine
Present on all Intel systems post ~2007 Separe computing platform from the main system, built into northbridge, or PCH on newer platforms. Has access to memory (via DMA engine). Runs out of bound. Has networking (it’s a backdoor) – provides remote access via AMT Cryptographically signed. Cannot replace Prevents other boot firmware on newer systems (via Intel Boot Guard)

18 Sandybridge/ivybridge exception
Sandy/ivy Intel CPUs have the Management Engine Possible to remove all networking features and other malicious features, resulting in a blob less than 40KiB (default is about 5MiB). After that, the ME is useless, harmless and does virtually nothing. Several systems in coreboot supported. We can add them to Libreboot We are considering whether to add this to Libreboot Still need to RE the descriptor/gbe regions (we already did this with older Intel systems, for e.g. X200/T400) We have information about this on the Libreboot FAQ

19 AMD just as bad as Intel Platform Security Processor (equiv. ME)
Only supplies blobs to the coreboot project Modern AMD systems have the same issues as Intel (insecure, non-free)

20 OpenPOWER High-end server hardware (comparable to Intel)
IBM has freed their POWER platforms (POWER8 and POWER9) Hardware is available today and Libreboot could be ported to it Possible to manufacture your own harbware Therefore, libreboot-enabled OEM is possible today We attempted this already (TALOS workstation)

21 TALOS workstation Libreboot pre-installed by the OEM
Was an attempt by Raptor Engineering Aim was to manufacture OpenPOWER desktop systems to people, especially software developers Problem? It was too expensive, nobody bought it because they couldn’t afford it. The crowd funding campaign failed, unfortunately. We need another campaign!

22 Alternatives? Currently there are no practical solutions available at OEM level. Not currently possible to compete with Intel/AMD on price ARM is underpowered and not suitable for development Libreboot supports ASUS KGPE-D16, for now (still fairly high-end, still available) and Minifree sells it

23 Payloads Coreboot only does hardware initialization
Coreboot jumps to a payload once the hardware initialization is complete Libreboot uses GRUB by default (on x86) Libreboot uses Depthcharge by default, on chromebooks There are many payloads in coreboot

24 GRUB bootloader GRUB bootloader is the default payload in libreboot
GRUB has many benefits over SeaBIOS Faster boot speeds (coreboot jumps directly to GRUB) Can decrypt LUKS partitions (able to encrypt /boot) Can check GPG signatures (useful for the kernel) Can boot kernel+initramfs directly from the flash chip (with big enough flashing space, you can put an OS in there) Can load other coreboot payloads From the flash chip (CBFS/memdisk), USB drive, HDD partition, etc Useful for testing. It can also load SeaBIOS.

25 You don't have to re-flash!
GRUB is the payload, but grub.cfg can be loaded from the HDD/SSD By default, libreboot's GRUB payload will switch to /boot/grub/libreboot_grub.cfg on the HDD/SSD. It can also switch to /boot/grub/grub.cfg on the HDD/SSD, provided by your GNU+Linux distro. Optionally, you can change the grub.cfg in the flash chip (the default one).

26 Depthcharge payload Similar to GRUB (bootloader)
Maintained by Google (GRUB is maintained by GNU) Default coreboot/libreboot payload on Chromebooks (libreboot supports 1 chromebook at present, using the Rockchip RK3288 chipset (ARM) – others also possible) Has some nice features (signature checking for linux kernel with user-supplied keys, verified boot firmware, and so on)

27 GNU+Linux is supported
Libreboot can boot any distribution, as long as it uses kernel mode setting (for video initialization) Can also boot in text mode Some distributions are problematic (Fedora) Full disk encryption supported, including /boot/ (instructions)

28 BSD also supported NetBSD works out of the box
OpenBSD works, with some modification LibertyBSD should work (based on OpenBSD) FreeBSD might work in text-mode

29 Other OS unknown e.g. ReactOS e.g. FreeDOS e.g. HaikuOS e.g. KalibriOS
Most of them probably unsupported, due to use of BIOS services, and/or Video BIOS services. (libreboot is not a BIOS)

30 Features for next release
More Chromebooks already added (Rockchip ARM CPUs) New build system (already merged, but only supports Chromebooks. Old build system still used for x86 boards) Built-in support for building Linux kernel payloads (could be used for integrating Petitboot payload, and is used for building chromebook ARM kernels) We wish to add support for LLVM/Clang Ivy/Sandy Intel systems supported (currently working on it)

31 How to help We want libreboot to be preinstalled by OEMs
Add new hardware support to Libreboot Tell your friends about Libreboot (and use it!) Help people to install libreboot. Organise workshops at your local hacker/user group Improve the documentation File a bug report: Patches welcome!

32 Contact methods IRC: #libreboot on FreeNode
Reddit: List of developers, with individual contact details: Mailing list not available at present

33 Thank you! Libreboot is an important project for bringing freedom to computer users everywhere. We want it to continue to improve, forever. Contact details: Main website: Main page links to mailing lists Main page links to IRC channel and other contact methods These slides are Copyright Leah Rowe, released under CC BY-SA 4.0 or (at your option) any later version.

Download ppt "Libreboot Free boot firmware for ARM, POWER and x86"

Similar presentations

1 Web Server Administration Chapter 3 Installing the Server.

1 Web Server Administration Chapter 3 Installing the Server.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
WHAT IS A COMPUTER? BY JACK SUMMERS. WHAT IS A COMPUTER? A computer basically a set of different components that when put together in the correct way.

WHAT IS A COMPUTER? BY JACK SUMMERS. WHAT IS A COMPUTER? A computer basically a set of different components that when put together in the correct way.
Chapter 7 Installing and Using Windows XP Professional.

Chapter 7 Installing and Using Windows XP Professional.
Linux Operations and Administration

Linux Operations and Administration
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Configuring the MagicInfo Pro Display

Configuring the MagicInfo Pro Display
Chromium OS is an open-source project that aims to build an operating system that provides a fast, simple, and more secure computing experience for people.

Chromium OS is an open-source project that aims to build an operating system that provides a fast, simple, and more secure computing experience for people.
1 RH033 Welcome to RedHat Linux. 2 Hardware Requirements ♦ Pentium Pro or better with 256 MB RAM ♦ Or ♦ 64-bit Intel/AMD with 512 MB RAM ♦ 2-6 GB disk.

1 RH033 Welcome to RedHat Linux. 2 Hardware Requirements ♦ Pentium Pro or better with 256 MB RAM ♦ Or ♦ 64-bit Intel/AMD with 512 MB RAM ♦ 2-6 GB disk.
1 ITSK 2611 Welcome. 2 Operating System 3 What is an OS Resource Manager –Disk –Memory –CPU Device Manager –Printers –Video Card –Sound Card Utility.

1 ITSK 2611 Welcome. 2 Operating System 3 What is an OS Resource Manager –Disk –Memory –CPU Device Manager –Printers –Video Card –Sound Card Utility.
The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.

The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.
Operating Systems. Without an operating system your computer would be useless! A computer contains an Operating System on its Hard Drive. This is loaded.

Operating Systems. Without an operating system your computer would be useless! A computer contains an Operating System on its Hard Drive. This is loaded.
Presentation seminar on www.engineersportal.in.   Google Chrome OS is Linux based OS  Google Chrome is an open source, lightweight OS.  It is based.

Presentation seminar on   Google Chrome OS is Linux based OS  Google Chrome is an open source, lightweight OS.  It is based.
OCR GCSE Computing © Hodder Education 2013 Slide 1 OCR GCSE Computing Chapter 2: Memory.

OCR GCSE Computing © Hodder Education 2013 Slide 1 OCR GCSE Computing Chapter 2: Memory.
1 Copyright © 2015 Pexus LLC Patriot PS Personal Server Installing Patriot PS ISO Image on.

1 Copyright © 2015 Pexus LLC Patriot PS Personal Server Installing Patriot PS ISO Image on.
© GCSE Computing Computing Hardware Starter. Creating a spreadsheet to demonstrate the size of memory. 1 byte = 1 character or about 1 pixel of information.

© GCSE Computing Computing Hardware Starter. Creating a spreadsheet to demonstrate the size of memory. 1 byte = 1 character or about 1 pixel of information.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Hands-On Virtual Computing

Hands-On Virtual Computing
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Similar presentations

Ads by Google