From eugen@leitl.org Fri Sep 20 08:02:55 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [coreboot] [liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption Date: Fri, 20 Sep 2013 14:02:51 +0200 Message-ID: <20130920120251.GZ10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3261651240072344930==" --===============3261651240072344930== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Patrick Georgi ----- Date: Fri, 20 Sep 2013 13:49:49 +0200 From: Patrick Georgi To: coreboot(a)coreboot.org Subject: Re: [coreboot] [liberationtech] Fwd: Firefox OS with built in suppor= t for OpenPGP encryption User-Agent: Roundcube Webmail/0.9.2 Am 2013-09-20 11:51, schrieb Eugen Leitl: > The Intel Atom-based MinnowBoard is a new UEFI dev platform, and it's > Linux-based, and targets hackers; it uses Intel's definition of "Open > Hardware", mainly meaning no NDAs involved. It is much cheaper and > smaller than the above box. > http://minnowboard.org/ > http://uefidk.intel.com/content/minnowboard-uefi-firmware To wit, its download page is guarded by a long, non-free EULA: http://uefidk.intel.com/content/minnowboard-uefi-firmware-eula Some of the components also seem to be binary-only. > Both of these boxes let you reflash your system firmware with your > custom build of BSD-licensed TianoCore UEFI. BSD-licensed TianoCore + heaps of binary modules that are currently only available under NDA. They'd also require some additional code (probably binary only?) to make Tiano resembling something like a complete and secure implementation. > > There is a large OEM/ODM/IBV/IHV/ISV ecosystem that currently runs the > hardware, and it is UEFI-centric. IMO, focusing only on fringe > Lemote/Coreboot technology is not a good bet. coreboot is your only bet on x86 if you aim for open source firmware. It can be combined with TianoCore to provide the UEFI APIs to the user (read: Operating System), but TianoCore alone won't do since it lacks hardware initialization drivers (that coreboot provides). > Personally, I wish EFF/FSF and other open/free tech groups would form > a Linaro-like firmware group and produce their own UEFI firmware > image, as an option for OEMs. Personally, I wish people wouldn't wish for someone else to start groups, but do it themselves for a change. However that brings the risk of seeing that things aren't quite as simple and might ultimately fail. Of course, soapboxes and arm chairs are much more comfortable and comparably risk-free. > There needs to be some Free Boot alternative to Secure Boot, with > certs from EFF/FSF/etc and the open source distro vendors, not just > OEMs/MSFT in the firmware, and it needs to target booting from a > handful of main open source distros, not just 1 commercial OS. Else, > UEFI will turn Personal Computers into Windows PCs, ending the era of > General Purpose computing. "main open source distros" is not enough since it creates a gatekeeper model. "Secure Boot" (which is really a Verified Boot) without physical user override doesn't cut it. ChromeBooks, using coreboot, provide a mostly* Open Source Verified Boot model with physical user override (with two override modes: safe via dev mode switch, and complete via jumper). * (blame Intel) tl;dr: Comparing coreboot, Lemote, UEFI and Tianocore isn't as easy as people seem to believe. Regards, Patrick --=20 coreboot mailing list: coreboot(a)coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============3261651240072344930== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEuNC4xMiAoR05V L0xpbnV4KQoKaVFJY0JBRUJBZ0FHQlFKU1BEbHJBQW9KRVBSdU5JbXNpVTdGVlMwUCtRRjZqZ0hI Ymc2cm8xUGE2RnpUcTdRQgpuU0dPcERGbnhIbFhlenMwcUNnVnZ6STcyVDljTVM1eVpnUEtkd1pG QXZ2S0VMTjQrRzVGSTMwaXdYRWhOY2l4CmJORGxnVkNFQTFXaU1jb0RYK3FZMndYanA5NE9hTXdq cE8vWUNEdThzd0FNajJVMU1UczdoQ0MrNjVVcFFLTzYKSVFNRXVITmFqcTBpUlNtVmhPbnZMTnp3 M1VPZnIwSDNtdGFuVnQ4WGcwY3hoWm9qL0RwS3VydDlCejJhMUdEWQo5ZHVtMWVzaDZFVDFmUVdB QS9EVFVSYWVRTzFkMWlma0J1c1ovTXN5MS9EWTh0bG10VHFPM2QyYVpRZkRWVVdFCjBWYkc2TTZr TzZVa0pTUGVzZUFUdTJqV0FTQXRWODBKNE9KZ3plSVZ2cWU5SnZxbngrRGNhMXNMMXBWVXk5ZjAK dFl3ajc4am1uM2pVMmc1RUdUNHcvbkRCU1BEd01XQkU1Z2Y1ampmMmhaR0FxTC9KOGdKendEaS83 aXZvNUhISwpXS3BEdXhYS0FvQStnVjI5TXdRaElJVWZqd3pYT1NMYUJnYlFla1N0bTgyRjRQbzBI QVBTNjZnS1ZPaHg5bEZQCnRPSFlNZFdKY3Q4eEFwWFhQajFydWlxVldIdmhLem9hZ0dQMmRGT2Z1 cFZGTXZrRXROaTNDNXVXc1d2bEVIdlkKeS9NSnVUaTNDbGZ0eFpwcXNSTWI0UTNpN3dGZ0VEZmtz NXJVeUI2ckoyL0QrdUxveHBiNks3dUV1cjJOSGxBVQpOVG5nSHAxWmpxZCswb3oxYlQxa0ErV1VE bGZmN3IxdnJ4TXhQWk10Q3NJNlF3d1l1RGNlQURlSG1xZUZidzRuCjZKYmFEQnRZSHo0Yy80azU2 YnppCj1BQWEyCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============3261651240072344930==--