canoeboot
/
cbwww
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

canoe as in freedom 

Signed-off-by: Leah Rowe <leah@libreboot.org>
master
Leah Rowe 2025-01-10 03:14:31 +00:00
parent 33715881d7
commit 6b04d5ec5d
44 changed files with 460 additions and 1121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
site/about.md
View File

@ -9,7 +9,7 @@ operates, why it exists and what it does. Who, what, why and when.
What is Canoeboot?
===================
Canoeboot is free/libre boot firmware based on Libreboot (which is in turn
Canoeboot is free/libre boot firmware based on [Libreboot](https://libreboot.org/) (which is in turn
based on coreboot), replacing proprietary BIOS/UEFI firmware on select x86/ARM
laptops, desktops and server mainboards. It provides an [automated build
system](docs/maintain/)
@ -20,17 +20,17 @@ features](docs/gnulinux/grub_hardening.md).
Users take this automation for granted today, but Libreboot was the first such
project to implement this. It, like Canoeboot, is a *coreboot distro* in the
same way that *Trisquel* is a GNU+Linux distro. Similar projects now exist, today,
same way that *Debian* is a GNU+Linux distro. Similar projects now exist, today,
inspired by Libreboot's example. Coreboot is notoriously difficult to configure and install
for most non-technical users, but Libreboot and Canoeboot make it easier.
However, *Libreboot* no longer complies with GNU policy. In November 2022,
In November 2022,
Libreboot adopted a more pragmatic policy of allowing any board from coreboot
to be supported, while reducing the number of binary blobs as much as possible.
Although this may satisfy most people, there exists a minority of people who
wish to still have a blob-free coreboot distro, like Libreboot once was.
Prior to November 2022, Libreboot complied fully with GNU policy in providing
Prior to November 2022, Libreboot complied fully with such policy in providing
an entirely blob-free coreboot distribution. The rest of this article will go
into a lot more detail, both on this and on the technical aspects, but the
gist of it is this:
@ -43,27 +43,62 @@ to never add microcode updates or download blobs, even if told to by coreboot
configs, since the upstream coreboot project is otherwise engineered to handle
these if requested by the user).
Overview of operation
How does Canoeboot compare to Libreboot?
-------------------
More specifically, Canoeboot is a *fork* of Libreboot, maintained in parallel
as per each Libreboot release. Canoeboot adheres to the [GNU Free System
Distribution Guidelines](https://www.gnu.org/distros/free-system-distribution-guidelines.en.html),
and such adherence (to GNU FSDG) is the main purpose of Canoeboot. It consequently supports far less
hardware than Libreboot. *However*, this also means that Canoeboot is an
excellent choice for the purists out there who adhere to the GNU Free Software
ideology, and wish to use nothing but *Free Software*.
as per each Libreboot release; Canoeboot maintains
a [zero-blob policy](news/policy.md), in contrast to Libreboot's
[Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Canoeboot consequently supports far less hardware than Libreboot. Canoeboot
even *excludes CPU microcode updates*, regardless of the negative impact this
has on system stability. The purpose of Canoeboot is simply to provide free
boot firmware that is *fully* [Free Software](https://writefreesoftware.org/learn)
for the purists out there.
Canoeboot is essentially providing well-engineered releases showing what Libreboot
would be like if it *didn't* implement such a policy (in sharp contrast to the GNU
one that Canoeboot implements). Libreboot previously adhered to the GNU FSDG
policy, but adopted the *Binary Blob Reduction Policy* in November 2022, in an
effort to increase the number of mainboards that can be supported from coreboot.
This means Canoeboot is technically inferior to Libreboot. Most people should
probably just use Libreboot. Canoeboot is essentially a well-engineered
proof of concept that shows what is possible when you take such a strict
approach. The term *inferior* is not meant as an insult, but it is a fact
that Canoeboot supports much less hardware than Libreboot, and
much *older* hardware; for example Libreboot can run on intel 8th gen
and newer, while Canoeboot is stuck on Core 2 Duo era hardware, at least
on Intel (Core 2 Duo machines from the year 2008). We do support some
nice AMD server boards in Canoeboot (e.g. ASUS KGPE-D16) but Libreboot can
go much further than Canoeboot, or any other project like it.
Canoeboot was created because there are still a few people who want this sort
of thing, but there weren't any modern, or otherwise high quality implementations.
Thus, I decided to revive the old Libreboot project myself, forking from my very
own project (Libreboot) and calling the new fork Canoeboot. *I forked my own project.*
The approach taken by Canoeboot is the same one that Libreboot used to take,
from it's founding in 2013, right up until November 2022. On 17 November 2022,
Libreboot switched to the
[Binary Blob Reduction Policy](https://libreboot.org/news/policy.html),
which is still quite strict; it still prohibits binary blobs from being
included, including them only when absolutely required, because some boards
from coreboot still require certain code from the vendor (e.g. raminit
may not be implemented on some newer boards, so code from the vendor is used
in such cases, e.g. Intel MRC/FSP).
In practise, Libreboot *also* provides fully free firmware on a lot of
newer boards, depending on your point of view. For example, on Intel
platforms up to Haswell, free raminit is available and the only code needed
from the vendor is Intel ME, which is configured via `me_cleaner` on
Libreboot releases, disabling the ME after early bringup. See:
<https://github.com/corna/me_cleaner> - use of `me_cleaner` can be
considered *de-blobbing*, since it is removing almost all of the code
from the ME, but on most newer platforms, a small rump of ME code is still
required for power management as one example.
More information about precisely how *Libreboot* differs from Canoeboot,
and therefore how Canoeboot differs from Libreboot, can be gleaned by looking
at the following resources:
* [Libreboot Binary Blob Reduction Policy](https://libreboot.org/news/policy.html)
* [Canoeboot Binary Blob Extermination Policy](news/policy.md)
* [Libreboot Freedom Status](https://libreboot.org/freedom-status.html)
And check the hardware compatibility list of both projects:
* [Libreboot supported hardware](https://libreboot.org/docs/install/#which-systems-are-supported-by-libreboot)
* [Canoeboot supported hardware](docs/install/#which-systems-are-supported-by-canoeboot)
I'm writing in the first person. Who's this *I* you're reading about? It's me,
Leah Rowe; I am the founder and lead developer of Libreboot, *and also* the
@ -71,6 +106,23 @@ founder and lead developer of Canoeboot! I maintain both projects, keeping them
in relative sync between releases, often performing same-day simultaneous
Canoeboot and Libreboot releases.
So why is Canoeboot even maintained, if it's inferior to Libreboot? Why
maintain two projects? The answer is simple: Canoeboot is a fun technical
challenge to see what can be done under such restrictive and dogmatic
policies. Maintaining it is also not that hard, because the design is
mostly kept in sync with Libreboot, on a per-commit basis, so the amount
of development overhead is actually quite minimal.
For example, both build systems both use the exact same design. See:
* [Libreboot build system design](https://libreboot.org/docs/maintain/)
* [Canoeboot build system design](docs/maintain/)
With few exceptions, Canoeboot generally keeps in sync with Libreboot
at all times, usually making releases on the exact same day. When a
Libreboot release comes out, Canoeboot usually also does a corresponding
release on the same day, or the day after.
Who?
------
@ -116,7 +168,7 @@ The resulting patch file is then opened up in *Vim*.
In the Canoeboot repository, these changes are then copied over. This is done
by scrolling through the patch file, deciding which changes are worthy. The
policy is to include *all* changes, except those that are not suitable under
FSDG.
Canoeboot's [policy](news/policy.md).
*Then* the following is done, for coreboot and u-boot trees *per tree*:
@ -154,18 +206,11 @@ The above steps are a general guide, but specific tweaks may also be required
in the build system, for a new release; minor edge cases here and there, that
are different for every release, but they are usually very minor.
The `deblob-check` script is from linux-libre, a GNU fork of Linux that is
de-blobbed, but the same script works on any source tree, except it will flag
all of the false positives on non-Linux source trees; it scans heuristically
for binary blobs.
Upstream sources are rigorously checked, comparing files that have changed
between releases. This takes time, but the process is largely automated.
This is how Canoeboot can provide releases so quickly, based upon each release
of Libreboot. Extensive testing is performed on ROM images compiled under the
Libreboot build system, so the Canoeboot images are also easy to verify, since
a Canoeboot release will always be closely based on a Libreboot release.
This is actually the benefit of Canoeboot, over all other FSDG-derived coreboot
distros, because the other projects do not have as good infrastructure or the
level of resources *or* technical knowledge that Libreboot has. Libreboot
provides high quality releases which are then filtered by order of the protocol
described above, to provide Canoeboot releases.

2
site/docs/build/index.md vendored
View File

@ -123,7 +123,7 @@ be available too, e.g. `fedora38`. Make sure to check `config/dependencies/`,
so that you know whether or not a file is available for your distro.
NOTE: In case of Ubuntu 20.04 LTS or derived distros for that specific release,
use the dedicated configuration file (the Trisquel 11 config symlinks to this):
use the dedicated configuration file:
./mk dependencies ubuntu2004

5
site/docs/gnulinux/grub_boot_installer.md
View File

@ -80,16 +80,11 @@ That's it! You should now be able to boot the installer from your USB drive
## GRUB2 config on external media
NOTE: This will also apply to Trisquel GNU+Linux (an Ubuntu-based distro).
Pick the menu option: *Search for GRUB2 configuration on external media*
If the distro installer image has a `grub.cfg` file inside, this menuentry is
scripted to find it. This works well for many distros.
## Debian or Devuan net install
NOTE: This will also apply to Trisquel GNU+Linux (an Ubuntu-based distro).
Download the Debian or Devuan net installer. You can download the Debian ISO
from [the Debian homepage](https://www.debian.org/), or the Devuan ISO from
[the Devuan homepage](https://www.devuan.org/).

2
site/docs/gnulinux/grub_hardening.md
View File

@ -91,7 +91,7 @@ on desktops.**
The simplest way is to just do this:
ifdtool --lock libreboot.rom -O canoeboot.rom
ifdtool --lock canoeboot.rom -O canoeboot.rom
If you did the step before, to compile `cbfstool`, you can find ifdtool in
the `elf/` directory, e.g. `elf/ifdtool/default/ifdtool`. Use the ifdtool

25
site/docs/gnulinux/index.md
View File

@ -6,31 +6,6 @@ x-toc-enable: true
NOTE: This guide pertains to x86 hosts, and does not cover supported CrOS/ARM
chromebooks. For ARM targets, you should refer to u-boot documentation.
Regarding FSF-endorsed distros
------------------------------
These guides will often make reference to mainstream distros for the sake
of completeness, especially to newcomers who will be familiar with them, but some
users may prefer a GNU+Linux distro endorsed by the Free Software Foundation
as per the *GNU Free System Distribution Guidelines*. See:
<https://www.gnu.org/distros/> - just know that, these distros are entirely
blob-free, including the kernel; they use a special kernel called *linux-libre*,
which strips out all binary firmwares. What this means is that these distros
may not work correctly with all hardware (think wifi adapters, modern graphics
cards and so on). A *lot* of hardware needs binary blobs to function, so
watch out!
The Free Software Foundation maintains this website:
<https://h-node.org/>
The *h-node* website is a volunteer-run database of hardware known to work
with *deblobbed* kernels like (and including) linux-libre.
If you want good wireless support *and* you want linux-libre, the following
cards are known to work well: any Atheros/Qualcomm card using
the `ath5k`, `ath9k` or `ath9k_htc` driver in the kernel. You can find these
on the H-Node website.
GNU GRUB
--------

2
site/docs/index.uk.md
View File

@ -11,7 +11,7 @@ Canoeboot. Новини, включаючи оголошення про випу
What is Canoeboot? An article is available for that; please read the
article titled [What is Canoeboot?](../about.md).
Встановлення libreboot
Встановлення Canoeboot
====================
- [Як встановити Canoeboot](install/)

8
site/docs/install/kgpe-d16.md
View File

@ -10,9 +10,9 @@ Introduction
This is a server board using AMD hardware (Fam10h *and Fam15h* CPUs
available). It can also be used for building a high-powered workstation.
Powered by libreboot. The coreboot port was done by Timothy Pearson of
Powered by Canoeboot. The coreboot port was done by Timothy Pearson of
Raptor Engineering Inc. and, working with them (and sponsoring the
work), merged into libreboot.
work), merged into Canoeboot.
*Memory initialization is still problematic, for some modules. We
recommend avoiding Kingston modules.*
@ -21,7 +21,7 @@ recommend avoiding Kingston modules.*
Flashing instructions can be found at
[../install/\#flashprog](../install/#flashprog) - note that external
flashing is required, if the proprietary (ASUS) firmware is
currently installed. If you already have libreboot, by default it is
currently installed. If you already have Canoeboot, by default it is
possible to re-flash using software running in Linux on the
KGPE-D16, without using external hardware.
@ -61,7 +61,7 @@ P-DIP 8 slot (SPI chip). The flash chip can be upgraded to higher sizes:
compressed linux+initramfs image (BusyBox+Linux system) into CBFS and
boot that, loading it into memory.
libreboot has configs for 2, 4, 8 and 16 MiB flash chip sizes (default
Canoeboot has configs for 2, 4, 8 and 16 MiB flash chip sizes (default
flash chip is 2MiB).
*DO NOT hot-swap the chip with your bare hands. Use a P-DIP 8 chip

2
site/docs/install/macbook21.md
View File

@ -231,7 +231,7 @@ Make it overheat less
---------------------
NOTE: in Canoeboot, this section is less relevant, because C3
states are now; the issue pertained to much older releases of Libreboot,
states are now; the issue pertained to much older releases of [Libreboot](https://libreboot.org/),
upon which Canoeboot is based. However, this section may still be useful,
so it will be retained.

5
site/docs/install/nvmutil.md
View File

@ -60,7 +60,10 @@ on the tarball, from the ROM image release archives, and then extract the
archive.
This *only* changes the MAC address. It doesn't inject vendor files or download
them, and doesn't support the `nuke` command, like on Libreboot's version.
them, and doesn't support the `nuke` command, like
on [Libreboot's version](https://libreboot.org/docs/install/ivy_has_common.html);
this is because we don't need to handle vendor code in Canoeboot, unlike on
Libreboot, so the Libreboot version also handles that automatically.
Without argument after the tarball, it behaves the same as `setmac`. If `setmac`
is provided without argument, or no argument is given, the MAC address is

2
site/docs/install/playstation.md
View File

@ -46,7 +46,7 @@ has been tested on Debian 12 (x86\_64) and you can do this for example, as root:
./mk dependencies debian
The `arch` and `parabola` dependencies should also work nicely, if you want
The `arch` dependencies should also work nicely, if you want
to replace `debian` with one of those in the above example; you need to get the
cross compiler (mipsel one) from the AUR, which you will see when running e.g.:

12
site/docs/install/r400.md
View File

@ -57,7 +57,7 @@ Dell Latitude E6400
**If you haven't bought an R400 yet: the [Dell Latitude
E6400](../install/latitude.md) is much easier to flash; no disassembly required,
it can be flashed entirely in software from Dell BIOS to Libreboot. It is the
it can be flashed entirely in software from Dell BIOS to Canoeboot. It is the
same hardware generation (GM45), with same CPUs, video processor, etc.**
Introduction
@ -73,24 +73,24 @@ There are two possible flash chip sizes for the R400: 4MiB (32Mbit) or
the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16.
*The R400 laptops come with the ME (and sometimes AMT in addition)
before flashing libreboot. libreboot disables and removes it by using a
before flashing Canoeboot. Canoeboot disables and removes it by using a
modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)*
(contains notes, plus instructions)
Flashing instructions can be found at
[../install/\#flashprog](../install/#flashprog)
**NOTE: Libreboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog)
**NOTE: Canoeboot standardises on [flashprog](https://flashprog.org/wiki/Flashprog)
now, as of 27 January 2024, which is a fork of flashrom.
The reason why was explained, in
the [Libreboot 20240225 release](../../news/libreboot20240225.md#flashprog-now-used-instead-of-flashrom)**
the [Libreboot 20240225 release](https://libreboot.org/news/libreboot20240225.html)**
EC update {#ecupdate}
=========
It is recommended that you update to the latest EC firmware version. The
[EC firmware](../../faq.md#ec-embedded-controller-firmware) is separate from
libreboot, so we don't actually provide that, but if you still have
Canoeboot, so we don't actually provide that, but if you still have
Lenovo BIOS then you can just run the Lenovo BIOS update utility, which
will update both the BIOS and EC version. See:
@ -98,7 +98,7 @@ will update both the BIOS and EC version. See:
- <http://www.thinkwiki.org/wiki/BIOS_update_without_optical_disk>
NOTE: this can only be done when you are using Lenovo BIOS. How to
update the EC firmware while running libreboot is unknown. libreboot
update the EC firmware while running Canoeboot is unknown. Canoeboot
only replaces the BIOS firmware, not EC.
Updated EC firmware has several advantages e.g. bettery battery

3
site/docs/install/spi.md
View File

@ -58,8 +58,7 @@ safe, and costs just $5 with headers pre-soldered (Raspberry Pi Pico H).
Additionally, all the software running on it is free, down to the full
[Boot ROM](https://github.com/raspberrypi/pico-bootrom). The wireless
versions (Pico W & Pico WH) need vendor firmware to use the Wi-Fi chip,
but that is not needed for following this guide; Canoeboot will not provide
that firmware because it's non-free and would therefore violate GNU FSDG policy.
but that is not needed for following this guide.
A Pico has proper 3.3V logic levels, unlike a ch341a. Which means it won't
destroy your board by sending 5V to it. If you have a 1.8V flash chip,

7
site/docs/maintain/index.md
View File

@ -11,6 +11,13 @@ and [testing.md](testing.md).
Please also read about the [cbmk coding style and design](style.md).
We generally write patches for [Libreboot](https://libreboot.org/) first, and
then port them over to Canoeboot commit by commit, excluding changes that aren't
suitable as per Canoeboot [policy](../../news/policy.md). In this way, releases
are kept in sync. You should therefore also read Libreboot's own
[lbmk maintenance manual](https://libreboot.org/docs/maintain/). More info
about the porting process is written on the [about](../../about.md) page.
Automated coreboot build system
===============================

7
site/docs/misc/index.md
View File

@ -4,7 +4,7 @@ x-toc-enable: true
...
TODO: this page is very old, and could do with an update. It was *old* when
we inherited it from Libreboot, which we forked to create Canoeboot; it is
we inherited it from [Libreboot](https://libreboot.org/), which we forked to create Canoeboot; it is
even older now. It's almost a tradition now, that this page is never updated.
You should assume that these instructions no longer work. Otherwise, if you
@ -96,8 +96,7 @@ and you will be able to see MemTest86+ on the serial output aswell. You
can also configure your distro so that a terminal (TTY) is accessible
from the serial console.
The following guide is for Ubuntu, but it should work in Debian-based distros,
Devuan, Trisquel etc, to enable a serial console using GeTTY:\
The following guide is for Ubuntu, but it should work in Debian-based distros:
<https://help.ubuntu.com/community/SerialConsoleHowto>
Note: part of the tutorial above requires changing your grub.cfg. Just
@ -240,7 +239,7 @@ Get the panel name:
Or look in `/sys/class/drm/card0-LVDS-1/edid`
Alternatively you can use i2cdump. In Debian-based distros or Trisquel, this is
Alternatively you can use i2cdump. In Debian-based distros, this is
in the package i2c-tools.
sudo modprobe i2c-dev

2
site/docs/uboot/uboot-debian-bookworm.md
View File

@ -8,7 +8,7 @@ System Configuration
Hardware: Samsung Chromebook Plus XE513C24 (gru\_kevin)
Tested on Libreboot 20230423 (Canoeboot is a fork of Libreboot)
Tested on [Libreboot 20230423](https://libreboot.org/news/libreboot20230423.html) (Canoeboot is a fork of Libreboot)
Operating System: Debian Bookworm RC2

2
site/docs/uboot/uboot-openbsd.md
View File

@ -8,7 +8,7 @@ System Configuration
Hardware: Samsung Chromebook Plus XE513C24 (gru\_kevin)
Tested on Libreboot 20230423 (Canoeboot is a fork of Libreboot)
Tested on [Libreboot 20230423](https://libreboot.org/news/libreboot20230423.html) (Canoeboot is a fork of Libreboot)
Operating System: OpenBSD 7.3

2
site/download.md
View File

@ -28,7 +28,7 @@ The releases from calendar year 2023 use this key.
Full key fingerprint: `98CC DDF8 E560 47F4 75C0 44BD D0C6 2464 FA8B 4856`
This is the same key used to sign Libreboot releases, which is also used to
This is the same key used to sign [Libreboot releases](https://libreboot.org/download.html), which is also used to
sign Canoeboot releases since it's the same person maintaining both projects.
Download the key here: [lbkey.asc](lbkey.asc)

2
site/download.uk.md
View File

@ -26,7 +26,7 @@ Use this to verify the most recent releases.
Повний відбиток ключа: `98CC DDF8 E560 47F4 75C0 44BD D0C6 2464 FA8B 4856`
This is the same key used to sign Libreboot releases, which is also used to
This is the same key used to sign [Libreboot releases](https://libreboot.org/download.html), which is also used to
sign Canoeboot releases since it's the same person maintaining both projects.
Завантажте ключ тут: [lbkey.asc](lbkey.asc)

1
site/footer.de.include
View File

@ -3,6 +3,7 @@
* [Diese Seite bearbeiten](/git.de.md)
* [Wer entwickelt Canoeboot?](/who.md)
* [Libreboot](https://libreboot.org/)
* [Lizenz](/license.md)
* [Vorlage](/template-license.md)
* [Autoren](/contrib.md)

1
site/footer.include
View File

@ -3,6 +3,7 @@
* [Edit this page](/git.md)
* [Who develops Canoeboot?](/who.md)
* [Libreboot](https://libreboot.org/)
* [License](/license.md)
* [Template](/template-license.md)
* [Authors](/contrib.md)

1
site/footer.it.include
View File

@ -3,6 +3,7 @@
* [Modifica questa pagina](/git.de.md)
* [Chi sviluppa Canoeboot?](/who.de.md)
* [Libreboot](https://libreboot.org/)
* [Licenza](/license.md)
* [Modelli di licenze](/template-license.md)
* [Autori](/contrib.md)

1
site/footer.uk.include
View File

@ -3,6 +3,7 @@
* [Редагувати цю сторінку](/git.md)
* [Хто розробляє Canoeboot?](/who.md)
* [Libreboot](https://libreboot.org/)
* [Ліцензія](/license.md)
* [Шаблон](/template-license.uk.md)
* [Автори](/contrib.md)

1
site/footer.zh-cn.include
View File

@ -3,6 +3,7 @@
* [编辑本页面](/git.md)
* [谁在开发 Canoeboot?](/who.md)
* [Libreboot](https://libreboot.org/)
* [许可证](/license.md)
* [模板](/template-license.md)
* [作者](/contrib.md)

3
site/index.de.md
View File

@ -3,6 +3,7 @@ title: Canoeboot projekt
x-toc-enable: true
...
Canoeboot ist ein [Libreboot](https://libreboot.org/) Fork.
Das *Canoeboot* Projekt bietet
eine [freie](https://writefreesoftware.org/learn) *Boot
Firmware* welche auf [bestimmten Intel/AMD x86 und ARM Geräten](docs/install/)
@ -59,7 +60,7 @@ Tatsächlich versucht Canoeboot so nah am regulären Coreboot zu bleiben wie mö
für jedes Board, aber mit vielen automatisch durch das Canoeboot Build System zur
Verfügung gestellten verschiedenen Konfigurationstypen.
Ebenso wie *Trisquel* eine *GNU+Linux Distribution* ist, ist Canoeboot eine
Ebenso wie *Debian* eine *GNU+Linux Distribution* ist, ist Canoeboot eine
*Coreboot Distribution*. Sofern Du ein ROM Image von Grund auf herstellen möchtest,
musst Du zunächst Konfigurationen auf Experten Level durchführen,
und zwar für Coreboot, GRUB sowie sämtliche Software die Du sonst noch verwenden

2
site/index.fr.md
View File

@ -56,7 +56,7 @@ pas de fournir un Coreboot déblobbé; ceci n'est simplement qu'une
des politiques de Canoeboot, une importante certes, mais qui n'est qu'un
aspect mineur de Canoeboot.
De la même façon que *Trisquel* est une distribution GNU+Linux, Canoeboot
De la même façon que *Debian* est une distribution GNU+Linux, Canoeboot
est une *distribution coreboot*. Si vous voulez compilé une image ROM
en partant des bases, vous devez alors effectuer une configuration experte
de Coreboot, GRUB et n'importe quel autre logiciel dont vous avez besoin

3
site/index.it.md
View File

@ -3,6 +3,7 @@ title: Progetto Canoeboot
x-toc-enable: true
...
Canoeboot deriva da [Libreboot](https://libreboot.org/).
Il progetto *Canoeboot* fornisce avvio [libero](https://writefreesoftware.org/learn)
grazie al firmware basato su coreboot, sostituendo cosi', firmware BIOS/UEFI proprietario
su [alcune schede madri basate su Intel/AMD x86 o ARM](docs/install/),
@ -57,7 +58,7 @@ In effetti, Canoeboot tenta di essere il piu' possibile simile alla versione *uf
per ogni scheda, ma con diversi tipi di configurazione forniti automaticamente dal sistema di
compilazione automatico di Canoeboot.
Esattamente come *Trisquel* e' una *distribuzione GNU+Linux*, Canoeboot e' una
Esattamente come *Debian* e' una *distribuzione GNU+Linux*, Canoeboot e' una
*distribuzione coreboot*. Per fare un immagine ROM da zero, hai bisogno di esperienza necessaria
nel configurare coreboot, GRUB e qualunque altra cosa ti serve. Con *Canoeboot*,
che puoi scaricare da Git o da un archivio di codici sorgenti, puoi far partire `make`,

18
site/index.md
View File

@ -3,6 +3,7 @@ title: Canoeboot project
x-toc-enable: true
...
Canoeboot is a [Libreboot](https://libreboot.org/) fork.
The *Canoeboot* project provides
[free](https://writefreesoftware.org/learn) (*libre*) boot
firmware based on coreboot, replacing proprietary BIOS/UEFI firmware
@ -26,13 +27,18 @@ Canoeboot gives you [freedoms](https://writefreesoftware.org/learn) that
you otherwise can't get with most other boot firmware, plus faster boot speeds
and [better security](docs/gnulinux/grub_hardening.md). It's extremely powerful
and [configurable](docs/maintain/) for many use cases. Canoeboot is a *special
fork* of Libreboot, maintained in parallel to it by the same developer (Leah
Rowe); Canoeboot complies with the GNU Free System Distribution Guidelines,
ensuring that everything in the boot flash is *free software*. *Canoeboot* only
fork* of [Libreboot](https://libreboot.org/), maintained in parallel to it by the same developer (Leah
Rowe); Canoeboot [removes all binary blobs](news/policy.md) from coreboot, unlike
Libreboot which has a more pragmatic
[Binary Blob Reduction Policy](https://libreboot.org/news/policy.html). Libreboot
provides 100% free boot firmware on the same mainboards that Canoeboot can
support, but supports *additional* mainboards while trying to minimize any
binary blobs all the same. Because of this difference, *Canoeboot* only
supports a very limited subset of hardware from coreboot that is known to boot
without binary blobs. Many other boards in coreboot require binary blobs for
things like memory controller initialisation. Canoeboot *removes* binary blobs
from coreboot and U-Boot, which are then provided "de-blobbed" in releases.
things like memory controller initialisation. Canoeboot is provided for purists
who only want free software; it even removes CPU microcode updates, regardless
of the negative impact this has on system stability.
*We* believe the freedom to [study, share, modify and use
software](https://writefreesoftware.org/), without any
@ -66,7 +72,7 @@ In fact, Canoeboot tries to stay as close to *stock* coreboot as possible,
for each board, but with many different types of configuration provided
automatically by the Canoeboot build system.
In the same way that *Trisquel* is a *GNU+Linux distribution*, Canoeboot is
In the same way that *Debian* is a *GNU+Linux distribution*, Canoeboot is
a *coreboot distribution*. If you want to build a ROM image from scratch, you
otherwise have to perform expert-level configuration of coreboot, GRUB and
whatever other software you need, to prepare the ROM image. With *Canoeboot*,

2
site/index.uk.md
View File

@ -51,7 +51,7 @@ Coreboot помітно складний для встановлення для
<img tabindex=1 class="l" style="max-width:25%;" src="https://av.canoeboot.org/dip8/adapter.jpg" /><span class="f"><img src="https://av.canoeboot.org/dip8/adapter.jpg" /></span>
Таким же самим чином, як *Trisquel* це дистрибутив Linux, Canoeboot це
Таким же самим чином, як *Debian* це дистрибутив Linux, Canoeboot це
*дистрибутив coreboot*. Якщо ви хочете зібрати образ ROM з нуля, вам
інакше довелось би виконати налаштування експертного рівня coreboot, GRUB та
будь-якого іншого потрібного програмного забезпечення, для підготування образа ROM. З *Canoeboot*,

3
site/index.zh-cn.md
View File

@ -3,6 +3,7 @@ title: Canoeboot 项目
x-toc-enable: true
...
Canoeboot 是 [Libreboot](https://libreboot.org/) 的分支。
*Canoeboot* 项目基于 coreboot 提供了[自由且开源](https://writefreesoftware.org/zh-cn/learn/)的引导固件,替代了特定基于 Intel/AMD x86 及 ARM 的主板(包括笔记本和桌面计算机)上的专有 BIOS/UEFI 固件。它首先对硬件如内存控制器、CPU、外设进行初始化然后为操作系统启动 bootloader。本项目对 [GNU+Linux](docs/gnulinux/) 和 [BSD](docs/bsd/) 支持良好。寻求帮助,可以前往 [Libera](https://libera.chat/) IRC 上的 [\#canoeboot](https://web.libera.chat/#canoeboot) 频道。
<img tabindex=1 class="r" src="https://av.canoeboot.org/t60logo.jpg" /><span class="f"><img src="https://av.canoeboot.org/t60logo.jpg" /></span>
@ -25,7 +26,7 @@ Canoeboot 不是 coreboot 的分支
事实上Canoeboot 对每一块主板,都尽可能保持与*标准*的 coreboot 接近,但 Canoeboot 构建系统也自动提供了许多不同类型的配置。
Canoeboot 是一个 *coreboot 发行版*,就好比 *Trisquel* 是一个 *GNU+Linux 发行版*。如果你想要从零开始构建 ROM 镜像,那你需要对 coreboot、GRUB 以及其他所需软件进行专业级别的配置,才能准备好 ROM 镜像。有了 *Canoeboot*,你只需要下载 Git 仓库或者源代码归档,然后运行 `make`,接着就能构建整个 ROM 镜像。一套自动构建系统,名为 `cbmk`Canoeboot Make将自动构建 ROM 镜像,而无需任何用户输入或干预。配置已经提前完成。
Canoeboot 是一个 *coreboot 发行版*,就好比 *Debian* 是一个 *GNU+Linux 发行版*。如果你想要从零开始构建 ROM 镜像,那你需要对 coreboot、GRUB 以及其他所需软件进行专业级别的配置,才能准备好 ROM 镜像。有了 *Canoeboot*,你只需要下载 Git 仓库或者源代码归档,然后运行 `make`,接着就能构建整个 ROM 镜像。一套自动构建系统,名为 `cbmk`Canoeboot Make将自动构建 ROM 镜像,而无需任何用户输入或干预。配置已经提前完成。
如果你要构建常规的 coreboot而不使用 Canoeboot 的自动构建系统,那么需要有很多的干预以及相当的技术知识,才能写出一份能工作的配置。

2
site/news/MANIFEST
View File

@ -1,10 +1,10 @@
policy.md
canoeboot20250107.md
canoeboot20241207.md
canoeboot20241102.md
audit2.md
canoeboot20240612.md
audit1.md
gnu.md
canoeboot20240510.md
canoeboot20240504.md
canoeboot20231107.md

6
site/news/audit1.md
View File

@ -1,5 +1,5 @@
% Canoeboot Build System Audit 1
% Leah Rowe
% Leah Rowe in Canoe Leah Mode™
% 9 June 2024
**A new release is now available, with these changes. Learn more by reading
@ -36,8 +36,8 @@ Some notes about this audit
---------------------------
This is the *first* official Canoeboot audit. The initial Canoeboot releases,
from October/November 2023, incorporated changes from Libreboot Build System
Audit 3, and Canoeboot 20240504/20240510 included changed from Libreboot Build
from October/November 2023, incorporated changes from [Libreboot](https://libreboot.org/) Build System
Audit 3, and Canoeboot 20240504/20240510 included changed from [Libreboot](https://libreboot.org/) Build
System Audit 4, plus changes adapted from releases up to Libreboot 20240504 and
a bit beyond; however, Canoeboot used to be synced with Libreboot per each
Libreboot release - nowadays, it is synced *per commit* on both the build system

2
site/news/audit2.md
View File

@ -1,5 +1,5 @@
% Canoeboot Build System Audit 2
% Leah Rowe
% Leah Rowe in Canoe Leah Mode™
% 19 July 2024
Heavy amount of code reduction in this audit, and general cleanup. A new

52
site/news/canoeboot20231026.md
View File

@ -1,12 +1,17 @@
% Canoeboot 20231026 released!
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 26 October 2023
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Introduction
============
*This* new release, Canoeboot 20231026, released today 26 October 2023, is
based on Libreboot 20231021.
based on [Libreboot 20231021](https://libreboot.org/news/libreboot20231021.html).
Canoeboot provides boot firmware for supported x86/ARM machines, starting a
bootloader that then loads your operating system. It replaces proprietary
@ -31,24 +36,29 @@ share the code](https://writefreesoftware.org/), a freedom denied by most boot
firmware, but not Canoeboot! Booting Linux/BSD is also [well](../docs/gnulinux/)
[supported](../docs/bsd/).
Canoeboot is maintained in parallel with Libreboot, and by the same developer,
Leah Rowe, who maintains both projects; Canoeboot implements the [GNU Free
System Distribution Guideline](https://www.gnu.org/distros/free-system-distribution-guidelines.en.html)
as policy, ensuring that all of the software provided by it is *free software*.
Canoeboot is maintained in parallel with [Libreboot](https://libreboot.org/), and by the same developer,
Leah Rowe, who maintains both projects; Canoeboot implements a more hardline
[zero-blobs policy](policy.md), in contrast to Libreboot's [Binary Blob
Reduction Policy](https://libreboot.org/news/policy.html). This means that
Libreboot supports *a lot more hardware*, but Canoeboot is provided for the
purists out there who are OK using slightly older hardware as a result.
Work done since last release
============================
The *following* mainboards added in Libreboot 20231021 have *been
excluded* in this Canoeboot release, due to the GNU FSDG policy: HP
EliteBook 2170p, HP EliteBook 8470p, Dell Precision T1650 and Dell
Latitude E6430. Other non-FSDG compliant boards are also excluded,
such as newer ThinkPads that require Intel ME.
Canoeboot complies strictly with GNU Free System Distribution Guidelines,
which means it does not contain binary blobs; as a result, it supports
only a very restricted subset of hardware from Libreboot upon which it
is based (Canoeboot is a GNU-friendly fork of Libreboot).
Canoeboot is a *special fork* of Libreboot, maintained in parallel by the
Canoeboot [removes all binary blobs](policy.md) from coreboot, unlike
Libreboot which has a more pragmatic
[Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Libreboot
provides 100% free boot firmware on the same mainboards that Canoeboot can
support, but supports *additional* mainboards while trying to minimize any
binary blobs all the same. Because of this difference, *Canoeboot* only
supports a very limited subset of hardware from coreboot that is known to boot
without binary blobs. Many other boards in coreboot require binary blobs for
things like memory controller initialisation. Canoeboot is provided for purists
who only want free software; it even removes CPU microcode updates, regardless
of the negative impact this has on system stability.
GRUB LUKS2 now supported (with argon2 key derivation)
---------------------------------------------------
@ -495,12 +505,7 @@ build system works in this release, versus the Libreboot 20231021 build system:
* Thus, several entries in under `config/git/` for Canoeboot 20231026, that do
not exist under Libreboot 20231021.
This quirk is only a minor difference. Severals scripts that handled
dependencies for building non-FSDG-compliant boards (such as blob download
scripts) have been *excluded* in this Canoeboot release, because they are
not needed.
As a result, the Canoeboot build system is about 1250 sloc when counting shell
The Canoeboot build system is about 1250 sloc when counting shell
scripts of the build system; considerably smaller than older revisions,
accounting for an approximate *50% reduction* in the amount of code.
@ -530,8 +535,7 @@ Excluded mainboards
===================
The following boards are *missing* in Canoeboot 20231026, but are supported in
the Libreboot 20231021 release; this is because they do not comply with GNU FSDG
policy:
the Libreboot 20231021 release:
* Dell Latitude E6430
* Dell Precision T1650

17
site/news/canoeboot20231101.md
View File

@ -1,12 +1,17 @@
% Canoeboot 20231101 released!
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 1 November 2023
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Introduction
============
*This* new release, Canoeboot 20231101, released today 1 November 2023, is
based on the Libreboot 20231101 release, porting changes in it on top of
based on the [Libreboot 20231101](https://libreboot.org/news/libreboot20231101.html) release, porting changes in it on top of
[Canoeboot 20231026](canoeboot20231026.md) as a base. The previous
release was Canoeboot 20231026, released on 26 October 2023.
@ -34,9 +39,11 @@ firmware, but not Canoeboot! Booting Linux/BSD is also [well](../docs/gnulinux/)
[supported](../docs/bsd/).
Canoeboot is maintained in parallel with Libreboot, and by the same developer,
Leah Rowe, who maintains both projects; Canoeboot implements the [GNU Free
System Distribution Guideline](https://www.gnu.org/distros/free-system-distribution-guidelines.en.html)
as policy, ensuring that everything in the boot flash is entirely *free software*.
Leah Rowe, who maintains both projects; Canoeboot implements a more hardline
[zero-blobs policy](policy.md), in contrast to Libreboot's [Binary Blob
Reduction Policy](https://libreboot.org/news/policy.html). This means that
Libreboot supports *a lot more hardware*, but Canoeboot is provided for the
purists out there who are OK using slightly older hardware as a result.
Work done since last release
============================

17
site/news/canoeboot20231103.md
View File

@ -1,7 +1,12 @@
% Canoeboot 20231103 released!
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 3 November 2023
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Introduction
============
@ -34,10 +39,12 @@ share the code](https://writefreesoftware.org/), a freedom denied by most boot
firmware, but not Canoeboot! Booting Linux/BSD is also [well](../docs/gnulinux/)
[supported](../docs/bsd/).
Canoeboot is maintained in parallel with Libreboot, and by the same developer,
Leah Rowe, who maintains both projects; Canoeboot implements the [GNU Free
System Distribution Guideline](https://www.gnu.org/distros/free-system-distribution-guidelines.en.html)
as policy, ensuring that everything in the boot flash is entirely *free software*.
Canoeboot is maintained in parallel with [Libreboot](https://libreboot.org/), and by the same developer,
Leah Rowe, who maintains both projects; Canoeboot implements a more hardline
[zero-blobs policy](policy.md), in contrast to Libreboot's [Binary Blob
Reduction Policy](https://libreboot.org/news/policy.html). This means that
Libreboot supports *a lot more hardware*, but Canoeboot is provided for the
purists out there who are OK using slightly older hardware as a result.
Work done since last release
============================

11
site/news/canoeboot20231107.md
View File

@ -1,16 +1,21 @@
% Canoeboot 20231107 released!
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 7 November 2023
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Introduction
============
*This* new release, Canoeboot 20231107, released today 7 November 2023, is
based on the recent Libreboot 20231106 release.
based on the recent [Libreboot 20231106](https://libreboot.org/news/libreboot20231106.html) release.
The previous release was [Canoeboot 20231103](canoeboot20231103.md), released
on 3 November 2023. Today's release has focused
on minor bug fixes, plus tweaks to the GRUB payload. It imports certain fixes
from the Libreboot 20231106 release, relative to Libreboot 20231101.
from the Libreboot 20231106 release, relative to [Libreboot 20231101](https://libreboot.org/news/libreboot20231101.html).
Canoeboot provides boot firmware for supported x86/ARM machines, starting a
bootloader that then loads your operating system. It replaces proprietary

28
site/news/canoeboot20240504.md
View File

@ -1,7 +1,12 @@
% Canoeboot 20240504 released!
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 4 May 2024
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
**Do not use the Canoeboot 20240504 release, because it had problems with it.
Please use the [Canoeboot 20240612 release](canoeboot20240612.md) instead.**
@ -11,7 +16,7 @@ Introduction
Canoeboot is a free/libre BIOS/UEFI replacement on x86 and ARM, providing
boot firmware that initialises the hardware in your computer, to then load an
operating system (e.g. GNU+Linux). It is specifically a *coreboot distribution*,
in the same way that Trisquel is a GNU+Linux distribution. It provides an automated
in the same way that Debian is a GNU+Linux distribution. It provides an automated
build system to produce coreboot ROM images with a variety of payloads such as
GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy
to use as possible for non-technical users. From a project management perspective,
@ -116,10 +121,21 @@ See: [Libreboot build system audit 4](https://libreboot.org/news/audit4.html)
These and subsequent changes were adapter for today's release. The build system
has been further optimised, both in terms of code size and performance.
Canoeboot is maintained in parallel with Libreboot, by the same person, so a
lot of code is shared back and forth between the two, while ensuring that
Canoeboot strictly complies with the *GNU Free System Distribution Guidelines*,
or *GNU FSDG* for short.
Canoeboot is a *special fork* of Libreboot, maintained in parallel by the
very same developer, Leah Rowe.
Canoeboot [removes all binary blobs](policy.md) from coreboot, unlike
Libreboot which has a more pragmatic
[Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Libreboot
provides 100% free boot firmware on the same mainboards that Canoeboot can
support, but supports *additional* mainboards while trying to minimize any
binary blobs all the same. Because of this difference, *Canoeboot* only
supports a very limited subset of hardware from coreboot that is known to boot
without binary blobs. Many other boards in coreboot require binary blobs for
things like memory controller initialisation. Canoeboot is provided for purists
who only want free software; it even removes CPU microcode updates, regardless
of the negative impact this has on system stability.
GRUB 2.12 revision now used
---------------------------

9
site/news/canoeboot20240510.md
View File

@ -1,7 +1,12 @@
% Canoeboot 20240510 released!
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 10 May 2024
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
**Do not use the Canoeboot 20240510 release, because it had problems with it.
Please use the [Canoeboot 20240612 release](canoeboot20240612.md) instead.**
@ -12,7 +17,7 @@ Canoeboot is a [free/libre](https://writefreesoftware.org/) BIOS/UEFI replacemen
on x86 and ARM, providing
boot firmware that initialises the hardware in your computer, to then load an
operating system (e.g. GNU+Linux). It is specifically a *coreboot distribution*,
in the same way that Trisquel is a GNU+Linux distribution. It provides an automated
in the same way that Debian is a GNU+Linux distribution. It provides an automated
build system to produce coreboot ROM images with a variety of payloads such as
GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy
to use as possible for non-technical users. From a project management perspective,

9
site/news/canoeboot20240612.md
View File

@ -1,14 +1,19 @@
% Canoeboot 20240612 released!
% Leah Rowe
% Leah Rowe in Canoe Leah Mode™
% 12 June 2024
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Introduction
============
Canoeboot is a free/libre BIOS/UEFI replacement on x86 and ARM, providing
boot firmware that initialises the hardware in your computer, to then load an
operating system (e.g. GNU+Linux). It is specifically a *coreboot distribution*,
in the same way that Trisquel is a GNU+Linux distribution. It provides an automated
in the same way that Debian is a GNU+Linux distribution. It provides an automated
build system to produce coreboot ROM images with a variety of payloads such as
GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy
to use as possible for non-technical users. From a project management perspective,

9
site/news/canoeboot20241102.md
View File

@ -1,14 +1,19 @@
% Canoeboot 20241102 released!
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 2 November 2024
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
Introduction
============
Canoeboot is a free/libre BIOS/UEFI replacement on x86 and ARM, providing
boot firmware that initialises the hardware in your computer, to then load an
operating system (e.g. GNU+Linux). It is specifically a *coreboot distribution*,
like how Trisquel is a GNU+Linux distribution. It provides an automated
like how Debian is a GNU+Linux distribution. It provides an automated
build system to produce coreboot ROM images with a variety of payloads such as
GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy
to use as possible for non-technical users. From a project management perspective,

14
site/news/canoeboot20241207.md
View File

@ -1,10 +1,16 @@
% Canoeboot 20241207 released! U-Boot UEFI on x86
% Leah Rowe in GNU Leah Mode™
% Leah Rowe in Canoe Leah Mode™
% 7 December 2024
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
This release, Canoeboot 20241207, is based on and in sync with the recent
stable release of Libreboot, namely Libreboot 20241206. Therefore, this can
be considered a stable release of Canoeboot.
stable release of [Libreboot](https://libreboot.org/), namely
[Libreboot 20241206](https://libreboot.org/news/libreboot20241206.html).
Therefore, this can be considered a stable release of Canoeboot.
This page lists all changes since Canoeboot 20241102.
@ -16,7 +22,7 @@ Introduction
Canoeboot is a free/libre BIOS/UEFI replacement on x86 and ARM, providing
boot firmware that initialises the hardware in your computer, to then load an
operating system (e.g. GNU+Linux). It is specifically a *coreboot distribution*,
like how Trisquel is a GNU+Linux distribution. It provides an automated
like how Debian is a GNU+Linux distribution. It provides an automated
build system to produce coreboot ROM images with a variety of payloads such as
GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy
to use as possible for non-technical users. From a project management perspective,

12
site/news/canoeboot20250107.md
View File

@ -1,9 +1,15 @@
% Canoeboot 20250107 released!
% Leah Rowe
% Leah Rowe in Canoe Leah Mode™
% 7 January 2025
Canoeboot is a *special fork* of [Libreboot](https://libreboot.org/), providing
a de-blobbed configuration on *fewer mainboards*; Libreboot supports more
hardware, and much newer hardware. More information can be found on Canoeboot's
[about](../about.md) page and by reading Libreboot's [Binary Blob Reduction Policy](https://libreboot.org/news/policy.html).
This release, Canoeboot 20250107, is based on and in sync with the recent
stable release of Libreboot, namely Libreboot 20241206 *revision 8* from 6
stable release of [Libreboot](https://libreboot.org/), namely
[Libreboot 20241206 revision 8](https://libreboot.org/news/libreboot20241206rev8.html) from 6
January 2025. Therefore, this can be considered a stable release of Canoeboot.
This page lists all changes since Canoeboot 20241207.
@ -16,7 +22,7 @@ Introduction
Canoeboot is a free/libre BIOS/UEFI replacement on x86 and ARM, providing
boot firmware that initialises the hardware in your computer, to then load an
operating system (e.g. GNU+Linux). It is specifically a *coreboot distribution*,
like how Trisquel is a GNU+Linux distribution. It provides an automated
like how Debian is a GNU+Linux distribution. It provides an automated
build system to produce coreboot ROM images with a variety of payloads such as
GNU GRUB or SeaBIOS, with regular well-tested releases to make coreboot as easy
to use as possible for non-technical users. From a project management perspective,

963
site/news/gnu.md
View File

@ -1,963 +0,0 @@
% Should Canoeboot become GNU Canoeboot?
% Leah Rowe in GNU Leah Mode™
% 12 May 2024
**UPDATE ON 12 JUNE 2024: Please do not use Canoeboot 20240504 or 20240510
because there were problems with these releases. Use
the [Canoeboot 20240612 release](canoeboot20240612.md) instead, which contains
a series of bug fixes that correct the issues from May 2024 releases. More
information is available in the Canoeboot 20240612 announcement. As of
November 2nd, 2024, there is also another release, the 20241102 release.**
And now, without further ado:
Original article
================
Should it? That is the question I emailed to GNU's evaluation team today.
In it, I make a strong case in support of membership, and I encourage members
of the public to also voice their opinions about this topic. Therefore, I have
publicised this link in several places:
What is Canoeboot?
==================
The *Canoeboot* project provides
[free](https://writefreesoftware.org/learn) (*libre*) boot
firmware based on coreboot, replacing proprietary BIOS/UEFI firmware
on [specific Intel/AMD x86 and ARM based motherboards](docs/hardware/),
including laptop and desktop computers. It initialises the hardware (e.g. memory
controller, CPU, peripherals) and starts a bootloader for your operating
system. [GNU+Linux](../docs/gnulinux/) and [BSD](../docs/bsd/) are well-supported. Help is
available via [\#canoeboot](https://web.libera.chat/#canoeboot)
on [Libera](https://libera.chat/) IRC.
Canoeboot is a *special fork* of LIbreboot, maintained in parallel to it.
Canoeboot adheres to the GNU Free System Distribution Guidelines, ensuring
that everything in the flash is *free software*. Canoeboot *only* supports a
very limited subset of hardware from coreboot (which it uses for initialisation)
due to this policy, but it's provided for the purists who only want free
software.
The right to study, share, modify and use software freely without restrictions
is a fundamental right that everyone *must* have.
The benefit of Canoeboot is that it provides a completely
automated build process and installation procedure, with well-tested builds
released on a regular basis that the user can simply install, with minimal
fuss. You can think of it as a *coreboot distro*. Coreboot provides snapshot
source code archives every few months, but that's it. Canoeboot gives
you the ROM images pre-compiled, with source code, and with payloads
already pre-configured. In other words: Canoeboot makes coreboot
extremely easy to use.
More info about Canoeboot's design can be found in the [build system
documentation](../docs/maintain/).
Thoughts welcome!
=================
I asked this question in various places, where you can comment:
Thread on FSF LibrePlanet mailing list:
<https://lists.gnu.org/archive/html/libreplanet-discuss/2024-05/msg00001.html>
Thread on my Mastodon account:
<https://mas.to/@libreleah/112428793049670713>
Thread on Trisquel forums (FSF endorsed GNU+Linux distro, and de-facto stomping
ground for many debates within the FSF community):
<https://trisquel.info/en/forum/should-gnu-boot-become-gnu-canoeboot>
And reddit: <https://www.reddit.com/r/linux/comments/1cqe924/should_canoeboot_become_gnu_canoeboot/>
Email sent to GNU Eval
======================
Here is the email that I sent (replies to it will **not** be published, only
my original email below will be):
```
Message-ID: <864f2dd0-3af8-4c01-8d9b-d4236b43b335@minifree.org>
Date: Sun, 12 May 2024 15:50:42 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
From: Leah Rowe <info@minifree.org>
Autocrypt: addr=info@minifree.org; keydata=
xsFNBGWN15sBEADECGPEe37tdU3xe7OshKU19xVOPuJRMveCO5DHfv/lsZMXLWXwMMpbG+2x
SMQZcdZc0HCUq6TQE9fU0rA3kcFz0miMOuB2WJbYy9guvg9pAjLa0LUyb2T/HPDDy0ifYtqr
OzwETwWRiWQcTHjJ0knwNReaEterpPki1MbK79EwSuQBIgq9lQ611qLn5SmE7sBRB5kze7q3
KdTvY/CTfvOpVizgRF8kqqG4r4XkI0dTyrvC3i3Eub3F3YPWNjN06rECG6wO+TPzRo7em+0C
dPYDgtqq4Srf050KNZsVt10Plty5VpJm2GfoXFh6SZBO1zSbBpTGU+7vBsR731ye2ouQdcIs
06Qi4wHmJ71liqJwxZ0ju2F5edC7jDzdk4jAIaCiSiU+iGg28RsxoUdLkJl5Q4yW507Gr0ps
HIBJBAWJo1i75qKVhrmN25xjJLv0MjgaR7RgT1T7uuX1KPuo8NbHbRlkIv7987NeJzgbUzzp
ka2MJjTEd1ova9kPyICVmKCfBnT+bO3vfJAuQXRlf3qjXSLsxCD7Jmu07if0jXFIvjy/nC4H
0QPlwd/sVS7Svfn4rEGEnulrtBvVdOr6I+LmDedbSsSlYNlqagdyGsdKZfWSGxhjfz4oAkVy
+y39s1qAnM5191m+u72dmnQPtxI8lEH/G+j+hK8NxDvV5ri3owARAQABzR1MZWFoIFJvd2Ug
PGluZm9AbWluaWZyZWUub3JnPsLBlAQTAQoAPhYhBIux99KM92ltv09xklxlQGfTg7H/BQJl
jdebAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEFxlQGfTg7H/PKoQAIB8
z2Rg+R0417YRTBXvbVG5kPpKOO3DWUaQCJx6uypBUpgw2giKDsDz59c2vNaADs7Zh5xQ+2bz
B+jkCjVSuzguApT3gxTnICvLeM72d5ZEF6Q8/YC6s9IiIHssCujbxtNN5yDU/Kn9Qd3gb+Bn
9t/ZYT+L/SGLU3Zerq57lSt8ixU7JOvAolgqRzaPwTFvi1GPZbE5Gynj9riTxZc3KLFROWYN
iiO33T+X17TepTUaubkoA3DgWcQ6tw2dsJ8MT0DtZH8KlU/ufq0NBfFIw79uCQ+m/GbiW9Sm
KtppayLUJyJndlf5fQ/NaNJw9RS+yF5ellGKWWAwh+Drv0PITzJ1dLeWOF5degtyn9+HaMSM
RIs5G6m69UxZmLJ9TQF1Lt1u0l1EH7yHIAf69MX4nlcDIx6moIJgo2UJ9u2D7odDUKlPG8X4
lbc5cvGx9l/Hy6WF8dOYUiU1avU65uhggaNXGXC6JbDiChCeuWTnzKXqlvae8rU9jSpDBSQF
lOOgvi3NifDLM7xFByDtFabnJHniNO1B6kS0V0nv6sJlRuB584kQUQ+PaRUj8QvXjsLvYhxY
Tw2G7jzQkXEOBZq3jenVzAg5ejOB7mTNoZOYOWoFY7XDRUGOmGDvH2qQGVNhedhSBJilAiu6
K0NyjkaFAGufvgXDjLImPav/kWdbTDvNzsFNBGWN15sBEADj4Dhn29Z0LVU+B1Wc8U0wdV7N
bDIjbhEvJ0Yc+FTNorQq7avY9jTkGtcnKPUti6cJxuQOZPxaIzP1mMK9BlsGbB8bTJ7oqpsI
XuvGKOOZQMb7i+qEIfJw6ZAXSwuKq4xBciJU52WdX8OaSWJ6KZX74yrE1SXW+7yj3ENZNWuT
N2kAPF595XYpZwTAaJRy/ojfORu8WFXvo5osZJI1TlrJeDFecBntPkCgvI1VPTF3fUU3lGZc
8rVascaGaJ6tBd5mTx/RrRyJrrJMEd1dca0MHV4WIDbNeINpbEhS2SbqOj/9q9z8tfmleqXV
jb+gKjSDpD8Nsxv9+2gq29tevMLqZ5R3NA4jj4rOnyIuq+YFtkZuBuEc04UX3ApixdAQ0jIN
hIBfT8YcMC+wwTvl4jG4Rhzrc4jOX8igOe9wkstbl7JxGJU28x4htskAyM2CMxPaUrorm64c
U2S0UoJGrvLfjItGud8dyM+RgtaO5wTFNO2A0dnq2/thIIgoEaiQfKMq2ilISsnf6x8as0FV
3c7mGO8pDJlRwjoNg/89CMhxVbgO+5JQ+JHLfoMA++R+QaYy1ZLY51h5Ax6OtVWpZh67EuVD
Lx/5EFiyM25UTpqvH7t0ae2oLbAwQtIv1fRLhHP4aVSsP793of92/1lpybbpRD7/7ruVQ64d
+/N49db6mQARAQABwsF8BBgBCgAmFiEEi7H30oz3aW2/T3GSXGVAZ9ODsf8FAmWN15sCGwwF
CQlmAYAACgkQXGVAZ9ODsf8EqQ/8CjAQTza1pvd/GmKYHtldSA1odPB7AQkB+j4oyu5gDqtM
/fFRv3uGVYLcyZwC3XF69KL+NpcUYG22RQWokt+z3OiVYfP5LyKjXe2cPMS2cmyXBHEcCP8Q
SffNQNoC2VYzaVXH4P6cBVmkDG3yPtQ2cH1Al6jhMS4Fa0TCe6kgA7qROSoapdZuwbxEE7Fe
aYZIXQUBLpe2C6SexljD65DLhbDE5p4N56VbncO6IAqr9JQSlEXBgvgXGhXqfOmZkmCjXJU7
Sgy8sIyF4b1uEOkcWxUUfvfrO1yrcWyxvTlZdPCJy802B7UVFPWTbKwFoyIq5Lr8wk2npzAm
Dy/hKZlIV72Vk0eIcrTCfpbj0GehrIIYcpW7Z2IUtETNkyuQs+OScIdrP3PItajNwktQJrhz
+UGbF9MuT+CHuruhw5KzymkzcnEzCNaYvY4eG8IXP6VpX1GCs9eUvCWEnjP0OkmhQniWvS3v
AB7DfZSm0NAoDX0ZvNzzIRbiM5uhYqDUSIsmOwUiJLjveLysmIRaAc/K/Euml0obCUJfanD7
KSs7SZYp24ZTDNsvsWbsk1y8QvAGkZBfuykfRCMxsmGRyN2hS6H/ftttCUrj8Qn1/hJDBegE
UJgYDItHpE7KJeBHMFNUB2sTHPbzx+a5WPYxeYJevAeTwAg0/nRobXRzER7BLIU=
To: gnueval@gnu.org
Cc: ksiewicz@fsf.org, zoe@fsf.org, Mike Gerwitz <mtg@gnu.org>,
simon@josefsson.org, christian@grothoff.org, gnu-advisory@gnu.org,
rms@gnu.org, bob@proulx.com
Subject: Should Canoeboot become GNU Canoeboot?
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------QXCa2wGHkDkyD669GgjjqNUT"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------QXCa2wGHkDkyD669GgjjqNUT
Content-Type: multipart/mixed; boundary="------------K2qUk5UHVXzKPCuKPN8riXWW";
protected-headers="v1"
From: Leah Rowe <info@minifree.org>
To: gnueval@gnu.org
Cc: ksiewicz@fsf.org, zoe@fsf.org, Mike Gerwitz <mtg@gnu.org>,
simon@josefsson.org, christian@grothoff.org, gnu-advisory@gnu.org,
rms@gnu.org, bob@proulx.com
Message-ID: <864f2dd0-3af8-4c01-8d9b-d4236b43b335@minifree.org>
Subject: Should Canoeboot become GNU Canoeboot?
--------------K2qUk5UHVXzKPCuKPN8riXWW
Content-Type: multipart/mixed; boundary="------------qXtx1QnbZel60GYrRxArVU6C"
--------------qXtx1QnbZel60GYrRxArVU6C
Content-Type: multipart/alternative;
boundary="------------0qkEOS0KaVvTlm4TzFss1Nsy"
--------------0qkEOS0KaVvTlm4TzFss1Nsy
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
SGkNCg0KVGhpcyBpcyBzZW50IHRvIEdOVSBFdmFsIHRlYW0sIGJ1dCBDQydkIHRvIG90aGVy
cy4gTXkgbWFpbiByZWNpcGllbnQgaXMgdGhlIEdOVSBFdmFsIHRlYW0uDQoNCkkgd2FudCBH
TlUgQ2Fub2Vib290LiBUaGlzIGlzIG15IG9mZmljaWFsIGNvbnRhY3Qgd2l0aCBHTlUsIGFz
IHRoZSBsZWFkIGRldmVsb3BlciBhbmQgZm91bmRlciBvZiB0aGUgQ2Fub2Vib290IHByb2pl
Y3QsIGEgZnVsbHkgZnJlZSBjb3JlYm9vdCBkaXN0cm8gYmFzZWQgb24gTGlicmVib290Lg0K
DQpDYW5vZWJvb3QgaGFzIHJlY2VudGx5IHJlbW92ZWQgYWxsIG9wcG9zaXRpb24gdG8gdGhl
IEZTRiBhbmQgZGVjaWRlZCB0byBzdGF1bmNobHkgcHJvbW90ZSBpdCBpbnN0ZWFkLCBpbiBh
ZGRpdGlvbiB0byBGU0RHLiBUaGlzIGlzIHBhcnQgb2YgYSBnZW5lcmFsIGRlc2lyZSBJJ3Zl
IGhhZCBzaW5jZSB0aGUgc3RhcnQgb2YgdGhlIHllYXIsIHRvIHNlZWsgcmVjb25jaWxsaWF0
aW9uIHdpdGggdGhlIEZTRiBhbmQgR05VIHByb2plY3QsIGFmdGVyIHRoZSBkcmFtYSB0aGF0
IGVuc3VlZCBmaXJzdCB3aXRoIGxpYnJlYm9vdC5vcmcgdnMgbGlicmVib290LmF0LCBhbmQg
dGhlbiBsaWJyZWJvb3Qub3JnIHZzIEdOVSBCb290Lg0KDQpUaGlzIGNoYW5nZSBpcyBwZXJt
YW5lbnQsIHdoZXRoZXIgR05VIGFjY2VwdHMgbXkgcHJvcG9zYWwgdG9kYXk7IGV2ZW4gaWYg
Q2Fub2Vib290IGRvZXMgbm90IGJlY29tZSBHTlUgQ2Fub2Vib290LCBpdCB3aWxsIGNvbnRp
bnVlIHRvIG9wZXJhdGUgYXMgaXQgZG9lcyBub3cuIEkgcmVjZW50bHkgZGlkIGEgcmVsZWFz
ZSB3aGljaCBpcyBzdGF1bmNobHkgcHJvLUZTRi4gSSd2ZSBkb25lIHRoaXMsIHByZWNpc2Vs
eSBiZWNhdXNlIEdOVSBCb290IGlzIG5vIGxvbmdlciBjb21wZXRpdGlvbiB0byBDYW5vZWJv
b3QgaW4gYW55IHdheTsgR05VIEJvb3Qgc2VlbXMgdG8gaGF2ZSBzdGFsbGVkLCBzbyBDYW5v
ZWJvb3QgaGFzLCB3aXRoIHRoaXMgbW92ZWQsIGVmZmVjdGl2ZWx5IHJlcGxhY2VkIGl0LiBJ
IGRvbid0IHNheSB0aGlzIGFzIGFuIGF0dGFjaywgYnV0IGl0IGlzIGEgZmFjdCB0aGF0IEdO
VSBCb290IGhhcywgYXMgSSB3cml0ZSB0aGlzLCBub3Qgc3VibWl0dGVkIGFueXRoaW5nIHRv
IHRoZWlyIG1haW4gYnJhbmNoIGluIG92ZXIgNCBtb250aHMuIGl0J3Mgbm93IGEgZGVhZCBw
cm9qZWN0LCBhbmQgQ2Fub2Vib290IGlzIHRha2luZyBvdmVyLg0KDQpJIGtub3cgR05VIEJv
b3QgaXMgYWxyZWFkeSBhIHRoaW5nLiBJIGVudmlzaW9uIENhbm9lYm9vdCByZXBsYWNpbmcg
aXQuIE5vdywgYW5zd2VycyB0byBxdWVzdGlvbnMgZnJvbSBnbnVldmFsIGZvcm06DQoNCiog
R2VuZXJhbCBJbmZvcm1hdGlvbg0KKiogRG8geW91IGFncmVlIHRvIGZvbGxvdyBHTlUgcG9s
aWNpZXM/DQogICAgSWYgeW91ciBwcm9ncmFtIGlzIGFjY2VwdGVkIHRvIGJlIHBhcnQgb2Yg
dGhlIEdOVSBzeXN0ZW0sIGl0IG1lYW5zDQogICAgdGhhdCB5b3UgYmVjb21lIGEgR05VIG1h
aW50YWluZXIsIHdoaWNoIGluIHR1cm4gbWVhbnMgdGhhdCB5b3Ugd2lsbA0KICAgIG5lZWQg
dG8gZm9sbG93IEdOVSBwb2xpY2llcyBpbiByZWdhcmRzIHRvIHRoYXQgR05VIHByb2dyYW0u
DQogICAgKFN1bW1hcml6ZWQgYWJvdmUsIHNlZSBtYWludGFpbmVycyBkb2N1bWVudCBmb3Ig
ZnVsbCBkZXNjcmlwdGlvbnMuKQ0KDQpZZXMuIENhbm9lYm9vdCBhbHJlYWR5IGNvbXBsaWVz
IGZ1bGx5IHdpdGggdGhlIEdOVSBGcmVlIFN5c3RlbSBEaXN0cmlidXRpb24gR3VpZGVsaW5l
cy4gVGhlcmUgbWF5IGJlIGEgZmV3IHN0cmFnZ2xlcnMgbGVmdCBvdmVyIGZyb20gd2hlbiBp
dCBmb3JrZWQgZnJvbSBMaWJyZWJvb3QsIGJ1dCB0aGVzZSB3aWxsIHN1cmVseSBiZSBmb3Vu
ZCBkdXJpbmcgcmV2aWV3Lg0KDQpJJ3ZlIGFscmVhZHkgZG9uZSBleHRlbnNpdmUgYXVkaXRp
bmcgbXlzZWxmLCBhcyBoYXMgQ3JhaWcgVG9waGFtIGluIGhpcyBjYXBhY2l0eSBhcyBMaWNl
bnNpbmcgYW5kIENvbXBsaWFuY2Ugb2ZmaWNlciBhdCB0aGUgRlNGLiAoQ2Fub2Vib290IDIw
MjMgcmVsZWFzZXMgd2VyZSBhdWRpdGVkKQ0KDQoqKiBQYWNrYWdlIG5hbWUgYW5kIHZlcnNp
b246DQoNCkNhbm9lYm9vdCAyMDI0MDUxMA0KDQoqKiBBdXRob3IgRnVsbCBOYW1lIDxFbWFp
bD46DQoNCkxlYWggUm93ZTxpbmZvQG1pbmlmcmVlLm9yZz4NCg0KKiogVVJMIHRvIHBhY2th
Z2UgaG9tZSBwYWdlIChpZiBhbnkpOg0KDQpodHRwczovL2Nhbm9lYm9vdC5vcmcvDQoNCioq
IFVSTCB0byBzb3VyY2UgdGFyYmFsbDoNCiAgICAgUGxlYXNlIG1ha2UgYSByZWxlYXNlIHRh
cmJhbGwgZm9yIHB1cnBvc2VzIG9mIGV2YWx1YXRpb24sIHdoZXRoZXINCiAgICAgb3Igbm90
IHlvdSBwdWJsaWNseSByZWxlYXNlIGl0LiAgSWYgeW91IGRvbid0IGhhdmUNCiAgICAgYW55
d2hlcmUgdG8gdXBsb2FkIGl0LCBzZW5kIGl0IGFzIGFuIGF0dGFjaG1lbnQuDQoNCmh0dHBz
Oi8vd3d3Lm1pcnJvcnNlcnZpY2Uub3JnL3NpdGVzL2xpYnJlYm9vdC5vcmcvcmVsZWFzZS9j
YW5vZWJvb3QvMjAyNDA1MTAvY2Fub2Vib290LTIwMjQwNTEwX3NyYy50YXIueHoNCg0KTk9U
RTogU2V2ZXJhbCBjaGFuZ2VzIGhhdmUgYmVlbiBtYWRlIHNpbmNlIHRoYXQgcmVsZWFzZS4g
Q2hlY2sgdGhlIGdpdCBsb2cgZm9yIGNid3d3LmdpdCBhbmQgY2Jtay5naXQgLSBzb21lIG9m
IHRoZXNlIGFyZSByZWxldmFudCBhcyBwYXJ0IG9mIGV2YWx1YXRpb24gKEkgZml4ZWQgc2V2
ZXJhbCBpc3N1ZXMgYWxyZWFkeSwgdGhhdCB5b3UncmUgbGlrZWx5IHRvIGZsYWcgaW4gdGhl
IHRhcmJhbGwpLg0KDQoqKiBCcmllZiBkZXNjcmlwdGlvbiBvZiB0aGUgcGFja2FnZToNCg0K
VGhlIC9DYW5vZWJvb3QvIHByb2plY3QgcHJvdmlkZXMgZnJlZSANCjxodHRwczovL3dyaXRl
ZnJlZXNvZnR3YXJlLm9yZy9sZWFybj4gKC9saWJyZS8pIGJvb3QgZmlybXdhcmUgYmFzZWQg
b24gDQpjb3JlYm9vdCwgcmVwbGFjaW5nIHByb3ByaWV0YXJ5IEJJT1MvVUVGSSBmaXJtd2Fy
ZSBvbiBzcGVjaWZpYyBJbnRlbC9BTUQgDQp4ODYgYW5kIEFSTSBiYXNlZCBtb3RoZXJib2Fy
ZHMgPGh0dHBzOi8vY2Fub2Vib290Lm9yZy9kb2NzL2hhcmR3YXJlLz4sIA0KaW5jbHVkaW5n
IGxhcHRvcCBhbmQgZGVza3RvcCBjb21wdXRlcnMuIEl0IGluaXRpYWxpc2VzIHRoZSBoYXJk
d2FyZSANCihlLmcuwqBtZW1vcnkgY29udHJvbGxlciwgQ1BVLCBwZXJpcGhlcmFscykgYW5k
IHN0YXJ0cyBhIGJvb3Rsb2FkZXIgZm9yIA0KeW91ciBvcGVyYXRpbmcgc3lzdGVtLiBHTlUr
TGludXggPGh0dHBzOi8vY2Fub2Vib290Lm9yZy9kb2NzL2dudWxpbnV4Lz4gDQphbmQgQlNE
IDxodHRwczovL2Nhbm9lYm9vdC5vcmcvZG9jcy9ic2QvPiBhcmUgd2VsbC1zdXBwb3J0ZWQu
IEhlbHAgaXMgDQphdmFpbGFibGUgdmlhICNjYW5vZWJvb3QgPGh0dHBzOi8vd2ViLmxpYmVy
YS5jaGF0LyNjYW5vZWJvb3Q+IG9uIExpYmVyYSANCjxodHRwczovL2xpYmVyYS5jaGF0Lz4g
SVJDLg0KDQoNCiogQ29kZQ0KKiogRGVwZW5kZW5jaWVzOg0KICAgICBQbGVhc2UgbGlzdCB0
aGUgcGFja2FnZSdzIGRlcGVuZGVuY2llcyAoc291cmNlIGxhbmd1YWdlLCBsaWJyYXJpZXMs
IGV0Yy4pLg0KDQpDYW5vZWJvb3QgYnVpbGQgc3lzdGVtIChjYm1rKSB3cml0dGVuIGluIFBP
U0lYIHNoZWxsIHNjcmlwdHMgKHNoKQ0KDQpVdGlscyAodXRpbC8pIHdyaXR0ZW4gaW4gYSBt
aXggb2YgQyBhbmQgR28NCg0KVXBzdHJlYW0gcHJvamVjdHMgc3VjaCBhcyBjb3JlYm9vdCwg
R1JVQiwgU2VhQklPUyBsYXJnZWx5IHdyaXR0ZW4gaW4gQywgd2l0aCBhIGJpdCBvZiBHbyBh
bmQgcHl0aG9uLCBhbHNvIGEgbWlsZCBzZWFzb25pbmcgb2YgeDg2IGFzc2VtYmx5IGxhbmd1
YWdlLCBpbiBhIGZldyBjYXNlcy4NCg0KKiogQ29uZmlndXJhdGlvbiwgYnVpbGRpbmcsIGlu
c3RhbGxhdGlvbjoNCiAgICAgSXQgbWlnaHQgb3IgbWlnaHQgbm90IHVzZSBBdXRvY29uZi9B
dXRvbWFrZSwgYnV0IGl0IG11c3QgbWVldCBHTlUNCiAgICAgc3RhbmRhcmRzLiAgRXZlbiBw
YWNrYWdlcyB0aGF0IGRvIG5vdCByZXF1aXJlIGNvbXBpbGF0aW9uDQogICAgIG11c3QgZm9s
bG93IHRoZXNlIHN0YW5kYXJkcywgc28gaW5zdGFsbGVycyBoYXZlIGEgdW5pZm9ybSB3YXkg
dG8NCiAgICAgZGVmaW5lIHRhcmdldCBkaXJlY3RvcmllcywgZXRjLiAgUGxlYXNlIHNlZToN
CiAgICAgaHR0cDovL3d3dy5nbnUub3JnL3ByZXAvc3RhbmRhcmRzL2h0bWxfbm9kZS9Db25m
aWd1cmF0aW9uLmh0bWwNCiAgICAgaHR0cDovL3d3dy5nbnUub3JnL3ByZXAvc3RhbmRhcmRz
L2h0bWxfbm9kZS9NYWtlZmlsZS1Db252ZW50aW9ucy5odG1sDQoNCkRvZXMgbm90IG1lZXQg
c3RhbmRhcmRzIGF0IGFsbCwgYnV0IG5laXRoZXIgZG9lcyBHTlUgQm9vdCBhbmQgbmVpdGhl
ciBkaWQgdGhlIGVyc3R3aGlsZSBHTlUgTGlicmVib290OyBpdCB3YXMgYWNjZXB0ZWQgYm90
aCB0aGVuIGFuZCBub3cgdGhhdCB0aGUgZGVzaWduIGlzIGRpZmZlcmVudCwgYnV0IHRoYXQg
R05VIG5lZWRlZCBhIHZpYWJsZSBGU0RHLWNvbXBsaWFudCBjb3JlYm9vdCBkaXN0cm8uDQoN
ClRoZSBDYW5vZWJvb3QgYnVpbGQgc3lzdGVtIGlzIGRvY3VtZW50ZWQgaGVyZToNCg0KaHR0
cHM6Ly9jYW5vZWJvb3Qub3JnL2RvY3MvbWFpbnRhaW4vDQoNCioqIERvY3VtZW50YXRpb246
DQogICAgIFdlIHJlcXVpcmUgdXNpbmcgVGV4aW5mbyAoaHR0cDovL3d3dy5nbnUub3JnL3Nv
ZnR3YXJlL3RleGluZm8vKQ0KICAgICBmb3IgZG9jdW1lbnRhdGlvbiwgYW5kIHJlY29tbWVu
ZCB3cml0aW5nIGJvdGggcmVmZXJlbmNlIGFuZCB0dXRvcmlhbA0KICAgICBpbmZvcm1hdGlv
biBpbiB0aGUgc2FtZSBtYW51YWwuICBQbGVhc2Ugc2VlDQogICAgIGh0dHA6Ly93d3cuZ251
Lm9yZy9wcmVwL3N0YW5kYXJkcy9odG1sX25vZGUvR05VLU1hbnVhbHMuaHRtbA0KDQpQYW5k
b2MgTWFya2Rvd24gaXMgdXNlZC4gU2VlOiBjYnd3dy5naXQNCg0KVGhlIFVudGl0bGVkIFN0
YXRpYyBTaXRlIEdlbmVyYXRvciBpcyB1c2VkIHRvIGdlbmVyYXRlIGl0Lg0KDQpUaGlzIGlz
IHdoYXQgR05VIEJvb3QgYWxzbyB1c2VzLCBhbmQgaXQgaGFzIE1hcmtkb3duLCBhbmQgd2Fz
IGFjY2VwdGVkLg0KDQoqKiBJbnRlcm5hdGlvbmFsaXphdGlvbjoNCiAgICAgSWYgeW91ciBw
YWNrYWdlIGhhcyBhbnkgdXNlci12aXNpYmxlIHN0cmluZ3MsIHBsZWFzZSBtYWtlIHRoZW0N
CiAgICAgdHJhbnNsYXRhYmxlIHRvIG90aGVyIGxhbmd1YWdlcyB1c2luZyBHTlUgR2V0dGV4
dDoNCiAgICAgaHR0cDovL3d3dy5nbnUub3JnL3NvZnR3YXJlL2dldHRleHQvDQoNCk5vIGkx
OG4sIGJ1dCB0aGVyZSBhcmUgdHJhbnNsYXRpb25zIG9mIGNlcnRhaW4gcGFnZXMgb24gdGhl
IHdlYnNpdGUsIG1haW50YWluZWQgbWFudWFsbHkuDQoNClNvbWUgb2YgdGhlIHBhY2thZ2Vz
IHRoYXQgQ2Fub2Vib290IHVzZXMgbWF5IGhhdmUgaTE4biwgc3VjaCBhcyBHTlUgR1JVQi4N
Cg0KKiogQWNjZXNzaWJpbGl0eToNCiAgICAgUGxlYXNlIGRpc2N1c3MgYW55YWNjZXNzaWJp
bGl0eSBpc3N1ZXMgIDxodHRwczovL3d3dy5nbnUub3JnL2FjY2Vzc2liaWxpdHkvYWNjZXNz
aWJpbGl0eS5odG1sPg0KICAgICB3aXRoIHlvdXIgcGFja2FnZSwgc3VjaCBhcyB1c2Ugb2Yg
cmVsZXZhbnQgQVBJcy4NCg0KQWNjZXNzaWJpbGl0eSBpc3N1ZXM6IG5vIHNjcmVlbiByZWFk
ZXIgaW4gdGhlIEdSVUIvU2VhQklPUyBib290IG1lbnUsIHRob3VnaCBHUlVCIChjb3JlYm9v
dCBwYXlsb2FkIG9mdGVuIHVzZWQgb24gQ2Fub2Vib290IGluc3RhbGxhdGlvbnMpIGhhcyBh
IG1vcnNlIGNvZGUgZ2VuZXJhdG9yIHdoaWNoIEkgY291bGQgcHJvYmFibHkgcmUtcHVycG9z
ZSBmb3IgYmxpbmQgdXNlcnMuDQoNCioqIFNlY3VyaXR5Og0KICAgICBQbGVhc2UgZGlzY3Vz
cyBhbnkgcG9zc2libGUgc2VjdXJpdHkgaXNzdWVzIHdpdGggeW91ciBwYWNrYWdlOg0KICAg
ICBjcnlwdG9ncmFwaGljIGFsZ29yaXRobXMgYmVpbmcgdXNlZCwgc2Vuc2l0aXZlIGRhdGEg
YmVpbmcgc3RvcmVkLA0KICAgICBwb3NzaWJsZSBlbGV2YXRpb24gb2YgcHJpdmlsZWdlcywg
ZXRjLg0KDQpObyBpc3N1ZXMgdGhhdCBJIGNhbiB0aGluayBvZi4NCg0KQ2Fub2Vib290IGFj
dHVhbGx5IGltcHJvdmVzIHRoZSBzZWN1cml0eSBvbiBzb21lIG9mIGl0cyBwYWNrYWdlcy4g
Rm9yIGV4YW1wbGUgaXQgYWRkcyBBcmdvbjIgS0RGIHN1cHBvcnQgdG8gR05VIEdSVUIsIHNv
IHRoYXQgeW91IGNhbiBib290IGZyb20gTFVLUzIgZm9ybWF0dGVkIC9ib290IHBhcnRpdGlv
bnMuDQoNCiogTGljZW5zaW5nOg0KICAgIEJvdGggdGhlIHNvZnR3YXJlIGl0c2VsZiAqYW5k
IGFsbCBkZXBlbmRlbmNpZXMqICh0aGlyZC1wYXJ0eQ0KICAgIGxpYnJhcmllcywgZXRjLikg
bXVzdCBiZSBmcmVlIHNvZnR3YXJlIGluIG9yZGVyIHRvIGJlIGluY2x1ZGVkIGluDQogICAg
R05VLiAgSW4gZ2VuZXJhbCwgb2ZmaWNpYWwgR05VIHNvZnR3YXJlIHNob3VsZCBiZSByZWxl
YXNlZCB1bmRlciB0aGUNCiAgICBHTlUgR1BMIHZlcnNpb24gMyBvciBhbnkgbGF0ZXIgdmVy
c2lvbiwgYW5kIEdOVSBkb2N1bWVudGF0aW9uIHNob3VsZA0KICAgIGJlIHJlbGVhc2VkIHVu
ZGVyIHRoZSBHTlUgRkRMIHZlcnNpb24gMS4zIG9yIGFueSBsYXRlciB2ZXJzaW9uLg0KDQpD
YW5vZWJvb3QgYnVpbGQgc3lzdGVtIGxhcmdlbHkgR1BMdjMrLCBzb21lIHBhcnRzIGFyZSBH
UEx2Mi1vbmx5Lg0KDQpDb3JlYm9vdCBpcyBsYXJnZWx5IEdQTHYyLg0KDQpHUlVCIGxhcmdl
bHkgR1BMdjMrLCBzb21ldGltZXMgdjIrIG9yIHYyLW9ubHkNCg0KU2VhQklPUyBsYXJnZWx5
IEdQTHYyLCB3aXRoIHNvbWUgdjMgc2Vhc29uaW5nDQoNCiAgICBQbGVhc2Ugc2VlaHR0cDov
L3d3dy5nbnUub3JnL3BoaWxvc29waHkvbGljZW5zZS1saXN0Lmh0bWwgIGZvciBhDQogICAg
cHJhY3RpY2FsIGd1aWRlIHRvIHdoaWNoIGxpY2Vuc2VzIGFyZSBmcmVlIChmb3IgR05VJ3Mg
cHVycG9zZXMpIGFuZA0KICAgIHdoaWNoIGFyZSBub3QuICBQbGVhc2UgZ2l2ZSBzcGVjaWZp
YyB1cmwncyB0byBhbnkgbGljZW5zZXMgaW52b2x2ZWQNCiAgICB0aGF0IGFyZSBub3QgbGlz
dGVkIG9uIHRoYXQgcGFnZS4NCg0KTk9URTogQ2Fub2Vib290IGFscmVhZHkgbGlzdGVkIG9u
IEZTRDoNCg0KaHR0cHM6Ly9kaXJlY3RvcnkuZnNmLm9yZy93aWtpL0Nhbm9lYm9vdA0KDQpG
U0YncyBvd24gY3JhaWd0IGhlYXZpbHkgYXVkaXRlZCBpdCBvdmVyIGEgb25lLXdlZWsgcGVy
aW9kLCBleHRlbnNpdmVseSBzY2FubmluZyBpdCBhbmQgdGhlbiBnb2luZyB0aHJvdWdoIGl0
IGFsbCB3aXRoIG1lLg0KDQoqIFNpbWlsYXIgZnJlZSBzb2Z0d2FyZSBwcm9qZWN0czoNCiAg
ICBQbGVhc2UgZXhwbGFpbiB3aGF0IG1vdGl2YXRlZCB5b3UgdG8gd3JpdGUgeW91ciBwYWNr
YWdlLCBhbmQgc2VhcmNoDQogICAgYXQgbGVhc3QgdGhlIEZyZWUgU29mdHdhcmUgRGlyZWN0
b3J5IChodHRwOi8vd3d3LmdudS5vcmcvZGlyZWN0b3J5LykNCiAgICBmb3IgcHJvamVjdHMg
c2ltaWxhciB0byB5b3Vycy4gIElmIGFueSBleGlzdCwgcGxlYXNlIGFsc28gZXhwbGFpbg0K
ICAgIHdoYXQgdGhlIHByaW5jaXBhbCBkaWZmZXJlbmNlcyBhcmUuDQoNCkdOVSBCb290DQoN
CkkgaW50ZW5kIGZvciBDYW5vZWJvb3QgdG8gcmVwbGFjZSBHTlUgQm9vdCwgYW5kIGZvciBH
TlUgQm9vdCB0byBiZSBkZWNvbW1pc3Npb25lZCwgc2luY2UgaXQgaXMgY3VycmVudGx5IGEg
ZGVhZCBwcm9qZWN0OyBDYW5vZWJvb3QgaXMgdGhlIG9ubHkgRlNERyBjb21wbGlhbnQgY29y
ZWJvb3QgZGlzdHJvIHVuZGVyIGFjdGl2ZSBkZXZlbG9wbWVudC4NCg0KSW4gYWRkaXRpb24s
IGlmIGFjY2VwdGVkLCBJIHN1cHBvc2UgbGlicmVib290LmF0IHdvdWxkIGFsc28gYmUgcmVk
aXJlY3RlZC4gQm90aCBsaWJyZWJvb3QuYXQgYW5kIEdOVSBCb290IHdvdWxkIHJlZGlyZWN0
IHRvIENhbm9lYm9vdC4NCg0KVGhlIGN1cnJlbnQgR05VIEJvb3QgZGV2ZWxvcGVycyBhcmUg
d2VsY29tZSB0byB3b3JrIHdpdGggbWUgYXMgY29udHJpYnV0b3JzIGlmIHRoZXkgd2lzaCwg
YnV0IHRoZXkgbXVzdCBub3QgYmUgbWFkZSBtYWludGFpbmVycyBvZmZpY2lhbGx5OyBJIHdp
bGwgYXNzdW1lIHRoYXQgcnVsZSBhcyBHTlUgQ2Fub2Vib290IG1haW50YWluZXIuDQoNCiog
QW55IG90aGVyIGluZm9ybWF0aW9uLCBjb21tZW50cywgb3IgcXVlc3Rpb25zOg0KDQpodHRw
czovL3RyaXNxdWVsLmluZm8vZW4vZm9ydW0vY2Fub2Vib290LTIwMjQwNTEwLXJlbGVhc2Vk
LWdudS1mc2RnLWNvbXBsaWFudC0xMDAtZnJlZS1zb2Z0d2FyZS1jb3JlYm9vdC1kaXN0cm8t
cmVwbGFjaW5nLXBybw0KDQpUaGlzIGxpbmsgY29udGFpbnMgZGlzY3Vzc2lvbiwgaW5jbHVk
aW5nIGZyb20ganhzZWxmIChsZWFkaW5nIG1lbWJlciBvZiBHTlUgQWR2aXNvcnkgQ29tbWl0
dGVlKS4gVGhlIHN1YnRleHQgaXMgR05VIENhbm9lYm9vdCwgYmVjYXVzZSBqeHNlbGYgd2Fz
IGF3YXJlIG9mIG15IHBsYW4gd2hlbiBoZSBwb3N0ZWQgaGVyZS4NCg0KRWFybHkgZGF5cyB0
aHVzIGZhciwgYnV0IHRoZSBnaXN0IGlzIHRoaXM6IENhbm9lYm9vdCBoYXMgZHJvcHBlZCAx
MDAlIG9mIGl0cyBob3N0aWxpdHkgdG8gRlNGIGFuZCBJJ3ZlIGRlY2lkZWQgdGhhdCBpdCB3
aWxsIHN0YXVuY2hseSAqc3VwcG9ydCogdGhlIEZTRiBpbnN0ZWFkLCBvcGVubHkgcHJvbW90
aW5nIEdOVSBGU0RHIHBvbGljeSBhbmQgZW5jb3VyYWdpbmcgdGhlIHVzZSBvZiBGU0RHIGxp
Y2Vuc2VkIGRpc3Ryb3Mgc3VjaCBhcyBUcmlzcXVlbC4gVGhpcyB3b3VsZCBiZSBqdXN0IGxp
a2UgdGhlIGdvb2Qgb2xkIGRheXMgb2YgR05VIExpYnJlYm9vdCEgVGhpcyBjaGFuZ2UgaXMg
cGVybWFuZW50Lg0KSSB3YXNuJ3QgZ29pbmcgdG8gbWFrZSB0aGlzIHJlcXVlc3QgdG8gZ251
ZXZhbCwgYnV0IHNpbmNlIEdOVSBCb290IGlzbid0IHJlYWxseSBhIHRoaW5nIGFueW1vcmUg
KG5vIGNvbW1pdHMgaW4gb3ZlciA0IG1vbnRocyBvbiB0aGVpciBtYWluIGJyYW5jaCwgYW5k
IGdlbmVyYWxseSBzbG93IGRldmVsb3BtZW50IGJlZm9yZSB0aGVuKSwgSSB0aG91Z2h0OiB3
aHkgbm90Pw0KDQpDYW5vZWJvb3QgaXMgYmVpbmcga2VwdCBzZXBhcmF0ZSBmcm9tIExpYnJl
Ym9vdCBmcm9tIG5vdyBvbi4gSXQgbm8gbG9uZ2VyIHByb21vdGVzIExpYnJlYm9vdC4gV2hl
biBJJ20gd29ya2luZyBvbiBDYW5vZWJvb3QsIEkgc2ltcGx5IGVudGVyIEdOVSBMZWFoIE1v
ZGUsIHdoaWNoIGlzIGEgYnJhaW5tb2RlIHdoZXJlIEkgYmVsaWV2ZSBhYnNvbHV0ZWx5IGlu
IGl0IGFuZCB3aWxsIHN0YW5kIGJ5IGl0IHRvIHRoZSB2ZXJ5IGVuZC4gSSdtIHJlYWxseSBn
b29kIGF0IHRoYXQsIGFuZCBJIGFsc28gZGlkIHRoYXQgd2hlbiBHTlUgTGlicmVib290IHdh
cyBhIHRoaW5nLg0KDQpJJ3ZlIGFscmVhZHkgc3Bva2VuIHRvIHNldmVyYWwgcGVvcGxlIHdo
byBhcmUgaW5mbHVlbnRpYWwgc3VjaCBhcyBNaWtlIEdlcndpdHogYW5kIEJvYiBQcm91bHgs
IGFuZCB0aGV5IGhhdmUgc2FpZCB0aGF0LCBpbiBwcmluY2lwbGUsIHRoZXkgc3VwcG9ydCB0
aGlzIG1vdmUsIHRob3VnaCB0aGV5IGhhdmUgYWxzbyB0b2xkIG1lIHRoYXQgdGhleSB3aWxs
IG5vdCBiZSBpbnZvbHZlZCAob2YgY291cnNlLCBpZiB0aGV5IGRvIHdhbnQgdG8sIEknZCBs
aWtlIHRoYXQpLg0KDQpHTlUgQ2Fub2Vib290Lg0KDQpUaGF0IGlzIHdoYXQgSSB3YW50LCBh
bmQgdGhhdCBpcyB3aGF0IEkgcHJvcG9zZS4gSSB3aWxsIGZvbGxvdyBhbGwgcnVsZXMgYW5k
IGRvIHRoaW5ncyByaWdodC4NCg0KQWxzbzoNCg0KQW5vdGhlciBsaWJyZXhpdCAobGlicmVi
b290IGV4aXQgZnJvbSBHTlUpIHdpbGwgbm90IG9jY3VyLiBDYW5vZWJvb3Qgd2lsbCBiZSBH
TlUgZm9yZXZlciwgaWYgYWNjZXB0ZWQuIEkgbmV2ZXIgdG9sZCBhbnlvbmUgdGhpcyBiZWZv
cmUsIGFuZCBpdCdzIG5vdCBhbiBleGNsdXNlLCBidXQgaXQgaXMgYSBtaXRpZ2F0aW5nIGZh
Y3RvcjogSSB3YXMgZ29pbmcgdGhyb3VnaCBhIHZlcnkgZGlmZmljdWx0IHRpbWUgaW4gbXkg
bGlmZSB3aGVuIExpYnJlYm9vdCBsZWZ0IEdOVSBhbGwgdGhvZXMgeWVhcnMgYWdvLiBJIHdh
cyByZWd1bGFybHkgZHJpbmtpbmcsIGFuZCBJIHdhcyBkcnVuayB3aGVuIEkgb3JpZ2luYWxs
eSBzZW50IHRob2VzIGhvc3RpbGUgbWVzc2FnZXMgdG8gR05VIGluIDIwMTYuIEknbSBub3Qg
bGlrZSB0aGF0IGZvciB5ZWFycyBub3cuIEkgZG9uJ3QgZHJpbmsgYW55bW9yZSwgYW5kIEkg
ZG9uJ3QgZG8gZHJ1Z3MgLSBhbmQgSSBoYXZlbid0IGRvbmUgc28gZm9yIG1hbnkgeWVhcnMg
bm93Lg0KDQpUaGUgd2F5IEkgc2VlIGl0LCB0aGVyZSB3aWxsIGFsd2F5cyBiZSBhIGRlbWFu
ZCBmb3IgYSBmdWxseSBmcmVlIGNvcmVib290IGRpc3RybywgYW5kIENhbm9lYm9vdCBpcyBj
dXJyZW50bHkgdGhlIG9ubHkgdmlhYmxlIHByb2plY3QgaW4gdGhpcyByZWdhcmQuDQoNCkNh
bm9lYm9vdCBpcyBzdXBlcmlvciB0byBHTlUgQm9vdCBmb3IgdGhlc2UgcmVhc29uczoNCg0K
KiBNdWNoIG1vcmUgdXAgdG8gZGF0ZS4gVXNlcyBjb3JlYm9vdCwgR1JVQiBhbmQgU2VhQklP
UyByZXZpc2lvbnMgZnJvbSAyMDI0LCB3aGVyZWFzIEdOVSBCb290IHVzZXMgcmV2cyBmcm9t
IGxhdGUgMjAyMS4NCg0KKiBCdWlsZCBzeXN0ZW0gaXMgbW9yZSBlZmZpY2llbnQ6IDYgc2hl
bGwgc2NyaXB0cyBpbnN0ZWFkIG9mIEdOVSBCb290J3MgNTAsIGFuZCBhYm91dCAxMzAwIGxp
bmVzIG9mIGNvZGUgaW4gdGhlIGJ1aWxkIHN5c3RlbSwgdmVyc3VzIEdOVSBCb290J3MgfjUw
MDAuIEdlbmVyYWxseSBjbGVhbmVyIGNvZGluZyBzdHlsZSBpbiBDYW5vZWJvb3QuDQoNCiog
RGVzcGl0ZSBiZWluZyBzbWFsbGVyLCBDYW5vZWJvb3QgYWN0dWFsbHkgaGFzIG1vcmUgZmVh
dHVyZXMuIFN1Y2ggYXMgYnVpbGRpbmcgb2Ygc2VycHJvZyBpbWFnZXMgKHRvIG1ha2UgY2hl
YXAgU1BJIGZsYXNoZXJzKSwgc3VwcG9ydCBmb3IgYnVpbGRpbmcgVS1Cb290IHBheWxvYWQg
b24gQVJNIGRldmljZXMgKGFuZCB0aGV5IGJvb3QpLCBhbmQgbW9yZSBoYXJkd2FyZSBzdXBw
b3J0Lg0KDQoqIEkndmUgYmVlbiB3b3JraW5nIG9uIHRoaXMgc3R1ZmYgZm9yIG92ZXIgMTAg
eWVhcnMuIEkga25vdyBhbGwgdGhlIG5vb2tzIGFuZCBjcmFubmllcyBvZiBjb3JlYm9vdCwg
YW5kIGhvdyB0byByZWFsbHkgbWFrZSB5b3VyIGJvb3Rsb2FkZXIgc2luZw0KDQoqIEdOVSBC
b290IHVzZXMgTGlicmVib290J3Mgb2xkIGJ1aWxkIHN5c3RlbSBkZXNpZ24sIHdoaWNoIGlz
IHdoeSBpdCdzIG11Y2ggYmlnZ2VyLiBJIGRpZCBhIHNlcmllcyBvZiBhdWRpdHMgaW4gMjAy
MyB0byB2YXN0bHkgaW5jcmVhc2UgdGhlIGNvZGUgcXVhbGl0eSBpbiB0aGUgYnVpbGQgc3lz
dGVtLg0KDQoqIEdOVSBCb290IGlzIGdvaW5nIHRvIGJlY29tZSBtb3JlIGNvbXBsZXgsIGJl
Y2F1c2UgdGhleSB3YW50L3dhbnRlZCB0byByZXdyaXRlIGl0IGFsbCBpbiBHdWlsbGUgYW5k
IHVzZSB0aGUgR1VpeCBwYWNrYWdlIG1hbmFnZXIgdG8gYnVpbGQgZXZlcnl0aGluZy4gV2hp
bGUgdGhpcyB3b3VsZCBtYWtlIGluZGl2aWR1YWwgYnVpbGRpbmcgZWFzaWVyLCBpdCB3b3Vs
ZCB2YXN0bHkgaW5jcmVhc2UgdGhlIG1haW50ZW5hbmNlIGJ1cmRlbiBhbmQgaW50cm9kdWNl
IG1hbnkgbW92aW5nIHBhcnRzIHRvIHRoZSBwcm9qZWN0LCBtYWtpbmcgaXQgdW5tYWludGFp
bmFibGUgb3ZlciB0aW1lLiBDYW5vZWJvb3QncyBkZXNpZ24gaXMgbXVjaCBzaW1wbGVyIGFu
ZCBJJ20gYWxzbyB3b3JraW5nIG9uIGJvb3RzdHJhcHBpbmcgKGUuZy4gbXVzbC1jcm9zcy1t
YWtlIGludGVncmF0aW9uKQ0KDQoqIEdOVSBCb290IGxhY2tzIG1hbnkgb2YgTGlicmVib290
J3MgbmV3ZXIgc2VjdXJpdHkgZmVhdHVyZXMsIHN1Y2ggYXMgQXJnb24yIEtERiBzdXBwb3J0
IGZvciBMVUtTMiBib290DQoNClNvLCBiYXNpY2FsbHksIENhbm9lYm9vdCBpcyBtdWNoIGVh
c2llciBhbmQgYmV0dGVyLg0KDQpJIGFjdHVhbGx5IGRpZCBpbml0aWFsbHkgdHJ5IHRvIGhl
bHAgR05VIEJvb3QgaW5zdGVhZC4gVGhlIHByb2JsZW0gd2l0aCBHTlUgQm9vdCBpcyB0aGF0
IGl0J3MgYmFzZWQgb24gYSByZWFsbHkgb2xkIExpYnJlYm9vdCB2ZXJzaW9uIGFuZCBoYXNu
J3QgYmVlbiBjaGFuZ2VkIG11Y2ggc2luY2UsIGFuZCB0aGV5J3ZlIGJhc2ljYWxseSBiZWVu
IGluICJkZXZlbG9wbWVudCBoZWxsIi4gSSBzZW50IHRoZW0gZXh0ZW5zaXZlIHBhdGNoZXMg
ZmdpeGluZyBidWlsZCBpc3N1ZXMsIHNvIHRoYXQgaXQgYnVpbGRzIG9uIG1vZGVybiBkaXN0
cm9zLCBhbmRoIEkgc2VudCB0aGVtIHBhdGNoZXMgdXBkYXRpbmcgaXQgdG8gbmV3ZXIgdXBz
dHJlYW0gcmV2aXNpb25zIGUuZy4gY29yZWJvb3QsIGJ1dCBub25lIG9mIG15IHBhdGNoZXMg
d2VyZSByZXZpZXdlZC4gSSBkb24ndCB0aGluayB0aGUgY3VycmVudCBkZXZlbG9wZXJzIGFy
ZSB1cCB0byB0aGUgdGFzaywgYW5kIHRoaXMgaXMgbm90IGFuIGluc3VsdDsgdGhleSB3b3Jr
ZWQgdW5kZXIgbWUgYXMgTGlicmVib290IGNvbnRyaWJ1dG9ycyBpbiB0aGUgcGFzdCwgYW5k
IHRoZXkgb25seSBldmVyIHdvcmtlZCBvbiBtaW5vciB0YXNrcywgdGhleSBuZXZlciBkaWQg
YW55dGhpbmcgYmlnLiBJJ3ZlIHNhaWQgaW4gdGhlIHBhc3QgdGhhdCBwZXJoYXBzIEkgc2hv
dWxkIGJlIGFwcG9pbnRlZCBhcyBsZWFkZXIgb2YgR05VIEJvb3QgaW5zdGVhZCwgYnV0IEkg
aGF2ZSBteSBDYW5vZWJvb3QgcHJvamVjdCB3aGljaCBoYXMgc3VycGFzc2VkIGl0IHRlY2hu
aWNhbGx5IGluIGV2ZXJ5IHdheSwgc28gbm93IEkgd2FudCBhIEdOVSBDYW5vZWJvb3QuDQoN
ClVwY29taW5nIHdvcmsgb24gQ2Fub2Vib290Og0KDQoqIE1vcmUgQVJNIGNocm9tZWJvb2tz
LCB3aGljaCBBbHBlciBOZWJpIFlhc2FrIChsaWJyZWJvb3QgZGV2ZWxvcGVyKSBpcyB3b3Jr
aW5nIG9uDQoNCiogTW9yZSBEZWxsIExhdGl0dWRlcyAoR000NSBtb2R1bGVzKS4gSSdtIHdv
cmtpbmcgb24gdGhlc2UsIGJhc2VkIG9uIHRoZSBEZWxsIEU2NDAwIHBvcnQNCg0KKiBNYXRl
IEt1a3JpIChjb3JlYm9vdCBkZXZlbG9wZXIpIGlzIHdvcmtpbmcgb24gYW4gZXhwbG9pdCBv
ZiBJbnRlbCBTQS0wMDA4NiB0byBnYWluIHVuc2lnbmVkIGNvZGUgZXhlY3V0aW9uIG9uIElu
dGVsIE1FIHYxMSwgZm9yIFNreWxha2UgYm9hcmRzLCBidXQgSSdtIHRvbGQgdGhhdCBzaW1p
bGFyIGV4cGxvaXRzIGFyZSBwb3NzaWJsZSBhbmQgd2lsbCBiZSB3b3JrZWQgb24sIGZvciBv
bGRlciBzYW5keWJyaWRnZSwgaXZ5YnJpZGdlIGFuZCBoYXN3ZWxsIGhhcmR3YXJlIChlLmcu
IFRoaW5rUGFkIFgyMjAsIFgyMzAsIFQ0NDBwKSAtIGN1cnJlbnRseSwgdGhlIG9ubHkgYmxv
YnMgbmVlZGVkIG9uIHRob3NlIGJvYXJkcyBhcmUgSW50ZWwgTUUgYW5kIG1pY3JvY29kZSwg
dGhvdWdoIHRoZXkgY2FuIGJvb3Qgd2l0aG91dCBtaWNyb2NvZGUuIFRoZXJlJ3MgYSBjaGFu
Y2UgdGhhdCBpbiB0aGUgbmV4dCBmZXcgeWVhcnMsIHdlIHdpbGwgaGF2ZSB3aGF0IEkgY2Fs
bCB0aGUgSW50ZWwgRnJlZWRvbSBFbmdpbmUsIGEgZnVsbCBmcmVlIHJlcGxhY2VtZW50IG9m
IEludGVsIE1FLiBUaGlzIHdvdWxkIGJlY29tZSBwYXJ0IG9mIEdOVSwgaWYgR05VIGFjY2Vw
dHMgQ2Fub2Vib290IHRvZGF5Lg0KDQoqIExpbnV4LWxpYnJlIHBheWxvYWQgd2l0aCBtdXNs
IGxpYmMgYW5kIGJ1c3lib3gsIGFuZCBVLVJvb3QsIHRvIHByb3ZpZGUgYm9vdGluZyBvZiBs
aW51eCBrZXJuZWxzIG9uIGRpc2sgYW5kIG92ZXIgdGhlIG5ldHdvcmssIGZyb20gdGhlIGZs
YXNoLiAoR05VK0xpbnV4IHN5c3RlbSBpbiBmbGFzaCBiYXNpY2FsbHkpLCB3aXRoIG1hbnkg
c2VjdXJpdHkgZmVhdHVyZXMgc3VjaCBhcyBtZWFzdXJlZCBib290LCBhbmQgbmF0aXZlIHN1
cHBvcnQgZm9yIFpGUyBmaWxlIHN5c3RlbS4NCg0KU29tZSBvciBhbGwgb2YgdGhlIGFib3Zl
LCBhbmQgbW9yZSwgd2lsbCBiZSBwcmVzZW50IGluIENhbm9lYm9vdCB0aGlzIHllYXIuDQoN
ClNvIGhvdyBhYm91dCBpdD8NCg0KTWFueSBwZW9wbGUgd2lsbCBiZSBzdXJwcmlzZWQgYnkg
dGhpcyBlbWFpbC4gQnV0IGlmIHlvdSBwdXQgeW91ciB0cnVzdCBpbiBtZSwgSSBwcm9taXNl
IEkgd29uJ3QgZGlzYXBwb2ludC4gSSB3aWxsIG9mIGNvdXJzZSBtYWtlIGEgc2F2YW5uYWgg
YWNjb3VudCBhcyBwYXJ0IG9mIHRoaXMsIGFuZCB1c2UgaXQsIGlmIGFjY2VwdGVkLg0KDQot
LSANCkNvbXBhbnkgZGlyZWN0b3IsIE1pbmlmcmVlIEx0ZA0KUmVnaXN0ZXJlZCBpbiBFbmds
YW5kLCBOby4gOTM2MTgyNiB8IFZBVCBOby4gR0IyMDIxOTA0NjINClJlZ2lzdGVyZWQgT2Zm
aWNlOiAxOSBIaWx0b24gUm9hZCwgQ2FudmV5IElzbGFuZCwgRXNzZXggU1M4IDlRQSwgVUsN
Cg0K
--------------0qkEOS0KaVvTlm4TzFss1Nsy
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF=
-8">
</head>
<body>
<pre>
Hi
This is sent to GNU Eval team, but CC'd to others. My main recipient is t=
he GNU Eval team.
I want GNU Canoeboot. This is my official contact with GNU, as the lead d=
eveloper and founder of the Canoeboot project, a fully free coreboot dist=
ro based on Libreboot.
Canoeboot has recently removed all opposition to the FSF and decided to s=
taunchly promote it instead, in addition to FSDG. This is part of a gener=
al desire I've had since the start of the year, to seek reconcilliation w=
ith the FSF and GNU project, after the drama that ensued first with libre=
boot.org vs libreboot.at, and then libreboot.org vs GNU Boot.
This change is permanent, whether GNU accepts my proposal today; even if =
Canoeboot does not become GNU Canoeboot, it will continue to operate as i=
t does now. I recently did a release which is staunchly pro-FSF. I've don=
e this, precisely because GNU Boot is no longer competition to Canoeboot =
in any way; GNU Boot seems to have stalled, so Canoeboot has, with this m=
oved, effectively replaced it. I don't say this as an attack, but it is a=
fact that GNU Boot has, as I write this, not submitted anything to their=
main branch in over 4 months. it's now a dead project, and Canoeboot is =
taking over.
I know GNU Boot is already a thing. I envision Canoeboot replacing it. No=
w, answers to questions from gnueval form:
* General Information
** Do you agree to follow GNU policies?
If your program is accepted to be part of the GNU system, it means
that you become a GNU maintainer, which in turn means that you will
need to follow GNU policies in regards to that GNU program.
(Summarized above, see maintainers document for full descriptions.)
Yes. Canoeboot already complies fully with the GNU Free System Distributi=
on Guidelines. There may be a few stragglers left over from when it forke=
d from Libreboot, but these will surely be found during review.
I've already done extensive auditing myself, as has Craig Topham in his c=
apacity as Licensing and Compliance officer at the FSF. (Canoeboot 2023 r=
eleases were audited)
** Package name and version:
Canoeboot 20240510
** Author Full Name &lt;Email&gt;:
Leah Rowe <a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:info@minifree=
=2Eorg">&lt;info@minifree.org&gt;</a>
** URL to package home page (if any):
<a class=3D"moz-txt-link-freetext" href=3D"https://canoeboot.org/">https:=
//canoeboot.org/</a>
** URL to source tarball:
Please make a release tarball for purposes of evaluation, whether
or not you publicly release it. If you don't have
anywhere to upload it, send it as an attachment.
<a class=3D"moz-txt-link-freetext" href=3D"https://www.mirrorservice.org/=
sites/libreboot.org/release/canoeboot/20240510/canoeboot-20240510_src.tar=
=2Exz">https://www.mirrorservice.org/sites/libreboot.org/release/canoeboo=
t/20240510/canoeboot-20240510_src.tar.xz</a>
NOTE: Several changes have been made since that release. Check the git lo=
g for cbwww.git and cbmk.git - some of these are relevant as part of eval=
uation (I fixed several issues already, that you're likely to flag in the=
tarball).
** Brief description of the package:
</pre>
<p>The <em>Canoeboot</em> project provides <a
href=3D"https://writefreesoftware.org/learn">free</a> (<em>libre<=
/em>)
boot firmware based on coreboot, replacing proprietary BIOS/UEFI
firmware on <a href=3D"https://canoeboot.org/docs/hardware/">specif=
ic
Intel/AMD x86 and ARM based motherboards</a>, including laptop
and desktop computers. It initialises the hardware (e.g.=C2=A0memor=
y
controller, CPU, peripherals) and starts a bootloader for your
operating system. <a href=3D"https://canoeboot.org/docs/gnulinux/">=
GNU+Linux</a>
and <a href=3D"https://canoeboot.org/docs/bsd/">BSD</a> are
well-supported. Help is available via <a
href=3D"https://web.libera.chat/#canoeboot">#canoeboot</a> on <a
href=3D"https://libera.chat/">Libera</a> IRC.</p>
<pre>
* Code
** Dependencies:
Please list the package's dependencies (source language, libraries, e=
tc.).
Canoeboot build system (cbmk) written in POSIX shell scripts (sh)
Utils (util/) written in a mix of C and Go
Upstream projects such as coreboot, GRUB, SeaBIOS largely written in C, w=
ith a bit of Go and python, also a mild seasoning of x86 assembly languag=
e, in a few cases.
** Configuration, building, installation:
It might or might not use Autoconf/Automake, but it must meet GNU
standards. Even packages that do not require compilation
must follow these standards, so installers have a uniform way to
define target directories, etc. Please see:
<a class=3D"moz-txt-link-freetext" href=3D"http://www.gnu.org/prep/st=
andards/html_node/Configuration.html">http://www.gnu.org/prep/standards/h=
tml_node/Configuration.html</a>
<a class=3D"moz-txt-link-freetext" href=3D"http://www.gnu.org/prep/st=
andards/html_node/Makefile-Conventions.html">http://www.gnu.org/prep/stan=
dards/html_node/Makefile-Conventions.html</a>
Does not meet standards at all, but neither does GNU Boot and neither did=
the erstwhile GNU Libreboot; it was accepted both then and now that the =
design is different, but that GNU needed a viable FSDG-compliant coreboot=
distro.
The Canoeboot build system is documented here:
<a class=3D"moz-txt-link-freetext" href=3D"https://canoeboot.org/docs/mai=
ntain/">https://canoeboot.org/docs/maintain/</a>
** Documentation:
We require using Texinfo (<a class=3D"moz-txt-link-freetext" href=3D"=
http://www.gnu.org/software/texinfo/">http://www.gnu.org/software/texinfo=
/</a>)
for documentation, and recommend writing both reference and tutorial
information in the same manual. Please see
<a class=3D"moz-txt-link-freetext" href=3D"http://www.gnu.org/prep/st=
andards/html_node/GNU-Manuals.html">http://www.gnu.org/prep/standards/htm=
l_node/GNU-Manuals.html</a>
Pandoc Markdown is used. See: cbwww.git
The Untitled Static Site Generator is used to generate it.
This is what GNU Boot also uses, and it has Markdown, and was accepted.
** Internationalization:
If your package has any user-visible strings, please make them
translatable to other languages using GNU Gettext:
<a class=3D"moz-txt-link-freetext" href=3D"http://www.gnu.org/softwar=
e/gettext/">http://www.gnu.org/software/gettext/</a>
No i18n, but there are translations of certain pages on the website, main=
tained manually.
Some of the packages that Canoeboot uses may have i18n, such as GNU GRUB.=
** Accessibility:
Please discuss any <a
href=3D"https://www.gnu.org/accessibility/accessibility.html">accessi=
bility issues</a>
with your package, such as use of relevant APIs.
Accessibility issues: no screen reader in the GRUB/SeaBIOS boot menu, tho=
ugh GRUB (coreboot payload often used on Canoeboot installations) has a m=
orse code generator which I could probably re-purpose for blind users.
** Security:
Please discuss any possible security issues with your package:
cryptographic algorithms being used, sensitive data being stored,
possible elevation of privileges, etc.
No issues that I can think of.
Canoeboot actually improves the security on some of its packages. For exa=
mple it adds Argon2 KDF support to GNU GRUB, so that you can boot from LU=
KS2 formatted /boot partitions.
* Licensing:
Both the software itself *and all dependencies* (third-party
libraries, etc.) must be free software in order to be included in
GNU. In general, official GNU software should be released under the
GNU GPL version 3 or any later version, and GNU documentation should
be released under the GNU FDL version 1.3 or any later version.
Canoeboot build system largely GPLv3+, some parts are GPLv2-only.
Coreboot is largely GPLv2.
GRUB largely GPLv3+, sometimes v2+ or v2-only
SeaBIOS largely GPLv2, with some v3 seasoning
Please see <a class=3D"moz-txt-link-freetext" href=3D"http://www.gnu.o=
rg/philosophy/license-list.html">http://www.gnu.org/philosophy/license-li=
st.html</a> for a
practical guide to which licenses are free (for GNU's purposes) and
which are not. Please give specific url's to any licenses involved
that are not listed on that page.
NOTE: Canoeboot already listed on FSD:
<a class=3D"moz-txt-link-freetext" href=3D"https://directory.fsf.org/wiki=
/Canoeboot">https://directory.fsf.org/wiki/Canoeboot</a>
FSF's own craigt heavily audited it over a one-week period, extensively s=
canning it and then going through it all with me.
* Similar free software projects:
Please explain what motivated you to write your package, and search
at least the Free Software Directory (<a class=3D"moz-txt-link-freetex=
t" href=3D"http://www.gnu.org/directory/">http://www.gnu.org/directory/</=
a>)
for projects similar to yours. If any exist, please also explain
what the principal differences are.
GNU Boot
I intend for Canoeboot to replace GNU Boot, and for GNU Boot to be decomm=
issioned, since it is currently a dead project; Canoeboot is the only FSD=
G compliant coreboot distro under active development.
In addition, if accepted, I suppose libreboot.at would also be redirected=
=2E Both libreboot.at and GNU Boot would redirect to Canoeboot.
The current GNU Boot developers are welcome to work with me as contributo=
rs if they wish, but they must not be made maintainers officially; I will=
assume that rule as GNU Canoeboot maintainer.
* Any other information, comments, or questions:
<a class=3D"moz-txt-link-freetext" href=3D"https://trisquel.info/en/forum=
/canoeboot-20240510-released-gnu-fsdg-compliant-100-free-software-coreboo=
t-distro-replacing-pro">https://trisquel.info/en/forum/canoeboot-20240510=
-released-gnu-fsdg-compliant-100-free-software-coreboot-distro-replacing-=
pro</a>
This link contains discussion, including from jxself (leading member of G=
NU Advisory Committee). The subtext is GNU Canoeboot, because jxself was =
aware of my plan when he posted here.
Early days thus far, but the gist is this: Canoeboot has dropped 100% of =
its hostility to FSF and I've decided that it will staunchly *support* th=
e FSF instead, openly promoting GNU FSDG policy and encouraging the use o=
f FSDG licensed distros such as Trisquel. This would be just like the goo=
d old days of GNU Libreboot! This change is permanent.
I wasn't going to make this request to gnueval, but since GNU Boot isn't =
really a thing anymore (no commits in over 4 months on their main branch,=
and generally slow development before then), I thought: why not?
Canoeboot is being kept separate from Libreboot from now on. It no longer=
promotes Libreboot. When I'm working on Canoeboot, I simply enter GNU Le=
ah Mode, which is a brainmode where I believe absolutely in it and will s=
tand by it to the very end. I'm really good at that, and I also did that =
when GNU Libreboot was a thing.
I've already spoken to several people who are influential such as Mike Ge=
rwitz and Bob Proulx, and they have said that, in principle, they support=
this move, though they have also told me that they will not be involved =
(of course, if they do want to, I'd like that).
GNU Canoeboot.
That is what I want, and that is what I propose. I will follow all rules =
and do things right.
Also:
Another librexit (libreboot exit from GNU) will not occur. Canoeboot will=
be GNU forever, if accepted. I never told anyone this before, and it's n=
ot an excluse, but it is a mitigating factor: I was going through a very =
difficult time in my life when Libreboot left GNU all thoes years ago. I =
was regularly drinking, and I was drunk when I originally sent thoes host=
ile messages to GNU in 2016. I'm not like that for years now. I don't dri=
nk anymore, and I don't do drugs - and I haven't done so for many years n=
ow.
The way I see it, there will always be a demand for a fully free coreboot=
distro, and Canoeboot is currently the only viable project in this regar=
d.
Canoeboot is superior to GNU Boot for these reasons:
* Much more up to date. Uses coreboot, GRUB and SeaBIOS revisions from 20=
24, whereas GNU Boot uses revs from late 2021.
* Build system is more efficient: 6 shell scripts instead of GNU Boot's 5=
0, and about 1300 lines of code in the build system, versus GNU Boot's ~5=
000. Generally cleaner coding style in Canoeboot.
* Despite being smaller, Canoeboot actually has more features. Such as bu=
ilding of serprog images (to make cheap SPI flashers), support for buildi=
ng U-Boot payload on ARM devices (and they boot), and more hardware suppo=
rt.
* I've been working on this stuff for over 10 years. I know all the nooks=
and crannies of coreboot, and how to really make your bootloader sing
* GNU Boot uses Libreboot's old build system design, which is why it's mu=
ch bigger. I did a series of audits in 2023 to vastly increase the code q=
uality in the build system.
* GNU Boot is going to become more complex, because they want/wanted to r=
ewrite it all in Guille and use the GUix package manager to build everyth=
ing. While this would make individual building easier, it would vastly in=
crease the maintenance burden and introduce many moving parts to the proj=
ect, making it unmaintainable over time. Canoeboot's design is much simpl=
er and I'm also working on bootstrapping (e.g. musl-cross-make integratio=
n)
* GNU Boot lacks many of Libreboot's newer security features, such as Arg=
on2 KDF support for LUKS2 boot
So, basically, Canoeboot is much easier and better.
I actually did initially try to help GNU Boot instead. The problem with G=
NU Boot is that it's based on a really old Libreboot version and hasn't b=
een changed much since, and they've basically been in "development hell".=
I sent them extensive patches fgixing build issues, so that it builds on=
modern distros, andh I sent them patches updating it to newer upstream r=
evisions e.g. coreboot, but none of my patches were reviewed. I don't thi=
nk the current developers are up to the task, and this is not an insult; =
they worked under me as Libreboot contributors in the past, and they only=
ever worked on minor tasks, they never did anything big. I've said in th=
e past that perhaps I should be appointed as leader of GNU Boot instead, =
but I have my Canoeboot project which has surpassed it technically in eve=
ry way, so now I want a GNU Canoeboot.
Upcoming work on Canoeboot:
* More ARM chromebooks, which Alper Nebi Yasak (libreboot developer) is w=
orking on
* More Dell Latitudes (GM45 modules). I'm working on these, based on the =
Dell E6400 port
* Mate Kukri (coreboot developer) is working on an exploit of Intel SA-00=
086 to gain unsigned code execution on Intel ME v11, for Skylake boards, =
but I'm told that similar exploits are possible and will be worked on, fo=
r older sandybridge, ivybridge and haswell hardware (e.g. ThinkPad X220, =
X230, T440p) - currently, the only blobs needed on those boards are Intel=
ME and microcode, though they can boot without microcode. There's a chan=
ce that in the next few years, we will have what I call the Intel Freedom=
Engine, a full free replacement of Intel ME. This would become part of G=
NU, if GNU accepts Canoeboot today.
* Linux-libre payload with musl libc and busybox, and U-Root, to provide =
booting of linux kernels on disk and over the network, from the flash. (G=
NU+Linux system in flash basically), with many security features such as =
measured boot, and native support for ZFS file system.
Some or all of the above, and more, will be present in Canoeboot this yea=
r.
So how about it?
Many people will be surprised by this email. But if you put your trust in=
me, I promise I won't disappoint. I will of course make a savannah accou=
nt as part of this, and use it, if accepted.
</pre>
<p></p>
<pre class=3D"moz-signature" cols=3D"72">--=20
Company director, Minifree Ltd
Registered in England, No. 9361826 | VAT No. GB202190462
Registered Office: 19 Hilton Road, Canvey Island, Essex SS8 9QA, UK</pre>=
</body>
</html>
--------------0qkEOS0KaVvTlm4TzFss1Nsy--
--------------qXtx1QnbZel60GYrRxArVU6C
Content-Type: application/pgp-keys; name="OpenPGP_0x5C654067D383B1FF.asc"
Content-Disposition: attachment; filename="OpenPGP_0x5C654067D383B1FF.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGWN15sBEADECGPEe37tdU3xe7OshKU19xVOPuJRMveCO5DHfv/lsZMXLWXw
MMpbG+2xSMQZcdZc0HCUq6TQE9fU0rA3kcFz0miMOuB2WJbYy9guvg9pAjLa0LUy
b2T/HPDDy0ifYtqrOzwETwWRiWQcTHjJ0knwNReaEterpPki1MbK79EwSuQBIgq9
lQ611qLn5SmE7sBRB5kze7q3KdTvY/CTfvOpVizgRF8kqqG4r4XkI0dTyrvC3i3E
ub3F3YPWNjN06rECG6wO+TPzRo7em+0CdPYDgtqq4Srf050KNZsVt10Plty5VpJm
2GfoXFh6SZBO1zSbBpTGU+7vBsR731ye2ouQdcIs06Qi4wHmJ71liqJwxZ0ju2F5
edC7jDzdk4jAIaCiSiU+iGg28RsxoUdLkJl5Q4yW507Gr0psHIBJBAWJo1i75qKV
hrmN25xjJLv0MjgaR7RgT1T7uuX1KPuo8NbHbRlkIv7987NeJzgbUzzpka2MJjTE
d1ova9kPyICVmKCfBnT+bO3vfJAuQXRlf3qjXSLsxCD7Jmu07if0jXFIvjy/nC4H
0QPlwd/sVS7Svfn4rEGEnulrtBvVdOr6I+LmDedbSsSlYNlqagdyGsdKZfWSGxhj
fz4oAkVy+y39s1qAnM5191m+u72dmnQPtxI8lEH/G+j+hK8NxDvV5ri3owARAQAB
zR1MZWFoIFJvd2UgPGluZm9AbWluaWZyZWUub3JnPsLBlAQTAQoAPhYhBIux99KM
92ltv09xklxlQGfTg7H/BQJljdebAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEFxlQGfTg7H/PKoQAIB8z2Rg+R0417YRTBXvbVG5kPpKOO3DWUaQ
CJx6uypBUpgw2giKDsDz59c2vNaADs7Zh5xQ+2bzB+jkCjVSuzguApT3gxTnICvL
eM72d5ZEF6Q8/YC6s9IiIHssCujbxtNN5yDU/Kn9Qd3gb+Bn9t/ZYT+L/SGLU3Ze
rq57lSt8ixU7JOvAolgqRzaPwTFvi1GPZbE5Gynj9riTxZc3KLFROWYNiiO33T+X
17TepTUaubkoA3DgWcQ6tw2dsJ8MT0DtZH8KlU/ufq0NBfFIw79uCQ+m/GbiW9Sm
KtppayLUJyJndlf5fQ/NaNJw9RS+yF5ellGKWWAwh+Drv0PITzJ1dLeWOF5degty
n9+HaMSMRIs5G6m69UxZmLJ9TQF1Lt1u0l1EH7yHIAf69MX4nlcDIx6moIJgo2UJ
9u2D7odDUKlPG8X4lbc5cvGx9l/Hy6WF8dOYUiU1avU65uhggaNXGXC6JbDiChCe
uWTnzKXqlvae8rU9jSpDBSQFlOOgvi3NifDLM7xFByDtFabnJHniNO1B6kS0V0nv
6sJlRuB584kQUQ+PaRUj8QvXjsLvYhxYTw2G7jzQkXEOBZq3jenVzAg5ejOB7mTN
oZOYOWoFY7XDRUGOmGDvH2qQGVNhedhSBJilAiu6K0NyjkaFAGufvgXDjLImPav/
kWdbTDvNzsFNBGWN15sBEADj4Dhn29Z0LVU+B1Wc8U0wdV7NbDIjbhEvJ0Yc+FTN
orQq7avY9jTkGtcnKPUti6cJxuQOZPxaIzP1mMK9BlsGbB8bTJ7oqpsIXuvGKOOZ
QMb7i+qEIfJw6ZAXSwuKq4xBciJU52WdX8OaSWJ6KZX74yrE1SXW+7yj3ENZNWuT
N2kAPF595XYpZwTAaJRy/ojfORu8WFXvo5osZJI1TlrJeDFecBntPkCgvI1VPTF3
fUU3lGZc8rVascaGaJ6tBd5mTx/RrRyJrrJMEd1dca0MHV4WIDbNeINpbEhS2Sbq
Oj/9q9z8tfmleqXVjb+gKjSDpD8Nsxv9+2gq29tevMLqZ5R3NA4jj4rOnyIuq+YF
tkZuBuEc04UX3ApixdAQ0jINhIBfT8YcMC+wwTvl4jG4Rhzrc4jOX8igOe9wkstb
l7JxGJU28x4htskAyM2CMxPaUrorm64cU2S0UoJGrvLfjItGud8dyM+RgtaO5wTF
NO2A0dnq2/thIIgoEaiQfKMq2ilISsnf6x8as0FV3c7mGO8pDJlRwjoNg/89CMhx
VbgO+5JQ+JHLfoMA++R+QaYy1ZLY51h5Ax6OtVWpZh67EuVDLx/5EFiyM25UTpqv
H7t0ae2oLbAwQtIv1fRLhHP4aVSsP793of92/1lpybbpRD7/7ruVQ64d+/N49db6
mQARAQABwsF8BBgBCgAmFiEEi7H30oz3aW2/T3GSXGVAZ9ODsf8FAmWN15sCGwwF
CQlmAYAACgkQXGVAZ9ODsf8EqQ/8CjAQTza1pvd/GmKYHtldSA1odPB7AQkB+j4o
yu5gDqtM/fFRv3uGVYLcyZwC3XF69KL+NpcUYG22RQWokt+z3OiVYfP5LyKjXe2c
PMS2cmyXBHEcCP8QSffNQNoC2VYzaVXH4P6cBVmkDG3yPtQ2cH1Al6jhMS4Fa0TC
e6kgA7qROSoapdZuwbxEE7FeaYZIXQUBLpe2C6SexljD65DLhbDE5p4N56VbncO6
IAqr9JQSlEXBgvgXGhXqfOmZkmCjXJU7Sgy8sIyF4b1uEOkcWxUUfvfrO1yrcWyx
vTlZdPCJy802B7UVFPWTbKwFoyIq5Lr8wk2npzAmDy/hKZlIV72Vk0eIcrTCfpbj
0GehrIIYcpW7Z2IUtETNkyuQs+OScIdrP3PItajNwktQJrhz+UGbF9MuT+CHuruh
w5KzymkzcnEzCNaYvY4eG8IXP6VpX1GCs9eUvCWEnjP0OkmhQniWvS3vAB7DfZSm
0NAoDX0ZvNzzIRbiM5uhYqDUSIsmOwUiJLjveLysmIRaAc/K/Euml0obCUJfanD7
KSs7SZYp24ZTDNsvsWbsk1y8QvAGkZBfuykfRCMxsmGRyN2hS6H/ftttCUrj8Qn1
/hJDBegEUJgYDItHpE7KJeBHMFNUB2sTHPbzx+a5WPYxeYJevAeTwAg0/nRobXRz
ER7BLIU=3D
=3D29JQ
-----END PGP PUBLIC KEY BLOCK-----
--------------qXtx1QnbZel60GYrRxArVU6C--
--------------K2qUk5UHVXzKPCuKPN8riXWW--
--------------QXCa2wGHkDkyD669GgjjqNUT
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEi7H30oz3aW2/T3GSXGVAZ9ODsf8FAmZA10IFAwAAAAAACgkQXGVAZ9ODsf9i
zQ//YateZS8rcc4CKaqGwGpwOq+hepIigkQznYXi5c1p5gHdcVExi4RzkzfdwfOEmqzpMYfX7ivd
+zlgyEx0u6v/fDE2gtTUbT6p/17PI+aKw/mubMeA42jRTuey3jmOUf6fek5crpMkZyd//Q9iXGj1
LGQ6pZFhb2hk5RNCYU4n8Lv55LW0tlW4jToagkCxQ403ji6YXLugLbTfgctnP17dkuIvwO7vKL3D
xzzNa6joluoEvVPKwRVBycaWTaGLYVYXPO4CBiX9ZxaNWN1RZaxBL3t9ZHL3WZndzK4kymJtStAJ
TYjOGRQt0rQSh1DoNwSK//vFOMaJXjalQhmC6Qrf/1ee6sdTwg8V1SficuseJBkZ400RDowYUwg9
BFdzkRMVhHH+oauxOE+lhzPYMwteYTggy5oob/M5DCpZMSG5rz1ySx+1WtTANwkQ7XmLxbV7DVxN
vHR3FCvnsBvW7h5vqNWfUCkfIDeHKXPP+p85T/FW+BLYJeyAvPSPOnoDemsfowXxzkm1z/nc01ok
Vg4zARtSCjYXZZheD+0CgXZPDEnXavQC4ol4bD+/AZA3J8G24H6qf+QLs7cTD5putPwdwFTNZGJt
Br68vl8pzoLx6Rxu+e2JSbflhL7gNAkdCEbpClIQ+uU8fG/O69OaMWkoYEn1QzmOvH+YcvXWVPOK
nc0=
=JKOf
-----END PGP SIGNATURE-----
--------------QXCa2wGHkDkyD669GgjjqNUT--
```
That is all.
I anticipate that precisely nothing will happen; however, I am deadly serious,
and I would be quite pleased if they say yes.
```
flashprog -p linux_spi:dev=/dev/canoe0.0,canoespeed=gnu -w canoegnucanoegnu.gnu.rom
```
Follow-up
=========
In addition to the original message, I also sent this message to GNU Eval:
some people have actually asked me if i should contribute to GNU Boot, instead of trying to replace it with GNU Canoeboot. They have asked this outside of this email discussion, but some here may be wondering that.
I'd like now to address it. Here goes:
I actually submitted extensive patches to gnuboot in January 2024:
<https://lists.gnu.org/archive/html/gnuboot-patches/2024-01/index.html>
<https://web.archive.org/web/20240511074211/https://lists.gnu.org/archive/html/gnuboot-patches/2024-01/index.html>
The patches were never reviewed, let alone merged, but they:
* Replace "Libreboot" with "GNU Boot" in several places on the documentation (**THIS IS THE ONLY PATCH THEY MERGED**)
* Fix major build issues, allowing GNU Boot to build on modern distros (GNU Boot only builds on Trisquel 10, my patches make it build on 12. also Gentoo-libre and Arch/Parabola)
* Add Dell Latitude E6400 support
* Fix hang in GRUB caused when there is a stuck key, by disabling the "Unknown key" spew message
* ESP and btrfs subvol support in grub.cfg
* Fixes building KGPE-D16 on newer distros, by skipping GNAT which isn't needed
* Add gru bob support (rk3399 chromebooks, with free EC and *no* microcode) - ditto gru kevin
* Keyboard fix for GRUB: force it to use scancode set 2 translated, instead of untranslated set 2 to work around buggy ECs such as Dell Latitude E6400
* Avoid spewing the Unknown prefix message in GRUB
* Adds the dell-flash-unlock tool from Nicholas Chin, allowing internal flashing from factory BIOS to GNU Boot, on the E6400
* cache cbfstool/ifdtool builds to speed up build time
* better caching of coreboot rom images during build, to speed up build time
* Prevent future GRUB build errors by disabling -Werror
* Support for *building* U-Boot as a coreboot payload, on gru bob/kevin chromebooks (GNU Boot only archives it, doesn't build it)
A second patch set that I sent does the above, and also:
* Updates GRUB, coreboot and SeaBIOS to newer revisions from late 2023 (GNU Boot uses late 2021 revisions)
* Adds Argon2 KDF support, for booting from LUKS2-encrypted /boot (GNU Boot can't boot from encrypted LUKS2 /boot without this patch)
* Reduced the number of modules in GRUB to only those needed, saving 100KB of space in flash
* Update memtest86+ to v6.x instead of 5.x
I sent all of these patches to GNU Boot while bored, and it only took me 1 day to implement all of them, re-using what I had done in Canoeboot months beforehand
My patches fixed all of the fundamental issues with GNU Boot, without rewriting the build system; they use an older version of the Libreboot build system, prior to my re-write of the latter half of 2023 (my re-write makes the build system much smaller and more efficient.
All of the above improvements *and much more* is in Canoeboot. In terms of development, Canoeboot is about 2 years ahead of Canoeboot; Canoeboot has since far surpassed the improvements sent to GNU Boot in January, so even if they did merge them now, they'd still be behind.
I may be missing a thing or two, above, but one thing I'm not missing is my strong and stable commitment to the free software movement, even when I'm dealing with hostile project maintainers who won't even consider my patches.
This is why I will no longer assist the GNU Boot project. Because I tried to help them; and this wasn't my first attempt to help, either.
Whether GNU accepts Canoeboot or not, Canoeboot will continue to press full speed ahead. I say now it's 2 years ahead of GNU Boot;
Next year it'll be 3 years ahead.

199
site/news/policy.md Normal file
View File

@ -0,0 +1,199 @@
% Binary Blob Extermination Policy
% Leah Rowe
% 10 January 2025
This page describes Canoeboot's policy of *de-blobbing*. It is in stark
contrast to [Libreboot's Binary Blob Reduction
Policy](https://libreboot.org/news/policy.html); Libreboot removes proprietary
code, replacing it with Free Software whenever possible, but also supports
much newer hardware than Canoeboot, and certain vendor code is still required
on many newer machines. In practise, the level of software freedom you get with
Libreboot is far greater than you would otherwise get, and Libreboot *also*
deletes every blob, on the same hardware that Canoeboot supports.
The only minor difference, on boards that both projects support, is that
Libreboot includes CPU microcode updates by default. This is required, for
stability; Canoeboot can be unstable at times, on some machines, since it
excludes microcode updates entirely.
Canoeboot, then, is a more dogmatic approach to the same problem, of how to
provide users with fully free boot firmware. It is dogmatic, to the point of
being *pedantic*, but it provides a viable solution for Free Software purists.
The policy that you're about to read, the one Canoeboot uses, is the same one
that Libreboot previously used. Libreboot adopted the *Binary Blob Reduction
Policy* on 17 November 2022, but Libreboot has existed since December 2013.
Canoeboot started in October 2023, because of a minority of users that still
demanded such a project exist as the old Libreboot did.
Introduction
============
Canoeboot intentionally *de-blobs* coreboot, which is to say that it does not
include binary blobs. The coreboot software otherwise requires binary blobs on
some of the systems that it has support for. Canoeboot's version of coreboot is
entirely *free*, on its consequently reduced set of supported mainboards.
It was decided that a formal policy should be written, because there is quite
a bit of nuance that would otherwise not be covered. Canoeboot's policies in
this regard were previously ill defined.
It is important to define *how* Canoeboot distinguishes binary blobs, and how
they are removed. You can also read more about the de-blobbing process
on the [about](../about.md) page.
Background information
======================
Canoeboot concerns itself only with what goes in the main boot flash IC, but
there are other pieces of firmware to take into consideration, as covered
in the [Canoeboot FAQ](../faq.md#what-other-firmware-exists-outside-of-canoeboot).
Most critical of these are:
* Embedded controller firmware
* HDD/SSD firmware
* Intel Management Engine / AMD PSP firmware
Specific binary blobs are also problematic, on most coreboot systems, but they
differ per machine. Canoeboot *excludes* binary blobs in releases, so it only
supports a handful of machines from coreboot.
For information about Intel Management Engine and AMD PSP, refer to the FAQ.
So what *is* Canoeboot's policy?
================================
Canoeboot follows a very conservative and *light touch* approach, when it comes
to deblobbing coreboot.
Canoeboot only excludes *software* binary blobs, plus CPU microcode updates,
completely in line with FSF policy. *In practise, it is mostly microcode
updates that Canoeboot's build system deletes, along with coreboot Git history
so that no traces remain of old revisions; older revisions had many blobs in
the main repository, but modern coreboot moved almost all of them to third
party submodule repositories.*.
*Non-software* blobs are permitted, so long as they are in an easily understood
and/or well-documented format. For example, DDR training data is permitted
(patterns used during memory controller initialization, specifically training,
where the precise timings for the RAM are brute-forced); this is not software.
SPD data stored in the coreboot Git repository is in all cases some format
that's simply more efficient to store as a binary, in a format that is in fact
known/understood (see: coreboot source code and data sheets); in many cases,
there's only *one* correct way to write such data, making even the question of
copyright a moot point. Data is data, and code is code; the two are *separate*.
Non-software blobs must be redistributable under a free license, and must not
be encumbered by DRM, or they will not be included in Canoeboot.
Logic (in coreboot) for *loading or executing* binary blobs should not
be removed/disabled. Canoeboot merely *excludes* the blobs themselves. Most
of the blobs that Canoeboot removes (when downloading coreboot, in the build
system) are CPU microcode updates; Canoeboot leaves the code for loading
microcode updates intact, and you can in fact insert microcode updates into
your ROM image. This behaviour is intentional, and must not be removed. The
only job Canoeboot has is to not *distribute* those blobs itself!
*That's all*. Furthermore, Canoeboot must only support systems where *all* of
the main boot flash can be free. For example, ivybridge and sandybridge intel
platforms are completely libre in coreboot, but you still need neutered Intel
ME firmware in the flash, making those machines unsuitable for Canoeboot.
Other firmware, such as Embedded Controller firmware, is currently outside the
scope of the Canoeboot project, but not due to lack of desire; rather, these
are not yet possible on most supported or otherwise capable platforms, at least
not with free software. Other examples of firmware outside of the main boot
flash is covered in the Canoeboot FAQ.
More detailed insight about microcode
=====================================
To be clear: it is preferable that microcode be free. The microcode on Intel
and AMD systems *are* non-free. Facts and feelings rarely coincide; the
purpose of this section is to spread *facts*.
Not including CPU microcode updates is an absolute disaster for system
stability and security, and yet, this is one of Canoeboot's key policies.
Making matters worse, that very same text quoted from the FSF RYF criteria in
fact specifically mentions microcode. Quoted again for posterity:
*"However, there is one exception for secondary embedded processors. The
exception applies to software delivered inside auxiliary and low-level
processors and FPGAs, within which software installation is not intended after
the user obtains the product. This can include, for instance, microcode inside
a processor, firmware built into an I/O device, or the gate pattern of an FPGA.
The software in such secondary processors does not count as product software."*
Here, it is discussing the microcode that is burned into *mask ROM* on the CPU
itself. It is simultaneously not giving the OK for microcode *updates* supplied
by either coreboot or the Linux kernel; according to the FSF, these are an
attack on your freedom, but the older, buggier microcode burned into ROM is OK.
This is absolutely inconsistent.
The CPU already has microcode burned into mask ROM. The microcode configures
logic gates in the CPU, to implement an instruction set, via special *decoders*
which are fixed-function; it is not possible, for example, to implement a RISCV
ISA on an otherwise x86 processor. It is only possible for the microcode to
implement x86, or *broken* x86, and the default microcode is almost always
*broken x86* on Intel/AMD CPUs; it is inevitable, due to the complexity of
these processors.
The basis of the FSF's disagreement about microcode *updates* is that they do
believe otherwise; Stallman himself expressed such ignorance to me, in a recent
email conversation I had with him, as of January 2nd, 2022. The FSF believes
that these x86 microcode updates (on Intel/AMD) allow you to completely create
a new CPU that is fundamentally different than x86. This is not true. It is also
not true that *all* instructions in x86 ISA are implemented with microcode. In
some cases, hardcoded circuitry is used! The microcode updates are more like
tiny one liner patches here and there in a git repository, by way of analogy.
To once again get in the head-space of the FSF: these updates cannot do the CPU
equivalent of re-factoring an entire codebase. They are *hot fixes*, nothing
more!
These processors provide a way to supply microcode *updates*. These updates
are volatile, and consequently must be applied during every boot cycle. The
updates fix stability/reliability/security bugs, and their *absence*
is *technically incorrect*, but Canoeboot excludes them anyway, because that is
FSF policy. Examples of where these updates fix bugs: on ASUS KCMA-D8/KGPE-D16
and ThinkPad X200/T400/T500/W500/X200T/X200/R500/X301, the updates make
hardware-based virtualization (via `kvm`) completely stable, where it would
otherwise lead to a kernel panic. They allow those same thinkpads to be run with
high CPU usage and I/O (RAM usage), without crashing (otherwise, it's very
likely to encounter a kernel panic caused by a
[Machine Check Exception](../faq.html#machine-check-exceptions-on-some-montevina-penryn-cpu-laptops)).
Not including these updates will result in an unstable/undefined state. Intel
themselves define which bugs affect which CPUs, and they define workarounds, or
provide fixes in microcode. Based on this, software such as the Linux kernel
can work around those bugs/quirks. Also, upstream versions of the Linux kernel
can update the microcode at boot time (however, it is recommend still to do it
from coreboot, for more stable memory controller initialization or “raminit”).
Similar can be said about AMD CPUs.
Here are some examples of where lack of microcode updates affected Canoeboot,
forcing Canoeboot to work around changes made upstream in coreboot, changes
that were *good* and made coreboot behave in a more standards-compliant manner
as per Intel specifications. Canoeboot had to *break* coreboot to retain
certain other functionalities, on some GM45/ICH9M thinkpads:
<https://browse.libreboot.org/lbmk.git/plain/resources/coreboot/default/patches/0012-fix-speedstep-on-x200-t400-Revert-cpu-intel-model_10.patch?id=9938fa14b1bf54db37c0c18bdfec051cae41448e>
<https://browse.libreboot.org/lbmk.git/plain/resources/coreboot/default/patches/0018-Revert-cpu-intel-Configure-IA32_FEATURE_CONTROL-for-.patch?id=4b7be665968b67463ec36b9afc7e8736be0c9b51>
These patches revert *bug fixes* in coreboot, fixes that happen to break other
functionality but only when microcode updates are excluded. The most
technically correct solution is to *not* apply the above patches, and instead
supply microcode updates!
Pick your poison. Canoeboot does not disable the mechanism in coreboot to load
these updates. At boot time, coreboot can supply such updates to the CPU, if
present in CBFS. Canoeboot merely excludes them, but you can add them to your
Canoeboot ROM image. Canoeboot includes CPU microcode updates **by default**,
because there's no other way to achieve stability, and they fix security updates.
You *need* microcode updates, or you will have a broken CPU; broken, because
it literally behaves differently than it's supposed to, so software will have
unpredictable bugs that could even cause data corruption - or worse.