canoeboot
/
cbwww
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cbwww/site/other.md

11 KiB
Raw Blame History

title x-toc-enable
Other coreboot distributions true

Over the years, several other coreboot distros have come and gone. It has been decided that this page will be written, to document some of them. Not every distro is listed; only those of high quality, or otherwise of interest, will be listed. Quality over quantity.

Canoeboot tries to support as much hardware as possible, and focuses on providing the easiest possible experience for non-technical users; it's also highly configurable for power users. Several other projects exist that target different kinds of users, and support different types of hardware; for example, Canoeboot mostly doesn't target Chromebooks, except for a few.

Canoeboot's main priority is to provide users with free/opensource boot firmware, to help more users achieve a higher level of software freedom.

Well, Canoeboot is great but it may be that Canoeeboot isn't for you; these other projects may support features and mainboards that Canoeboot doesn't, that you may find preferable.

We in the Canoeboot project greatly admire and respect the other distros, and will gladly work with them.

Without further ado,

List of coreboot distros

In alphabetical order:

Chultrabook

Website: https://docs.chrultrabook.com/

Git repositories: https://github.com/chrultrabook

Provides a tailored EDK2(UEFI) payload on supported Chromebooks. You can use this to replace ChromeOS with a regular Linux distro or BSD system - even Windows - if you wish.

The benefit of using Chultrabook is that it provides up to date EDK2, unlike proprietary vendors who often provide old, CVE-ridden versions of EDK2 forks such as InsydeH2O.

With Chultrabook's guidance, you can have a completely up to date UEFI firmware on your machine, and get good use out of your Chromebook for many more years, with regular security updates.

One of Chultrabook's maintainers, Elly, did this talk at 37C3 conference, demonstrating Chultrabook: https://www.youtube.com/watch?v=7HFIQi835wY - and also did this more general talk about coreboot at 38C3: https://www.youtube.com/watch?v=LD9tOcf4OkA. It's very good reference material if you want to know more about coreboot, and coreboot distros more generally.

Elly also did this interview with Brodie Robertson, about coreboot, and explains the concept of a coreboot distro in more detail in one part of the interview: https://www.youtube.com/watch?v=4Am_1MzJ6ZA

Dasharo

Website: https://docs.dasharo.com/

Git repositories: https://github.com/dasharo

Supports many machines, with a choice of EDK2(UEFI) or Heads(Linuxboot) payload in the flash. Some older machines may provide a SeaBIOS payload instead. A lot of work that goes into the upstream coreboot project came from the Dasharo developers.

Dasharo provides their own fork of coreboot, with a specific tree per board. Several coreboot ports (e.g. MSI Z690-A PRO) were implemented directly by the Dasharo project, and later upstreamed into the regular coreboot project.

Dasharo has a special emphasis on commercial application, providing tailored coreboot images for each supported mainboard, with an emphasis on stability.

Heads

Website: https://osresearch.net/

Git repositories: https://github.com/linuxboot/heads

Heads provides a LinuxBoot payload using U-Root, and has many advanced features such as TPM-based MeasuredBoot. With combined use of a FIDO key, you can easily and more reliably determine whether you boot firmware has been tampered with.

The Linux-based payload in flash uses kexec to boot another Linux kernel. It provides an easy to use boot menu, highly configurable and supports many Linux distros easily.

If you're the sort of person who needs full disk encryption and you have a focus on security, Heads is for you. Perfect for use with something like Qubes.

Another focus of the heads project is on reproducible builds. Its build system bootstraps a toolchain that then compiles everything else, including the coreboot crossgcc toolchain. The purpose of this is to provide matching ROM hashes on every build; for this purpose, it also auto-downloads vendor files such as Intel ME at build time, instead of requiring you to dump from the original boot firmware.

Libreboot

Website: https://libreboot.org/

Git repositories: https://libreboot.org/git.html

Libreboot was the first coreboot distro ever, starting in December 2013.

Canoeboot is a special fork of Libreboot; both Canoeboot and Libreboot are maintained in parallel by the same developer, Leah Rowe. Canoeboot supports far less hardware than Libreboot, but provides a pure free software coreboot distribution, due to its blob extermination policy. As a result of Canoeboot's policy, it currently only supports very old hardware.

It otherwise has the exact same design as Libreboot, and is kept in relative sync at all times, often doing releases side by side on the same days as Libreboot.

Libreboot supports more hardware than Canoeboot, due to its more pragmatic Binary Blob Reduction Policy adopted on 17 November 2022; Canoeboot is a continuation of Libreboot from prior to this, since Libreboot initially used the same dogmatic policy as Canoeboot. A small minority of users demanded it post-November 2022, so Canoeboot was born.

If you're an absolute Free Software fanatic, Canoeboot is for you. Otherwise, if you want to use much newer hardware, Libreboot is a worthy choice. Since Canoeboot only supports much older hardware, and uses Libreboot's old policy, you could consider Canoeboot to be legacy Libreboot. Libreboot adopted the Binary Blob Reduction Policy in November 2022, as part of a general desire to support more - and newer - hardware.

Libreboot also includes CPU microcode updates by default, on any given x86 machine that both Canoeboot and Libreboot support; these updates improve system stability and fix security issues. It is for this reason that all users are in fact advised to use Libreboot, not Canoeboot. Canoeboot is meant only as a proof of concept, and/or for purists who absolutely wish to have the purest free software experience possible, regardless of these facts.

MrChromeBox

Website: https://docs.mrchromebox.tech/

Git repositories: https://github.com/MrChromebox/

Provides a tailored EDK2(UEFI) payload on supported Chromebooks. You can use this to replace ChromeOS with a regular Linux distro or BSD system - even Windows - if you wish.

The benefit of using MrChromebox is that it provides up to date EDK2, unlike proprietary vendors who often provide old, CVE-ridden versions of EDK2 forks such as InsydeH2O.

With MrChromebox's guidance, you can have a completely up to date UEFI firmware on your machine, and get good use out of your Chromebook for many more years, with regular security updates.

Ownerboot

Git repository: https://codeberg.org/amjoseph/ownerboot

Ownerboot is an interesting one; it uses the Nix package manager to compile coreboot images, with a Linux-based payload on supported x86 and ARM64 devices. Similar conceptually to Heads, but with a much cleaner build system design.

It comes with the LVM2 and cryptsetup sources included in builds by default, so it can easily be used to create a fully encrypted system, much like Canoeboot's own hardened GRUB setup.

Since it uses Nix, reproducible builds are quite feasible and this is one of the project's primary goals. Interestingly enough, it also supports both the gru kevin chromebook and the ASUS KGPE-D16 boards, which Canoeboot supports but Canoeboot uses U-Boot and a combination of SeaBIOS/GRUB, respectively, on these boards.

Ownerboot's build system can also cross compile everything, so it's quite portable across various host CPUs. It also extends coreboot's normal/fallback payload scheme. See: https://codeberg.org/amjoseph/ownerboot/src/branch/master/doc/fallback.md

All of this combined makes for a highly configurable boot setup, and the Linux payload in flash (using kexec to boot another kernel) is highly flexible, offering many opportunities for security hardening (like Heads).

Skulls

Git repositories: https://github.com/merge/skulls

Skulls provides simple coreboot images with SeaBIOS payload, on a handful of Thinkpads. Libreboot also provides similar SeaBIOS configurations, on all of the same machines, but Libreboot's design does mean that there are a few additional steps for installation.

If you just want the simplest, most barebones setup, Skulls is a great choice.

Libreboot also provides U-Boot and GRUB, and has other ambitions. Libreboot aims to provide ease of use while also providing great power and flexibility. So Libreboot is aimed specifically at power users, while also trying to accomodate non-technical users; Skulls largely targets the latter.

System76 Open Firmware

Git repository: https://github.com/system76/firmware-open

Other repositories e.g. EC firmware: https://github.com/system76

System76 provides their own special coreboot fork, that they tailor for specific machines that they sell; they also provide free EC firmware. Jeremy Soller of System76 maintains this firmware, and the work is regularly upstreamed into the regular coreboot project.

System76 provides the coreboot firmware, along with EDK2 UEFI payload. It can boot Linux distros, BSD systems and even Windows perfectly.