Censored Libreboot c20230710 announcement
Signed-off-by: Leah Rowe <leah@libreboot.org>c20230710
Leah Rowe
parent
0a1da54ee9
commit
fa5a8acad3
|
|
@ -1,3 +1,4 @@
|
|||
censored-libreboot20230710.md
|
||||
audit.md
|
||||
e6400.md
|
||||
mirrors.md
|
||||
|
|
|
|||
|
|
@ -0,0 +1,201 @@
|
|||
% Censored Libreboot c20230710 released!
|
||||
% Leah Rowe
|
||||
% 10 July 2023
|
||||
|
||||
**[Click here for the uncensored version of this page](https://libreboot.org/news/censored-libreboot20230710.html)** -
|
||||
it shows what was removed from regular Libreboot, in order to make this release.
|
||||
|
||||
This version of the release announcement is provided as an illustration of what
|
||||
such an announcement *would* have looked like, under previous Libreboot policy.
|
||||
|
||||
Introduction
|
||||
============
|
||||
|
||||
Libreboot provides boot firmware for supported x86/ARM machines, starting a
|
||||
bootloader that then loads your operating system. It replaces proprietary
|
||||
BIOS/UEFI firmware on x86 machines, and provides an *improved* configuration
|
||||
on [ARM-based chromebooks](../docs/install/chromebooks.html) supported
|
||||
(U-Boot bootloader, instead of Google's depthcharge bootloader). On x86
|
||||
machines, the GRUB and SeaBIOS coreboot
|
||||
payloads are officially supported, provided in varying configurations per
|
||||
machine. It provides an [automated build system](../docs/maintain/) for the
|
||||
[configuration](../docs/build/) and [installation](../docs/install/) of coreboot
|
||||
ROM images, making coreboot easier to use for non-technical people. You can find
|
||||
the [list of supported hardware](../docs/hardware/) in Libreboot documentation.
|
||||
|
||||
Libreboot's main benefit is *higher boot speed*,
|
||||
[better](../docs/linux/encryption.md)
|
||||
[security](../docs/linux/grub_hardening.md) and more
|
||||
customisation options compared to most proprietary firmware. As a
|
||||
[libre](policy.md) software project, the code can be audited, and coreboot does
|
||||
regularly audit code. The other main benefit is [*freedom* to study, adapt and
|
||||
share the code](https://writefreesoftware.org/), a freedom denied by most boot
|
||||
firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/)
|
||||
[supported](../docs/bsd/).
|
||||
|
||||
Build from source
|
||||
-----------------
|
||||
|
||||
*This* release was build-tested on Debian *Sid*, as of 9 July 2023. Your
|
||||
mileage may vary, with other distros. Refer to Libreboot documentation.
|
||||
|
||||
KFSN4-DRE, KCMA-D8, KGPE-D16 re-added
|
||||
-------------------------------------
|
||||
|
||||
FUN FACT: This includes building of ASUS KFSN4-DRE, KCMA-D8 and KGPE-D16
|
||||
boards, which were re-added based on coreboot `4.11_branch`. ROM images are
|
||||
provided for these boards, in this Libreboot release. The toolchain in
|
||||
this coreboot version would not build on modern Linux, so I spent time patching
|
||||
it. I want to use coreboot `4.11_branch` to study code differences between the
|
||||
D8 and D16 boards, which are mostly otherwise identical code-wise, so that I
|
||||
can port KCMA-D8 to Dasharo, and then use that for D8/D16 in Libreboot. Dasharo
|
||||
is based on a much newer coreboot version, with many new fixes/features.
|
||||
|
||||
List of changes relative to Libreboot 20220710
|
||||
==============================================
|
||||
|
||||
New mainboards supported
|
||||
------------------------
|
||||
|
||||
These mainboards are now supported:
|
||||
|
||||
* [Dell Latitude E6400](../docs/hardware/e6400.md)
|
||||
* [ASUS Chromebook Flip C101 (gru-bob)](../docs/install/chromebooks.md)
|
||||
* [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md)
|
||||
|
||||
Build system changes
|
||||
--------------------
|
||||
|
||||
A main focus has indeed been on build system auditing, utilities and
|
||||
general polishing:
|
||||
|
||||
* [MASSIVE build system audit](audit.md) - the entire build system was
|
||||
re-written in a much cleaner coding style, with much stricter error handling
|
||||
and clear separation of logic. A *lot* of bugs were fixed. A *LOT* of bugs.
|
||||
Build system auditing has been the *main* focus, in these past 12 months.
|
||||
* `cros`: Disable coreboot-related BL31 features. This fixes poweroff on gru
|
||||
chromebooks. Patch courtesy of Alper Nebi Yasak.
|
||||
* `u-boot`: Increase EFI variable buffer size. This fixes an error where
|
||||
Debian's signed shim allocates too many EFI variables to fit in the space
|
||||
provided, breaking the boot process in Debian. Patch courtesy Alper Nebi Yasak
|
||||
* Coreboot build system: don't warn about no-payload configuration. Libreboot
|
||||
compiles ROM images *without* using coreboot's payload support, instead it
|
||||
builds most payloads by itself and inserts them (via cbfstool) afterwards.
|
||||
This is more flexible, allowing greater configuration; even U-Boot is
|
||||
handled this way, though U-Boot at least still uses coreboot's crossgcc
|
||||
toolchain collection to compile it. Patch courtesy Nicholas Chin.
|
||||
* `util/spkmodem-recv`: New utility, forked from GNU's implementation, then
|
||||
re-written to use OpenBSD style(9) programming style instead of the
|
||||
originally used GNU programming style, and it is uses
|
||||
OpenBSD `pledge()` when compiled on OpenBSD. Generally much cleaner coding
|
||||
style, with better error handling than the original GNU version (it is forked
|
||||
from coreboot, who forked it from GNU GRUB, with few changes made). This
|
||||
is a receiving client for spkmodem, which is a method coreboot provides to
|
||||
get a serial console via pulses on the PC speaker.
|
||||
* download/coreboot: Run `extra.sh` directly from given coreboot tree. Unused
|
||||
by any boards, but could allow expanding upon patching capabilities in lbmk
|
||||
for specific mainboards, e.g. apply coreboot gerrit patches in a specific
|
||||
order that is not easy to otherwise guarantee in more generalised logic of
|
||||
the Libreboot build system.
|
||||
* `util/e6400-flash-unlock`: New utility, that disables flashing protections
|
||||
on Dell's own BIOS firmware, for Dell Latitude E6400. This enables Libreboot
|
||||
installation *without* disassembling the machine (external flashing equipment
|
||||
is *not required*). Courtesy Nicholas Chin.
|
||||
* Build dependencies scripts updated for more modern distros. As of this day's
|
||||
release, Libreboot compiles perfectly in bleeding edge distros e.g. Arch
|
||||
Linux, whereas the previous 20220710 required using old distros e.g.
|
||||
Debian 10.
|
||||
* `cbutils`: New concept, which implements: build coreboot utilities like
|
||||
cbfstool and include the binaries in a directory inside lbmk, to be re-used.
|
||||
Previously, they would be compiled in-place within the coreboot build system,
|
||||
often re-compiled needlessly, and the checks for whether a given util are
|
||||
needed were very ad-hoc: now these checks are much more robust.
|
||||
Very centralised approach, per coreboot tree, rather than selectively
|
||||
compiling specific coreboot utilities, and makes the build system logic in
|
||||
Libreboot much cleaner.
|
||||
* GRUB config: 30s timeout by default, which is friendlier on some desktops
|
||||
that have delayed keyboard input in GRUB.
|
||||
* ICH9M/GM45 laptops: 256MB VRAM by default, instead of 352MB. This fixes
|
||||
certain performance issues, for some people, as 352MB can be very unstable.
|
||||
* U-Boot patches: for `gru_bob` and `gru_kevin` chromebooks, U-Boot is used
|
||||
instead of Google's own *depthcharge* bootloader. It has been heavily
|
||||
modified to avoid certain initialisation that is replaced by coreboot, in
|
||||
such a way that U-Boot is mainly used as a bootloader providing UEFI for
|
||||
compliant Linux distros and BSDs. Courtesy Alper Nebi Yasak.
|
||||
* lbmk: The entire Libreboot build system has, for the most part, been made
|
||||
portable; a lot of scripts now work perfectly, on POSIX-only implementations
|
||||
of `sh` (though, many dependencies still use GNU extensions, such as GNU
|
||||
Make, so this portability is not directly useful yet, but a stepping stone.
|
||||
Libreboot eventually wants to be buildable on non-GNU, non-Linux systems,
|
||||
e.g. BSD systems)
|
||||
* nvmutil: Lots of improvements to code quality, features, error handling. This
|
||||
utility was originally its own project, started by Leah Rowe, and later
|
||||
imported into the Libreboot build system.
|
||||
* build/boot/roms: Support cross-compiling coreboot toolchains for ARM platforms,
|
||||
in addition to regular x86 that was already supported. This is used for
|
||||
compiling U-boot as a payload, on mainboards.
|
||||
* U-boot integration: at first, it was just downloading U-Boot. Board integration
|
||||
for ARM platforms (from coreboot) came later, e.g. ASUS Chromebook Flip C101
|
||||
as mentioned above. The logic for this is forked largely from the handling
|
||||
of coreboot, because the interface for dealing with their build systems is
|
||||
largely similar, and they are largely similar projects. Courtesy Denis Carikli
|
||||
and Alper Nebi Yasak.
|
||||
* New utility: `nvmutil` - can randomise the MAC address on Intel GbE NICs, for
|
||||
systems that use an Intel Flash Descriptor
|
||||
* General build system fixes: better (and stricter) error handling
|
||||
* Fixed race condition when building SeaBIOS in some setups.
|
||||
* GRUB configs: only scan ATA, AHCI or both, depending on config per board.
|
||||
This mitigates performance issues in GRUB on certain mainboards, when
|
||||
scanning for `grub.cfg` files on the HDD/SSD.
|
||||
* GRUB configs: speed optimisations by avoiding slow device enumeration in
|
||||
GRUB.
|
||||
|
||||
The number of changes are vast, too big to be readable on a release
|
||||
announcement. Again, I say: check log in `lbmk.git`.
|
||||
|
||||
Hardware supported in Censored Libreboot c20230710
|
||||
==================================================
|
||||
|
||||
All of the following are believed to *boot*, but if you have any issues,
|
||||
please contact the Libreboot project. They are:
|
||||
|
||||
Desktops (AMD, Intel, x86)
|
||||
-----------------------
|
||||
|
||||
- [Gigabyte GA-G41M-ES2L motherboard](../docs/hardware/ga-g41m-es2l.md)
|
||||
- [Acer G43T-AM3](../docs/hardware/acer_g43t-am3.md)
|
||||
- [Intel D510MO and D410PT motherboards](../docs/hardware/d510mo.md)
|
||||
- [Apple iMac 5,2](../docs/hardware/imac52.md)
|
||||
|
||||
### Laptops (Intel, x86)
|
||||
|
||||
- **[Dell Latitude E6400](../docs/hardware/e6400.md) (easy to flash, no disassembly, similar
|
||||
hardware to X200/T400)**
|
||||
- ThinkPad X60 / X60S / X60 Tablet
|
||||
- ThinkPad T60 (with Intel GPU)
|
||||
- [Lenovo ThinkPad X200 / X200S / X200 Tablet](../docs/hardware/x200.md)
|
||||
- Lenovo ThinkPad X301
|
||||
- [Lenovo ThinkPad R400](../docs/hardware/r400.md)
|
||||
- [Lenovo ThinkPad T400 / T400S](../docs/hardware/t400.md)
|
||||
- [Lenovo ThinkPad T500](../docs/hardware/t500.md)
|
||||
- [Lenovo ThinkPad W500](../docs/hardware/t500.md)
|
||||
- [Lenovo ThinkPad R500](../docs/hardware/r500.md)
|
||||
- [Apple MacBook1,1 and MacBook2,1](../docs/hardware/macbook21.md)
|
||||
|
||||
### Laptops (ARM, with U-Boot payload)
|
||||
|
||||
- [ASUS Chromebook Flip C101 (gru-bob)](../docs/install/chromebooks.md)
|
||||
- [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md)
|
||||
|
||||
Downloads
|
||||
=========
|
||||
|
||||
You can find this release on the downloads page. At the time of this
|
||||
announcement, some of the rsync mirrors may not have it yet, so please check
|
||||
another one if your favourite one doesn't have it.
|
||||
|
||||
This censored version is in the directory named `censored`, on Librbeoot rsync
|
||||
and https mirrors. For example:
|
||||
|
||||
<https://www.mirrorservice.org/sites/libreboot.org/release/censored/c20230710/>
|
||||
|
||||
Loading…
Reference in New Issue