libreboot
/
lbwww
1
0
Fork 0
Code Packages Projects Releases Activity

Censored Libreboot c20230710 announcement 

Signed-off-by: Leah Rowe <leah@libreboot.org>
c20230710
Leah Rowe 2023-07-10 21:31:34 +01:00
parent 0a1da54ee9
commit fa5a8acad3
2 changed files with 202 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
site/news/MANIFEST
View File

@ -1,3 +1,4 @@
censored-libreboot20230710.md
audit.md
e6400.md
mirrors.md

201
site/news/censored-libreboot20230710.md Normal file
View File

@ -0,0 +1,201 @@
% Censored Libreboot c20230710 released!
% Leah Rowe
% 10 July 2023
**[Click here for the uncensored version of this page](https://libreboot.org/news/censored-libreboot20230710.html)** -
it shows what was removed from regular Libreboot, in order to make this release.
This version of the release announcement is provided as an illustration of what
such an announcement *would* have looked like, under previous Libreboot policy.
Introduction
============
Libreboot provides boot firmware for supported x86/ARM machines, starting a
bootloader that then loads your operating system. It replaces proprietary
BIOS/UEFI firmware on x86 machines, and provides an *improved* configuration
on [ARM-based chromebooks](../docs/install/chromebooks.html) supported
(U-Boot bootloader, instead of Google's depthcharge bootloader). On x86
machines, the GRUB and SeaBIOS coreboot
payloads are officially supported, provided in varying configurations per
machine. It provides an [automated build system](../docs/maintain/) for the
[configuration](../docs/build/) and [installation](../docs/install/) of coreboot
ROM images, making coreboot easier to use for non-technical people. You can find
the [list of supported hardware](../docs/hardware/) in Libreboot documentation.
Libreboot's main benefit is *higher boot speed*,
[better](../docs/linux/encryption.md)
[security](../docs/linux/grub_hardening.md) and more
customisation options compared to most proprietary firmware. As a
[libre](policy.md) software project, the code can be audited, and coreboot does
regularly audit code. The other main benefit is [*freedom* to study, adapt and
share the code](https://writefreesoftware.org/), a freedom denied by most boot
firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/)
[supported](../docs/bsd/).
Build from source
-----------------
*This* release was build-tested on Debian *Sid*, as of 9 July 2023. Your
mileage may vary, with other distros. Refer to Libreboot documentation.
KFSN4-DRE, KCMA-D8, KGPE-D16 re-added
-------------------------------------
FUN FACT: This includes building of ASUS KFSN4-DRE, KCMA-D8 and KGPE-D16
boards, which were re-added based on coreboot `4.11_branch`. ROM images are
provided for these boards, in this Libreboot release. The toolchain in
this coreboot version would not build on modern Linux, so I spent time patching
it. I want to use coreboot `4.11_branch` to study code differences between the
D8 and D16 boards, which are mostly otherwise identical code-wise, so that I
can port KCMA-D8 to Dasharo, and then use that for D8/D16 in Libreboot. Dasharo
is based on a much newer coreboot version, with many new fixes/features.
List of changes relative to Libreboot 20220710
==============================================
New mainboards supported
------------------------
These mainboards are now supported:
* [Dell Latitude E6400](../docs/hardware/e6400.md)
* [ASUS Chromebook Flip C101 (gru-bob)](../docs/install/chromebooks.md)
* [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md)
Build system changes
--------------------
A main focus has indeed been on build system auditing, utilities and
general polishing:
* [MASSIVE build system audit](audit.md) - the entire build system was
re-written in a much cleaner coding style, with much stricter error handling
and clear separation of logic. A *lot* of bugs were fixed. A *LOT* of bugs.
Build system auditing has been the *main* focus, in these past 12 months.
* `cros`: Disable coreboot-related BL31 features. This fixes poweroff on gru
chromebooks. Patch courtesy of Alper Nebi Yasak.
* `u-boot`: Increase EFI variable buffer size. This fixes an error where
Debian's signed shim allocates too many EFI variables to fit in the space
provided, breaking the boot process in Debian. Patch courtesy Alper Nebi Yasak
* Coreboot build system: don't warn about no-payload configuration. Libreboot
compiles ROM images *without* using coreboot's payload support, instead it
builds most payloads by itself and inserts them (via cbfstool) afterwards.
This is more flexible, allowing greater configuration; even U-Boot is
handled this way, though U-Boot at least still uses coreboot's crossgcc
toolchain collection to compile it. Patch courtesy Nicholas Chin.
* `util/spkmodem-recv`: New utility, forked from GNU's implementation, then
re-written to use OpenBSD style(9) programming style instead of the
originally used GNU programming style, and it is uses
OpenBSD `pledge()` when compiled on OpenBSD. Generally much cleaner coding
style, with better error handling than the original GNU version (it is forked
from coreboot, who forked it from GNU GRUB, with few changes made). This
is a receiving client for spkmodem, which is a method coreboot provides to
get a serial console via pulses on the PC speaker.
* download/coreboot: Run `extra.sh` directly from given coreboot tree. Unused
by any boards, but could allow expanding upon patching capabilities in lbmk
for specific mainboards, e.g. apply coreboot gerrit patches in a specific
order that is not easy to otherwise guarantee in more generalised logic of
the Libreboot build system.
* `util/e6400-flash-unlock`: New utility, that disables flashing protections
on Dell's own BIOS firmware, for Dell Latitude E6400. This enables Libreboot
installation *without* disassembling the machine (external flashing equipment
is *not required*). Courtesy Nicholas Chin.
* Build dependencies scripts updated for more modern distros. As of this day's
release, Libreboot compiles perfectly in bleeding edge distros e.g. Arch
Linux, whereas the previous 20220710 required using old distros e.g.
Debian 10.
* `cbutils`: New concept, which implements: build coreboot utilities like
cbfstool and include the binaries in a directory inside lbmk, to be re-used.
Previously, they would be compiled in-place within the coreboot build system,
often re-compiled needlessly, and the checks for whether a given util are
needed were very ad-hoc: now these checks are much more robust.
Very centralised approach, per coreboot tree, rather than selectively
compiling specific coreboot utilities, and makes the build system logic in
Libreboot much cleaner.
* GRUB config: 30s timeout by default, which is friendlier on some desktops
that have delayed keyboard input in GRUB.
* ICH9M/GM45 laptops: 256MB VRAM by default, instead of 352MB. This fixes
certain performance issues, for some people, as 352MB can be very unstable.
* U-Boot patches: for `gru_bob` and `gru_kevin` chromebooks, U-Boot is used
instead of Google's own *depthcharge* bootloader. It has been heavily
modified to avoid certain initialisation that is replaced by coreboot, in
such a way that U-Boot is mainly used as a bootloader providing UEFI for
compliant Linux distros and BSDs. Courtesy Alper Nebi Yasak.
* lbmk: The entire Libreboot build system has, for the most part, been made
portable; a lot of scripts now work perfectly, on POSIX-only implementations
of `sh` (though, many dependencies still use GNU extensions, such as GNU
Make, so this portability is not directly useful yet, but a stepping stone.
Libreboot eventually wants to be buildable on non-GNU, non-Linux systems,
e.g. BSD systems)
* nvmutil: Lots of improvements to code quality, features, error handling. This
utility was originally its own project, started by Leah Rowe, and later
imported into the Libreboot build system.
* build/boot/roms: Support cross-compiling coreboot toolchains for ARM platforms,
in addition to regular x86 that was already supported. This is used for
compiling U-boot as a payload, on mainboards.
* U-boot integration: at first, it was just downloading U-Boot. Board integration
for ARM platforms (from coreboot) came later, e.g. ASUS Chromebook Flip C101
as mentioned above. The logic for this is forked largely from the handling
of coreboot, because the interface for dealing with their build systems is
largely similar, and they are largely similar projects. Courtesy Denis Carikli
and Alper Nebi Yasak.
* New utility: `nvmutil` - can randomise the MAC address on Intel GbE NICs, for
systems that use an Intel Flash Descriptor
* General build system fixes: better (and stricter) error handling
* Fixed race condition when building SeaBIOS in some setups.
* GRUB configs: only scan ATA, AHCI or both, depending on config per board.
This mitigates performance issues in GRUB on certain mainboards, when
scanning for `grub.cfg` files on the HDD/SSD.
* GRUB configs: speed optimisations by avoiding slow device enumeration in
GRUB.
The number of changes are vast, too big to be readable on a release
announcement. Again, I say: check log in `lbmk.git`.
Hardware supported in Censored Libreboot c20230710
==================================================
All of the following are believed to *boot*, but if you have any issues,
please contact the Libreboot project. They are:
Desktops (AMD, Intel, x86)
-----------------------
- [Gigabyte GA-G41M-ES2L motherboard](../docs/hardware/ga-g41m-es2l.md)
- [Acer G43T-AM3](../docs/hardware/acer_g43t-am3.md)
- [Intel D510MO and D410PT motherboards](../docs/hardware/d510mo.md)
- [Apple iMac 5,2](../docs/hardware/imac52.md)
### Laptops (Intel, x86)
- **[Dell Latitude E6400](../docs/hardware/e6400.md) (easy to flash, no disassembly, similar
hardware to X200/T400)**
- ThinkPad X60 / X60S / X60 Tablet
- ThinkPad T60 (with Intel GPU)
- [Lenovo ThinkPad X200 / X200S / X200 Tablet](../docs/hardware/x200.md)
- Lenovo ThinkPad X301
- [Lenovo ThinkPad R400](../docs/hardware/r400.md)
- [Lenovo ThinkPad T400 / T400S](../docs/hardware/t400.md)
- [Lenovo ThinkPad T500](../docs/hardware/t500.md)
- [Lenovo ThinkPad W500](../docs/hardware/t500.md)
- [Lenovo ThinkPad R500](../docs/hardware/r500.md)
- [Apple MacBook1,1 and MacBook2,1](../docs/hardware/macbook21.md)
### Laptops (ARM, with U-Boot payload)
- [ASUS Chromebook Flip C101 (gru-bob)](../docs/install/chromebooks.md)
- [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md)
Downloads
=========
You can find this release on the downloads page. At the time of this
announcement, some of the rsync mirrors may not have it yet, so please check
another one if your favourite one doesn't have it.
This censored version is in the directory named `censored`, on Librbeoot rsync
and https mirrors. For example:
<https://www.mirrorservice.org/sites/libreboot.org/release/censored/c20230710/>