From fa5a8acad3a101009d7ad83219678db8ffb4dd60 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Mon, 10 Jul 2023 21:31:34 +0100 Subject: [PATCH] Censored Libreboot c20230710 announcement Signed-off-by: Leah Rowe --- site/news/MANIFEST | 1 + site/news/censored-libreboot20230710.md | 201 ++++++++++++++++++++++++ 2 files changed, 202 insertions(+) create mode 100644 site/news/censored-libreboot20230710.md diff --git a/site/news/MANIFEST b/site/news/MANIFEST index a7bec23..e6b5685 100644 --- a/site/news/MANIFEST +++ b/site/news/MANIFEST @@ -1,3 +1,4 @@ +censored-libreboot20230710.md audit.md e6400.md mirrors.md diff --git a/site/news/censored-libreboot20230710.md b/site/news/censored-libreboot20230710.md new file mode 100644 index 0000000..4177940 --- /dev/null +++ b/site/news/censored-libreboot20230710.md @@ -0,0 +1,201 @@ +% Censored Libreboot c20230710 released! +% Leah Rowe +% 10 July 2023 + +**[Click here for the uncensored version of this page](https://libreboot.org/news/censored-libreboot20230710.html)** - +it shows what was removed from regular Libreboot, in order to make this release. + +This version of the release announcement is provided as an illustration of what +such an announcement *would* have looked like, under previous Libreboot policy. + +Introduction +============ + +Libreboot provides boot firmware for supported x86/ARM machines, starting a +bootloader that then loads your operating system. It replaces proprietary +BIOS/UEFI firmware on x86 machines, and provides an *improved* configuration +on [ARM-based chromebooks](../docs/install/chromebooks.html) supported +(U-Boot bootloader, instead of Google's depthcharge bootloader). On x86 +machines, the GRUB and SeaBIOS coreboot +payloads are officially supported, provided in varying configurations per +machine. It provides an [automated build system](../docs/maintain/) for the +[configuration](../docs/build/) and [installation](../docs/install/) of coreboot +ROM images, making coreboot easier to use for non-technical people. You can find +the [list of supported hardware](../docs/hardware/) in Libreboot documentation. + +Libreboot's main benefit is *higher boot speed*, +[better](../docs/linux/encryption.md) +[security](../docs/linux/grub_hardening.md) and more +customisation options compared to most proprietary firmware. As a +[libre](policy.md) software project, the code can be audited, and coreboot does +regularly audit code. The other main benefit is [*freedom* to study, adapt and +share the code](https://writefreesoftware.org/), a freedom denied by most boot +firmware, but not Libreboot! Booting Linux/BSD is also [well](../docs/linux/) +[supported](../docs/bsd/). + +Build from source +----------------- + +*This* release was build-tested on Debian *Sid*, as of 9 July 2023. Your +mileage may vary, with other distros. Refer to Libreboot documentation. + +KFSN4-DRE, KCMA-D8, KGPE-D16 re-added +------------------------------------- + +FUN FACT: This includes building of ASUS KFSN4-DRE, KCMA-D8 and KGPE-D16 +boards, which were re-added based on coreboot `4.11_branch`. ROM images are +provided for these boards, in this Libreboot release. The toolchain in +this coreboot version would not build on modern Linux, so I spent time patching +it. I want to use coreboot `4.11_branch` to study code differences between the +D8 and D16 boards, which are mostly otherwise identical code-wise, so that I +can port KCMA-D8 to Dasharo, and then use that for D8/D16 in Libreboot. Dasharo +is based on a much newer coreboot version, with many new fixes/features. + +List of changes relative to Libreboot 20220710 +============================================== + +New mainboards supported +------------------------ + +These mainboards are now supported: + +* [Dell Latitude E6400](../docs/hardware/e6400.md) +* [ASUS Chromebook Flip C101 (gru-bob)](../docs/install/chromebooks.md) +* [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) + +Build system changes +-------------------- + +A main focus has indeed been on build system auditing, utilities and +general polishing: + +* [MASSIVE build system audit](audit.md) - the entire build system was + re-written in a much cleaner coding style, with much stricter error handling + and clear separation of logic. A *lot* of bugs were fixed. A *LOT* of bugs. + Build system auditing has been the *main* focus, in these past 12 months. +* `cros`: Disable coreboot-related BL31 features. This fixes poweroff on gru + chromebooks. Patch courtesy of Alper Nebi Yasak. +* `u-boot`: Increase EFI variable buffer size. This fixes an error where + Debian's signed shim allocates too many EFI variables to fit in the space + provided, breaking the boot process in Debian. Patch courtesy Alper Nebi Yasak +* Coreboot build system: don't warn about no-payload configuration. Libreboot + compiles ROM images *without* using coreboot's payload support, instead it + builds most payloads by itself and inserts them (via cbfstool) afterwards. + This is more flexible, allowing greater configuration; even U-Boot is + handled this way, though U-Boot at least still uses coreboot's crossgcc + toolchain collection to compile it. Patch courtesy Nicholas Chin. +* `util/spkmodem-recv`: New utility, forked from GNU's implementation, then + re-written to use OpenBSD style(9) programming style instead of the + originally used GNU programming style, and it is uses + OpenBSD `pledge()` when compiled on OpenBSD. Generally much cleaner coding + style, with better error handling than the original GNU version (it is forked + from coreboot, who forked it from GNU GRUB, with few changes made). This + is a receiving client for spkmodem, which is a method coreboot provides to + get a serial console via pulses on the PC speaker. +* download/coreboot: Run `extra.sh` directly from given coreboot tree. Unused + by any boards, but could allow expanding upon patching capabilities in lbmk + for specific mainboards, e.g. apply coreboot gerrit patches in a specific + order that is not easy to otherwise guarantee in more generalised logic of + the Libreboot build system. +* `util/e6400-flash-unlock`: New utility, that disables flashing protections + on Dell's own BIOS firmware, for Dell Latitude E6400. This enables Libreboot + installation *without* disassembling the machine (external flashing equipment + is *not required*). Courtesy Nicholas Chin. +* Build dependencies scripts updated for more modern distros. As of this day's + release, Libreboot compiles perfectly in bleeding edge distros e.g. Arch + Linux, whereas the previous 20220710 required using old distros e.g. + Debian 10. +* `cbutils`: New concept, which implements: build coreboot utilities like + cbfstool and include the binaries in a directory inside lbmk, to be re-used. + Previously, they would be compiled in-place within the coreboot build system, + often re-compiled needlessly, and the checks for whether a given util are + needed were very ad-hoc: now these checks are much more robust. + Very centralised approach, per coreboot tree, rather than selectively + compiling specific coreboot utilities, and makes the build system logic in + Libreboot much cleaner. +* GRUB config: 30s timeout by default, which is friendlier on some desktops + that have delayed keyboard input in GRUB. +* ICH9M/GM45 laptops: 256MB VRAM by default, instead of 352MB. This fixes + certain performance issues, for some people, as 352MB can be very unstable. +* U-Boot patches: for `gru_bob` and `gru_kevin` chromebooks, U-Boot is used + instead of Google's own *depthcharge* bootloader. It has been heavily + modified to avoid certain initialisation that is replaced by coreboot, in + such a way that U-Boot is mainly used as a bootloader providing UEFI for + compliant Linux distros and BSDs. Courtesy Alper Nebi Yasak. +* lbmk: The entire Libreboot build system has, for the most part, been made + portable; a lot of scripts now work perfectly, on POSIX-only implementations + of `sh` (though, many dependencies still use GNU extensions, such as GNU + Make, so this portability is not directly useful yet, but a stepping stone. + Libreboot eventually wants to be buildable on non-GNU, non-Linux systems, + e.g. BSD systems) +* nvmutil: Lots of improvements to code quality, features, error handling. This + utility was originally its own project, started by Leah Rowe, and later + imported into the Libreboot build system. +* build/boot/roms: Support cross-compiling coreboot toolchains for ARM platforms, + in addition to regular x86 that was already supported. This is used for + compiling U-boot as a payload, on mainboards. +* U-boot integration: at first, it was just downloading U-Boot. Board integration + for ARM platforms (from coreboot) came later, e.g. ASUS Chromebook Flip C101 + as mentioned above. The logic for this is forked largely from the handling + of coreboot, because the interface for dealing with their build systems is + largely similar, and they are largely similar projects. Courtesy Denis Carikli + and Alper Nebi Yasak. +* New utility: `nvmutil` - can randomise the MAC address on Intel GbE NICs, for + systems that use an Intel Flash Descriptor +* General build system fixes: better (and stricter) error handling +* Fixed race condition when building SeaBIOS in some setups. +* GRUB configs: only scan ATA, AHCI or both, depending on config per board. + This mitigates performance issues in GRUB on certain mainboards, when + scanning for `grub.cfg` files on the HDD/SSD. +* GRUB configs: speed optimisations by avoiding slow device enumeration in + GRUB. + +The number of changes are vast, too big to be readable on a release +announcement. Again, I say: check log in `lbmk.git`. + +Hardware supported in Censored Libreboot c20230710 +================================================== + +All of the following are believed to *boot*, but if you have any issues, +please contact the Libreboot project. They are: + +Desktops (AMD, Intel, x86) +----------------------- + +- [Gigabyte GA-G41M-ES2L motherboard](../docs/hardware/ga-g41m-es2l.md) +- [Acer G43T-AM3](../docs/hardware/acer_g43t-am3.md) +- [Intel D510MO and D410PT motherboards](../docs/hardware/d510mo.md) +- [Apple iMac 5,2](../docs/hardware/imac52.md) + +### Laptops (Intel, x86) + +- **[Dell Latitude E6400](../docs/hardware/e6400.md) (easy to flash, no disassembly, similar + hardware to X200/T400)** +- ThinkPad X60 / X60S / X60 Tablet +- ThinkPad T60 (with Intel GPU) +- [Lenovo ThinkPad X200 / X200S / X200 Tablet](../docs/hardware/x200.md) +- Lenovo ThinkPad X301 +- [Lenovo ThinkPad R400](../docs/hardware/r400.md) +- [Lenovo ThinkPad T400 / T400S](../docs/hardware/t400.md) +- [Lenovo ThinkPad T500](../docs/hardware/t500.md) +- [Lenovo ThinkPad W500](../docs/hardware/t500.md) +- [Lenovo ThinkPad R500](../docs/hardware/r500.md) +- [Apple MacBook1,1 and MacBook2,1](../docs/hardware/macbook21.md) + +### Laptops (ARM, with U-Boot payload) + +- [ASUS Chromebook Flip C101 (gru-bob)](../docs/install/chromebooks.md) +- [Samsung Chromebook Plus (v1) (gru-kevin)](../docs/install/chromebooks.md) + +Downloads +========= + +You can find this release on the downloads page. At the time of this +announcement, some of the rsync mirrors may not have it yet, so please check +another one if your favourite one doesn't have it. + +This censored version is in the directory named `censored`, on Librbeoot rsync +and https mirrors. For example: + + +