Practicalities

Posted Aug 1, 2024 14:42 UTC (Thu) by anton (subscriber, #25547)
In reply to: Practicalities by fosslinux
Parent article: Pulling Linux up by its bootstraps

I am sure that you are aware of coreboot, which, as far as I understand it is a free-software replacement for UEFI/BIOS. Of course that has to be built in some trusted way, too, and AFAIK it only runs on some hardware, but that points to two ways of getting rid of UEFI/BIOS:

Use the same techniques that coreboot uses to let your bootstrapping system run on bare coreboot-capable hardware.
Do the same stuff for coreboot that you did for Linux (may be made easier by coreboot being derived from some Linux kernel AFAIK), but for full trust you will probably want to do that starting with way 1.

Even if few people have coreboot-capable hardware, those can check that the Linux kernels agree with those built on an UEFI system (but of course that does not protect against UEFI doing something evil when the kernel image is booted).

Independent of that, a very cool project!

Practicalities

Posted Aug 1, 2024 16:26 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (1 responses)

Coreboot only runs on modern x86 using proprietary blobs (FSP for Intel, AGESA for AMD), you need to go back to roughly a decade old hardware to be blobless. Thankfully that's probably still capable enough for (somewhat more slowly) bootstrapping.

Practicalities

Posted Aug 23, 2024 8:20 UTC (Fri) by TRS-80 (guest, #1804) [Link]

AMD is saying they'll move to a new open source platform in 2026:

https://community.amd.com/t5/business/empowering-the-indu...
https://www.anandtech.com/show/18853/amd-opensil-planned-...

BIOS and Coreboot

Posted Aug 1, 2024 16:49 UTC (Thu) by farnz (subscriber, #17727) [Link]

Note that Coreboot has the SeaBIOS payload, which provides the "traditional" BIOS interface using Coreboot services. Means trusting Coreboot and SeaBIOS, but reduces the amount of closed source in your trusted base.