libreplanet-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Should Canoeboot become GNU Canoeboot?


From: Leah Rowe
Subject: Fwd: Should Canoeboot become GNU Canoeboot?
Date: Sun, 12 May 2024 17:23:10 +0100
User-agent: Mozilla Thunderbird

   [1]https://canoeboot.org/news/gnu.html

   Discussion welcome

   -------- Forwarded Message --------
   Subject: Should Canoeboot become GNU Canoeboot?
   Date: Sun, 12 May 2024 15:50:42 +0100
   From: Leah Rowe [2]<info@minifree.org>
   To: [3]gnueval@gnu.org
   CC: [4]ksiewicz@fsf.org, [5]zoe@fsf.org, Mike Gerwitz [6]<mtg@gnu.org>,
   [7]simon@josefsson.org, [8]christian@grothoff.org,
   [9]gnu-advisory@gnu.org, [10]rms@gnu.org, [11]bob@proulx.com

Hi

This is sent to GNU Eval team, but CC'd to others. My main recipient is the GNU
Eval team.

I want GNU Canoeboot. This is my official contact with GNU, as the lead develope
r and founder of the Canoeboot project, a fully free coreboot distro based on Li
breboot.

Canoeboot has recently removed all opposition to the FSF and decided to staunchl
y promote it instead, in addition to FSDG. This is part of a general desire I've
 had since the start of the year, to seek reconcilliation with the FSF and GNU p
roject, after the drama that ensued first with libreboot.org vs libreboot.at, an
d then libreboot.org vs GNU Boot.

This change is permanent, whether GNU accepts my proposal today; even if Canoebo
ot does not become GNU Canoeboot, it will continue to operate as it does now. I
recently did a release which is staunchly pro-FSF. I've done this, precisely bec
ause GNU Boot is no longer competition to Canoeboot in any way; GNU Boot seems t
o have stalled, so Canoeboot has, with this moved, effectively replaced it. I do
n't say this as an attack, but it is a fact that GNU Boot has, as I write this,
not submitted anything to their main branch in over 4 months. it's now a dead pr
oject, and Canoeboot is taking over.

I know GNU Boot is already a thing. I envision Canoeboot replacing it. Now, answ
ers to questions from gnueval form:

* General Information
** Do you agree to follow GNU policies?
   If your program is accepted to be part of the GNU system, it means
   that you become a GNU maintainer, which in turn means that you will
   need to follow GNU policies in regards to that GNU program.
   (Summarized above, see maintainers document for full descriptions.)

Yes. Canoeboot already complies fully with the GNU Free System Distribution Guid
elines. There may be a few stragglers left over from when it forked from Librebo
ot, but these will surely be found during review.

I've already done extensive auditing myself, as has Craig Topham in his capacity
 as Licensing and Compliance officer at the FSF. (Canoeboot 2023 releases were a
udited)

** Package name and version:

Canoeboot 20240510

** Author Full Name <Email>:

Leah Rowe [12]<info@minifree.org>

** URL to package home page (if any):

[13]https://canoeboot.org/

** URL to source tarball:
    Please make a release tarball for purposes of evaluation, whether
    or not you publicly release it.  If you don't have
    anywhere to upload it, send it as an attachment.

[14]https://www.mirrorservice.org/sites/libreboot.org/release/canoeboot/20240510
/canoeboot-20240510_src.tar.xz

NOTE: Several changes have been made since that release. Check the git log for c
bwww.git and cbmk.git - some of these are relevant as part of evaluation (I fixe
d several issues already, that you're likely to flag in the tarball).

** Brief description of the package:


   The Canoeboot project provides [15]free (libre) boot firmware based on
   coreboot, replacing proprietary BIOS/UEFI firmware on [16]specific
   Intel/AMD x86 and ARM based motherboards, including laptop and desktop
   computers. It initialises the hardware (e.g. memory controller, CPU,
   peripherals) and starts a bootloader for your operating system.
   [17]GNU+Linux and [18]BSD are well-supported. Help is available via
   [19]#canoeboot on [20]Libera IRC.
* Code
** Dependencies:
    Please list the package's dependencies (source language, libraries, etc.).

Canoeboot build system (cbmk) written in POSIX shell scripts (sh)

Utils (util/) written in a mix of C and Go

Upstream projects such as coreboot, GRUB, SeaBIOS largely written in C, with a b
it of Go and python, also a mild seasoning of x86 assembly language, in a few ca
ses.

** Configuration, building, installation:
    It might or might not use Autoconf/Automake, but it must meet GNU
    standards.  Even packages that do not require compilation
    must follow these standards, so installers have a uniform way to
    define target directories, etc.  Please see:
    [21]http://www.gnu.org/prep/standards/html_node/Configuration.html
    [22]http://www.gnu.org/prep/standards/html_node/Makefile-Conventions.html

Does not meet standards at all, but neither does GNU Boot and neither did the er
stwhile GNU Libreboot; it was accepted both then and now that the design is diff
erent, but that GNU needed a viable FSDG-compliant coreboot distro.

The Canoeboot build system is documented here:

[23]https://canoeboot.org/docs/maintain/

** Documentation:
    We require using Texinfo ([24]http://www.gnu.org/software/texinfo/)
    for documentation, and recommend writing both reference and tutorial
    information in the same manual.  Please see
    [25]http://www.gnu.org/prep/standards/html_node/GNU-Manuals.html

Pandoc Markdown is used. See: cbwww.git

The Untitled Static Site Generator is used to generate it.

This is what GNU Boot also uses, and it has Markdown, and was accepted.

** Internationalization:
    If your package has any user-visible strings, please make them
    translatable to other languages using GNU Gettext:
    [26]http://www.gnu.org/software/gettext/

No i18n, but there are translations of certain pages on the website, maintained
manually.

Some of the packages that Canoeboot uses may have i18n, such as GNU GRUB.

** Accessibility:
    Please discuss any [27]accessibility issues
    with your package, such as use of relevant APIs.

Accessibility issues: no screen reader in the GRUB/SeaBIOS boot menu, though GRU
B (coreboot payload often used on Canoeboot installations) has a morse code gene
rator which I could probably re-purpose for blind users.

** Security:
    Please discuss any possible security issues with your package:
    cryptographic algorithms being used, sensitive data being stored,
    possible elevation of privileges, etc.

No issues that I can think of.

Canoeboot actually improves the security on some of its packages. For example it
 adds Argon2 KDF support to GNU GRUB, so that you can boot from LUKS2 formatted
/boot partitions.

* Licensing:
   Both the software itself *and all dependencies* (third-party
   libraries, etc.) must be free software in order to be included in
   GNU.  In general, official GNU software should be released under the
   GNU GPL version 3 or any later version, and GNU documentation should
   be released under the GNU FDL version 1.3 or any later version.

Canoeboot build system largely GPLv3+, some parts are GPLv2-only.

Coreboot is largely GPLv2.

GRUB largely GPLv3+, sometimes v2+ or v2-only

SeaBIOS largely GPLv2, with some v3 seasoning

   Please see [28]http://www.gnu.org/philosophy/license-list.html for a
   practical guide to which licenses are free (for GNU's purposes) and
   which are not.  Please give specific url's to any licenses involved
   that are not listed on that page.

NOTE: Canoeboot already listed on FSD:

[29]https://directory.fsf.org/wiki/Canoeboot

FSF's own craigt heavily audited it over a one-week period, extensively scanning
 it and then going through it all with me.

* Similar free software projects:
   Please explain what motivated you to write your package, and search
   at least the Free Software Directory ([30]http://www.gnu.org/directory/)
   for projects similar to yours.  If any exist, please also explain
   what the principal differences are.

GNU Boot

I intend for Canoeboot to replace GNU Boot, and for GNU Boot to be decommissione
d, since it is currently a dead project; Canoeboot is the only FSDG compliant co
reboot distro under active development.

In addition, if accepted, I suppose libreboot.at would also be redirected. Both
libreboot.at and GNU Boot would redirect to Canoeboot.

The current GNU Boot developers are welcome to work with me as contributors if t
hey wish, but they must not be made maintainers officially; I will assume that r
ule as GNU Canoeboot maintainer.

* Any other information, comments, or questions:

[31]https://trisquel.info/en/forum/canoeboot-20240510-released-gnu-fsdg-complian
t-100-free-software-coreboot-distro-replacing-pro

This link contains discussion, including from jxself (leading member of GNU Advi
sory Committee). The subtext is GNU Canoeboot, because jxself was aware of my pl
an when he posted here.

Early days thus far, but the gist is this: Canoeboot has dropped 100% of its hos
tility to FSF and I've decided that it will staunchly *support* the FSF instead,
 openly promoting GNU FSDG policy and encouraging the use of FSDG licensed distr
os such as Trisquel. This would be just like the good old days of GNU Libreboot!
 This change is permanent.
I wasn't going to make this request to gnueval, but since GNU Boot isn't really
a thing anymore (no commits in over 4 months on their main branch, and generally
 slow development before then), I thought: why not?

Canoeboot is being kept separate from Libreboot from now on. It no longer promot
es Libreboot. When I'm working on Canoeboot, I simply enter GNU Leah Mode, which
 is a brainmode where I believe absolutely in it and will stand by it to the ver
y end. I'm really good at that, and I also did that when GNU Libreboot was a thi
ng.

I've already spoken to several people who are influential such as Mike Gerwitz a
nd Bob Proulx, and they have said that, in principle, they support this move, th
ough they have also told me that they will not be involved (of course, if they d
o want to, I'd like that).

GNU Canoeboot.

That is what I want, and that is what I propose. I will follow all rules and do
things right.

Also:

Another librexit (libreboot exit from GNU) will not occur. Canoeboot will be GNU
 forever, if accepted. I never told anyone this before, and it's not an excluse,
 but it is a mitigating factor: I was going through a very difficult time in my
life when Libreboot left GNU all thoes years ago. I was regularly drinking, and
I was drunk when I originally sent thoes hostile messages to GNU in 2016. I'm no
t like that for years now. I don't drink anymore, and I don't do drugs - and I h
aven't done so for many years now.

The way I see it, there will always be a demand for a fully free coreboot distro
, and Canoeboot is currently the only viable project in this regard.

Canoeboot is superior to GNU Boot for these reasons:

* Much more up to date. Uses coreboot, GRUB and SeaBIOS revisions from 2024, whe
reas GNU Boot uses revs from late 2021.

* Build system is more efficient: 6 shell scripts instead of GNU Boot's 50, and
about 1300 lines of code in the build system, versus GNU Boot's ~5000. Generally
 cleaner coding style in Canoeboot.

* Despite being smaller, Canoeboot actually has more features. Such as building
of serprog images (to make cheap SPI flashers), support for building U-Boot payl
oad on ARM devices (and they boot), and more hardware support.

* I've been working on this stuff for over 10 years. I know all the nooks and cr
annies of coreboot, and how to really make your bootloader sing

* GNU Boot uses Libreboot's old build system design, which is why it's much bigg
er. I did a series of audits in 2023 to vastly increase the code quality in the
build system.

* GNU Boot is going to become more complex, because they want/wanted to rewrite
it all in Guille and use the GUix package manager to build everything. While thi
s would make individual building easier, it would vastly increase the maintenanc
e burden and introduce many moving parts to the project, making it unmaintainabl
e over time. Canoeboot's design is much simpler and I'm also working on bootstra
pping (e.g. musl-cross-make integration)

* GNU Boot lacks many of Libreboot's newer security features, such as Argon2 KDF
 support for LUKS2 boot

So, basically, Canoeboot is much easier and better.

I actually did initially try to help GNU Boot instead. The problem with GNU Boot
 is that it's based on a really old Libreboot version and hasn't been changed mu
ch since, and they've basically been in "development hell". I sent them extensiv
e patches fgixing build issues, so that it builds on modern distros, andh I sent
 them patches updating it to newer upstream revisions e.g. coreboot, but none of
 my patches were reviewed. I don't think the current developers are up to the ta
sk, and this is not an insult; they worked under me as Libreboot contributors in
 the past, and they only ever worked on minor tasks, they never did anything big
. I've said in the past that perhaps I should be appointed as leader of GNU Boot
 instead, but I have my Canoeboot project which has surpassed it technically in
every way, so now I want a GNU Canoeboot.

Upcoming work on Canoeboot:

* More ARM chromebooks, which Alper Nebi Yasak (libreboot developer) is working
on

* More Dell Latitudes (GM45 modules). I'm working on these, based on the Dell E6
400 port

* Mate Kukri (coreboot developer) is working on an exploit of Intel SA-00086 to
gain unsigned code execution on Intel ME v11, for Skylake boards, but I'm told t
hat similar exploits are possible and will be worked on, for older sandybridge,
ivybridge and haswell hardware (e.g. ThinkPad X220, X230, T440p) - currently, th
e only blobs needed on those boards are Intel ME and microcode, though they can
boot without microcode. There's a chance that in the next few years, we will hav
e what I call the Intel Freedom Engine, a full free replacement of Intel ME. Thi
s would become part of GNU, if GNU accepts Canoeboot today.

* Linux-libre payload with musl libc and busybox, and U-Root, to provide booting
 of linux kernels on disk and over the network, from the flash. (GNU+Linux syste
m in flash basically), with many security features such as measured boot, and na
tive support for ZFS file system.

Some or all of the above, and more, will be present in Canoeboot this year.

So how about it?

Many people will be surprised by this email. But if you put your trust in me, I
promise I won't disappoint. I will of course make a savannah account as part of
this, and use it, if accepted.

--
Company director, Minifree Ltd
Registered in England, No. 9361826 | VAT No. GB202190462
Registered Office: 19 Hilton Road, Canvey Island, Essex SS8 9QA, UK

References

   1. https://canoeboot.org/news/gnu.html
   2. mailto:info@minifree.org
   3. mailto:gnueval@gnu.org
   4. mailto:ksiewicz@fsf.org
   5. mailto:zoe@fsf.org
   6. mailto:mtg@gnu.org
   7. mailto:simon@josefsson.org
   8. mailto:christian@grothoff.org
   9. mailto:gnu-advisory@gnu.org
  10. mailto:rms@gnu.org
  11. mailto:bob@proulx.com
  12. mailto:info@minifree.org
  13. https://canoeboot.org/
  14. 
https://www.mirrorservice.org/sites/libreboot.org/release/canoeboot/20240510/canoeboot-20240510_src.tar.xz
  15. https://writefreesoftware.org/learn
  16. https://canoeboot.org/docs/hardware/
  17. https://canoeboot.org/docs/gnulinux/
  18. https://canoeboot.org/docs/bsd/
  19. https://web.libera.chat/#canoeboot
  20. https://libera.chat/
  21. http://www.gnu.org/prep/standards/html_node/Configuration.html
  22. http://www.gnu.org/prep/standards/html_node/Makefile-Conventions.html
  23. https://canoeboot.org/docs/maintain/
  24. http://www.gnu.org/software/texinfo/
  25. http://www.gnu.org/prep/standards/html_node/GNU-Manuals.html
  26. http://www.gnu.org/software/gettext/
  27. https://www.gnu.org/accessibility/accessibility.html
  28. http://www.gnu.org/philosophy/license-list.html
  29. https://directory.fsf.org/wiki/Canoeboot
  30. http://www.gnu.org/directory/
  31. 
https://trisquel.info/en/forum/canoeboot-20240510-released-gnu-fsdg-compliant-100-free-software-coreboot-distro-replacing-pro

Attachment: OpenPGP_0x5C654067D383B1FF.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]