On 6/24/21 8:33 AM, Patrick Rudolph wrote:
Hi Patrick,
Hi Patrick,
thanks for picking this up.
Agree. To give wider perspective topic was discussed many times. Key problem is that no one drives it. I'm not sure if there is any use in having a website which at least gathers all those discussions to not repeat the same thing again and again.
From a high level perspective this is very simple. I try to sum it up to help find an existing framework, which I tried several times but failed. When ignoring distributing binaries or blobs and only focussing on test reports you have something similar to a review application.
We need a) User management and authentication b) Users being able to add new "products". In our case that's a mainboard variant with a specific hardware configuration (memory, hard-disk, PCIe cards, ...). Every product has a custom set of properties you want to evaluate and for which you can send in a test report. That could be - boots OS x - device Y detected and properly configured - register Z locked and secure boot is possible
I already gave Qubes OS example during coreboot leadership: https://www.qubes-os.org/hcl/ https://www.qubes-os.org/doc/how-to-use-the-hcl/ https://github.com/QubesOS/qubes-hcl https://github.com/QubesOS/qubes-core-admin/blob/master/qvm-tools/qubes-hcl-...
IMO account creation, ssh/gpg keys configuration, git etc. are blockers for regular users who care about open source firmware and can limit number of reports we will get. Probably because of that Qubes OS do not require such additional overhead. But maybe there are reasons why we would like to limit number of reports.
Please note I'm not proposing Qubes OS approach as ultimate solution for coreboot, but rather show how other OSS projects solved the same problem. Of course we may need something more sophisticated, but more sophisticated example needs more resources.
Best Regards,