On 04/11/2018 06:39 PM, Raymond Yeung wrote:
I currently have a board that uses Intel Xeon D (previously codenamed Broadwell DE). It boots up with BIOS/UEFI. I 'm exploring other oot-up options here.
Let us know what you are attempting to accomplish.
I'm not familiar with this early stage of system initialization. It seems BIOS/UEFI to Linux needs to use PXE
Hm? do you want to boot over the network? why would you need PXE just to boot linux on your local machine? I believe there is a neat petietboot coreboot payload with some network booting features that is better than PXE....there is also iSCSI as an option of course either a coreboot payload or part of a networking card.
with the need to configure DHCP (and possibly Proxy DHCP), TFTP server PXELINUX, Linux initial RAM disk (initrd) configuration file, and then Linux. Previously, I'd been using Coreboot/UBOOT environment (as a user, not developer). Prerequisite seemed much simpler.
I am sorry I do not understand what you wish to do?
A few questions -
- Is there even a coreboot support for this CPU already available and stable that I could download and reflash? Or are we talking about some serious re-development?
The issue isn't support for the CPU it is support for your board, there are a few broadwell boards in coreboot but they are only development boards with no board status so I have no idea if the platform port even works.
FYI the hardware initiation for the newer intel stuff is done entirely by intels FSP binary blob in case you are wondering so there isn't really much to change or poke around with.
- Is it possible to go from BIOS/UEFI to UBOOT (on-board)? How?
Without coreboot no it isn't.
- Support for Secure Boot - would one approach be simpler than another?
SB was invented by MS for DRM, it serves no real security purpose IMO and such a thing is better served by for example a grub payload with kernel code signing enabled where you sign your own kernels. "pointless? why?" Any hypothetical rootkit could simply infect some other key system component that is always loaded and used every time the computer is running. "DRM?" SB 2.0 has removed the owner control mandate from MS leaving OEM's free to not offer it, eventually only "developer" computers that cost much more will let you install linux leaving the next generation of computer programmer kids out in the cold and only able to create programs for windows in a walled garden....even wealthy families probably wouldn't know to get their kid a special computer and most would just give up when faced with a "you cant do that" error.
- Am I even on the right track thinking this way?
Ports for coreboot cost a lot of money (think 50K+) or if you have the necessary firmware development skills 6months+ of time and effort honestly I would just buy a board that already has what you want if you want to play around with firmware programming - the entirely open source being the very fast TALOS 2 (factory libre firmware but not coreboot) and the not as fast KGPE-D16 (libre coreboot and OpenBMC ports are available) unfortunately "coreboot" in general no longer means open source firmware for most boards so be aware if you want to buy something else.
Anyways welcome to the community :]
Taiidan@gmx.com wrote:
- Support for Secure Boot - would one approach be simpler than another?
SB was invented by MS for DRM, it serves no real security purpose IMO
I'd like to ask you to reconsider that opinion.
Secure Boot is mandated by Microsoft to provide Microsoft and Microsoft's customers (OEMs) security, and I think it's pretty effective.
But Secure Boot is also related to the security of individual computers and computer users, because it enables Microsoft and OEMs to establish a controllable, reliable and thus trustable chain of software from reset to desktop.
Most people who buy computers are happy, because controlling the computer isn't as important as using the desktop, which I think is fine.
//Peter
----- Mail d'origine ----- De: Peter Stuge peter@stuge.se À: coreboot@coreboot.org Envoyé: Thu, 12 Apr 2018 17:43:48 +0200 (CEST) Objet: Re: [coreboot] BIOS/CoreBoot/UBOOT
...
Most people who buy computers are happy, because controlling the computer isn't as important as using the desktop, which I think IS FINE. (emphasis mine)
...
It depends .. many people use their computer to access their online bank accounts or to do operations with their bitcoin wallets. Would you be happy knowing that someone from MS (could be a very decent person btw..) have STEALTH access to your banking operations at every moment?...
Florentin
On 04/12/2018 11:43 AM, Peter Stuge wrote:
Taiidan@gmx.com wrote:
- Support for Secure Boot - would one approach be simpler than another?
SB was invented by MS for DRM, it serves no real security purpose IMO
I'd like to ask you to reconsider that opinion.
It is a fact not an opinion.
SB was invented for DRM - to prevent people from using linux or god forbid doing something that hollywood doesn't like. "embrace, extend, extinguish"
Good things don't have to be forced on people, but the SB 2.0 specs have quietly left out the owner control mandate after the attention has died down.
Secure Boot is mandated by Microsoft to provide Microsoft and Microsoft's customers (OEMs) security, and I think it's pretty effective.
But Secure Boot is also related to the security of individual computers and computer users, because it enables Microsoft and OEMs to establish a controllable, reliable and thus trustable chain of software from reset to desktop.
So microsoft should control the whole computing ecosystem? They are an obsolete relic that should not be permitted to strangle the competition in the crib.
Most people who buy computers are happy, because controlling the computer isn't as important as using the desktop
Why can't they simply provide people a choice? (ie: flip this switch to disable code signing enforcement)
Freedom is too dangerous? Hackers could turn their computer in to a bomb without secure boot?
which I think is fine.
I am surprised someone here would think that, moreso you of all people.
There will not be another future steve jobs or bill gates game changer decades from now just more mark zuckerberg's only allowed to make useless web apps.
Even wealthy families won't think to purchase their children a developer computer by default and when a kid sees a "you are not allowed to install this" message he/she will simply give up and go on to something else like be a lawyer instead of a computer engineer; although even that developer model won't allow someone true access they will only be allowed to create surface level programs not low level programs, kernels, or firmware.
I believe one day even you the expert will not be allowed to run the code you please at least not without buying a very expensive "developer edition" laptop.
People think that phones were always a walled garden but I am old enough to remember when programs were installed on a palm treo similarly to the win32 model where you download a file from a website and double click without requiring permission to install something on *your phone*.
Let us hope the leaders of the future do not share your complacency or we are truly done for.
Hello Taiidan,
Taiidan@gmx.com:
On 04/12/2018 11:43 AM, Peter Stuge wrote:
Taiidan@gmx.com wrote:
- Support for Secure Boot - would one approach be simpler than another?
SB was invented by MS for DRM, it serves no real security purpose IMO
I'd like to ask you to reconsider that opinion.
It is a fact not an opinion.
This is certainly an opinion. There are multiple reasons why Secure Boot came about, some of which were bad; others were not bad - Microsoft has improved the security of their operating system quite a lot since the days of Windows XP. And in any case, it is better than before from the perspective of an end user.
SB was invented for DRM - to prevent people from using linux or god forbid doing something that hollywood doesn't like. "embrace, extend, extinguish"
Good things don't have to be forced on people, but the SB 2.0 specs have quietly left out the owner control mandate after the attention has died down.
Secure Boot is mandated by Microsoft to provide Microsoft and Microsoft's customers (OEMs) security, and I think it's pretty effective.
But Secure Boot is also related to the security of individual computers and computer users, because it enables Microsoft and OEMs to establish a controllable, reliable and thus trustable chain of software from reset to desktop.
So microsoft should control the whole computing ecosystem? They are an obsolete relic that should not be permitted to strangle the competition in the crib.
Most people who buy computers are happy, because controlling the computer isn't as important as using the desktop
Why can't they simply provide people a choice? (ie: flip this switch to disable code signing enforcement)
Freedom is too dangerous? Hackers could turn their computer in to a bomb without secure boot?
which I think is fine.
I am surprised someone here would think that, moreso you of all people.
There will not be another future steve jobs or bill gates game changer decades from now just more mark zuckerberg's only allowed to make useless web apps.
Are developers not allowed to produce web applications? This makes no sense.
Even wealthy families won't think to purchase their children a developer computer by default and when a kid sees a "you are not allowed to install this" message he/she will simply give up and go on to something else like be a lawyer instead of a computer engineer; although even that developer model won't allow someone true access they will only be allowed to create surface level programs not low level programs, kernels, or firmware.
I believe one day even you the expert will not be allowed to run the code you please at least not without buying a very expensive "developer edition" laptop.
People think that phones were always a walled garden but I am old enough to remember when programs were installed on a palm treo similarly to the win32 model where you download a file from a website and double click without requiring permission to install something on *your phone*.
It is still possible to side-load applications on mobile phones - Android still gives users this option. So do smaller mobile operating systems, even Windows 10 Mobile (not Apple, though, sadly). Palm OS was wholly proprietary; Android at least has its base system as open source, and Google make large contributions to open source projects. The situation is somewhat better now, and there is a stronger open source software library behind Android than there ever was behind Palm OS.
Yet it's also a distraction, as it wasn't your actual point. The meat of your actual email seems to be as follows:
Let us hope the leaders of the future do not share your complacency or we are truly done for.
This is perhaps somewhat eloquent. However, saying people on the list are "complacent" strikes me as somewhat childish. I don't understand why you said this - are we not allowed to disagree without attacking other people's character? Yet I don't think this email is unique. I have seen other examples on this list.
A good motto is, if you wouldn't say it to yourself without taking offense, consider not saying it to others - when most people start to follow this motto, we can have more civil discussion together.
All the best, - Duncan
Taiidan@gmx.com wrote:
- Support for Secure Boot - would one approach be simpler than another?
SB was invented by MS for DRM, it serves no real security purpose IMO
I'd like to ask you to reconsider that opinion.
It is a fact not an opinion.
You wrote "IMO", otherwise I probably wouldn't have tried to change your opinion.
SB was invented for DRM - to prevent people from using linux or god forbid doing something that hollywood doesn't like. "embrace, extend, extinguish"
I think you give non-Windows desktops far too much credit.
As for the content industry, I do have the impression that they are super scared of losing their business model to a technologically advanced society.
But I honestly don't see that as a big threat either. People will continue to communicate and organize. The "community society" is only just starting out. Youtube, reddit and Twitter are some of the early tools. Influencers are already celebrities.
Good things don't have to be forced on people, but the SB 2.0 specs have quietly left out the owner control mandate after the attention has died down.
I think you give the "attention" too much credit as well. I heard (I've forgotten where, sorry) that MSFT tried to exclude the possibility to disable Secure Boot right from the start.
They got their way for Windows RT Logo certification, but there was too much pushback from OEMs for PC Windows Logo certification to do it the first time around.
Remember that OEMs and most of all IBVs were super scared of UEFI when it was being introduced, because they felt Intel's UEFI model to be far too open, and that it would jeopardize their businesses.
But Secure Boot is also related to the security of individual computers and computer users, because it enables Microsoft and OEMs to establish a controllable, reliable and thus trustable chain of software from reset to desktop.
So microsoft should control the whole computing ecosystem?
Of course not. But Microsoft has always controlled the whole ecosystem around Windows, and they will continue to. It just wasn't quite as obvious before.
The good news is that Microsoft Windows in many cases is, as you write, an obsolete relic. :)
should not be permitted to strangle the competition in the crib.
Mh - there's no competition to Windows. And the thing is, Microsoft can continue to control the PC architecture, there will continue to be others, and I think an important point is that for an organization which considers replacing Windows having to replace some hardware will only be a small bump in the road, not a blocker.
Most people who buy computers are happy, because controlling the computer isn't as important as using the desktop
Why can't they simply provide people a choice? (ie: flip this switch to disable code signing enforcement)
They could, but why should they? It is not in their interest, nor in the interest of Windows machine OEMs.
Freedom is too dangerous? Hackers could turn their computer in to a bomb without secure boot?
MSFT is a corporation, by law it must care only about profit.
which I think is fine.
I am surprised someone here would think that, moreso you of all people.
Allow me to clarify.
It's fine that most people care more about using the desktop than about controlling their computer.
By that I mean: Everyone can not be an expert at everything, and it's important to have a diverse computing landscape with experts in many fields of computing, from ISA over chip engineering to firmware and the rest of the software stack, but it's *not* important that desktop users are firmware experts.
It would be great for desktop users to question their firmware more, and maybe that will happen, but computers are still very much magic.
It's fine that people begin to expect their computers to be reliable. (This may be the best shift our society has seen wrt. IT in some time!)
It's fine that people buy technology which they feel allows them to do more.
It's fine that customers trust their suppliers. It's fine that suppliers offer products controlled by them and not by customers, based on the argument that this makes products more trustworthy.
It would be great if all customers reject that argument, but all will not, only some will, and that's fine too.
It's *not* fine to pretend that a Windows machine is anything else, in particular a Windows machine is *not* a general purpose computer.
That used to hold true, but that was way before the time of that Treo.
It's *not* fine to advertise a Windows machine as a general purpose computer.
Having an interest in controlling technology is quite rare. This seems very unfortunate to me in a society built increasingly around technology, but I don't think it is actually anything new.
Educating people about the pillars of society is very important, but even then, technology is just one of several.
There will not be another future steve jobs or bill gates game changer decades from now just more mark zuckerberg's only allowed to make useless web apps.
Steve Jobs is a good shout.
He managed to make technology such that even expert hackers have no interest at all in controlling it. *That* is an amazing product.
Even wealthy families won't think to purchase their children a developer computer by default and when a kid sees a "you are not allowed to install this" message he/she will simply give up and go on to something else like be a lawyer instead of a computer engineer; although even that developer model won't allow someone true access they will only be allowed to create surface level programs not low level programs, kernels, or firmware.
I tend to think that wealthy families in particular will continue to consider technology primarily for entertainment value, and will look down on computer engineering as a simple task - but it depends a lot on how trends develop.
I think supplier vs. consumer control is anyway more a matter of business law than of technology, so it's a good thing if curious kids like that become lawyers!
Brief aside: Would you care for a ride in the self-driving car that I just upgraded to git master?
I'm curious to see when Apple begins to offer an iLife subscription, to which wealthy families will enrol their unborn infants, on one hand to access the correct chat networks, on another hand to avoid their kids from being bullied at school for having a cheap Android phone.
As more consumers buy more technology I think they will continue to give away control over that technology, because really, most people just want to call a plumber if there's a leak and have an insurance to cover the neighbor's damages.
Even sophisticated technology such as cars work much the same way.
I believe one day even you the expert will not be allowed to run the code you please at least not without buying a very expensive "developer edition" laptop.
There's a reason that I use an old Thinkpad for now. :) In a capitalist society I think the greatest opportunity lies in turning your visions into a business. Someone called it activism through entrepreneurship.
I fully support that no one offer should dominate the market. I think the tendency to expect that any industry will do society favors for free or even at cost is unlikely to succeed, especially when (at least some) laws say the exact opposite. :)
Let us hope the leaders of the future do not share your complacency or we are truly done for.
I was called worse names. Let's stay on the topic of how we fix the world. ;)
I think open machines are very important.
I don't think it's important to fight Microsoft and Intel over Windows machines. That's a long lost cause.
Kind regards
//Peter
-
Duncan -
echelon@free.fr -
Peter Stuge -
Taiidan@gmx.com