libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit 0de3e2d022b72c8f5739a24d0dededa830589c3c
parent a62fe03d3e84150e6186f57f53029d5a9abe3d7b
Author: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Date:   Mon, 20 Mar 2017 20:34:19 -0700

Merge site in

Diffstat:
www/README.txt | 30++++++++++++++++++++++++++++++
www/amd-libre.md | 131+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/announce.md | 26++++++++++++++++++++++++++
www/cc-by-sa-4.txt | 426+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/contrib.md | 134+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/donate.md | 13+++++++++++++
www/download.md | 90+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/faq.md | 1041+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/git.md | 155+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/github.md | 62++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/gitlab.md | 55+++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/global.css | 38++++++++++++++++++++++++++++++++++++++
www/gnu.md | 381+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/gpg.md | 20++++++++++++++++++++
www/images/soic16.jpg | 0
www/images/soic8.jpg | 0
www/index.md | 70++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www/lbkey.asc | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
www/lists.md | 37+++++++++++++++++++++++++++++++++++++
www/logo/libreboot.png | 0
www/logo/license.txt | 8++++++++
www/logo/logo.png | 0
www/logo/s.png | 0
www/logo/stickers/libreboot-inside-simple-bold-1.60cmx2.00cm-diecut-3.pdf | 0
www/logo/stickers/libreboot-simple-bold-2.00x2.25-diecut.pdf | 0
www/publish.sh | 26++++++++++++++++++++++++++
www/robots.txt | 2++
www/rsync.md | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
www/suppliers.md | 36++++++++++++++++++++++++++++++++++++
www/tasks.md | 40++++++++++++++++++++++++++++++++++++++++
30 files changed, 2925 insertions(+), 0 deletions(-)

diff --git a/www/README.txt b/www/README.txt @@ -0,0 +1,30 @@ +How to fork libreboot.org. (but why would you do that?) + +Make sure you have gettext enabled in PHP. + +You also need some symlinks. I won't explain too much about it, it's self-explanatory. +Just have a look at this output for a rough idea (it's from the site/ directory): + +$ ls -lh +total 52K +drwxr-xr-x 2 vimuser vimuser 4.0K May 15 13:46 contrib +drwxr-xr-x 2 vimuser vimuser 4.0K May 22 08:55 css +lrwxrwxrwx 1 vimuser vimuser 27 Apr 5 03:58 docs -> ../../lbdev/libreboot/docs/ +drwxr-xr-x 2 vimuser vimuser 4.0K May 23 20:33 download +-rw-r--r-- 1 vimuser vimuser 1.2K May 23 20:35 footer.php +-rw-r--r-- 1 vimuser vimuser 1.3K May 15 13:02 functions.php +-rw-r--r-- 1 vimuser vimuser 3.9K May 23 20:33 index.php +drwxr-xr-x 2 vimuser vimuser 4.0K May 19 21:53 logo +-rw-r--r-- 1 vimuser vimuser 24 Apr 5 04:16 robots.txt +-rw-r--r-- 1 vimuser vimuser 4.5K May 23 20:35 variables.php + +(notice how anything not part of the git repository, i.e. in .gitignore, is a symlink to some place outside this git clone) + +This document is.... +Copyright 2015 Leah Rowe <info@minifree.org> +This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. +A copy of the license can be found at "cc-by-sa-4.txt". + +This document is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../cc-by-sa-4.txt for more information. + diff --git a/www/amd-libre.md b/www/amd-libre.md @@ -0,0 +1,131 @@ +--- +title: Libreboot calls on AMD to release source code and specs for Ryzen platform +... + +Recently in the Libreboot project, we've been informed about the new +Ryzen platforms being released and sold by AMD. They are currently +taking input from the community. Here are ways you can contact AMD to +tell them that you demand libre hardware: + +- <https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_radeon_and_other/def5h1b/> +- <https://twitter.com/amd?lang=en> +- <https://www.facebook.com/AMD/> +- <https://community.amd.com/places?filterID=all%7Eobjecttype%7Espace> +- <https://www.amd.com/en-us/who-we-are/contact> (has contact links + for multiple countries) +- **AMD's CEO, Lisa Su, can be contacted directly via email. Tell her + that you demand libre hardware: <lisa.su@amd.com>** + +Libreboot aims to provide fully *free software* initialization firmware +on Intel, AMD, ARM, POWER and RISC-V platforms, and already does so on +some older platforms. + +As documented in the [Libreboot FAQ section](../faq.md#amd), AMD is +currently uncooperative in the libre software movement. Specifically, it +releases non-free binary-only firmware for its platforms, along with +tyrant technologies like the [AMD Platform Security +Processor](../faq.md#amdpsp). + +We in the Libreboot project call on AMD to release source code and start +cooperating with our upstream, [coreboot](https://coreboot.org/) (and +[librecore](http://librecore.info)) for its new Ryzen platform and +existing Zen platforms. This includes source code for all initialization +firmware (typically referred to as the BIOS or UEFI firmware, by some +members of the community), and in particular, the *AMD Platform Security +Processor*, to allow the free/libre software community to use AMD +hardware that is entirely freedom-respecting. If it's not too much to +ask, we also would like source code and signing keys, including for the +PSP and microcode for the CPU. + +We would also like to have board design guides, datasheets and +footprints for CPUs/southbridges and so on. + +We especially need the signing keys to be released, for those components +which are signed (PSP, CPU microcode, SMU, etc). This will make +utilising any released source code possible (at present, some components +will not run unless the firmware is signed by a certain signature, +usually under lock and key by the hardware manufacturer). + +We in the community need freedom-respecting hardware! We call on AMD to +work with us in the Libreboot, Coreboot and Librecore projects on +bringing about a world where computing technology is no longer under +lock and key from the manufacturer, and instead in the control and +ownership of users. + +This has several benefits for AMD. There is currently a huge demand in +the market for libre hardware. At present, the only companies providing +it are ones like [Ministry of Freedom](https://minifree.org) where +systems are sold with entirely free software, including the boot +firmware and operating system, without any signed firmware for which no +keys are available to the public. + +The problem? These companies are selling much older systems that are +made libre mostly through reverse engineering. At present, the systems +sold by such companies are using older hardware designs from 5-10 years +ago, which means that most people who wish to use all libre software +cannot do so, due to practicality concerns. There are some people who +will use these older systems, but that is not without a huge sacrifice +to their convenience since they end up using older, obsolete hardware +and certain tasks (especially serious software development) becomes +impractical for a lot of people. + +AMD has the power to reverse this trend, and there is a potential for a +great amount of profit to be made. The free/libre and open source +software communities would jump head over heels to support such a move. +In other words, AMD can make money from investing in the libre software +community. + +There is even a precedent already set. AMD previously did release source +code for all of their newer platforms, to the coreboot project, but then +they stopped. We're calling for this to resume, and to expand further +than before. + +Here are some examples of popular campaigns, some of which were +successful: + +- <https://www.crowdsupply.com/sutajio-kosagi/novena> +- <https://www.crowdsupply.com/eoma68/micro-desktop> +- <https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation> + +In all of these cases, the campaigns were popular and this was despite +the hardware either being low-end and unsuitable for most people, or too +expensive for most people to afford. + +Then look at the popularity of the Libreboot project. + +Just imagine what would happen if AMD started to produce cheap, +affordable libre hardware, to the point where Libreboot could start +supporting newer systems from AMD. The possibilities are endless! People +would jump towards AMD and AMD's sales would go through the roof, while +we in the libre hardware community would finally have systems from a +manufacturer that cares for our freedoms to use our computers without +proprietary software. + +Even low-end hardware like the BeagleBone or Raspberry Pi ([which can be +liberated](https://blog.rosenzweig.io/blobless-linux-on-the-pi.html)) +shows that libre technology is profitable, and desired by the community. + +Then look at the Google Chromebooks. These devices come with coreboot +preinstalled by default! There are even some ARM chromebooks that we +support in Libreboot, which are still produced and sold brand new by +resellers (e.g. Amazon, Newegg, etc). These devices are sold in the +millions! This just shows that it's not only possible, but profitable, +for AMD to start releasing systems which respect the freedom of users. + +It's not just commercial benefits that are made possible. There are all +kinds of possibilities for scientific research if systems are libre at +the hardware/firmware level. For instance, at present, universities do +not teach BIOS / boot firmware development in their computer science +courses, because this technology is currently restricted by +manufacturers and available only to a privileged few. + +AMD has the power to do the right thing. We in Libreboot call on AMD to +work with us in building a world where users of technology can use their +computers without relying on any proprietary software. We want - need - +a world of highly secure, libre, owner-controlled hardware, from +companies that care about software freedom. + +We in the Libreboot project are available to contact, using the details +on the homepage. We look forward to working with AMD :) + + diff --git a/www/announce.md b/www/announce.md @@ -0,0 +1,26 @@ +--- +title: Libreboot release announcements +... + +For information about current and past libreboot releases, see +[../docs/release.html](../docs/release.html) + +If you want to be notified when a new version of libreboot is released, +contact Leah Rowe [using her contact information on the contributors +page](contrib.md), and she will add you to a list (in a script) that +sends emails to people when a new Libreboot release is made, with a copy +of the announcement and list of changes. You can unsubscribe any time by +contacting Leah again and she will remove you from the list. + +This replaces the mailing lists, which were previously used for this +purpose but the mailing list has been discontinued by the libreboot +project. + +If you find a bug in a libreboot release, or in a beta release (or in +the git reposities), [then please let us know!](tasks.md) + +Backup of old Libreboot mailing lists +------------------------------------- + +See [../lists/](lists.md) + diff --git a/www/cc-by-sa-4.txt b/www/cc-by-sa-4.txt @@ -0,0 +1,426 @@ +Attribution-ShareAlike 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More_considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution-ShareAlike 4.0 International Public +License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution-ShareAlike 4.0 International Public License ("Public +License"). To the extent this Public License may be interpreted as a +contract, You are granted the Licensed Rights in consideration of Your +acceptance of these terms and conditions, and the Licensor grants You +such rights in consideration of benefits the Licensor receives from +making the Licensed Material available under these terms and +conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. BY-SA Compatible License means a license listed at + creativecommons.org/compatiblelicenses, approved by Creative + Commons as essentially the equivalent of this Public License. + + d. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + e. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + f. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + g. License Elements means the license attributes listed in the name + of a Creative Commons Public License. The License Elements of this + Public License are Attribution and ShareAlike. + + h. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + i. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + j. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + k. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + l. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + m. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. Additional offer from the Licensor -- Adapted Material. + Every recipient of Adapted Material from You + automatically receives an offer from the Licensor to + exercise the Licensed Rights in the Adapted Material + under the conditions of the Adapter's License You apply. + + c. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + b. ShareAlike. + + In addition to the conditions in Section 3(a), if You Share + Adapted Material You produce, the following conditions also apply. + + 1. The Adapter's License You apply must be a Creative Commons + license with the same License Elements, this version or + later, or a BY-SA Compatible License. + + 2. You must include the text of, or the URI or hyperlink to, the + Adapter's License You apply. You may satisfy this condition + in any reasonable manner based on the medium, means, and + context in which You Share Adapted Material. + + 3. You may not offer or impose any additional or different terms + or conditions on, or apply any Effective Technological + Measures to, Adapted Material that restrict exercise of the + rights granted under the Adapter's License You apply. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material, + + including for purposes of Section 3(b); and + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public licenses. +Notwithstanding, Creative Commons may elect to apply one of its public +licenses to material it publishes and in those instances will be +considered the "Licensor." Except for the limited purpose of indicating +that material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the public +licenses. + +Creative Commons may be contacted at creativecommons.org. + diff --git a/www/contrib.md b/www/contrib.md @@ -0,0 +1,134 @@ +--- +title: Contributors +... + + +If we forgot to mention you here, let us know and we'll add you. (or if +you don't want to be mentioned, let us know and we'll remove your +entry) + +Leah Rowe +--------- + +Leah is also responsible for [vimuser.org](https://vimuser.org/) +(personal website) and [transit.org.uk](https://transit.org.uk/) +(support group for transgender people). + +Timothy Pearson +--------------- + +Ported the ASUS KGPE-D16 board to coreboot for the company Raptor +Engineering of which Timothy is the CEO, and collaborated with Leah on +merging it in libreboot. Timothy maintains this code in coreboot, +helping Leah with the libreboot integration for it. This person's +contact details are on the raptor site, or you can ping **tpearson** on +the freenode IRC network. + +Paul Kocialkowski +----------------- + +Ported the ARM (Rockchip RK3288 SoC) based *Chromebook* laptops to +libreboot. Also one of the main [Replicant](http://www.replicant.us/) +developers. Contact Paul on the libreboot IRC channel by the alias +**paulk** or **paulk-&lt;hostname&gt;** (hostname is variable). + +Damien Zammit +------------- + +Maintains the Gigabyte GA-G41M-ES2L coreboot port, which is integrated +in libreboot. Also works on other hardware for the benefit of the +libreboot project. Contact **damo22** on the freenode IRC network. This +persons website is [zammit.org](http://www.zammit.org/). + +Patrick "P. J." McDermott +--------------------------- + +Patrick also did a lot of research and wrote the libreboot FAQ section +relating to the [Intel Management Engine](../faq.md#intelme), in addition +to making several improvements to the build system in libreboot. + +Steve Shenton +------------- + +Ported the ThinkPad X200 to libreboot, by figuring out how to deactive +the Intel Management Engine on that laptop, and remove the firmware +while still making the system boot correctly. The ThinkPad T400, T500, +R400 and R500 were also ported to libreboot, based on this work. + +Denis Carikli +------------- + +Based on the work done by Peter Stuge, Vladimir Serbineko and others in +the coreboot project, got native graphics initialization to work on the +ThinkPad X60, allowing it to be supported in libreboot. Denis gave Leah +a lot of advice and helped her to found the libreboot project. Contact +**GNUtoo-irssi** in the \#libreboot IRC channel. Denis is also one of +the founders of the [Replicant](http://replicant.us/) project. + +Vladimir Serbinenko +------------------- + +Ported many of the thinkpads supported in libreboot, to coreboot, and +made many fixes in coreboot which benefited the libreboot project. +Contact **phcoder** in the \#coreboot IRC channel on freenode. + +Paul Menzel +----------- + +Investigated and fixed a bug in coreboot on the ThinkPad X60/T60 exposed +by Linux kernel 3.12 and up, which caused 3D acceleration to stop +working and video generally to become unstable. Paul worked with Leah on +this, sending her patches to test periodically until the bug was fixed +in coreboot, and then helped her integrate the fix in libreboot. Contact +**PaulePanter** in the \#libreboot IRC channel. + +Alyssa Rosenzweig +----------------- + +Switched the website to use markdown in lieu of handwritten HTML and custom +PHP. Additionally assisted with [booting +Linux](https://blog.rosenzweig.io/blobless-linux-on-the-pi.md) on the Raspberry +Pi without blobs. + +Jeroen Quint +------------ + +Contributed several fixes to the libreboot documentation, relating to +installing Parabola with full disk encryption on libreboot systems. +Contact **Jezza** in the \#libreboot IRC channel. + +Arthur Heymans +-------------- + +Merged a patch from coreboot into libreboot, enabling C3 and C4 power +states to work correctly on GM45 laptops. This was a long-standing issue +before Athur's contribution. Arthur also fixed VRAM size on i945 on +GM45 systems, allowing maximum VRAM allocation for the onboard GPUs on +these systems, another longstanding issue in libreboot. Contact **apvh** +in the \#libreboot IRC channel. + +Peter Stuge +----------- + +Helped Leah write the section about DMA on +[../faq/\#firmware-hddssd](../faq/#firmware-hddssd), and provided +general advice in early days of the project. Contact **CareBear\\** in +the \#coreboot IRC channel on freenode. + +Klemens Nanni +------------- + +Made many fixes and improvements to the GRUB configuration used in +libreboot, and several tweaks to the build system. Contact **kl3** in +the \#libreboot IRC channel. + +Marcus Moeller +-------------- + +Made the libreboot logo. + +Swift Geek +---------- + +Contributed a patch for ich9gen to generate 16MiB descriptors. Contact +**swiftgeek** in the IRC channel. diff --git a/www/donate.md b/www/donate.md @@ -0,0 +1,13 @@ +--- +title: Donate +... + +The project is funded by [Minifree Ltd](https://minifree.org/) sales of +libreboot-preinstalled systems (laptops, desktops, servers, etc). [Leah +Rowe](contrib.md) runs both Minifree and the Libreboot project. + +There are also some libreboot stickers and systems with libreboot +preinstalled that you can purchase, linked to from the [suppliers +page](suppliers.md), which can further support the libreboot project. + + diff --git a/www/download.md b/www/download.md @@ -0,0 +1,90 @@ +--- +title: Download +... + +*The latest stable release is 20160907, released on 2016-09-07 and can +be found at [\#https](#https).* + +If you're more interested in libreboot development, go to the +[libreboot development page](../git/), which also includes links to the +Git repositories. Visit [../tasks/](../tasks/) for tasks currently on +the TODO list. + +GPG signing key +--------------- + +See [here](gpg/). + +Do you have a mirror? +--------------------- + +Let us know! We will add it here. Instructions for how to mirror +libreboot releases can be found [here](rsync.md). + +HTTPS mirrors {#https} +------------- + +These mirrors are recommended, since they use TLS (https://) encryption. + +<https://mirrors.peers.community/mirrors/libreboot/> (Peers Community +Project, USA) + +<https://www.mirrorservice.org/sites/libreboot.org/release/> (University +of Kent, UK) + +<https://mirror.math.princeton.edu/pub/libreboot/> (Princeton +university, USA) + +<https://mirrors.cicku.me/libreboot/> (CICKU FOSS Mirror Service, +Germany) + +<https://vimuser.org/libreboot/> (vimuser.org, Netherlands) + +<https://ginette.swordarmor.fr/libreboot/> (swordarmor.fr, France) + +<https://mirror.se.partyvan.eu/pub/libreboot/> (partyvan.eu, Sweden) + +<https://elgrande74.net/libreboot/> (elgrande74.net, France) + +<https://nedson.net/libreboot> (nedson.net, USA) + +HTTP mirrors {#http} +------------ + +WARNING: these mirrors are non-HTTPS which means that they are +unencrypted. Your traffic could be subject to interference by +adversaries. Make especially sure to check the GPG signatures, assuming +that you have the right key. Of course, you should do this anyway, even +if using HTTPS. + +<http://mirrors.mit.edu/libreboot/> (MIT university, USA) + +<http://tpvj6abq225m5pcf.onion/pub/libreboot/> (Tor hidden server, +Undisclosed location) + +<http://mirror.linux.ro/libreboot/> (linux.ro, Romania) + +<http://mirror.helium.in-berlin.de/libreboot/> (in-berlin.de, Germany) + +<http://libreboot.mirror.si/> (mirror.si, Slovenia) + +FTP mirrors {#ftp} +----------- + +WARNING: FTP is also unencrypted, like HTTP. The same risks are present. + +<ftp://ftp.mirrorservice.org/sites/libreboot.org/release/> (University +of Kent, UK) + +<ftp://ftp.linux.ro/libreboot/> (linux.ro, Romania) + +<ftp://libreboot.mirror.si/libreboot> (mirror.si, Slovenia) + +Statically linked +------------------ + +Libreboot includes statically linked executables. If you need the +sources for those statically linked dependencies inside the executables, +then you can contact the libreboot project using the details on the home +page; source code will be provided. You can download this source code +from [here](https://libreboot.org/ccsource/). diff --git a/www/faq.md b/www/faq.md @@ -0,0 +1,1041 @@ +--- +title: Frequently Asked Questions +x-toc-enable: true +... + +Important issues +================ + +What version of libreboot do I have? +---------------------------------------------------------------- + +See [../docs/\#version](../docs/#version) + +The backlight is darker on the left side of the screen when lowering the brightness on my X200/T400/T500/R400 +--------------------------------------------------------------------------------------------------------------- + +We don't know how to detect the correct PWM value to use in +coreboot-libre, so we just use the default one in coreboot which has +this issue on some CCFL panels, but not LED panels. + +You can work around this in your distribution, by following the notes at +[../docs/misc/\#backlight%20control](../docs/misc/#backlight%20control). + +My computer thinks it's 1970-01-01 (GM45 laptops) +-------------------------------------------------- + +Use Libreboot 20160818 or higher. This was a bug in coreboot, fixed +upstream and merged in Libreboot 20160818. + +Alternatively, you can use kernel version 4.2 or older, if you wish to +use libreboot 20150518 or earlier. + +The ethernet doesn't work on my X200/T400/X60/T60 when I plug in it +------------------------------------------------------------------- + +This was observed on some systems using network-manager. This happens +both on the original BIOS and in libreboot. It's a quirk in the +hardware. On debian systems, a workaround is to restart the networking +service when you connect the ethernet cable: + + sudo service network-manager restart + +On Parabola, you can try: + + sudo systemctl restart network-manager + +(the service name might be different for you, depending on your +configuration) + +My KCMA-D8 or KGPE-D16 doesn't boot with the PIKE2008 module installed +----------------------------------------------------------------------- + +Libreboot 20160818, 20160902 and 20160907 all have a bug: in SeaBIOS, +PCI options ROMs are loaded when available, by default. This is not +technically a problem, because an option ROM can be free or non-free. In +practise, though, they are usually non-free. + +Loading the option ROM from the PIKE2008 module on either ASUS KCMA-D8 +or KGPE-D16 causes the system to hang at boot. It's possible to use +this in the payload (if you use a linux kernel payload, or petitboot), +or to boot (with SeaGRUB and/or SeaBIOS) from regular SATA and then use +it in GNU+Linux. The Linux kernel is capable of using the PIKE2008 +module without loading the option ROM. + +Libreboot-unstable (or git) now disables loading PCI option ROMs, but +previous releases with SeaGRUB (20160818-20160907) do not. You can work +around this by running the following command: + + ./cbfstool yourrom.rom add-int -i 0 -n etc/pci-optionrom-exec + +You can find *cbfstool* in the \_util archive with the libreboot release +that you are using. + +Hardware compatibility +====================== + +What systems are compatible with libreboot? +----------------------------------------------------------------------------------- + +See [../docs/hcl/](docs/hcl/). + +Several supported systems are also available with libreboot +preinstalled. Check the [suppliers](suppliers.md) page for more +information. + +Will the Purism Librem laptops be supported? +---------------------------------------------------------------------- + +Probably not. There are several privacy, security and freedom issues +with these laptops, due to the Intel chipsets that they use. See + +replaced (e.g. [Intel Management Engine](#intelme) and [CPU microcode +updates](#microcode)). It uses the proprietary [Intel FSP](#fsp) blob +for the entire hardware initialization, which Intel [won't +provide](#intel-is-uncooperative) the source code for. The Video BIOS +(initialization firmware for the graphics hardware) is also proprietary. +The libreboot project recommends avoiding this hardware entirely. + +It will likely take many years to replace even one of these blobs, let +alone all of them. Some of them (ME firmware and microcode) can't even +be replaced, which immediately disqualifies these laptops from being +added to libreboot. Google engineers have tried for many years to get +source code from Intel, and to reverse engineer the blobs that Intel +provides. So far, they have been unsuccessful. Google is also one of the +companies that funds the coreboot project, and they hire a lot of the +core developers, so it's not like they don't have vast resources at +their disposal. Smaller companies have no chance. + +The librem does have coreboot support, but it's pretty meaningless +(it's shimboot, which means that coreboot is just incorporating blobs. +It's not real coreboot support, but rather, what is shamelessly passed +off as coreboot support these days, where binary blobs for **the +entire** hardware initialization is considered acceptable in the +coreboot project). It should be noted, that the coreboot port for librem +was done by a lone Google software developer (Duncan Laurie), not +Purism, working independently. Purism had nothing to do with the port. + +Why is the latest Intel hardware unsupported in libreboot? {#intel} +----------------------------------------------------------- + +It is extremely unlikely that any post-2008 Intel hardware will ever be +supported in libreboot, due to severe security and freedom issues; so +severe, that *the libreboot project recommends avoiding all modern Intel +hardware. If you have an Intel based system affected by the problems +described below, then you should get rid of it as soon as possible*. The +main issues are as follows: + +### Intel Management Engine (ME) {#intelme} + +Introduced in June 2006 in Intel's 965 Express Chipset Family of +(Graphics and) Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O +Controller Family, the Intel Management Engine (ME) is a separate +computing environment physically located in the (G)MCH chip. In Q3 2009, +the first generation of Intel Core i3/i5/i7 (Nehalem) CPUs and the 5 +Series Chipset family of Platform Controller Hubs, or PCHs, brought a +more tightly integrated ME (now at version 6.0) inside the PCH chip, +which itself replaced the ICH. Thus, the ME is ***present on all Intel +desktop, mobile (laptop), and server systems since mid 2006***. + +The ME consists of an ARC processor core (replaced with other processor +cores in later generations of the ME), code and data caches, a timer, +and a secure internal bus to which additional devices are connected, +including a cryptography engine, internal ROM and RAM, memory +controllers, and a ***direct memory access (DMA) engine*** to access the +host operating system's memory as well as to reserve a region of +protected external memory to supplement the ME's limited internal RAM. +The ME also has ***network access*** with its own MAC address through an +Intel Gigabit Ethernet Controller. Its boot program, stored on the +internal ROM, loads a firmware "manifest" from the PC's SPI flash +chip. This manifest is ***signed with a strong cryptographic key***, +which differs between versions of the ME firmware. If the manifest +isn't signed by a specific Intel key, the boot ROM won't load and +execute the firmware and the ME processor core will be halted. + +The ME firmware is compressed and consists of modules that are listed in +the manifest along with secure cryptographic hashes of their contents. +One module is the operating system kernel, which is based on a +***proprietary real-time operating system (RTOS) kernel*** called +"ThreadX". The developer, Express Logic, sells licenses and source +code for ThreadX. Customers such as Intel are forbidden from disclosing +or sublicensing the ThreadX source code. Another module is the Dynamic +Application Loader (DAL), which consists of a ***Java virtual machine*** +and set of preinstalled Java classes for cryptography, secure storage, +etc. The DAL module can load and execute additional ME modules from the +PC's HDD or SSD. The ME firmware also includes a number of native +application modules within its flash memory space, including Intel +Active Management Technology (AMT), an implementation of a Trusted +Platform Module (TPM), Intel Boot Guard, and audio and video DRM +systems. + +The Active Management Technology (AMT) application, part of the Intel +"vPro" brand, is a Web server and application code that enables remote +users to power on, power off, view information about, and otherwise +manage the PC. It can be ***used remotely even while the PC is powered +off*** (via Wake-on-Lan). Traffic is encrypted using SSL/TLS libraries, +but recall that all of the major SSL/TLS implementations have had highly +publicized vulnerabilities. The AMT application itself has ***[known +vulnerabilities](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits)***, +which have been exploited to develop rootkits and keyloggers and +covertly gain encrypted access to the management features of a PC. +Remember that the ME has full access to the PC's RAM. This means that +an attacker exploiting any of these vulnerabilities may gain access to +everything on the PC as it runs: all open files, all running +applications, all keys pressed, and more. + +[Intel Boot Guard](https://mjg59.dreamwidth.org/33981.html) is an ME +application introduced in Q2 2013 with ME firmware version 9.0 on 4th +Generation Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to +generate an asymmetric cryptographic keypair, install the public key in +the CPU, and prevent the CPU from executing boot firmware that isn't +signed with their private key. This means that ***coreboot and libreboot +are impossible to port*** to such PCs, without the OEM's private +signing key. Note that systems assembled from separately purchased +mainboard and CPU parts are unaffected, since the vendor of the +mainboard (on which the boot firmware is stored) can't possibly affect +the public key stored on the CPU. + +ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) +include an ME application for ***audio and video +[DRM](https://defectivebydesign.org/what_is_drm_digital_restrictions_management)*** +called "Protected Audio Video Path" (PAVP). The ME receives from the +host operating system an encrypted media stream and encrypted key, +decrypts the key, and sends the encrypted media decrypted key to the +GPU, which then decrypts the media. PAVP is also used by another ME +application to draw an authentication PIN pad directly onto the screen. +In this usage, the PAVP application directly controls the graphics that +appear on the PC's screen in a way that the host OS cannot detect. ME +firmware version 7.0 on PCHs with 2nd Generation Intel Core i3/i5/i7 +(Sandy Bridge) CPUs replaces PAVP with a similar DRM application called +"Intel Insider". Like the AMT application, these DRM applications, +which in themselves are defective by design, demonstrate the omnipotent +capabilities of the ME: this hardware and its proprietary firmware can +access and control everything that is in RAM and even ***everything that +is shown on the screen***. + +The Intel Management Engine with its proprietary firmware has complete +access to and control over the PC: it can power on or shut down the PC, +read all open files, examine all running applications, track all keys +pressed and mouse movements, and even capture or display images on the +screen. And it has a network interface that is demonstrably insecure, +which can allow an attacker on the network to inject rootkits that +completely compromise the PC and can report to the attacker all +activities performed on the PC. It is a threat to freedom, security, and +privacy that can't be ignored. + +Before version 6.0 (that is, on systems from 2008/2009 and earlier), the +ME can be disabled by setting a couple of values in the SPI flash +memory. The ME firmware can then be removed entirely from the flash +memory space. libreboot [does this](../docs/hcl/gm45_remove_me.html) on +the Intel 4 Series systems that it supports, such as the [Libreboot +X200](../docs/install/x200_external.html) and [Libreboot +T400](../docs/install/t400_external.html). ME firmware versions 6.0 and +later, which are found on all systems with an Intel Core i3/i5/i7 CPU +and a PCH, include "ME Ignition" firmware that performs some hardware +initialization and power management. If the ME's boot ROM does not find +in the SPI flash memory an ME firmware manifest with a valid Intel +signature, the whole PC will shut down after 30 minutes. + +Due to the signature verification, developing free replacement firmware +for the ME is basically impossible. The only entity capable of replacing +the ME firmware is Intel. As previously stated, the ME firmware includes +proprietary code licensed from third parties, so Intel couldn't release +the source code even if they wanted to. And even if they developed +completely new ME firmware without third-party proprietary code and +released its source code, the ME's boot ROM would reject any modified +firmware that isn't signed by Intel. Thus, the ME firmware is both +hopelessly proprietary and "tivoized". + +**In summary, the Intel Management Engine and its applications are a +backdoor with total access to and control over the rest of the PC. The +ME is a threat to freedom, security, and privacy, and the libreboot +project strongly recommends avoiding it entirely. Since recent versions +of it can't be removed, this means avoiding all recent generations of +Intel hardware.** + +More information about the Management Engine can be found on various Web +sites, including [me.bios.io](http://me.bios.io/Main_Page), +[unhuffme](http://io.netgarage.org/me/), [coreboot +wiki](http://www.coreboot.org/Intel_Management_Engine), and +[Wikipedia](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology). +The book ***[Platform Embedded Security Technology +Revealed](https://www.apress.com/9781430265719)*** describes in great +detail the ME's hardware architecture and firmware application modules. + +If you're stuck with the ME (non-libreboot system), you might find this +interesting: +<http://hardenedlinux.org/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html> + +Also see (effort to disable the ME): +<https://www.coreboot.org/pipermail/coreboot/2016-November/082331.html> +- look at the whole thread + +### Firmware Support Package (FSP) {#fsp} + +On all recent Intel systems, coreboot support has revolved around +integrating a blob (for each system) called the *FSP* (firmware support +package), which handles all of the hardware initialization, including +memory and CPU initialization. Reverse engineering and replacing this +blob is almost impossible, due to how complex it is. Even for the most +skilled developer, it would take years to replace. Intel distributes +this blob to firmware developers, without source. + +Since the FSP is responsible for the early hardware initialization, that +means it also handles SMM (System Management Mode). This is a special +mode that operates below the operating system level. **It's possible +that rootkits could be implemented there, which could perform a number +of attacks on the user (the list is endless). Any Intel system that has +the proprietary FSP blob cannot be trusted at all.** In fact, several +SMM rootkits have been demonstrated in the wild (use a search engine to +find them). + +### CPU microcode updates {#microcode} + +All modern x86 CPUs (from Intel and AMD) use what is called *microcode*. +CPUs are extremely complex, and difficult to get right, so the circuitry +is designed in a very generic way, where only basic instructions are +handled in hardware. Most of the instruction set is implemented using +microcode, which is low-level software running inside the CPU that can +specify how the circuitry is to be used, for each instruction. The +built-in microcode is part of the hardware, and read-only. Both the +circuitry and the microcode can have bugs, which could cause reliability +issues. + +Microcode *updates* are proprietary blobs, uploaded to the CPU at boot +time, which patches the built-in microcode and disables buggy parts of +the CPU to improve reliability. In the past, these updates were handled +by the operating system kernel, but on all recent systems it is the boot +firmware that must perform this task. Coreboot does distribute microcode +updates for Intel and AMD CPUs, but libreboot cannot, because the whole +point of libreboot is to be 100% [free +software](https://en.wikipedia.org/wiki/Free_software). + +On some older Intel CPUs, it is possible to exclude the microcode +updates and not have any reliability issues in practise. All current +libreboot systems work without microcode updates (otherwise, they +wouldn't be supported in libreboot). However, all modern Intel CPUs +require the microcode updates, otherwise the system will not boot at +all, or it will be extremely unstable (memory corruption, for example). + +Intel CPU microcode updates are *signed*, which means that you could not +even run a modified version, even if you had the source code. If you try +to upload your own modified updates, the CPU will reject them. + +The microcode updates alter the way instructions behave on the CPU. That +means they affect the way the CPU works, in a very fundamental way. That +makes it software. The updates are proprietary, and are software, so we +exclude them from libreboot. The microcode built into the CPU already is +not so much of an issue, since we can't change it anyway (it's +read-only). + +### Intel is uncooperative + +For years, coreboot has been struggling against Intel. Intel has been +shown to be extremely uncooperative in general. Many coreboot +developers, and companies, have tried to get Intel to cooperate; namely, +releasing source code for the firmware components. Even Google, which +sells millions of *chromebooks* (coreboot preinstalled) have been unable +to persuade them. + +Even when Intel does cooperate, they still don't provide source code. +They might provide limited information (datasheets) under strict +corporate NDA (non-disclosure agreement), but even that is not +guaranteed. Even ODMs and IBVs can't get source code from Intel, in +most cases (they will just integrate the blobs that Intel provides). + +Recent Intel graphics chipsets also [require firmware +blobs](https://01.org/linuxgraphics/intel-linux-graphics-firmwares?langredirect=1). + +Intel is [only going to get +worse](https://www.phoronix.com/scan.php?page=news_item&px=Intel-Gfx-GuC-SLPC) +when it comes to user freedom. Libreboot has no support recent Intel +platforms, precisely because of the problems described above. The only +way to solve this is to get Intel to change their policies and to be +more friendly to the [free +software](https://en.wikipedia.org/wiki/Free_software) community. +Reverse engineering won't solve anything long-term, unfortunately, but +we need to keep doing it anyway. Moving forward, Intel hardware is a +non-option unless a radical change happens within Intel. + +**Basically, all Intel hardware from year 2010 and beyond will never be +supported by libreboot. The libreboot project is actively ignoring all +modern Intel hardware at this point, and focusing on alternative +platforms.** + +Why is the latest AMD hardware unsupported in libreboot? {#amd} +---------------------------------------------------------------------------- + +It is extremely unlikely that any post-2013 AMD hardware will ever be +supported in libreboot, due to severe security and freedom issues; so +severe, that *the libreboot project recommends avoiding all modern AMD +hardware. If you have an AMD based system affected by the problems +described below, then you should get rid of it as soon as possible*. The +main issues are as follows: + +[We call on AMD to release source code and specs for the new AMD Ryzen +platforms! We call on the community to put pressure on AMD. Click here +to read more](amd-libre.md) + +### AMD Platform Security Processor (PSP) + +This is basically AMD's own version of the [Intel Management +Engine](#intelme). It has all of the same basic security and freedom +issues, although the implementation is wildly different. + +The Platform Security Processor (PSP) is built in on all Family 16h + +systems (basically anything post-2013), and controls the main x86 core +startup. PSP firmware is cryptographically signed with a strong key +similar to the Intel ME. If the PSP firmware is not present, or if the +AMD signing key is not present, the x86 cores will not be released from +reset, rendering the system inoperable. + +The PSP is an ARM core with TrustZone technology, built onto the main +CPU die. As such, it has the ability to hide its own program code, +scratch RAM, and any data it may have taken and stored from the +lesser-privileged x86 system RAM (kernel encryption keys, login data, +browsing history, keystrokes, who knows!). To make matters worse, the +PSP theoretically has access to the entire system memory space (AMD +either will not or cannot deny this, and it would seem to be required to +allow the DRM "features" to work as intended), which means that it has +at minimum MMIO-based access to the network controllers and any other +PCI/PCIe peripherals installed on the system. + +In theory any malicious entity with access to the AMD signing key would +be able to install persistent malware that could not be eradicated +without an external flasher and a known good PSP image. Furthermore, +multiple security vulnerabilities have been demonstrated in AMD firmware +in the past, and there is every reason to assume one or more zero day +vulnerabilities are lurking in the PSP firmware. Given the extreme +privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities +would have the ability to remotely monitor and control any PSP enabled +machine completely outside of the user's knowledge. + +Much like with the Intel Boot Guard (an application of the Intel +Management Engine), AMD's PSP can also act as a tyrant by checking +signatures on any boot firmware that you flash, making replacement boot +firmware (e.g. libreboot, coreboot) impossible on some boards. Early +anecdotal reports indicate that AMD's boot guard counterpart will be +used on most OEM hardware, disabled only on so-called "enthusiast" +CPUs. + +### AMD IMC firmware + +Read <https://www.coreboot.org/AMD_IMC>. + +### AMD SMU firmware + +Handles some power management for PCIe devices (without this, your +laptop will not work properly) and several other power management +related features. + +The firmware is signed, although on older AMD hardware it is a symmetric +key, which means that with access to the key (if leaked) you could sign +your own modified version and run it. Rudolf Marek (coreboot hacker) +found out how to extract this key [in this video +demonstration](https://media.ccc.de/v/31c3_-_6103_-_en_-_saal_2_-_201412272145_-_amd_x86_smu_firmware_analysis_-_rudolf_marek), +and based on this work, Damien Zammit (another coreboot hacker) +[partially replaced it](https://github.com/zamaudio/smutool/) with free +firmware, but on the relevant system (ASUS F2A85-M) there were still +other blobs present (Video BIOS, and others) preventing the hardware +from being supported in libreboot. + +### AMD AGESA firmware + +This is responsible for virtually all core hardware initialization on +modern AMD systems. In 2011, AMD started cooperating with the coreboot +project, releasing this as source code under a free license. In 2014, +they stopped releasing source code and started releasing AGESA as binary +blobs instead. This makes AGESA now equivalent to [Intel FSP](#fsp). + +### AMD CPU microcode updates + +Read the Intel section +practically the same, though it was found with much later hardware in +AMD that you could run without microcode updates. It's unknown whether +the updates are needed on all AMD boards (depends on CPU). + +### AMD is incompetent (and uncooperative) + +AMD seemed like it was on the right track in 2011 when it started +cooperating with and releasing source code for several critical +components to the coreboot project. It was not to be. For so-called +economic reasons, they decided that it was not worth the time to invest +in the coreboot project anymore. + +For a company to go from being so good, to so bad, in just 3 years, +shows that something is seriously wrong with AMD. Like Intel, they do +not deserve your money. + +Given the current state of Intel hardware with the Management Engine, it +is our opinion that all performant x86 hardware newer than the AMD +Family 15h CPUs (on AMD's side) or anything post-2009 on Intel's side +is defective by design and cannot safely be used to store, transmit, or +process sensitive data. Sensitive data is any data in which a data +breach would cause significant economic harm to the entity which created +or was responsible for storing said data, so this would include banks, +credit card companies, or retailers (customer account records), in +addition to the "usual" engineering and software development firms. +This also affects whistleblowers, or anyone who needs actual privacy and +security. + +What *can* I use, then? {#whatcaniuse} +------------------------- + +Libreboot has support for fam15h AMD hardware (~2012 gen) and some +older Intel platforms (~2006-2009 gen). We also have support for some +ARM chipsets (rk3288). On the Intel side, we're also interested in some +of the chipsets that use Atom CPUs (rebranded from older chipsets, +mostly using ich7-based southbridges). + +Will libreboot work on a ThinkPad T400 or T500 with an ATI GPU? +--------------------------------------------------------------------------------------------------- + +Short answer: yes. These laptops also have an Intel GPU inside, which +libreboot uses. The ATI GPU is ignored by libreboot. + +These laptops use what is called *switchable graphics*, where it will +have both an Intel and ATI GPU. Coreboot will allow you to set (using +nvramtool) a parameter, specifying whether you would like to use Intel +or ATI. The ATI GPU lacks free native graphics initialization in +coreboot, unlike the Intel GPU. + +Libreboot modifies coreboot, in such a way where this nvramtool setting +is ignored. Libreboot will just assume that you want to use the Intel +GPU. Therefore, the ATI GPU is completely disabled on these laptops. +Intel is used instead, with the free native graphics initialization +(VBIOS replacement) that exists in coreboot. + +Will the latest ThinkPad models be supported? +----------------------------------------------------------------------------- + +The latest ThinkPad generation supported in libreboot are the ones using the +GM45 (ICH9) chipsets, such as the ThinkPad X200 or T400. ThinkPads newer than +this generation will probably never be supported in libreboot, due to the fact +that there are signed blobs that cannot be removed or replaced (e.g. Intel +Management Engine]. Newer laptops are starting to +[use](https://www.phoronix.com/scan.php?page=news_item&px=Intel-Boot-Guard-Kills-Coreboot) +the [Intel Boot Guard](https://mjg59.dreamwidth.org/33981.html), which +specifically blocks the use of firmware that has not been signed by the OEM. + +Coreboot does have support for some more recent Lenovo laptops, but libreboot +cannot support most of these. + +Will desktop/server hardware be supported? +------------------------------------------------------------------------ + +Libreboot now supports desktop hardware: +[../docs/hcl/\#supported\_desktops\_x86amdintel](../docs/hcl/#supported_desktops_x86/intel) +(with full native video initialization). + +A common issue with desktop hardware is the Video BIOS, when no onboard +video is present, since every video card has a different Video BIOS. +Onboard GPUs also require one, so those still have to be replaced with +free software (non-trivial task). Libreboot has to initialize the +graphics chipset, but most graphics cards lack a free Video BIOS for +this purpose. Some desktop motherboards supported in coreboot do have +onboard graphics chipsets, but these also require a proprietary Video +BIOS, in most cases. + +Hi, I have &lt;insert random system here&gt;, is it supported? +-------------------------------------------------------------------------------------------------------- + +Most likely not. First, you must consult coreboot's own hardware +compatibility list at <http://www.coreboot.org/Supported_Motherboards> +and, if it is supported, check whether it can run without any +proprietary blobs in the ROM image. If it can: wonderful! Libreboot can +support it, and you can add support for it. If not, then you will need +to figure out how to reverse engineer and replace (or remove) those +blobs that do still exist, in such a way where the system is still +usable in some defined way. + +For those systems where no coreboot support exists, you must first port +it to coreboot and, if it can then run without any blobs in the ROM +image, it can be added to libreboot. See: [Motherboard Porting +Guide](http://www.coreboot.org/Motherboard_Porting_Guide) (this is just +the tip of the iceberg!) + +Please note that board development should be done upstream (in coreboot) +and merged downstream (into libreboot). This is the correct way to do +it, and it is how the libreboot project is coordinated so as to avoid +too much forking of the coreboot source code. + +What about ARM? +----------------------------------- + +Libreboot has support for some ARM based laptops, using the *Rockchip +RK3288* SoC. Check the libreboot [hardware compatibility +list](../docs/hcl/#supported_list), for more information. + +General questions +================= + +How do I install libreboot? +------------------------------------------------------- + +See [../docs/install/](docs/install/) + +How do I program an SPI flash chip with the BeagleBone Black? +--------------------------------------------------------------------------------- + +See [../docs/install/bbb\_setup.html](../docs/install/bbb_setup.html). + +How do I program an SPI flash chip with the Raspberry Pi? +----------------------------------------------------------------------------- + +See [../docs/install/rpi\_setup.html](../docs/install/rpi_setup.html). + +How do I set a boot password? +------------------------------------------------------------------- + +If you are using the GRUB payload, you can add a username and password +(salted, hashed) to your GRUB configuration that resides inside the +flash chip. The following guides (which also cover full disk encryption, +including the /boot/ directory) show how to set a boot password in GRUB: +[../docs/gnulinux/encrypted\_debian.html](../docs/gnulinux/encrypted_debian.html) +and +[../docs/gnulinux/encrypted\_parabola.html](../docs/gnulinux/encrypted_parabola.html) + +How do I write-protect the flash chip? +---------------------------------------------------------------------------- + +By default, there is no write-protection on a libreboot system. This is +for usability reasons, because most people do not have easy access to an +external programmer for re-flashing their firmware, or they find it +inconvenient to use an external programmer. + +On some systems, it is possible to write-protect the firmware, such that +it is rendered read-only at the OS level (external flashing is still +possible, using dedicated hardware). For example, on current GM45 +laptops (e.g. ThinkPad X200, T400), you can write-protect (see +[../docs/hcl/gm45\_remove\_me.html\#ich9gen](../docs/hcl/gm45_remove_me.html#ich9gen)). +Depending on your flash chip, you can also write-protect the i945 +laptops, such as the ThinkPad X60 or T60 (see +[../docs/hardware/x60\_security.html](../docs/hardware/x60_security.html)) +and +[../docs/hardware/t60\_security.html](../docs/hardware/t60_security.html) +for links to a video explaining it). + +It's possible to write-protect on all libreboot systems, but the +instructions need to be written. The documentation is in the main git +repository, so you are welcome to submit patches adding these +instructions. + +How do I change the BIOS settings? +------------------------------------------------------------------------ + +Libreboot actually uses the [GRUB +payload](http://www.coreboot.org/GRUB2). More information about payloads +can be found at +[coreboot.org/Payloads](http://www.coreboot.org/Payloads). + +Libreboot inherits the modular payload concept from coreboot, which +means that pre-OS bare-metal *BIOS setup* programs are not very +practical. Coreboot (and libreboot) does include a utility called +*nvramtool*, which can be used to change some settings. You can find +nvramtool under *coreboot/util/nvramtool/*, in the libreboot source +archives. + +The *-a* option in nvramtool will list the available options, and *-w* +can be used to change them. Consult the nvramtool documentation on the +coreboot wiki for more information. + +In practise, you don't need to change any of those settings, in most +cases. + +Libreboot locks the CMOS table, to ensure consistent functionality for +all users. You can use: + + nvramtool -C yourrom.rom -w somesetting=somevalue + +This will change the default inside that ROM image, and then you can +re-flash it. + +Do I need to install a bootloader when installing a distribution? +--------------------------------------------------------------------------------------------------- + +Libreboot integrates the GRUB bootloader already, as a +*[payload](http://www.coreboot.org/Payloads)*. This means that the GRUB +bootloader is actually *flashed*, as part of the boot firmware +(libreboot). This means that you do not have to install a boot loader on +the HDD or SSD, when installing a new distribution. You'll be able to +boot just fine, using the bootloader (GRUB) that is in the flash chip. + +This also means that even if you remove the HDD or SSD, you'll still +have a functioning bootloader installed which could be used to boot a +live distribution installer from a USB flash drive. See +[\.../docs/gnulinux/grub\_boot\_installer.html](../docs/gnulinux/grub_boot_installer.html) + +Do I need to re-flash when I re-install a distribution? +------------------------------------------------------------------------------------------- + +Not anymore. Recent versions of libreboot (using the GRUB payload) will +automatically switch to a GRUB configuration on the HDD or SSD, if it +exists. You can also load a different GRUB configuration, from any kind +of device that is supported in GRUB (such as a USB flash drive). For +more information, see +[../docs/gnulinux/grub\_cbfs.html](../docs/gnulinux/grub_cbfs.html) + +What does a flash chip look like? +----------------------------------------------------------------- + +SOIC-8 SPI flash chip: + +![SOIT-8 SPI flash chip](images/soic8.jpg) + +SOIC-16 SPI flash chip: + +![SOIT-8 SPI flash chip](images/soic16.jpg) + +Is this a GNU project anymore? +----------------------------------- + +No. We left GNU on 2016-09-15, in protest of transphobia at the FSF. + +See [here](gnu.md) for details. + +Freedom questions +================= + +Are external GPUs (e.g. PCI-E) OK? +------------------------------------------------------------------------ + +The Video BIOS is present on most video hardware. On all current +libreboot systems, this is implemented using free software. The Video +BIOS is responsible for initializing any sort of visual display; without +it, you'd have what's called a *headless* system. + +For integrated graphics, the VBIOS is usually embedded as an *option +ROM* in the main boot firmware. For external graphics, the VBIOS is +usually on the graphics card itself. This is usually proprietary; the +only difference is that SeaBIOS executes it (alternatively, you embed it +in a coreboot ROM image and have coreboot executes it, if you use a +different payload, such as GRUB). + +We're going to tentatively say no, they're not OK. Unless you're +actively working to replace the VBIOS, or find out how to get a visual +display without it (possible in some cases, if the kernel driver can be +modified to work without it, possibly only needing certain +non-executable data). + +What other firmware exists outside of libreboot? +---------------------------------------------------------------------------------------- + +The main freedom issue on any system, is the boot firmware (usually +referred to as a BIOS or UEFI). Libreboot replaces the boot firmware +with fully free code, but even with libreboot, there may still be other +hardware components in the system (e.g. laptop) that run their own +dedicated firmware, sometimes proprietary. These are on secondary +processors, where the firmware is usually read-only, written for very +specific tasks. While these are unrelated to libreboot, technically +speaking, it makes sense to document some of the issues here. + +Note that these issues are not unique to libreboot systems. They apply +universally, to most systems. The issues described below are the most +common (or otherwise critical). + +Dealing with these problems will most likely be handled by a separate +project. + +### EC (embedded controller) firmware + +Most (all?) laptops have this. The EC (embedded controller) is a small, +separate processor that basically processes inputs/outputs that are +specific to laptops. For example: + +- When you flick the radio on/off switch, the EC will enable/disable + the wireless devices (wifi, bluetooth, etc) and enable/disable an + LED that indicates whether it's turned on or not +- Listen to another chip that produces temperature readings, adjusting + fan speeds accordingly (or turning the fan(s) on/off). +- Takes certain inputs from the keyboard, e.g. brightness up/down, + volume up/down. +- Detect when the lid is closed or opened, and send a signal + indicating this. +- Etc. + +Alexander Couzens from coreboot (lynxis on coreboot IRC) is working on a +free EC firmware replacement for the ThinkPads that are supported in +libreboot. See: <https://github.com/lynxis/h8s-ec> (not ready yet). + +Most (all?) chromebooks have free EC firmware. Libreboot is currently +looking into supporting a few ARM-based chromebooks. + +EC is only present on laptops. On desktop/server boards it is absent +(not required). + +### HDD/SSD firmware + +HDDs and SSDs have firmware in them, intended to handle the internal +workings of the device while exposing a simple, standard interface (such +as AHCI/SATA) that the OS software can use, generically. This firmware +is transparent to the user of the drive. + +HDDs and SSDs are quite complex, and these days contain quite complex +hardware which is even capable of running an entire operating system (by +this, we mean that the drive itself is capable of running its own +embedded OS), even GNU+Linux or BusyBox/Linux. + +SSDs and HDDs are a special case, since they are persistent storage +devices as well as computers. + +Example attack that malicious firmware could do: substitute your SSH +keys, allowing unauthorized remote access by an unknown adversary. Or +maybe substitute your GPG keys. SATA drives can also have DMA (through +the controller), which means that they could read from system memory; +the drive can have its own hidden storage, theoretically, where it could +read your LUKS keys and store them unencrypted for future retrieval by +an adversary. + +With proper IOMMU and use of USB instead of SATA, it might be possible +to mitigate any DMA-related issues that could arise. + +Some proof of concepts have been demonstrated. For HDDs: +<https://spritesmods.com/?art=hddhack&page=1> For SSDs: +<http://www.bunniestudios.com/blog/?p=3554> + +Viable free replacement firmware is currently unknown to exist. For +SSDs, the +[OpenSSD](http://www.openssd-project.org/wiki/The_OpenSSD_Project) +project may be interesting. + +Apparently, SATA drives themselves don't have DMA but can make use of +it through the controller. This +<http://www.lttconn.com/res/lttconn/pdres/201005/20100521170123066.pdf> +(pages 388-414, 420-421, 427, 446-465, 492-522, 631-638) and this +<http://www.intel.co.uk/content/dam/www/public/us/en/documents/technical-specifications/serial-ata-ahci-spec-rev1_3.pdf> +(pages 59, 67, 94, 99). + +The following is based on discussion with Peter Stuge (CareBear\\) in +the coreboot IRC channel on Friday, 18 September 2015, when +investigating whether the SATA drive itself can make use of DMA. The +following is based on the datasheets linked above: + +According to those linked documents, FIS type 39h is *"DMA Activate FIS +- Device to Host"*. It mentions *"transfer of data from the host to +the device, and goes on to say: Upon receiving a DMA Activate, if the +host adapter's DMA controller has been programmed and armed, the host +adapter shall initiate the transmission of a Data FIS and shall transmit +in this FIS the data corresponding to the host memory regions indicated +by the DMA controller's context."* FIS is a protocol unit (Frame +Information Structure). Based on this, it seems that a drive can tell +the host controller that it would like for DMA to happen, but unless the +host software has already or will in the future set up this DMA transfer +then nothing happens. **A drive can also send DMA Setup**. If a DMA +Setup FIS is sent first, with the Auto-Activate bit set, then it is +already set up, and the drive can initiate DMA. The document goes on to +say *"Upon receiving a DMA Setup, the receiver of the FIS shall +validate the received DMA Setup request."* - in other words, the host +is supposed to validate; but maybe there's a bug there. The document +goes on to say *"The specific implementation of the buffer identifier +and buffer/address validation is not specified"* - so noone will +actually bother. *"the receiver of the FIS"* - in the case we're +considering, that's the host controller hardware in the chipset and/or +the kernel driver (most likely the kernel driver). All SATA devices have +flash-upgradeable firmware, which can usually be updated by running +software in your operating system; **malicious software running as root +could update this firmware, or the firmware could already be +malicious**. Your HDD or SSD is the perfect place for a malicious +adversary to install malware, because it's a persistent storage device +as well as a computer. + +Based on this, it's safe to say that use of USB instead of SATA is +advisable if security is a concern. USB 2.0 has plenty of bandwidth for +many HDDs (a few high-end ones can use more bandwidth than USB 2.0 is +capable of), but for SSDs it might be problematic (unless you're using +USB 3.0, which is not yet usable in freedom. See + + +Use of USB is also not an absolute guarantee of safety, so do beware. +The attack surface becomes much smaller, but a malicious drive could +still attempt a "fuzzing" attack (e.g. sending malformed USB +descriptors, which is how the tyrant DRM on the Playstation 3 was +broken, so that users could run their own operating system and run +unsigned code). (you're probably safe, unless there's a security flaw +in the USB library/driver that your OS uses. USB is generally considered +one of the safest protocols, precisely because USB devices have no DMA) + +Other links: + +- <http://motherboard.vice.com/read/the-nsas-undetectable-hard-drive-hack-was-first-demonstrated-a-year-ago> + +It is recommended that you use full disk encryption, on HDDs connected +via USB. There are several adapters available online, that allow you to +connect SATA HDDs via USB. Libreboot documents how to install several +distributions with full disk encryption. You can adapt these for use +with USB drives: + +- [Full disk encryption with + Debian](../docs/gnulinux/encrypted_debian.html) +- [Full disk encryption with + Parabola](../docs/gnulinux/encrypted_parabola.html) + +The current theory (unproven) is that this will at least prevent +malicious drives from wrongly manipulating data being read from or +written to the drive, since it can't access your LUKS key if it's only +ever in RAM, provided that the HDD doesn't have DMA (USB devices don't +have DMA). The worst that it could do in this case is destroy your data. +Of course, you should make sure never to put any keyfiles in the LUKS +header. **Take what this paragraph says with a pinch of salt. This is +still under discussion, and none of this is proven.** + +### NIC (ethernet controller) + +Ethernet NICs will typically run firmware inside, which is responsible +for initializing the device internally. Theoretically, it could be +configured to drop packets, or even modify them. + +With proper IOMMU, it might be possible to mitigate the DMA-related +issues. A USB NIC can also be used, which does not have DMA. + +### CPU microcode + +Implements an instruction set. See +description. Here we mean microcode built in to the CPU. We are not +talking about the updates supplied by the boot firmware (libreboot does +not include microcode updates, and only supports systems that will work +without it) Microcode can be very powerful. No proof that it's +malicious, but it could theoretically + +There isn't really a way to solve this, unless you use a CPU which does +not have microcode. (ARM CPUs don't, but most ARM systems require blobs +for the graphics hardware at present, and typically have other things +like soldered wifi which might require blobs) + +CPUs often on modern systems have a processor inside it for things like +power management. ARM for example, has lots of these. + +### Sound card + +Sound hardware (integrated or discrete) typically has firmware on it +(DSP) for processing input/output. Again, a USB DAC is a good +workaround. + +### Webcam + +Webcams have firmware integrated into them that process the image input +into the camera; adjusting focus, white balancing and so on. Can use USB +webcam hardware, to work around potential DMA issues; integrated webcams +(on laptops, for instance) are discouraged by the libreboot project. + +### USB host controller + +Doesn't really apply to current libreboot systems (none of them have +USB 3.0 at the moment), but USB 3.0 host controllers typically rely on +firmware to implement the XHCI specification. Some newer coreboot ports +also require this blob, if you want to use USB 3.0. + +This doesn't affect libreboot at the moment, because all current +systems that are supported only have older versions of USB available. +USB devices also don't have DMA (but the USB host controller itself +does). + +With proper IOMMU, it might be possible to mitigate the DMA-related +issues (with the host controller). + +### WWAN firmware + +Some laptops might have a simcard reader in them, with a card for +handling WWAN, connecting to a 3g/4g (e.g. GSM) network. This is the +same technology used in mobile phones, for remote network access (e.g. +internet). + +NOTE: not to be confused with wifi. Wifi is a different technology, and +entirely unrelated. + +The baseband processor inside the WWAN chip will have its own embedded +operating system, most likely proprietary. Use of this technology also +implies the same privacy issues as with mobile phones (remote tracking +by the GSM network, by triangulating the signal). + +On some laptops, these cards use USB (internally), so won't have DMA, +but it's still a massive freedom and privacy issue. If you have an +internal WWAN chip/card, the libreboot project recommends that you +disable and (ideally, if possible) physically remove the hardware. If +you absolutely must use this technology, an external USB dongle is much +better because it can be easily removed when you don't need it, thereby +disabling any external entities from tracking your location. + +Use of ethernet or wifi is recommended, as opposed to mobile networks, +as these are generally much safer. + +On all current libreboot laptops, it is possible to remove the WWAN card +and sim card if it exists. The WWAN card is next to the wifi card, and +the sim card (if installed) will be in a slot underneath the battery, or +next to the RAM. + +Operating Systems +================= + +Can I use GNU+Linux? +-------------------------------------------------- + +Absolutely! It is well-tested in libreboot, and highly recommended. See +[installing GNU+Linux](../docs/gnulinux/grub_boot_installer.html) and +[booting GNU+Linux](../docs/gnulinux/grub_cbfs.html). + +Any recent distribution should work, as long as it uses KMS (kernel mode +setting) for the graphics. + +We maintain a [list of distributions that we recommend to the +public](docs/distros/). + +Can I use BSD? +---------------------------------- + +For the most part, BSD systems remain untested in libreboot. BSD systems +contain binary blobs (non-free firmware and applications), so do beware. +**We need proper documentation for BSD in libreboot. Documentation is in +the git repository. [This page](git.md) shows how to send patches to +the libreboot project.** + +[This reddit +post](https://www.reddit.com/r/BSD/comments/53jt70/libreboot_and_bsds/) +has some basic information. + +<https://libreboot.org/lists/old/libreboot/html/lists.gnu.org/archive/html/libreboot/2016-09/msg00010.html> + +OpenBSD 5.9 or higher is believed to be compatible with video in X11 +(libertyBSD 5.9 or higher is also compatible). See +<https://libreboot.org/lists/old/libreboot/html/lists.gnu.org/archive/html/libreboot/2016-04/msg00010.html>. +Another user also reported success with OpenBSD: +<http://marc.info/?l=openbsd-misc&m=147492752806764&w=2>. **NOTE: +[Libreboot has openbsd instructions now!](../docs/bsd/openbsd.html). +Thanks go to Scott Bonds who submitted the initial documentation for it. +TODO: Test LibertyBSD (deblobbed OpenBSD version) and make that the main +recommended version of OpenBSD in the guide.** + +FreeBSD is believed to be compatible (text mode). We don't know if it +can work with a framebuffer, although at least one user did report that +FreeBSD supports kernel mode setting, so it might be possible. This +individual was able to boot FreeBSD in text mode, using libreboot +20160818: see +<https://libreboot.org/lists/old/libreboot/html/lists.gnu.org/archive/html/libreboot/2016-08/msg00052.html>. + +At least one user reported to us that NetBSD should work in libreboot +out of the box. + +We would like to merge instructions for installing and booting BSD on +libreboot systems. [Patches are welcome!](https://libreboot.org/git/) + +Can I use Windows? +---------------------------------------------- + +Windows is incompatible with libreboot, and will probably remain so. You +should not use Windows, because it is non-free and therefore bad for +freedom. It is also known to have several severe security and privacy +issues, both intentional and unintentional. It is known to contact +backdoors, in addition to other nasty anti-features like DRM. + +Windows incompatibility is a feature, not a bug. + +Incompatible Time Sharing System? +----------------------------------------------------- + +jxself asked this in the IRC channel. As far as we know, this won't +work in libreboot systems, or indeed any modern system. + +Are other operating systems compatible? +------------------------------------------------------------------- + +Unknown. Probably not. + diff --git a/www/git.md b/www/git.md @@ -0,0 +1,155 @@ +--- +title: Contributing +x-toc-enable: true +... + +Useful information, related to libreboot development, including links to +the Git repositories where development is done. Development discussion +is done on IRC and on the libreboot +[subreddit](https://www.reddit.com/r/libreboot/) + +How can I help the libreboot project? +-------------------------------------- + +**At any given time, here is a list of tasks if there are any, for the +next stable release of libreboot: [click here](tasks.md)** - this is +also where to send bug reports. + +There are many ways that you can assist the libreboot project. We have a +[list of tasks that need to be completed](tasks.md), which you can work +on (you can also add to that list). Generally speaking, adding support +for more hardware is a priority for the libreboot project. Information +about building libreboot can be found at [here](docs/git/). + +We especially need more skilled coreboot hackers to do work that will +benefit the libreboot project. This includes porting new boards to +coreboot, which are likely to be valid candidates for libreboot. + +Learn libreboot from the inside out; download the git repository, and +study libreboot. We need more full-time developers who can help to +maintain the project. + +Not a developer? You can still help! + +- Work towards convincing hardware manufacturers and designers to + start caring about free software. Perhaps even build your own + hardware. +- Spread the word about libreboot! Tell your friends about it, and + talk about it on public internet-based discussion networks (e.g. + *social networks*). +- Install and use libreboot yourself, showing it to others and + promoting it that way. [Computers with libreboot preinstalled are + also available](suppliers.md), which helps to fund the libreboot + project. +- Help others to install libreboot. For example, organize an + installation workshop at your local hackerspace. +- Assist with improving the libreboot documentation, so that others + may find it easier to use. + +General guidelines for submitting patches +----------------------------------------- + +Some people put their name on their work, for recognition, and it's OK +if you want to do that; however, the libreboot project does not require +this. Some projects (such as coreboot) require a legal name, and this +can be problematic for certain groups of people. + +Using your legal name is **not** required when submitting patches to +libreboot. For reasons why we have this policy, read [this +article](http://geekfeminism.org/2012/09/29/quick-hit-how-git-shows-the-patriarchal-nature-of-the-software-industry/). +You can use any name of your choosing, or your company name (if you have +one), if you want or need to do that. You can also submit patches +*without a name*, if you want or need to do that (instructions are +provided on this page). Also, read [this +article](http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/). +Unfortunately, git appears to be stuck with these problems, when an +author changes their name, and we don't have a concrete answer to it. +As far as we know, publishing your legal name isn't even required for +copyright purposes; in fact, "pen" names are commonly used by literary +authors (computer programs are literary works). + +When submitting any kind of documentation, try not to use the terms +him/her, she/he, his/her, or anything that is gender biased. **Use +their, they, them, those people, that person, and so on.** [You are +making a huge +difference](https://gist.githubusercontent.com/0xabad1dea/8870b192fd1758743f66/raw/a230fa3438ce60c538dba31830fa88143245b719/singularthey.md). + +<https://www.gnu.org/licenses/license-list.html> (we will reject any +documentation released under the GNU Free Documentation License, for +reasons mentioned in [../why-not-gnu/](why-not-gnu.md)). NOTE: not +putting a copyright notice on a work does not mean it lacks copyright. +Copyright is *automatic* in most countries. Not putting a license on a +work also does not make that work *free*; you have to declare a free +license, otherwise the default, restrictive copyright laws apply for +those who wish to do anything with your work. Always put a license on +your work! + +Libreboot development is facilitated by *[git](https://git-scm.com/)*, a +*distributed* version control system. You will need to install git (most +distributions package it in their repositories). + +Use this command, to download the repository: **git clone https://notabug.org/vimuser/libreboot**. + +A new directory named ***libreboot*** will have been created, containing +libreboot. + +How to submit your patches +-------------------------- + +### Method 0: Use NotABug pull requests + +NotABug, libreboot's main git hosting provider, now provides a *pull +requests* feature. <https://notabug.org/vimuser/> has the libreboot and +libreboot-website repositories. Create an account on the website, then +view the libreboot or libreboot-website repo and click "fork" and +clone your fork. Then commit your patch on top, and push into your +repository (we recommend into a non-master branch). NotABug guides you +through the process of pushing patches to it. + +Once you have pushed your patches, go to the relevant repository on +<https://notabug.org/vimuser/> and click "Pull Requests". Then click +"New Pull Request". Select the relevant branches that you want to +submit a pull request for, between the two repositories, and then click +"Submit". + +When this is done, Leah Rowe (maintainer of the main repository) or +someone else (with push access) will review your patch, and decide +whether to merge it. Relevant links to bug trackers for discussing +development (especially patch review) are on [../tasks/](tasks.md) + +### Method 1: Host a fork + +Give the checkout details to [Leah Rowe](contrib.md), along with +information on which commits in what branch contain your changes. + +**Check [\#githosting](#githosting), for a list of Git hosting providers +that we recommend.** + + +List of recommended Git hosting providers +----------------------------------------- + +There are several that we could recommend: + +- [You!](https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols) + (host your own Git repository, on your own server, on your own + internet connection, in your own physical space) +- [NotABug.org](https://notabug.org/) - the + [source](https://notabug.org/hp/gogs/) is also available if you want to run + it on your own server. + +The libreboot project itself uses all of the above options. + +Most Git hosting providers distribute non-free JavaScript on their +website, but as far as we are aware all of these providers are +freedom-friendly and reliable to use (and their JavaScript is free). +This list will be expanded upon at a later date. The hosting providers +above are all powered by Free Software, which means that you can also +host your own version of the software that they use on their website. + +We generally recommend self-hosting (first option in the list above). +Git is a *decentralized* (distributed) version control system. However, +not everyone can afford to do this, so using one of the other providers +on the list above is also acceptable. + +We do not endorse [GitHub](github.md) or [GitLab](gitlab.md). diff --git a/www/github.md b/www/github.md @@ -0,0 +1,62 @@ +--- +title: Github +... + +Please do not use GitHub to host libreboot. Libreboot is a free software +project, so this is only a request, and not a restriction on the +software. + +[Back to the Git page](git.md) + +What's wrong with GitHub? +-------------------------- + +- GitHub itself is proprietary software (for + [business](http://tom.preston-werner.com/2011/11/22/open-source-everything.html)) +- GitHub serves non-free JavaScript code to its users +- Tim (GitHub CEO) really likes to talk about freedom, but makes the + following claims about the GPLv2/3: + +> ...The GPL is not focused on freedom. It's too long. Too many +> restrictions. -- Tom Preston-Werner OSCON2013 + +or how about: + +> Notice that everything we keep closed has specific business value that +> could be compromised by giving it away to our competitors. -- source: +> Tom Preston-Werner's +> [blog](http://tom.preston-werner.com/2011/11/22/open-source-everything.html) + +GitHub simply uses Free Software for its own benefit, releasing source +code under a free license only when suited to it's business goals; they +are quite happy to violate the rights of their users, for profit. + +By contrast, the libreboot project adheres strictly to the goals of the +Free Software movement, which seeks to eliminate proprietary software to +the point where all software is free. + +The opinions expressed by Tom Preston-Werner of GitHub are incompatible +with those of the libreboot project. Users and developers of *[free +software](https://en.wikipedia.org/wiki/Free_software)* are strongly +advised not to use GitHub, for any of their projects. + +Where should I host and share my code? +-------------------------------------- + +[Read this section on the libreboot website](../git/#githosting) for a +list of recommended Git hosting providers. + +### References: + +\[[1](http://tom.preston-werner.com/2011/11/22/open-source-everything.html)\] +*Open Source (Almost)* - +http://tom.preston-werner.com/2011/11/22/open-source-everything.html + +\[[2](https://github.com/github/choosealicense.com/pull/177)\] *Choose A +License GPL patch* - +https://github.com/github/choosealicense.com/pull/177 + +\[[3](http://lists.nongnu.org/archive/html/gnu-linux-libre/2014-08/msg00013.html)\] +*linux-libre choosealicense issue* - +http://lists.nongnu.org/archive/html/gnu-linux-libre/2014-08/msg00013.html + diff --git a/www/gitlab.md b/www/gitlab.md @@ -0,0 +1,55 @@ +--- +title: Gitlab +... + +Please do not use GitLab to host libreboot. Libreboot is a free software +project, so this is only a request, and not a restriction on the +software. + +[Back to the Git page](git.md) + +What's wrong with GitLab? +-------------------------- + +- GitLab itself is proprietary software. There is a *community + edition* but this is only used as a source of cheap labour for + GitLab to prop up its proprietary version, which it sells for + profit. In fact, the [Enterprise Edition used to be Free software, + until early + 2014](https://web.archive.org/web/20141215225437/https://about.gitlab.com/2014/02/11/gitlab-ee-license-change/). + What else will they make proprietary? Perhaps one day they will drop + the community edition? +- GitLab requires a + [CLA](https://web.archive.org/web/20150405153359/https://gitlab.com/gitlab-org/gitlab-ce/commits/master/doc/legal/individual_contributor_license_agreement.md) + for all contributions to the community edition. + What this means is that they want you to use their permissive + (non-copyleft) license, so that they can make your work proprietary + as part of the enterprise edition. +- The GitLab CEO (Sytse Sijbrandij) really likes to talk about + freedom, but in reality that person's opinion is the same as the + [GitHub](github.md) CEO. +- Monopolistic practises. For instance, GitLab bought + [Gitorious](https://web.archive.org/web/20150905091808/https://about.gitlab.com/2015/03/03/gitlab-acquires-gitorious/) + just to asset strip it. Gitorious was the go-to Git hosting provider for + Free Software developers, and Gitorious was released under AGPLv3 which + meant that it truly safeguarded user freedom. GitLab killed it. + +GitLab simply uses Free Software for its own benefit, releasing source code +under a free license only when suited to its business goals; they are quite +happy to violate the rights of their users, for profit. + +By contrast, the libreboot project adheres strictly to the goals of the Free +Software movement, which seeks to eliminate proprietary software to the point +where all software is free. + +The opinions expressed by the CEO of GitLab (not to mention, the actions of +GitLab BV) are incompatible with those of the libreboot project. Users and +developers of *[free software](https://en.wikipedia.org/wiki/Free_software)* +are strongly advised not to use GitLab, for any of their projects. + +Where should I host and share my code? +-------------------------------------- + +[Read this section on the libreboot website](../git/#githosting) for a list of +recommended Git hosting providers. + diff --git a/www/global.css b/www/global.css @@ -0,0 +1,38 @@ +html { + background-color: #eee; +} + +body { + background-color: #fff; + margin: 0 auto; + max-width: 60em; + padding: 0.2em 1em; + box-shadow: 0 0 6px; +} + +body { + line-height: 1.6; + font-family: Cantarell, sans-serif; + font-size: 1.1em; + + color: #222; +} + +h1 { + font-size: 2.0em; + text-align: center; +} + +#logo { + width: 25%; + float: right; +} + +a { + text-decoration: none; + color: #22D; +} + +a:hover { + color: #008; +} diff --git a/www/gnu.md b/www/gnu.md @@ -0,0 +1,381 @@ +--- +title: Libreboot left the GNU project on 15 September 2016 +... + +A [transgender](https://en.wikipedia.org/wiki/Transgender) employee at the FSF +was being bullied by another transphobic employee. When the transgender +employee filed a complaint, they were fired because the complaint was seen as +troublemaking. + +It didn't seem to even matter to them that the individual in question was a +hard worker at - and a huge supporter of - the organisation for many years. + +There are transgender libreboot developers who denounce this discrimination as +disgusting. As such, libreboot left GNU (funded by the FSF) in protest. + +The FSF lied in response to allegations +---------------------------------------- + +The FSF issued this [public +statement](https://www.fsf.org/news/free-software-foundation-statement), +denying all allegations and wishing their former employee well. This is to be +expected to save face -- regardless of the truth. + +Statement from another former FSF employee +------------------------------------------ + +**This is not the trans person that was fired, but left the FSF shortly +before the event occured. There were closely involved with other staff +members at the FSF and witnessed what was going on** + +This is based on private IRC conversations with them, during the +incident. + +The individual, who also left the FSF, said it's unsettling that this +was permitted to go on, having been aware of the disputes between the +fired trans person and Stephen Mahood, the transphobic bully. They +agreed with Leah that Stephen is transphobic, and had been aware of +Stephen bullying the fired trans person after discovering (somehow) that +they were trans. Types of abuses included humiliating the trans person +during work hours, consorting with other employees to try and find their +old name, misgendering them, saying bad things about them to management, +etc, until they were fired. He said: In most organisations, there are +ways to mediate disputes. At the FSF, there is no middle management, no +HR and the board of directors more or less only communicates with the +executive director. Individual staff members are never consulted about +anything. There is little or no oversight of employee morale by the +board of directors; instead, employees are left on their own to manage +everything. The fight between Stephen and the trans person who was fired +had been going on for a long time, before John Sullivan finally looked +into it, months too late. This sort of mismanagement is unacceptable at +an organisation like the FSF. In most organisations, there are ways to +handle situations like this and prevent them from happening. Stephen is +toxic to the FSF and extremely negative. **Why doesn't the FSF keep a +closer eye on its own internal affairs, especially relations between +staff members? Why does the FSF not have a department for managing +disputes?** + +The trans person who was fired had also found an old HR record from the +FSF, regarding another transgender person who was *not hired* at the +FSF, because according to the FSF, they *looked weird* in their job +interview. This must have been someone who was early in their transition +and therefore didn't pass well in their desired gender role. +Transphobic and sexist discrimination at the FSF is rampant, and has +existed long before Stephen Mahood, John Sullivan and Ruben Rodriguez +joined the organisations; in other words, those three people are merely as bad +as those who came before them, in this regard. The FSF has long had issues +internally with equality issues, regardless of safe space policies that they +have at their conferences. + +The FSF needs better policies for its staff, to prevent situations like this in +the future, and that needs to be something that is discussed by the board of +directors. It is completely unacceptable that situations like this are +permitted to occur, even more so that policies in place to protect transgender +people are not enforced within the organisation. + +Refusal to let go +----------------------------- + +In the worst act of insult and contempt possible, the GNU project wrongly made +the claim that Leah Rowe herself had now forked GNU Libreboot, and that +libreboot was still a GNU project. They wrongly claimed that Leah had merely +*stepped down as GNU Libreboot maintainer*. + +This is false. Leah is still Libreboot's maintainer, and still does +most of the work, including on managing the project and handling +releases. The GNU project decided to insult her by claiming otherwise, +that somehow the GNU project had a moral right to keep libreboot under +its umbrella. + +The discussion happened on the gnu-prog-discuss mailing list, which is +not open to the public (authentication is required to view the archives +online). We therefore make the discussion available for people to see. + +Leah Rowe sent this message to the GNU Prog mailing list, asking for the +mailing lists to be deactivated because libreboot was setting up its own +mailing lists instead. It also generally asks GNU to formally drop +libreboot from its umbrella: + + Please delete my "lr" account on the GNU Savannah website. I do not want + this account anymore. + + Please keep the mailing list archives for libreboot@gnu.org and + libreboot-dev@gnu.org - but disable people from registering on the + mailing list, and disable any new posts from being sent to the mailing + list. I want the archives of the mailing lists kept for historical + purposes, because there's a lot of technical discussion and history in + there, and I want this preserved for the time being. + + I'm currently working on setting up my own server, as and when I can, to + self-host a mailing list directly on libreboot.org infrastructure, which + is under my own control and expense. + + Once I have this fully setup, what I would like is for a 301 redirect on + the HTTP HTML archive pages to redirect to the new one that I create, + once it's online, and, further, for an email forwarder on libreboot& and + libreboot-dev& to redirect to the new mailing list. However, I have not + yet set up the new lists so such a redirect at the moment would not make + much sense. I'll contact the FSF and GNU project at a later date once + I'm ready for this redirect to exist. + + Further, if possible, can someone send me a dump of all data and + configuration for the libreboot& and libreboot-dev& lists? This will + make it easier for me to simply import everything into the new list, + including subscriptions and so on (otherwise, I have a list of all + currently registered members on the list, saved locally). + + Please note that I do not resent the GNU project, just certain people at + the FSF. Those people have huge influence there and since the FSF funds + GNU.... https://libreboot.org/gnu/ explains why libreboot has left GNU. + The requests above are part of libreboot's departure from GNU. + + I also ask that libreboot be removed from gnu.org/software/, and for the + libreboot page on the FSF free software directory to no longer say that + libreboot is a GNU project. + + I further request that the GNU project does not fork libreboot, nor + accept any forks of libreboot into GNU, as this would be an even bigger + insult on top of the existing one where the FSF lied publicly in + response to libreboot.org/gnu + +Several GNU maintainers then replied on the list, claiming that libreboot was +still a GNU project and that Leah had merely *stepped down as maintainer* and +that they would appoint a new maintainer for GNU Libreboot. They further +insulted the libreboot project by stating that RMS has the ultimate say, and +that Leah had *forked her own project*. This is false. + +They even asked Leah to stay on as Libreboot maintainer, and they asked +Leah to keep Libreboot inside the GNU project! + +Here are some of GNU's responses, starting with Thien-Thi Nguyen +<ttn@gnu.org> + + Under this pov, injustice is destined. The Libreboot project, + once placed under the aegis of GNU, cannot be removed. + + You are free to step down as its maintainer, however. I think + that would be an injustice against you, mostly. I understand + it's difficult to hold on to the root and let go of the rancor + (from personal experience), and sometimes it's all or nothing. + + If you stay, perhaps you could find a co-maintainer. If you + were to choose me (for example), you would find a lot more to + complain about on those mailing lists -- no need to upscope to + GNU and gnu-prog-discuss. It could be fun, perhaps. + + BTW, i like the domain name -- reminds me of glug.org of yore. + +Alfred M. Szmidt <ams@gnu.org> said this: + + That is not for you to decide, but for the Saint IGNUcius to decide. + You are free to step down as maintainer for GNU Libreboot, but we are + free to appoint a new maintainer for GNU Libreboot to take over the + task. + +Gavin Smith <gavinsmith0123@gmail.com> + + AFAIK libreboot is itself a fork of another project called coreboot. + In my opinion, it would be perfectly valid for the GNU project to + continue to sponsor a project that did what libreboot did and was + based on the source code of libreboot and/or coreboot. + + I see no reason (moral, legal or otherwise) why the libreboot name + could not continue to be used. It's not a trademark, and using that + name wouldn't misrepresent who the people who created it were. (To + take a contrary example, if someone forked "GNU Emacs", they shouldn't + call it "GNU Emacs Plus" because that would imply it originated from + GNU. If libreboot were called LeahRoweBoot, a similar argument might + apply.) + +John Darrington <john@darrington.wattle.id.au> said this: + + I think you hve misunderstood the relationship between GNU and its sub-projects. + + If you wish to step down as the maintainer of libreboot you should send a mail + to maintainers@gnu.org and ask to be de-listed. + + If that is what you decide to do, typically GNU would look for a new maintainer + to take your place. + + If you do decide to step down, AND you continue to work on the project outside + of GNU. Then YOU will have forked libreboot - not GNU. + + I'm not sure about deleting accounts on savannah, you would need to contact + the savannah hackers about this. + + Personally I hope you will decide to stay as libreboot's maintainer. You have done + a good job. + + I have also had greivances against people in GNU/FSF but if I walked away + whenever that happens, I would be a very lonely person. + +This next one says "her" referring to Leah -- it is unclear if this questions +authority or gender. Simon Sobisch <simonsobisch@web.de> writes: + + I'm perfectly fine with Leah forking "her" original project after + stepping down as a GNU maintainer. Time will show if the fork is more + active as the GNU project. + Whoever takes the burden as a new maintainer: best wishes to you and + also best wishes to Lea. + + I still hope to be able to get a libre laptop for coding GnuCOBOL + someday (I know of the options existing it is just a cash issue) and am + fine which whatever libre bios/firmware will be used for producing it then. + + @Leah: Thank you for the work you've already done to make this goal more + likely. + +David Kastrup <dak@gnu.org> writes: + + If you were actually speaking for the project, it would be completely + irrelevant. It would only have an actual effect on active developers + preferring to work with GNU rather than you, given the choice. + + I don't know the project well enough to evaluate your claims about it. + But if your claims are correct, nothing the FSF or GNU project may + choose to do will affect your work and version in any manner. + + So what's with all that rage? + +nysan <bernd.paysan@gmx.de> writes: + + Am Samstag, 24. September 2016, 13:09:36 CEST schrieb David Kastrup: + > So? I have no moral problems applying the laws of gravity in spite of + > Newton not likely sharing my political persuasions. Of course you are + > free to release future versions of your code base, assuming that you can + > assert the agreement of all other contributors, under licensing terms + > incompatible with the GNU project. + + Unlikely, as libreboot is a fork of coreboot, and Leah does not have ownership + of that. Coreboot is GPL, and despite they don't mind binary blobs (which are + distributed in a separate tarball) and claim their project is "Open Source" + (where RMS would suggest to rather not use this term), it's already compatible + with the GNU project with the exception of the binary blobs. And the mission + of libreboot is to remove (done) and replace (work in progress) these binary + blobs. Coreboot also takes back from libreboot. + +Conclusion +------------ + +After 4 months, RMS finally +[honoured](http://lists.gnu.org/archive/html/info-gnu/2017-01/msg00001.html) +our decision and formally announced that libreboot is no longer a GNU project + +Consequences +------------------------ + +- Boycott FSF conferences. Do not show up to their conferences. +- Boycott the FSF. Stop promoting them, stop donating to them. +- Spread the word about this injustice +- Other GNU projects should also leave GNU + +Libreboot has left the GNU project, and will probably never re-join. We will +consider whether to re-open communications with the FSF, if and when the +organisation resolves this blatant corruption. She will no longer be donating +to the FSF; Leah had donated \$6120 USD to the organisation since 2015, before +making this announcement. + +Lessons Learned +------------------------- + +### You lose control over your project + +Libreboot [witnessed this](gnu-insult.md) when it left GNU. The GNU +project resisted it. Had libreboot stayed and integrated with GNU even +more, then it would have been very difficult to leave. Thankfully, the +GNU project did not yet have much influence over libreboot, and most of +the infrastructure for it was still on libreboot.org, outside of the +control of the GNU project. The only GNU infrastructure used were +mailing lists, which are easy to replace. + +GNU can appoint new maintainers for any program that is part of it, even +against your will. If you disagree with GNU practises and want to do +things different, there's the possibility that you can simply be +removed and replaced as maintainer of your project, even if you are the +founder and main developer. + +RMS will take credit for your work, on behalf of the GNU project, and +will try to assert authority by asking for features which you may not +want to implement. RMS will further attempt to dictate how and when +releases should occur. + +If the GNU project or FSF does something which you disagree with, and +you want to withdraw your project, they will try to claim that the +project is theirs, and that you are now forking your own project. +**There are no formal procedures for a project to leave GNU, if a +project chooses this path. By joining GNU, you are relinquishing \*all\* +control over your project.** - The only reason Libreboot successfully +left GNU was because we got out before it was too late. + +The GNU project is undemocratic. Individual projects have very little say over +it, and the FSF is very much the same. All you are doing by putting your +program in GNU, is to help the organisation grow. + +### GNU Non-free Documentation License + +The GNU Free Documentation License is the main license recommended for +documentation by the GNU project. This license is non-free, because it +allows for so-called *invariant* sections to be added to your +documentation which cannot be modified or deleted without express +permission from the copyright holder of that invariant section. + +The GNU project mandates that all projects joining it must use this +license. The Libreboot project recommends avoiding this license at all +costs, and has since switched back to Creative Commons for all +documentation. + +### The FSF and GNU project is a cult + +There is a huge cult of personality around Richard Stallman, which you +may or may not want your project to be associated with. + +Many FSF followers are fanatical, to the point of extremism. Your project will +become associated with all of this, even if you personally do not agree with Richard +Stallman. + +Leah Rowe is not a hero +------------------------ + +This is a personal statement from Leah Rowe. Leaving GNU was the correct +decision. The Free Software Foundation really did fire a trans person +for discriminatory reasons, and they really are guilty here. They do not +deserve libreboot to be a member of their community, and the FSF +deserves every bit of negative publicity and public shaming that they +received. However, there is something that I need to publicly confess to +the community, because my own conscience is not clean at all in any of +this. + +I accidentally made several mistakes which ended up outing the trans +person that was fired. This person was *stealth*, which meant that they +did not want to be outed. I have potentially cost them opportunities for +a new job, in the process of exposing what the FSF did. + +For this, I'm deeply sorry. I screwed up, big time, and I don't +deserve to be praised as much as I was, even if I otherwise did the +right thing in exposing the Free Software Foundation for their +corruption of social justice. + +I lost 2 friends, when I made this announcement. And I deserved to lose +them. One of them was the person who was fired, and the other was +friends with both me and that person. *These people were the 2 people +who I first came out as transgender to, before anyone else, and they +helped me a lot during my early transition, when I was unstable.* The +trans person who was fired, I had already lost as a friend, and was +deeply upset at the time. I had started to say nasty things to this +person, over a disagreement, which was also my fault. I thought that +exposing the FSF for their discriminatory practises would redeem me and +possibly make that person be my friend again. Basically, I was trying to +be supportive, but I ended up making things potentially much worse for +that person in the process. I'm not a hero at all. I apologise to all +of those in the community who congratulated for my "courage" after the +announcement, because the truth is that I'm a coward. I was hiding +behind a wall of false heroism. I'm actually a terrible person, and I +did something terrible. + +To my 2 friends (who I will not name), I apologise. You are both +wonderful people, and I really hope you both thrive in life. You both +deserve to be happy, and I wish you both well. I still regard both of +you as friends, and still think fondly of both of you, even if I don't +deserve either of you as friends. + +This is my only regret. diff --git a/www/gpg.md b/www/gpg.md @@ -0,0 +1,20 @@ +--- +title: GPG +... + + $ **gpg \--recv-keys** + +The GPG key can also be downloaded with this exported dump of the +pubkey: [lbkey.asc](lbkey.asc). + + + $ **sha512sum -c sha512sum.txt** + $ **gpg \--verify sha512sum.txt.sig** + +Old GPG key (no longer used): + + pub 4096R/656F212E 2014-07-04 + Vingerafdruk van de sleutel = C923 4BA3 200C F688 9CC0 764D 6E97 D575 656F 212E + uid Libreboot Releases (signing key) <releases@libreboot.org> + sub 4096R/EC42160E 2014-07-04 + diff --git a/www/images/soic16.jpg b/www/images/soic16.jpg Binary files differ. diff --git a/www/images/soic8.jpg b/www/images/soic8.jpg Binary files differ. diff --git a/www/index.md b/www/index.md @@ -0,0 +1,70 @@ +--- +title: Libreboot +... + +[![Libreboot +logo](logo/logo.svg "Canteloupe, the libreboot mascot"){#logo}](logo.md) + +[Downloads](download.md) -- +[Documentation](docs/) -- +[Donate](donate.md) -- +[Buy libreboot machines](suppliers.md) -- +[Report a bug](tasks.md) -- +[Submit a patch](git.md) -- +[Hardware Compatibility](docs/hcl/) -- +[Installation Guide](docs/install/) -- +[Mirror](rsync.md) + +Libreboot is a [free](https://en.wikipedia.org/wiki/Free_software) BIOS or UEFI +replacement; libre *boot firmware* that initializes the hardware and starts a +bootloader for your operating system. [Watch our FOSDEM 2017 presentation about Libreboot (speaker is Leah Rowe, +libreboot's founder)](https://video.fosdem.org/2017/K.1.105/libreboot.mp4) + +Libreboot is a long-time member of the [Peers +Community](https://peers.community/) project, an organisation that supports +Free Software and provides infrastructure, e.g. [Git +hosting](https://notabug.org/). **[Libreboot exited from GNU on 2016-09-15, in protest of transgender discrimination at the FSF](gnu.md)** + +**[We call on AMD to release source code and specs for the new AMD Ryzen +platforms!](amd-libre.md)** + +Questions? [Read the FAQ](faq.md) or +[join](https://webchat.freenode.net/?channels=libreboot) IRC for general +support questions. You can also [contact the developers](contrib.md). [Sign up +to our newsletter for release announcements!](announce.md). We also have a +subreddit forum, for development discussion and user support: +[r/libreboot/](https://www.reddit.com/r/libreboot/). + +Why use libreboot? +------------------ + +Many people use non-free proprietary boot firmware, even if they use [a +free operating system](docs/distros/). Non-free BIOS/UEFI firmware often +[contains](faq.md#intel) [backdoors](faq.md#amd), can be slow and have +severe bugs, where you are left helpless at the mercy of the developers; +*you have no freedom over your computing*. By contrast, libreboot is +building a world where everyone can use, study, adapt and share +software, with true control and ownership over their technology. **In +other words, you should use Libreboot for your freedom's sake!** + +Libreboot is faster, more secure and more reliable than most non-free +firmware, and can provide many advanced features (such as encrypted +/boot/, GPG signature checking before booting your kernel, ability to +load an OS *from the flash chip*, and more). + +Libreboot's main upstream providers are +[coreboot](https://www.coreboot.org/) (which we deblob, for hardware +initialization), [depthcharge](docs/depthcharge/) (bootloader, and +default libreboot payload on ARM), and GRUB (bootloader, and default +libreboot payload on x86). We also integrate +[flashrom](https://www.flashrom.org/Flashrom) (for installing +libreboot), and several of our own utilities, scripts and configuration +files. All of this is integrated into a single, coherent package that is +easy to use. We add our own patches to the various upstreams used, and +where feasible try to merge upstream as much as possible. + +Libreboot provides a fully automated build system and installation +process, with documentation written for non-technical users, in an +attempt to make the software as easy to use as possible. ROM images are +provided, along with utilities, all built from the publicly distributed +source code. diff --git a/www/lbkey.asc b/www/lbkey.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBFe2JAQBEADypyrhs3xwOojsveUNCnrdpZNoiHEZkbxl2J5q7rmrZjANeJHM +JHmtuagGS6gontALhw85Z+vxNLs8B7tzRHfOKTcSE+lEjx7tfF2dUN5bT/dpWb8N +FT9XD2KQGKvTRTDq3NKQU7p9LmiS71zvt8xQdCd6cRMJeTBT/o3X7qONi3oFjsNj +tLGI3PWSTNVI9ZB6Q43QwIUtkO1WBNBxtGWnDg54BSYPMIgJl9wpk6yHzpPDA2ai +XbnJQzHoziEthPoZcbDu3xKxX/r9p3tMI3TMrd6c5Pnnv39VnuDpPZWnnHyR85T4 +rSAo3E0bHQaU6ikDeyzOL5l0wskkmhFUX/et8a2K5IDBwjgSsnHp/DYj2otSg3WD +Y71SGgU3VJPvxnWaHo2KrPzLwxpXmPmOWlq4sMcApii//cOz53pyvSJwD5ulfYkj +m6HbW8t+brLxdSTfW/LGTnaNmxEEttSXxBt0D6NjFRnQ5fUm7B6mfD6Cq9OfoL65 +ta2b/+avQIBfuoiYMhheOtZRdJvn2cKx2kNh3+iOgMm8hq5+iOsJamLF3q31Oagr +OmBkysLsYriLvlov/rN07OkTTmg6Jq2tpeTr4gXwALpkZPAz+XlA7T75sV71dBjR +7pqVI1cWArZCtWBa7T5ft8zlSFDbAa00CM3Ko/pbtm0UJehIaR2nPnvLwQARAQAB +tDVMZWFoIFJvd2UgKExpYnJlYm9vdCBzaWduaW5nIGtleSkgPGluZm9AbWluaWZy +ZWUub3JnPokCOAQTAQIAIgUCV7YkBAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC +F4AACgkQlpqXlQXoxbJT1Q//RMJlK6innXUwVR2ZANRuSylk8osTfPNuV3TVycQP +ehlcvpl05iEH9HL5VNJ5jj2OE+ayfkjIg9BzjA6D3cZdnG6JvKMt8TRh1Ayy1ktp +nUD5jyKMAorlOaCy0Zy4dxGI18lWs0D+K5ZFqMGVyQ2WR9TPuEdUnORoktybHKbG +lwxDXWrHxr2RZSaTX8I9DHRaiOsD3NkLHTAuE/EUi0Mb8Mhc19144UBlPBjcsi9A +BPgf1XfOCo6kX+Q5IRXWeNsJ3TmsflBDrtRpqE4mrVqZsWkujfkIQc7p4t7ialwV +/40o4MyUNzG69/dZQXjS7kZ04dn+VROS66h+1UG/hYJmS7zQ0fo5Ofks8lHVVe2s +A72DEd5ubqh+R6lPO2vAc8kY3NAmkLGcweBiisY9Nf5zdGJBbq7FO6hV46Eptl/W +etuJ/3NBxBifB20c5c3reGc+hBVm6+Mi5aI2ExMaZhwI3Zq+MI7O0NOUq2VKLmht ++omp5qVEQYUh1uUGaIL1EP29eIJuSZmkdAYPOoYDHrzYDnH8L7hYO7qufiAoS8XC +v2DW9xzzpAVf8dj2qQDscgd4bnT6bxS7a6oLf4jDVhgSs1rdOk4RDk0p0uSYra/E +axi5l30N4UJ/qdkIO9IV3bj2jj7PX55EWDNZ6fHFGv96KafazS6pL4lAtWtCSotW ++jG5Ag0EV7YkBAEQALmZBggK++CWcNFNr3WcgAX4kVilv+CxmXKqCgG9WrZjBej0 +eS3+F9uTu5a58aIpqTYYk45XtfJb6nNrgbgNX/jIUToeFmEeeATQLlBMSMGDDEow +vxhwSt3gape+vMsJRqPUuQvfqXAuLw38bUEl9cNS1k7x3npjDu9IuoeLqAhekejr +NNhccfQlhcWw+e2PF7sbfGlYkmLTnw8oxMti92bjFS8X3mWIWmVKWLSJwACzro2K ++DlRSbvDsnJBWy+rN2zRPXARkjB6Dzj31pIamHjKc/TJm7cftCQHeEHV7WNy0G9B +IiyFFaV8ub2KdCHCZG/Mi90P4pmHCoHlqUjVTyhnzoj4D+Le1PvlLoLWhuG5zg8L +WZXXX68W2DZqpvn8VqLhGJKHEbwcxL+GiKTJcqTjHWwLulNK2CV4Y92elQHhw4Tz +xoFPobN+VW2iq8OaJO6svONCT04A+kKbKGkmHygC1qEp3VO7h7TSfYga6VN0v3qW +a/rZB4lZbZ4je2iqMYFBcGWYc3xYzCysQfRSLSO600+HeeUPoBNBs1u07skUDE3r +eFR4/uR8ZOomWey5yEOzeKCElkGmnZGAo3prORU4IB736rvETSzHcbnd56ufItzN +jC/F8t+K6dnccRRqd/NT10IcvW+gruG2n6BqfiHudo1IwzK8yUDCys9u+Sf/ABEB +AAGJAh8EGAECAAkFAle2JAQCGwwACgkQlpqXlQXoxbLALw/+OSWcIS1nFRhMkrl5 +9yjsLhvO5v2yTEMiLuUC2tVEywbnuD/6aU3GW6U1gmSb9lIy2EH8uvD1g54palpY +v3jlH43gzOKgD5NIShKxQqxULv19kNsC5vOowdPvjIwdRNinwHC/lIynuihFkJnl +faPC1bIn9v3Ydub3Gned51ngPcwTH86uh+Qs45NHBVYMQ0GEwtn1tH39PhPW19PE +5kcaGGNr9HRQEZklwsHqAaa8eUUgKc19hjJN35gw5uXdPo3XHzTwoy9E1L2z5vpt +ouv4Mv4Y+PkacZSMuqkoJDfg1MWW2NZfmR24yHMqqTNEIz3AtMpU/iSnQilRf8H9 +B1Dr6UcT6ESIaVgEmiLDjPnMvsMxcLsh1abtfh9LnRNzGDVyxK9RDwgWtS4bGmiA +OMDtwcHauCnh0mMwhc2ja4mN3jR1KlNMFOnPU/3EpFueH03az6orRiJPu/I3ALHx +XtMdGuBq+nnS80jL0vNcFZPFzSGPeAJ8mC7NBAvzI9s+lPFoUYYRzRChz4yRM2pU +5sBqUl6nDSYEljkq8+ayP57ZnyToaV+A9RgAd5PAF76TmI4dvmTz9qcctz7g2dlo +LSwZmXZ2r+iaq16a5hllAeEJHR78LRlpc8A/lukv66maKYrmi6G41u+9TWoBUZBq +cK2uJIvCCmu0fWYvqD36xKor+/g= +=rMte +-----END PGP PUBLIC KEY BLOCK----- diff --git a/www/lists.md b/www/lists.md @@ -0,0 +1,37 @@ +--- +title: Archives of the old Libreboot mailing lists +... + +[Libreboot left the GNU project on 15 September 2016, in protest of +discriminatory firing of a transgender person at the Free Software +Foundation.](gnu.md) + +As part of this, we decided that it would be in the best interest of the +libreboot project to no longer rely on any GNU infrastructure. We were +initially contemplating hosting our own mailing lists, but then we +realized that we could simply use the bug tracker on the +[NotABug](https://notabug.org/vimuser/) page for the libreboot project. +This uses NotABug's modified version of Gogs, which is a free +[GitHub](github.md) replacement, and it also has pull requests. Bug +reports and development discussions plus accepting patches is what we +were using the old mailing lists for, but NotABug's bug tracker and +pull request feature is far more efficient for this purpose. + +If you are interested in sending bug reports, see +[../tasks/](tasks.md). + +If you wish to submit patches to libreboot, see [../git/](git.md). + +Backup of old Libreboot mailing lists +------------------------------------- + +- [User mailing list + (HTML)](old/libreboot/html/lists.gnu.org/archive/html/libreboot) +- [User mailing list (mbox + format)](old/libreboot/mbox/lists.gnu.org/libreboot/) +- [Developer mailing list + (HTML)](old/libreboot-dev/html/lists.gnu.org/archive/html/libreboot-dev/) +- [Developer mailing list (mbox + format)](old/libreboot-dev/mbox/lists.gnu.org/libreboot-dev/) + + diff --git a/www/logo/libreboot.png b/www/logo/libreboot.png Binary files differ. diff --git a/www/logo/license.txt b/www/logo/license.txt @@ -0,0 +1,8 @@ +Copyright 2014 Marcus Moeller (license: CC-0) + +the stickers are made by Patrick McDermott in 2015, also CC-0 + +A copy of this license can be found at: +https://creativecommons.org/publicdomain/zero/1.0/ + +Font used is "lato". Install this, otherwise the vectors won't look correct. diff --git a/www/logo/logo.png b/www/logo/logo.png Binary files differ. diff --git a/www/logo/s.png b/www/logo/s.png Binary files differ. diff --git a/www/logo/stickers/libreboot-inside-simple-bold-1.60cmx2.00cm-diecut-3.pdf b/www/logo/stickers/libreboot-inside-simple-bold-1.60cmx2.00cm-diecut-3.pdf Binary files differ. diff --git a/www/logo/stickers/libreboot-simple-bold-2.00x2.25-diecut.pdf b/www/logo/stickers/libreboot-simple-bold-2.00x2.25-diecut.pdf Binary files differ. diff --git a/www/publish.sh b/www/publish.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +FILE=${1%.md} + +# get title block +head -n 4 $FILE.md > temp.md + +# if not homepage, add a link back to the homepage +if [ "${FILE}" != "index" ]; then + printf "[Go back to homepage](index.md)\n\n" >> temp.md +fi + +#read rest of file +tail -n +5 $FILE.md >> temp.md + +# change out .md -> .html +sed temp.md -i -e 's/.md\(#[a-z\-]*\)*)/.html\1)/g' + +# work around issue #2872 +TOC=$(grep -q "^x-toc-enable: true$" temp.md && echo "--toc") + +# work around heterogenous pandoc versions +SMART=$(pandoc -v | grep -q '2\.0' || echo "--smart") + +# chuck through pandoc +pandoc --self-contained -f markdown $SMART -t html temp.md -s --css global.css --section-divs -T Libreboot $TOC > $FILE.html diff --git a/www/robots.txt b/www/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: diff --git a/www/rsync.md b/www/rsync.md @@ -0,0 +1,52 @@ +% Mirroring libreboot + +Create a directory in your web directory (e.g. libreboot/) and put one +of these in your crontab: + +Libreboot project, UK (main rsync mirror) +----------------------------------------- + +**rsync -avxP \--delete \--stats rsync.libreboot.org::mirrormirror +/path/to/docroot/libreboot/** + +University of Kent, UK (backup mirror) +-------------------------------------- + +**rsync -avxP \--delete \--stats +rsync://rsync.mirrorservice.org/libreboot.org/release/ +/path/to/docroot/libreboot/** + +Princeton university, USA (backup mirror) +----------------------------------------- + +**rsync -avxP \--delete \--stats +rsync://mirror.math.princeton.edu/pub/libreboot/ +/path/to/docroot/libreboot/** + +linux.ro, Romania (backup mirror) +--------------------------------- + +**rsync -avxP \--delete \--stats rsync://ftp.linux.ro/libreboot/ +/path/to/docroot/libreboot/** + +partyvan.eu, Sweden (backup mirror) +----------------------------------- + +**rsync -avxP \--delete \--stats +rsync://mirror.se.partyvan.eu/pub/libreboot/ +/path/to/docroot/libreboot/** + +mirror.si, Slovenia (backup mirror) +----------------------------------- + +**rsync -avxP \--delete \--stats rsync://libreboot.mirror.si/libreboot +/path/to/docroot/libreboot/** + +Are you running a mirror? Contact the libreboot project, and the link will be +added to the [download](download.html) page. + +Libreboot includes statically linked executables. If you need the +sources for those statically linked dependencies inside the executables, +then you can contact the libreboot project using the details on the home +page; source code will be provided. You can download this source code +from [here](ccsource.md). diff --git a/www/suppliers.md b/www/suppliers.md @@ -0,0 +1,36 @@ +--- +title: Ministry of Freedom (UK) +... + +[![Ministry of Freedom](https://minifree.org/minifree.png "Ministry of +Freedom")](https://minifree.org/)Since 2013, the Ministry of Freedom (formerly +Gluglug) sells systems with Libreboot and a fully free GNU+Linux distribution +preinstalled. This company directly funds the Libreboot project. **This company +ships worldwide, to all countries.** + +Products available +------------------ + +### Laptops + +- [Libreboot X220 laptop](https://minifree.org/product/libreboot-x220/) + +### Desktops + +- [Libreboot D16 desktop](https://minifree.org/product/libreboot-d16/) + +### Servers + +- [Libreboot D16 server](https://minifree.org/product/libreboot-d16-server/) + +### Miscellaneous + +- [Libreboot X200 + battery](https://minifree.org/product/libreboot-x200-battery/) +- [Libreboot X200 docking + station](https://minifree.org/product/docking-station-for-libreboot-x200/) +- [Libreboot installation + service](https://minifree.org/product/libreboot-installation-service/) +- [Libreboot stickers](https://minifree.org/product/libreboot-stickers/) + +**[Visit the main site](https://minifree.org/)** diff --git a/www/tasks.md b/www/tasks.md @@ -0,0 +1,40 @@ +--- +title: Bugs +... + +This page lists tasks for the next stable release of libreboot. [](../) + +Download the latest development tree from the [git repository](git.md) +(page also contains instructions for sending patches) + +[Download untested releases](release/unstable.md) - volatile. + +[Download testing releases](release/testing.md) - beta, release +candidate. + +Go to the libreboot development page for information about how to send +your patches. + +How to send a bug report +======================== + +The bug tracker lists current tasks, with information on what is being +done about them. + +<https://notabug.org/vimuser/libreboot/issues>\ +<https://notabug.org/vimuser/libreboot-website/issues> + +People of interest {#tasks} +------------------ + +avph is unresponsive and damo22 has quit the project, so now it falls on +Leah to montor their upstream patches, for integration in libreboot:\ +[damo22 open +patches](https://review.coreboot.org/#/q/owner:%22Damien+Zammit%22+status:open)\ +[damo22 merged +patches](https://review.coreboot.org/#/q/owner:%22Damien+Zammit%22+status:merged)\ +[avph open +patches](https://review.coreboot.org/#/q/owner:%22Arthur+Heymans%22+status:open)\ +[avph merged +patches](https://review.coreboot.org/#/q/owner:%22Arthur+Heymans%22+status:merged) +