diff --git a/.gitcheck b/.gitcheck deleted file mode 100755 index 43344e8..0000000 --- a/.gitcheck +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/env sh -# SPDX-FileCopyrightText: 2022 Caleb La Grange -# SPDX-FileCopyrightText: 2023 Leah Rowe -# SPDX-License-Identifier: GPL-3.0-only - -git_name="gbmkplaceholder" -git_email="placeholder@toejamworld.com" - -main() -{ - if [ $# -gt 0 ]; then - if [ "${1}" = "clean" ]; then - clean > /dev/null 2> /dev/null - else - printf "%s: Unsupported argument\n" $0 - exit 1 - fi - else - set_placeholders > /dev/null 2> /dev/null - fi -} - -set_placeholders() -{ - set_git_credentials - - # Check coreboot as well to prevent errors during building - if [ ! -d coreboot ]; then - return - fi - for x in coreboot/*; do - if [ ! -d "${x}" ]; then - continue - fi - ( - cd "${x}" - set_git_credentials - ) - done -} - -set_git_credentials() -{ - # Check if username and or email is set. - if ! git config user.name || git config user.email ; then - git config user.name \ - || git config user.name "${git_name}" - git config user.email \ - || git config user.email "${git_email}" - fi -} - -clean() -{ - unset_placeholders - - if [ ! -d coreboot ]; then - return - fi - for x in coreboot/*; do - if [ ! -d "${x}" ]; then - continue - fi - ( - cd "${x}" - unset_placeholders - ) - done -} - -unset_placeholders() -{ - if [ "$(git config user.name)" = "${git_name}" ]; then - git config --unset user.name - fi - - if [ "$(git config user.email)" = "${git_email}" ]; then - git config --unset user.email - fi -} - -main $@ diff --git a/.gitignore b/.gitignore index 85a5c18..61db5fe 100644 --- a/.gitignore +++ b/.gitignore @@ -1,19 +1,11 @@ *~ *.o -/gbmk.err.log +/cbmk.err.log /cbutils/ -/pciroms/ -/util/e6400-flash-unlock/e6400_flash_unlock -/util/ich9utils/*.bin -/util/ich9utils/demefactory -/util/ich9utils/ich9deblob -/util/ich9utils/ich9show -/util/ich9utils/ich9gen +/util/dell-flash-unlock/dell_flash_unlock /TODO -/bios_extract/ /tmp/ -/payload/ -/me_cleaner/ +/elf/ *.s[a-w]? *.vim /*.elf @@ -21,22 +13,12 @@ /*.rom /build_error /TODO/ -/docs/version -/bucts/ -/coreboot/ -/crossgcc/ -/depthcharge/ -/flashrom/ -/resources/coreboot/*/seen -/grub/ -/memtest86plus/ -/seabios/ -/u-boot/ +/config/*/*/seen /bin/ /release/ -/descriptors/ /*.bin /push /version /versiondate /util/nvmutil/nvm +/src/ diff --git a/Makefile b/Makefile deleted file mode 100644 index e9a678b..0000000 --- a/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -# -# Makefile for official GNU purposes -# You can use this, but it just runs gbmk commands. -# -# Copyright (C) 2020, 2021, 2023 Leah Rowe -# Copyright (C) 2022 Ferass El Hafidi -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -.POSIX: - -#.PHONY: all check download modules ich9m-descriptors payloads roms release \ -# clean crossgcc-clean install-dependencies-ubuntu \ -# install-dependencies-debian install-dependencies-arch \ -# install-dependencies-void install-dependencies-fedora38 \ -# install-dependencies-parabola - -all: roms - -download: - ./download all - -modules: - ./build module all - -ich9m-descriptors: - ./build descriptors ich9m - -payloads: - ./build payload all - -roms: - ./build boot roms all - -release: - ./build release src - ./build release roms - -clean: - ./build clean cbutils - ./build clean flashrom - ./build clean ich9utils - ./build clean payloads - ./build clean seabios - ./build clean grub - ./build clean memtest86plus - ./build clean rom_images - ./build clean u-boot - ./build clean bios_extract - -crossgcc-clean: - ./build clean crossgcc - -install-dependencies-ubuntu: - ./build dependencies ubuntu2004 - -install-dependencies-debian: - ./build dependencies debian - -install-dependencies-arch: - ./build dependencies arch - -install-dependencies-void: - ./build dependencies void - -install-dependencies-fedora38: - ./build dependencies fedora38 - -install-dependencies-parabola: - ./build dependencies parabola diff --git a/README.md b/README.md index 2059401..5995ad2 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,250 @@ -non-GeNUine Boot +Canoeboot ========= -This software was made purely for fun, by Leah Rowe of Libreboot. +Find canoeboot documentation at -You should otherwise use Libreboot: +The `canoeboot` project provides +[libre](https://writefreesoftware.org/) *boot +firmware* that initializes the hardware (e.g. memory controller, CPU, +peripherals) on specific Intel/AMD x86 and ARM targets, which +then starts a bootloader for your operating system. Linux/BSD are +well-supported. It replaces proprietary BIOS/UEFI firmware. Help is available +via [\#canoeboot IRC](https://web.libera.chat/#canoeboot) +on [Libera](https://libera.chat/) IRC. - +Why use Canoeboot? +================== + +Why should you use *canoeboot*? +---------------------------- + +Canoeboot gives you freedoms that you otherwise can't get with most other +boot firmware. It's extremely powerful and configurable for many use cases. + +You have rights. The right to privacy, freedom of thought, freedom of speech +and the right to read. In this context, Canoeboot gives you these rights. +Your freedom matters. +[Right to repair](https://vid.puffyan.us/watch?v=Npd_xDuNi9k) matters. +Many people use proprietary (non-libre) +boot firmware, even if they use [a libre OS](https://www.openbsd.org/). +Proprietary firmware often contains backdoors (more info on the FAQ), and it +and can be buggy. The canoeboot project was founded in October 2023, +with the express purpose of making coreboot firmware accessible for +non-technical users. + +The `canoeboot` project uses [coreboot](https://www.coreboot.org/) for [hardware +initialisation](https://doc.coreboot.org/getting_started/architecture.html). +Coreboot is notoriously difficult to install for most non-technical users; it +handles only basic initialization and jumps to a separate +[payload](https://doc.coreboot.org/payloads.html) program (e.g. +[GRUB](https://www.gnu.org/software/grub/), +[Tianocore](https://www.tianocore.org/)), which must also be configured. +*The canoeboot software solves this problem*; it is a *coreboot distribution* with +an automated build system (named *cbmk*) that builds complete *ROM images*, for +more robust installation. Documentation is provided. + +How does Canoeboot differ from coreboot? +======================================== + +In the same way that *Debian* is a GNU+Linux distribution, `canoeboot` is +a *coreboot distribution*. If you want to build a ROM image from scratch, you +otherwise have to perform expert-level configuration of coreboot, GRUB and +whatever other software you need, to prepare the ROM image. With *canoeboot*, +you can literally download from Git or a source archive, and run `make`, and it +will build entire ROM images. An automated build system, named `cbmk` +(Canoeboot MaKe), builds these ROM images automatically, without any user input +or intervention required. Configuration has already been performed in advance. + +If you were to build regular coreboot, without using canoeboot's automated +build system, it would require a lot more intervention and decent technical +knowledge to produce a working configuration. + +Regular binary releases of `canoeboot` provide these +ROM images pre-compiled, and you can simply install them, with no special +knowledge or skill except the ability to follow installation instructions +and run commands BSD/Linux. + +Canoeboot vs Libreboot +---------------------- + +Libreboot and Canoeboot are both lead by the same founder, Leah Rowe, kept in +sync whenever feasible; for each Libreboot release, a Canoeboot release follows. + +Canoeboot is a fork of [Libreboot](https://libreboot.org/), provided as a proof +of concept demonstrating Libreboot in its current state per release, while +removing any and all parts that do not comply with the GNU Free System +Distribution Guideline (GNU FSDG). GNU FSDG is the policy that Libreboot used to +be based on, but Libreboot adopted a more pragmatic [Binary Blob Reduction +Policy](https://libreboot.org/news/policy.html) in November 2022, resulting +in greater hardware support. + +Canoeboot supports fewer mainboards than Libreboot, +because it takes a hardline approach by limiting itself only to those mainboards +which can be booted entirely without binary blob code *in the main boot flash*. +The distinction of *in the main boot flash* is extremely important, because many +examples exist where coreboot interacts with certain proprietary software; for +example, the EC (Embedded Controller) firmware on some ThinkPads that both +Libreboot and Canoeboot support. GNU FSDG is full of contradictions like this; +for example, the HP Elitebooks supported by Libreboot 20231021 use proprietary +EC firmware too, but it's in the main boot flash, whereas on many other machines +it would be on a separate chip, and not the main boot flash. + +Coreboot can boot with Free Software exclusively on many boards, but quite a few +more mainboards exist where that is not the case. For example, a given mainboard +may require a blob to configure the memory controller. Libreboot provides as few +binary blobs as possible while allowing any mainboard to be supported, whereas +Canoeboot provides *no* binary blobs and thus can only support a limited subset +of what coreboot supports. + +Libreboot started with the no-blob policy, in December 2013. In December 2020, +another project lead by Leah Rowe was created, named *osboot*. The osboot +project had the same policy as current Libreboot, and was later merged into +Libreboot, during November 2022. Thus, Libreboot *became* osboot, and it has +improved substantially since then. This was done, in an effort to bring coreboot +to more people, since Libreboot was much better established at that point. Since +then, the decision has proven to be quite successful, with many more users. + +While the no-blob approach may seem noble, it stifles the adopt of Free +Software, in this case coreboot, by alienating those users who like the idea of +free software but do not have such "pure" hardware. The FSF's definition of +purity (in this context) is deeply flawed, as it contains many contradictions. + +Binary blobs are *bad*. Free software is *good*, and everyone deserves to have +freedom in their computing. The irony is that there are some who would denounce +the current Libreboot project, under the logic that it is *enabling* proprietary +software, but this is not so; Libreboot is *removing* proprietary software, when +you install it. + +Therefore, the nuance in the type of thinking behind *Libreboot* policy is that +while proprietary software *is* bad, and should be avoided, that choice may not +always be available; in such cases then, it can be used but with the stipulation +that it be replaced (with free software) at a future date, and that strong +education is given about it in the meantime. Indeed, many projects out there, +for example many Linux and/or GNU-based systems, will *include* such proprietary +software (such as wifi firmware blobs) and *not tell you about it*, or not +clearly document its existence. Libreboot very clearly documents what and where +these blobs are, in this document: + + +The mentality behind Libreboot policy is that *some* software freedom is better +than none. For example, if you're running a ThinkPad X230 or T440p, both of these +can boot entirely without binary blobs in coreboot, but you do still need the +neutered Intel ME image outside of that (in the ME region of the flash, whereas +coreboot goes in the BIOS region). More information about that is available, +on the Freedom Status page of the Libreboot project: + + +Libreboot still supports all of the same mainboards that Canoeboot supports, and +provides the exact same configuration as options in each release. In other words, +the no-blob configuration is still possible in Libreboot, and that will always +be true, when possible on a given mainboard. Libreboot's *preference* is +precisely to promote Free Software, hence the Binary Blob Reduction Policy. +Again for posterity, here is a link to the text of that policy: + + +By contrast, many projects (that handle blobs) do not have such a stipulation. +They either have no policy, a loosely defined policy, or they actively +encourage the use of blobs. Libreboot does not encourage use of binary blobs, +unless absolutely necessary on a given mainboard; whereas, a project like +Debian will provide the `nouveau` driver for nvidia graphics cards, while also +providing the binary drivers from Nvidia (which is proprietary); if Libreboot +were to become a Debian, it would only recommend the `nouveau` driver if that +works well enough. And now an example closer to home: in Libreboot, let's say +you have a board with Intel graphics. Libreboot provides free initialisation +of the framebuffer (using coreboot's `libgfxinit`), which has some limitations +but does work well with Linux/BSD, and you could add Tianocore for an efi +framebuffer if you wanted; an alternative to this is the proprietary VGA Option +ROM from intel, which can provide full VGA mode setting as a BIOS callback, +which would enable more operating systems (e.g. ReactOS, games in FreeDOS, etc). +Libreboot does not provide the Intel VGA ROM, because it is not needed. Linux +and BSD are fine, you you can play DOS games in dosbox if you really want to. +You do not need to boot DOOM on FreeDOS. + +To summarise the above point: +if Libreboot had a policy like the Debian one, it would provide that VGA ROM. +Libreboot is not Debian. But it does not follow GNU's hardline approach either. +Both approaches are bad. Libreboot policy is based on FSF ideology, but without +dogma. So, the difference with Canoeboot is that it *also implements the dogma*. +The FSF and GNU dogma is that proprietary software must *always* be avoided, +under all circumstances. Libreboot does not implement such dogma. + +The purpose of Canoeboot is therefore to demonstrate what can be done under +such dogma, while providing criticism of it in favour of Libreboot policy. +The Libreboot policy is correct because it provides more software freedom +overall to more people. In any software community, a certain fixed percentage +of people will become programmers, and so bringing coreboot to more people will +inevitably lead to more people becoming coreboot developers; this may then +encourage more people to reverse engineer the blobs to produce free source code. + +To put the above point another way: +the GNU FSDG policy, dictated by the FSF, is causing *active harm* to the +adoption of Free Software. For example, if a Windows user is introduced to Linux +for the first time, but they are introduced to an FSDG-compliant distro like +Trisquel, they may find that certain hardware doesn't work. They aren't master +hackers, they are clueless novices, and everything needs to work or they are +going to ditch Linux and keep using Windows. That is just a fact, with most +people, even principled people who believe in the ideals. When someone is just +starting out, they need the experience to be as smooth as possible. + +That novice user could one day reverse engineer graphics drivers and bring about +the next revolution in software freedom, but a bad early experience will deter +them early on, and thus stifle future development of free software. This is the +argument put forward by Libreboot, as of November 2022 with the merging of osboot. + +tl;dr just imagine a universe where osboot never existed, and know that +Canoeboot is essentially what Libreboot *might* have been at this point in +time. It is a representation of what *was*, and what could have been. Canoeboot +is one possible answer to that *what if*, although the actual universe where +osboot didn't exist may not have produced exactly the same result as Canoeboot +today; it could be slightly different. Libreboot butterflies... + +Libreboot today is far superior to Canoeboot, and it's what you should use, but +there are a few who prefer the old Libreboot policy, who absolutely do not want +any proprietary software even to be present, let alone installed and/or +executed. Thus, canoeboot was born. + +Canoeboot provides the same level of automation that Libreboot does in the +downloading, patching and building of coreboot ROM images, but it excludes any +binary blobs that may otherwise be present in upstream projects. Canoeboot will +also remove non-blobs that are still proprietary software; there are some cases +where software may be provided by a vendor with source code, but under some +license that puts restrictions on its use or distribution. Canoeboot will only +knowingly provide software that adheres to the GNU Free Software Definition, in +compliance with the GNU Free System Distribution Guidelines. + +Project goals +============= + +- *Support as much hardware as possible!* (within the restrictions imposed + by GNU FSDG policy) +- *Make coreboot easy to use*. Coreboot is notoriously difficult + to install, due to an overall lack of user-focused documentation + and support. Most people will simply give up before attempting to + install coreboot. Canoeboot's automated build system and user-friendly + installation instructions solves this problem. + +Canoeboot attempts to bridge this divide by providing a build system +automating much of the coreboot image creation and customization. +Secondly, the project produces documentation aimed at non-technical users. +Thirdly, the project attempts to provide excellent user support via IRC. + +Canoeboot already comes with a payload (GRUB), flashrom and other +needed parts. Everything is fully integrated, in a way where most of +the complicated steps that are otherwise required, are instead done +for the user in advance. + +You can download ROM images for your canoeboot system and install +them without having to build anything from source. If, however, you are +interested in building your own image, the build system makes it relatively +easy to do so. + +Not a coreboot fork! +-------------------- + +Canoeboot is not a fork of coreboot. Every so often, the project +re-bases on the latest version of coreboot, with the number of custom +patches in use minimized. Tested, *stable* (static) releases are then provided +in Canoeboot, based on specific coreboot revisions. LICENSE FOR THIS README ======================= @@ -15,3 +254,6 @@ Creative Commons Zero license, version 1.0 of the license, which you can read here: + +The documentation in Canoeboot will use a mix of other licenses, so you should +check that for more information. diff --git a/build b/build deleted file mode 120000 index 1848648..0000000 --- a/build +++ /dev/null @@ -1 +0,0 @@ -gbmk \ No newline at end of file diff --git a/build b/build new file mode 100755 index 0000000..c607527 --- /dev/null +++ b/build @@ -0,0 +1,138 @@ +#!/usr/bin/env sh +# SPDX-License-Identifier: GPL-3.0-or-later +# SPDX-FileCopyrightText: 2014,2015,2020,2021,2023 Leah Rowe +# SPDX-FileCopyrightText: 2015 Patrick "P. J." McDermott +# SPDX-FileCopyrightText: 2015, 2016 Klemens Nanni +# SPDX-FileCopyrightText: 2022, Caleb La Grange + +[ "x${DEBUG+set}" = 'xset' ] && set -v +set -u -e + +. "include/err.sh" +. "include/option.sh" + +eval "$(setvars "" option aur_notice tmpdir)" + +tmpdir_was_set="y" +set | grep TMPDIR 1>/dev/null 2>/dev/null || tmpdir_was_set="n" +if [ "${tmpdir_was_set}" = "y" ]; then + tmpdir="${TMPDIR##*/}" + tmpdir="${TMPDIR%_*}" + if [ "${tmpdir}" = "cbmk" ]; then + tmpdir="" + tmpdir_was_set="n" + fi +fi +if [ "${tmpdir_was_set}" = "n" ]; then + export TMPDIR="/tmp" + tmpdir="$(mktemp -d -t cbmk_XXXXXXXX)" + export TMPDIR="${tmpdir}" +else + export TMPDIR="${TMPDIR}" +fi +tmpdir="${TMPDIR}" + +linkpath="${0}" +linkname="${linkpath##*/}" +buildpath="./script/${linkname}" + +main() +{ + xx_ id -u 1>/dev/null 2>/dev/null + [ $# -lt 1 ] && fail "Too few arguments. Try: ${0} help" + [ "${1}" = "dependencies" ] && xx_ install_packages $@ && cbmk_exit 0 + + initialise_command $@ && shift 1 + + check_git + check_project "fail" + git_init + + execute_command $@ + cbmk_exit 0 +} + +initialise_command() +{ + [ "$(id -u)" != "0" ] || fail "this command as root is not permitted" + + case "${1}" in + help) usage ${0} && cbmk_exit 0 ;; + list) items "${buildpath}" && cbmk_exit 0 ;; + esac + option="${1}" +} + +install_packages() +{ + if [ $# -lt 2 ]; then + printf "You must specify a distro, namely:\n" 1>&2 + printf "Look at files under config/dependencies/\n" 1>&2 + printf "Example: ./build dependencies debian\n" 1>&2 + fail "install_packages: target not specified" + fi + + [ -f "config/dependencies/${2}" ] || fail "Unsupported target" + + . "config/dependencies/${2}" + + xx_ ${pkg_add} ${pkglist} + [ -z "${aur_notice}" ] && return 0 + printf "You must install AUR packages: %s\n" "${aur_notice}" 1>&2 +} + +# release archives contain .gitignore, but not .git. +# cbmk can be run from cbmk.git, or an archive. +git_init() +{ + [ -L ".git" ] && fail "Reference .git is a symlink" + [ -e ".git" ] && return 0 + eval "$(setvars "$(date -Rd @${versiondate})" cdate _nogit)" + + git init || fail "${PWD}: cannot initialise Git repository" + git add -A . || fail "${PWD}: cannot add files to Git repository" + git commit -m "${projectname} ${version}" --date "${cdate}" || \ + fail "${PWD}: can't commit ${projectname}/${version}, date ${cdate}" + git tag -a "${version}" -m "${projectname} ${version}" || \ + fail "${PWD}: cannot git-tag ${projectname}/${version}" +} + +execute_command() +{ + cbmkcmd="${buildpath}/${option}" + [ -f "${cbmkcmd}" ] || fail "Invalid command. Run: ${linkpath} help" + "${cbmkcmd}" $@ || fail "execute_command: ${cbmkcmd} ${@}" +} + +usage() +{ + progname=${0} + cat <<- EOF + USAGE: ${progname}