intro: Clarify what LinuxBoot is #94
Conversation
pamolloy
force-pushed
the
pmolloy/what-is-linuxboot
branch
2 times, most recently
from
bd3b150
to
f078d3a
Compare
|
It would also be nice to not duplicate this on https://www.linuxboot.org/ under "What?" and "Why?". |
pamolloy
force-pushed
the
pmolloy/what-is-linuxboot
branch
3 times, most recently
from
aac3cb5
to
10d9f3b
Compare
pamolloy
force-pushed
the
pmolloy/what-is-linuxboot
branch
2 times, most recently
from
7175fc0
to
7cc1e45
Compare
The idea of using the Linux kernel for a boot firmware implementation is much larger than the build tool and configuration named linuxboot. Therefore focus on the importance of the idea over the implementation. Also clarify the implementation, which is confusing to newcomers. Signed-off-by: Philip Molloy <[email protected]>
pamolloy
force-pushed
the
pmolloy/what-is-linuxboot
branch
from
7cc1e45
to
dba09a0
Compare
| userland built using [u-root](https://github.com/u-root/u-root). | ||
|
|
||
| The Heads build system is more focused on local attestation and uses BusyBox | ||
| instead of Golang. |
There was a problem hiding this comment.
@tlaurion since I saw your 👍 on Daniel's comment I figured you might have a better description here? 😄
There was a problem hiding this comment.
I'm glad it's named, I would not try to define it but point to the project page instead.
There was a problem hiding this comment.
I would really like to provide some context of what Heads is. Currently, it is really hard to understand the OSFW ecosystem. My goal is to make it easier to understand the numerous projects and how they relate. How would you place Heads in the context of OSFW?
There was a problem hiding this comment.
I'm not good at this.
A draft, reminding that linuxboot is concept, more focusing on UEFI pruning and replacing DXE with u-root, where u-root could be replaced by Heads as it's Linux based payload. And where Heads focuses on being a coreboot payload, where historically, linuxboot contributed to Heads so that Heads could generate a linuxboot UEFI usable payload. Also, Heads provides complete externally flashable roms for all supported boards, where it's still not clear to me on which real physical boards linuxboot is used today, graveyard.md showing removal of past boards and reducing current boards to old, some now unablvailable boards.
Anyway, a draft:
LinuxBoot with u-root:
- u-root: Provides a set of standard Unix tools rewritten in Go, such as
ls,cp, `shutdown, etc. - Boot policy tools: Includes tools for PXE booting, booting via GRUB config, and other boot-related policies.
- Minimal initramfs: Creates a single binary root file system (initramfs) containing BusyBox-like utilities.
LinuxBoot with Heads:
- Heads: Includes a comprehensive suite of standard Linux ecosystem tools for creating a full Linux recovery environment.
- Extensive toolset: Incorporates
qrencode,hotp-verification,io386,cryptsetup,gnupg,tpm toolstack,flashprog,lvm,e2fsprogs,extfsprogs, and more. - Security features: Focuses on local attestation, TPM DUK seal/unseal operations, GPG-based security measures, and reproducible builds.
In essence, while LinuxBoot with u-root offers a streamlined and flexible boot environment with basic Unix tools, LinuxBoot with Heads provides a robust and secure boot environment with a wide range of tools necessary for a complete Linux recovery setup.
There was a problem hiding this comment.
Also note présence of other projects, like tinyboot, ownerboot and tvix, all reusing or aiming to reuse linuxboot concept (Linux as payload/linux as bootloader replacing as much opaque/proprietary/unneeded drivers with Linux) which would do it better if there was more collaboration between those projects and working together in the goal of freeing motherboards of bloat/proprietary blobs/changing the ecosystem to be freer.
But to accomplish this, it needs to be easy to build, easy to deploy and supported by vendors with transparency on what to buy how to deploy and being reproducible with simple commands, maintained and sold by oems on their supported hardware, and ideally, pushed by ODM so users don't need to be hackers and understand everything to use it.
This is what Heads try to accomplish.
There was a problem hiding this comment.
Tldr: refer to project page instead of trying to define heads, which is criticized to do too much but where OEM requires more to deploy easily, securely, with proper transfer of ownership and in transit interdiction evidence of firmware/deployed OS (mainly QubesOS).
I have difficulties to define Heads myself, hence good luck trying to define it.
A good article written by unbiased third party is all I can refer to.
There was a problem hiding this comment.
Also note https://www.linuxboot.org/page/faq/
LinuxBoot, NERF, HEADS? What’s What?
LinuxBoot is the project that replaces specific firmware functionality with a Linux kernel. LinuxBoot is agnostic to what initramfs is used with the kernel.
NERF is LinuxBoot with u-root as the initramfs. u-root contains boot policy tools in Go (e.g. PXE booting, booting via GRUB config) among standard busybox-like utilities rewritten in Go.
HEADS is a secure runtime that can be used as the initramfs for LinuxBoot. Take a look at the repository on GitHub. See osresearch.net for more documentation on HEADS.
So maybe edit faq but keep intro simple?
The "naming" article provides a lot of detail that is better left to the individual project documentation or is captured more succinctly by the glossary. The note about LinuxBoot as a concept has also been moved into the intro. Signed-off-by: Philip Molloy <[email protected]>
Signed-off-by: Philip Molloy <[email protected]>
Signed-off-by: Philip Molloy <[email protected]>
pamolloy
force-pushed
the
pmolloy/what-is-linuxboot
branch
from
546ed33
to
346fbb4
Compare
|
The idea of replacing proprietary and monstrous corporate open source firmware with a Linux kernel based solution is much larger than the build tool and configuration named
linuxboot. Therefore focus on the importance of the idea over the implementation.Also clarify the implementation since it is confusing to newcomers what LinuxBoot refers to and how u-root is related. Is LinuxBoot and idea or the tool in the Github repository? The u-root cpu command is referenced as a LinuxBoot utility. And LinuxBoot using coreboot, u-root and systemboot talks about how to build a "LinuxBoot firmware based on coreboot, u-root and systemboot".