 So welcome here, and as you all know in some parts free software is very dominant and The choice of if you want to do something there are some parts where free software is not Successful not yet as successful as it wants to be but there are projects trying to change that and one of this project is Libreboot and I'm and I think we can very happy to have the founder of this project Lear here now on stage talking about it Thank you very much. Give her a welcome Okay, so as we introduce my name is Lear Rowe. I'm here to talk about our projects called Libreboot I've been working on this project since since late 2013 What Libreboot attempts to do is provides free software at the boot firmware level so When people think about free software, they're usually thinking about their operating system But the boot the boot firmware is basically what initializes the hardware and starts usually a bootloader to load your operating system, so Most people with modern systems are using proprietary software. So this is often referred to as the BIOS or ufi Libreboot attempts to provide a fully free software replacement for this So we provide this on desktops laptops and servers on x86 and arm. We're also Looking to implement this on open power, which I'll talk about later in the talk So the goal of the projects we want everyone to use free software Exclusively so we think the proprietary software shouldn't be an option If anyone's using non-free software, then that's a problem. We want to fix that as a result of this Our second goal is obviously to support as much hardware as possible So the more hardware supported the better This includes not just porting existing hardware to Libreboot. It also includes having OEMs provide Libreboot pre-installed And we also want it to be as easy to use as possible for non-technical people with projects like this It's usually the case that people who may not necessarily have the technical knowledge Might not even know how to install it either because there's no documentation or because the documentation is incomplete Or it may be or it may use jargon that the user doesn't necessarily understand So we want to streamline everything in Libreboot as much as possible This will be covered later on in the talk So what are the problems with non-free BIOS or UFI or boot firmware more generally? so If you're under if you're familiar with what free software is basically it means you can use the software Copy it share it modify it study the source codes Basically do whatever you like with it with no restrictions if that's non-free at the BIOS level then We see now for instance that you have devices where The operating system that the device comes with Is locked down so that you can't replace it This is most common on games consoles and mobile devices, but it's also increasingly common Nowadays on PCs as well I'll go on to this later on in the talk You also find nowadays I'll also cover this later on in the talk that some modern boot firmware also Is cryptographically signed which means you can't replace it so on some modern Intel systems You find that you can't replace the boot firmware because the system checks the signature at boot time I'll also cover this later on in the talk obviously With proprietary boot from where you can also have security issues intentional or otherwise Which can be placed there by the manufacturer So for instance system management modes you can implement root kits there Most modern Intel and AMD systems also come with a hypervisor called the Intel management the Intel management engine Or the AMD platform security processor. I'll also cover these later on in the talk If there are bugs obviously all software has bugs that's a Problem if the software is proprietary and no one has the source code to actually learn how it works and make changes to it So and it's common to find issues on with boot firmware on modern systems or any system We want people to be able to fix issues that they may have with proprietary software. This is not the case So that's important What's the point in using a system that's none free if you're going to use a free system and Want to use all free software, but the boot firmware the route of trust in your system is proprietary then That's something that needs to be fixed So I'll go through some brief history of the Libre root projects. It started in December 2013 I was running a company at the time called Gullig blog. It's now called mini free I was selling the think pad x60 with core boot pre-installed The free software foundation contacted me to tell me about their Respects your freedom certification program. What this was or is rather is a program where you They certified devices that come exclusively with free software, but not just that Also devices that have contain no known security issues So no backdoors or anything like that These systems at the time were the first systems that actually met this criteria Everything including the boot firmware the operating system the drivers Any software that you can think of in the system was free software and this is what we worked with them on The Libre root projects hadn't started at around this time when they contacted us. We had to work on some issues. So the core boot contains I'll go into Some details about the problems that we had in core boot because that kind of goes hand-in-hands with this so Yeah, so they contacted me because they wanted to endorse my company So I started working with them on producing a completely blob free version of core boots a blob By the way, is a piece of proprietary software binary only software I worked with them on creating a product that was entirely free software and from that the Libre root projects was formed We also Only supported one laptop at first. They think had x60 as I mentioned before We later expanded to support more desktops laptops and servers on multiple platforms, which I'll also cover later on in the top. I Should also mention that for brief periods the Libre root projects was actually part of GNU So we joins I've contacted Mike Yo, it's I don't know. I don't exactly know how to pronounce the name Anyway, I worked with Mike if Mike Joe it's in the GNU projects on Making the Libre root eligible to be added to GNU. So we had the same goals as the GNU projects free software everywhere Bring you about a world where you can any task that you can possibly think of could be done Exclusively with free software. That's the goal and that's our goal as well. So we were philosophically compatible, but There were some technical issues that we had to deal with so for instance the documentation build system and things like that Trying to standardize it so that we used their build methods and said That took about a year and then finally on the May 14th 2016 we officially joins the GNU projects Unfortunately a few months later after that on 15th of September We had already had some disagreements with the GNU projects over technical issues and how project how the project should be run Something controversial, I should say happened at the FSF. You can read about this on the Libre root websites They basically did something really nasty that we disagreed with entirely. So we just left GNU You can actually go on to the link HTTPS Libre Boots.org Slash GNU and you can read information about that. So we were members of the GNU projects for about four months It's really strange because when we left GNU they actually resisted it. So we left GNU in September 2016, but the GNU projects officially Officially recognized that in January this year So how is the Libre Boot projects funded? Well, I run as I said before I run a company that sells systems with Libre Boot pre-installed We sell desktops laptops and servers with Libre Boots and Debian by default Their profits from this company are used to run to funds the Libre Boot projects We've funded the Libre Boot in several ways in the past for instance the There's a server motherboard that we support the SSKGP D6 thing Which we had to pay for to have ported There was also a few other boards that we paid for. Generally, we also provide infrastructure And paper development in general so That's actually one of the main reasons many three exists just to provide funding for Libre Boots At our present we have no other ways to fund the Libre Boot projects. I am looking into crowdfunding in the future as a possible option if we ever Try to produce our own hardware. I'm actually going to talk about OEMs at some point in the future in the some point in the talk so I'll go through some Details about the components of Libre Boots So there's some confusion in the community about what Libre Boots actually is people sometimes sometimes ask me Isn't Libre Boot just a deep deblobbed fork of core Boots? That's not actually true What we do in Libre Boots is we basically provide something very similar to GNU plus Linux distribution But at the boot from where level instead so We have an automated build system which takes core Boots and the various components that you that you need with that utilities payloads and so on and Downloads patches them we use tested revisions of all of the software that we use and we have build scripts which Take all of the various components that you need and actually builds the firmware automatically if You were using core Boots directly then you'd have to take all of the all of these components yourself and Put a thing together manually So in the same way that let's say Debian provides a distribution of the GNU plus Linux system with various Upstreams like say the Linux kernel the GNU operating system X7 and so on we provide core Boots grub and various utilities that let go of that So you can think of Libre Boots as a core boot distribution So it's like a GNU slash Linux distribution, but at the boot firmware level, so it's not a It's not for your operating system, but you can think of it that way by way of analogy So I'll go through some more details about Exactly what components are in Libre Boots. So we have we have core Boots, which is the boot firmware projects that we use I'm going to talk about core Boots in later slides Core Boots is the boot firmware that initializes the hardware and it also then jumps to a payload usually a bootloader Which then boots your operating system? then we have Payloads, so we have the grub bootloader in depth of charge. I'll talk about these later on in the talk We also have utilities for installing Libre Boots and various other utilities that are used in the build system Well, we also have our own toolchain when we use GCC at the moment We are actually looking to use LLVM. I'll talk about that later on in the talk So I'll go through some information about what core Boots is So core Boots is the main projects that we use as an upstream in Libre Boots for providing hardware initialization This is what basically puts the system into a usable state So that your operating system can boot It started in the year 1999 as a project called Linux BIOS. So around that time In the old days you had to have a BIOS in place which defines how the hardware works and then your operating system used Calls into the BIOS to perform various hardware functions Around the year 1999 you had standard PCI which came out which meant that hardware was self-describing So the Linux kernel no longer needed to have a BIOS in place that it could just initialize hardware and Provide drivers without making any use of a BIOS So the idea with Linux BIOS in the year 1999 was to provide firmware where you just had the hardware initialization But without the legacy BIOS interface instead Their goal was to put the Linux kernel itself into the bootflash and have the Linux kernel perform all of their tasks that were previously handled by BIOS firmware However people started using so Linux is a payloads in Linux BIOS So you have Linux BIOS which performs the actual initialization And then they downloaded then when you built Linux BIOS you would have downloaded the Linux kernel separately Built that as a payloads payload is what is what when core boot is finished initializing the hardware It jumps to a payloads and then the payloads does whatever it does In this case that would be the Linux kernel. So you could either use Kexac to load another kernel or you could actually make that the main system kernel if you wanted This was inconvenient though. It wasn't very usable for a lot of people. So people started adding other payloads as well bootloaders there was also Projects there's also a project called C BIOS, which has existed for a few years now Which actually provides a bio interface. So if you want legacy operating system support for instance This meant that the name Linux BIOS no longer really made sense. So around 2003-2004 Linux BIOS renamed to coreboots Now coreboots I should explain the problems with coreboots Coreboots is mostly free software, but there are some parts of coreboots. That's our proprietary software I'll go into some details about what component what components these are that are non-free and coreboots in later slides So it's not fully free software We solve this in Libreboots and I'll take and I'll explain how in a few in one of the later slides Another problem with coreboots is that it's very difficult to install It's notoriously difficult because you see reports from users all the time where they have trouble building it then they have trouble flashing it and then a lot of the time for instance you have users that Make a configuration that's wrong and they they flash firmware that basically doesn't work and they break their system There's usually not much user support in the core boot community And there's also not a lot of documentation for non-technical users. There's developer documentation Coreboots is mostly developer oriented, but not user oriented Much like the Linux kernel for instance So most people don't even attempt to install coreboots That's really the main problem that and the fact that it's only partially free software. I Already explained that Libreboots is a fork of coreboots. So Comparison would be if you look at a GNU plus Linux distribution, that's a distribution for your operating system They provide also images where you can install the system and it comes with an interface That's easy to use and they usually have community support in place for that and plus documentation Libreboots is the same thing essentially, but at the boot firmware level. So we provide ROM images Which the term ROM image is a bit misleading because it's not actually ROM. It's it's flash It's rewritable, but they call them ROM images. Anyway, that's When we say ROM images, we're referring to the firmware that you actually flash so We provide that pre-compiled by default for users This is something that coreboots itself doesn't do We test everything we provide the build system which I explained earlier and We try to provide documentation and that users so instead of providing Documentation that's designed for developers to read We try to streamline everything as much as possible We try to automate everything as much as possible to the point where we can just give a user a guide where they can just follow instructions step by step and install the firmware without and We found that this actually works the success rate for installations in Libreboots is quite like compared to coreboots more people attempts to Install it because it's because the documentation is better for non-technical people and Because we provide documentation that's designed for people who may not necessarily have as much technical knowledge People make less mistakes so We provide all of that and integrate everything So we don't actually create a fork of coreboots We use a particular revision of coreboots on different hardware and we rebase that as time goes by it so We don't actually we actually use coreboots as an upstream much like say Debian uses the Linux kernel as an upstream so I Explained before that coreboot contains proprietary software. So what do we do about this? The first answer would be to fork coreboots and provides a deblobs version of coreboots But that's not what we do in the Libreboot projects What we do is we maintain a set of scripts which Searches the source code and looks for patterns inside the source code that look like proprietary software So if you actually look in the coreboot source codes You will actually find say a C source file That does something but you look inside the file and it will just be an array of bytes inside the file It will be an executable Or you might actually find binary blobs the actual files in that So we so the scripts searches for blobs in the source codes and then reports a list of Search results now not all of these are blobs. You do get false positives So we have to go through the list and decide which ones are blobs and which ones are not and then we maintain a list of files for the of blobs in coreboots for the deblobs scripts to delete Obviously as a result of this we support less hardware than coreboots because Blobs are needed on some systems in order to actually boot so we just settle for lower hardware support We don't want people to use proprietary software. So in some cases we just have to say we can't support this system Now I should explain there's a new projects called Libra core, which is a fork of coreboots and like Libra boots Which is a coreboot distribution? Libra core It's not run. It's not part of the Libra project. It's run by separate people. It started in as a response to this problem in coreboots in Recent years in coreboots. It has been found that a lot of newer development goes into the proprietary systems from Intel and AMD There's not really as much of a community focus anymore according to them a Lot of coreboot developers nowadays accept blobs much more casually than they did before so and The focus in coreboots on Libra hardware is a lot less So Libra core started in December 2016 with a new focus Which is the same focus as the Libra projects Libra core Tries to support as much hardware as possible without any proprietary software They've attracted a number of the developers from coreboots as well. So They're trying to make it their own projects and to abandon coreboot basically But they also share patches back and forth between coreboots and Libra core We're actually looking to to dump coreboots entirely in Libra boots And use Libra core as an upstream instead the reasons for this is Well, because they have the same focus as us that means that we're working with people if share our ideals It also means that if if we use their software then if we use their version their fork of coreboots Libra core We may not necessarily have to do as much work on the deblobscripts. We can abandon the whole concept of having deblobscripts Because what Libra core does is it provides deblobbing for coreboots, but inside the tree itself So they fought coreboots and they remove all the blobs There is one exception I have founds that they have they do distribute microcode updates, but I'm not sure about anything else I Will say though in coreboots in recent years There has been a push to moving all of their binary blobs in coreboots to a separate repository To a separate repository But there are still some blobs left in coreboots So you can go on to the website Libra core.info for information about that. This is a very new project So it's not very established at the moment, but we're looking to use that instead of coreboots I'm going to go through some examples about Exactly what kinds of binary blobs are used in coreboots Well, the first one is the entire boot from where on Most new in systems from Intel and AMD The entire hardware initialization is actually a binary blob provided by The manufacturer Intel or AMD in this case what coreboot then does is they provides code around that That just provides an interface for it to use We call this shimboots because it's not coreboots The hardware initialization on modern Intel and AMD systems in coreboots Is entirely binary blobs so AMD used to provide source code for this between the years 2000s and 11 to 2014, but then they stopped Obviously this this has all of the same problems as non-free boot firmware because it is non-free if you look at a standard proprietary BIOS firmware or UFI on modern systems Shimboots as we call it is more or less the same It has all of the same freedom issues the same security issues everything We don't consider this coreboots in Libreboot projects Another example of a binary blob typically found on most systems is called the video BIOS So when you start your system before your operating system boots in the early boot process The video BIOS provides initialization so that you can have a display It also provides some functions for the drivers to use in your operating system for whichever video hardware you have We have free initialization now coreboot doesn't provide this itself because there are so many different graphics cards out there When you use a system, it's common for people to use all different kinds of chipsets Even if it's a laptop you find different companies that provide different chipsets in the laptops For instance, they might provide an Nvidia chipset instead of Intel So what coreboot does is they don't provide the video BIOS themselves You get that from the manufacturer and you put that in your coreboot image We use free video initialization in Libreboot In coreboot this is referred to as native graphics initialization Some graphics chipsets don't actually need a video BIOS or any initialization firmware So for instance on some Nvidia chipsets And some older Intel chipsets as well, you can use the video hardware without having any Initialization firmware for it, the Linux kernel can initialize it on its own, but that's a rare exception Another major blob that's found on a lot of Intel systems nowadays Well, all Intel systems actually from the 2007 and beyond is called the Intel management engine This is a separate computing platform. It's a separate system inside the system It's embedded inside the Northbridge on older systems and in the platform control hub on newer systems It has its own access to memory to the main system memory through what's called the DMA engine It has its own networking It provides various extensions one of the main extensions that the management engine provides Is called AMT or active management technology. This provides remote access features for you to make configuration changes Independently of whether an operating system is even running. It's typically done through a web interface AMT is typically used in corporate environments. The thing is though That's actually verified to be insecure We had a theory that this could potentially be a back door And it's true there So on a lot on some Intel systems, for instance The web interface that active the AMT uses was found to have bugs in its TLS engine But in its TLS implementation, so you could sneak traffic over the network, for instance Anyone who has control of your system via AMT has absolute control of your system If it has DMA that also means for instance that it could leak encryption keys that are stored in memory The management engine is cryptographically signed as well when you boot the system The system checks for the signature on that if you make modifications to the management engine or remove it Your system won't boot There are various extensions on top of the Intel management engine besides just AMT One of them is called Intel bootguards, which on modern Intel systems prevents other boot firmware from being used So if you wanted to install coreboots or Libreboots onto a system That has the Intel bootguards. You wouldn't be able to do it The system would check the signature of the boot firmware that you're using and reject it You can find more information about this on the Libreboot.org slash FAQ. That's our FAQ section There is an exception nowadays. This is also mentions on the Libreboot FAQ Some there was some some research a while ago into Remove so on modern Intel systems, you can't remove the management engine and you can't Modify any of it, but there was a work around that some that people in corporate projects founds for Removing the networking features in the management engine Removing most removing all of the malicious features to the point where it's basically useless and doesn't do anything We're considering whether to add some of these systems in Libreboots We're not currently working on that. We're looking for input on that from the community You can go on to this onto the Libreboot FAQ section and read the information about the management engine on there And there's a link to this There's also a there's also you go on to the Libreboot FAQ and we've got some information about this This is something new that we're looking into So we're not really doing anything with this yet Also, we don't know if it's if that makes the system secure We don't know if it actually removes malicious features or if There's still some some pictures left that you don't want so I Should also mention the AMD is just as bad as Intel So AMD has their own equivalent of the Intel management engine calls the platform security processor They also provides The hardware initialization is blobs just like Intel They have all of the same security and freedom issues as Intel You can go on to the Libreboot FAQ section and reads about this is actually a typo It's meant to say AMD not Intel. Yeah, if you go on to the Libreboot FAQ section, we have info information about the various problems with Intel and AMD We recommend that people don't use modern Intel or AMD hardware because of the freedom issues that they have There is an alternative so IBM recently Freeds their power platforms. So this is this used to be called power PC Modern power CPUs have been freed. So if you Buy a system from IBM now Nowadays you can actually port that not all actual systems that you can buy come with Free boot firmware, but it's possible nowadays to have actual OEMs pre-installing Libreboots With there was a project called the Talos workstation, which I'll cover on the next slides which attempts to provide Libreboots at the OEM level. They wanted to manufacture Their own hardware, but using the IBM power platform instead of x86 This hardware is available today to actually port Libreboots and you can fire these systems from IBM and actually sell them and They IBM actually supports this So this is something that we're looking into. There was a project called the Talos workstation which Attempted to provide this as an OEM That it was a crowdfunding campaign that they were running. Unfortunately that crowdfunding campaign failed The problems that we found well the problems that they found rather The hardware is very expensive to sell It's not actually possible at the moment to compete with the likes of Intel or AMD in terms of price Even though the hard the hardware itself is Equivalent performance wise so that's one of the main reasons that the campaign failed we want we're looking We're looking to restart attempts at providing power hardware to the community because this is one of the This is one of the sister architectures that we can use in the future Intel and AMD is currently a dead end in terms of Free software we can't use Intel or AMD This is currently the only alternative to it to x86 when speaking about open power so The crowdfunding campaign there are some open power systems that you can get now that They're usually very expensive, and they're usually only available as servers. So They're currently are not that many alternatives that you can use at least for modern hardware If you want free boot firmware if you want to do software development for instance arm Hardware is often low-end. It's often not powerful enough for real software development in a lot of use cases There are there is a server platform which Libra boot supports which I mentioned earlier the ASUS KGP 316 which is still relatively modern and still high-end enough for most people to actually use for other development purposes it can also be used for Hosting and any other kind of server application that you need You can find more information about that on the website. We actually sell that at mini free as well But at the moment there are no solutions In OEMs if you go to an OEM they all provide non-free boot firmware That was one of the things that the telus projects was trying to solve the crowdfunding campaign failed So we're currently stuck I mentioned before so moving on to another topic. I mentioned before about payloads So coreboots provides hardware initialization only and then jumps to a payloads the payload is included externally and Typically by another projects not run by the corporate projects on x86 we use the grub bootloader for booting your operating system on Chromebooks we use the depth charge bootloader. There are some Chromebooks supported in Libra boots, which I'll explain later on in the talk They use they don't use Intel processors There are also many different payloads that you can use in coreboots, so bootloaders low-level applications like games There are some games implemented as coreboot payloads The most common use case with payloads in coreboots is to use a bootloader or some kind of BIOS implementation So why do we use the grub bootloader instead of say C BIOS for instance? C BIOS would provide legacy support for any operating system that you want to use There are advantages to using a bootloader in Libra boots in particular. So with the grub bootloader for instance You get much faster boot speeds because you're skipping So when you're using a typical system you go through the hardware initialization And then you go through either BIOS or UFI firmware and then you go to a bootloader Which boots your operating system in Libra boots you jump straight to the bootloader and you can configure that to however you want grub has support for Decrypting partitions as well if you're using lux encryption So for instance you can encrypt the slash boot directory. You can't do this on standard firmware it also has Dear option to check GPG signatures, which again most firmware can't do a use a use case for this would be the Linux kernel for instance. You could sign it and then check the signature on boots You can also Boots the kernel a Linux kernel directly from the flash chip So core boots has its own file system in the boot flash called CBFS You can put a Linux kernel there and configure grub to boot that So instead of having it on the hard drive you'd have it in the flash It's also useful for testing because grub is capable of booting any other Corbett payloads now Because we use the grub bootloader some people ask well if I want to reinstall my Operating system would I have to also reflash with a different grub configuration? and the answer is no the grub configuration that we use in Libra boot by default Will loads grub configuration file from the hard drive or from your SSD if it's if present and you can also change the configuration that's in there if you want on So that's on x86 on Chromebooks though that use So we support several system several Chromebooks in Libra boots that have rock chip CPUs and rock chip is a company that produces embedded hardware so Depth charges the default payloads that's used on all Chromebooks We use this in Libra boots as well It provides several Security features that are similar to grub so for instance with depth charge You can sign your kernel and check the signature on boots and Verify that the boot firmware has not been corrupted some way So I'll start talking about operating system support in Libra boots Because of the configuration type that we use in Libra boots not all operating systems are supported The GNU plus Linux system is fully supported most distributions are compatible You can also use full disencryption including forward slash boots Unlike on most other systems if you go on to the documentation section in Libra boots Libra boot.org forward slash docs forward slash GNU Linux Your there are instructions there for how to install the system We also support BSD. This wasn't the case a While ago, we recently added support for several of the BSD systems though net BSD works open BSD works There's also a projects called Liberty BSD, which is based on open BSD. That should also work Free BSD we had some problems with video corruption on boots, but that also boots You could use that in text mode if you wanted to We have a section for that on the Libra boot website if you go to Libra boot.org slash docs slash BSD You can find instructions there for how to install BSD as well Other operating systems. Well, there are other free operating systems besides just GNU plus Linux and BSD We don't know if these are compatible. They're probably not but we're not sure So this would have to be tested So Part of the reason why I'm here is to talk about Where the projects is going and what we're currently doing to improve Libra boots We did the last release of Libra boots was in September 2016. So the current release is about four months old now We're looking so we've already added several new Chromebooks to Libra boots which use on processes instead of Intel We've recently merged a new build system But that only currently builds the Chromebooks that we support their in the Intel and AMD systems that we support Are currently still built using the old build system that we had before The new build system has several advantages So one of the main advantages that it currently has for instance is if you provide a Linux kernel Conflict you can it has support for building a Linux kernel by default third built on On Chromebooks you have to build your own custom kernel configuration. You can't use upstream. You have to use on Most on for almost Chromebook to use a special branch of the Linux kernel that's maintained by Google and You very often have to build from source Especially if you're using one of the less well-known distributions So the new build system in Libra boots has support for building a Linux kernel payloads by default This is currently targeted at Chrome OS devices Chromebooks in other words, but We will be extending this and we could extend this in the future for petite boots Which is another bootloader this that we would like to support as a payload option in Libra boots We want to add support for using alternative compilers as well. We currently only use GGCC There are several features in Libra boots that we already support but In terms of actual features, we're mostly working on hardware support at the moment in Libra boots So there are some newer systems that we're looking into as well How to help so if you want to get involved with the Libra boot project There are several ways that the community currently falls short So as I mentioned before there's currently a lack of hardware manufacturers or OEMs that provide Libra boot pre-installed This is something that we want to fix So if anyone has the skills and the resources to be able to do that then That's something that we would like. We also want people to continue working on porting newer hardware to Libra boot as well You can tell people about Libra boots and promote it to people explain why it's important You can help people to install Libra boot as well if they have issues You can help us improve the documentation. There are many Issues with the current documentation that we have. There are always ways that we can improve. So if you have So if you you can also submit bug reports, for instance, so Especially during a release cycle like if we're testing a new release you can submit bug reports So if you go to Libra boot.org slash tasks, you can submit any any issues that you find you can submit bug reports and Patches are submitted using the instructions at Libra boot.org forward slash get We can you can contact the Libra boot projects in several ways So we have an IRC channel on three nodes hash Libra boots We have a subreddit now as well. That's fairly recent List we also have a list of developers who you can contact directly in the Libra boot projects I'm listed there. There are several other people as well on Libra boot.org slash contrib We currently don't have a mailing list, but we're looking to create one in the future Thank you. Are there any questions? Yes, hello Lear Thank you very much for your project. I'm using Libra boot for Some months Yeah, yeah, where are you? Oh, yeah, excuse me. I should have made the sign So my question is do I have to fear legal issues if I apply Libra boot on my fearship? I mean, will I receive a letter from an advocate from Intel or or the mainboard Manufacturer, do we have any experience or things to tell about that? So I think the question was are there any potential legal issues with using Libra boots in say an organization Not I'm aware of If you're in the US, you may have problems with DMCA or something like that But in Europe, I don't think this would be a problem. I've never heard of problems There are institutions that use Libra boots and they haven't had problems If there are potential issues, it's something that we've come across as a community in the future But at present, I'm unaware of any issues. Yeah, thank you. Maybe Would you think that this is related because? As far as I know Libra boot often is usable for kind of Older hardware, maybe this is the reason why there is not not any trouble to be expected I don't understand the question. Could you rephrase maybe? Maybe you can discuss this later because Some more people having questions I'll talk to you outside if you want to ask because this sounds like a very in-depth discussion It's not something that really can really be answered in a half a minute Yeah, so I was actually curious what it what does it take to I'm here Ah to work on developing Corbett because well, I imagine you don't exactly flash an actual hardware hardware For every build you make when you as a developer Not only because that would fry the chip the the flash chip pretty pretty quickly So do you have is Do you already run it on a VM or what does it actually take so I think the question was What kind of mechanism do we have for testing hardware? What do we use for that? Do we have some kind of automated system in place? Actually, I mean just for developing because like well when you have when you program and then builds the The image you don't actually run every iteration on the actual hardware. Do you know we? We typically test before there's a new release We don't typically test every image that's built because otherwise testing would take too much time So we typically just make sure that the software builds and if test We test the firmware, but we test it usually in the run-up to a release and then fix any issues that fells as For virtual machines. We don't typically use virtual machines in Libre boots. We have to test on real hardware I can't hear you. Maybe maybe this is It's like one question per user So please try to be short and specific and otherwise you have to resort led later your question Stance on removing blobs especially from the low-level Firmware on these boards But I'm an electronic engineer and I design azix basically quite regularly and any hardware that doesn't have Any certain modern chip that doesn't have a blob interface to load microcode will generally have a maskron Inside in a metalization layer that you can never change and Given that I would rather have External blobs of microcode Rather than metalization layer with possible bugs in that I will have to throw the entire hardware away Now what I'm also saying is is there a project in Libre boot to reverse engineer those blobs and replace them with open microcode Where are you? So the question was I think about my code box you First you are doing the case for so you said that there's already microcode built into the CPU and the updates although Although technically binary blobs are not provided in Libre boots. So were you asking about? About our opinion on including updates. I'm not sure. Yeah, basically what I was saying was that I Poured the are the very purest view. Yeah, so but the idea of reversing the updates Yeah, this is actually this is actually up for debate in the Libre boot projects because The the microcodes for the CPU is already already comes built in and then manufacturers typically provides Volatile updates at boots which you have to apply at every boot so if you Provides microcode updates, you're still if you exclude microcode updates You're still using microcode that's built into the CPU. You're just Using microcode that's older and and it just happens to be inside a mask wrong. So it's not not datable so Yeah, so if you're using the microcode that's built into the CPU you could have potential issues in terms of security and And and so on Intel and AMD also maintains a list of bugs for every CPU generation that they have you can search for the Arata for each CPU model and find out exactly which which different microcode update revisions fix which bug Yeah, this is currently up for debate in the Libre boot projects We currently excludes our policy is to currently excludes microcode updates But there are a sizeable number in the community of people in the community that would argue the case for having microcode updates included because Even if you exclude them, you're still running the same microcode just an older revision anyway So I don't know how to answer your question at the moment This is not something that I should answer myself unilaterally. This is something that we should have as a debate within the community Any more so one last question? Thank you for the talk Have you ever contacted Blob developers and If so, have you ever succeeded in getting technical information in order to rewrite it in our, you know Understandable manner, you know to remove it to re-implement it no So the question was do we have contacts with manufacturers to potentially have specifications released So that we could potentially work on reverse engineering and implementing Libre firmware. Is that the question? We've had some talks we've attempted this in the past, but they usually don't work with smaller projects like ours Most of the hardware and manufacturers including the big ones I can tell and AMD are mostly uncooperative So we haven't had any success with that the work that we do in the Libre boot projects at the moment is Mostly based on reverse engineering. I will say though There are some individuals from these Organizations that do provide source codes Intel and AMD have also cooperated with core boots in the past But it's generally not full cooperation Most of the work is based on reverse engineering So time's up. Thank you for being here if anyone If anyone wants to ask me more questions, you can you can meet me up outside in the corridors. That's Yeah, and thank you Leo for presenting the project. Thank you