 All right, welcome to the FOSDEM 2020 distro dev room up next. We have Daniel Kuiper talking about grub upstream and distros cooperation Thank you I will be talking about what's this happening in the grub. I am Daniel keeper. I work for a cool and I'm software developer and gram upstream maintainer The beginning is some legal stuff, which is required by my company. So program agenda. I will be talking At the beginning about grab maintenance later. I will move on to what's happened during last year and I will be also discussing What is happening right now in the grub project? Later, I will Discuss main points. What are the problems in the project and at the end I would like to ask you What do we expect from from from the grub? Project so not much has changed since last year There are still three Maintenance, but I was able to convince two guys to to join the project and support me with three things alexander with the graph Decided to take over management maintenance offer risk five and lately Link home takes care of arm and TV fi. So I would like to thank them To take over to taking over this walk What happened last year alexander the graph introduced initial support for for risk five and he also introduced initial Travis CI support Into the grub calling what's on from Ubuntu Finally changed The metal how GNULIP is integrated with the grub it currently it is much easier It is well documented how how to update the GNULIP and I think it is it is the Largest change which went into into the graph last year Eric Snowback from Oracle on the beyond foxy quest provided OBD's driver for spark platforms Jesus At that small modules which allows you to modify Intel MSS read-rides And Also this function will be used in other in other things after few years under From arm to cover The HCP before work from under Bozhenkov He split this this patches into some logical parts and we finally got Native full support for the HCP before We still have a support for boot pee doesn't about they here use boot pee in their networks Nobody, but we still have a support for John at some point realize that being new to us folks decided to drop out support for a out for spark 64 and And He tried to convince be new to these guys to get it back, but it wasn't possible So he started thinking how to get back spark 64 support for into the into the grub and Fortunately it it was quite easy the patch was pretty small surprisingly and currently we have We have spark 64 support Into the grub back Just before a 2.0 for release Michael from Suzer realized that it is not possible to bar by Grub with GCC 9 as so he provided a set of patches which are fixed This issue and currently it is possible to use GCC 9 to buy by the crap at the end of Sorry at the beginning of this this year Patrick introduced a lax to support into the grub so we are able to read encrypted Encrypted boot partitions from the from the grub directly and We had 2.0 for release in the middle of last year And it took most of these features which are current which are listed on this slide and also plenty fixes and What's happening right now the biggest thing which we are working on is that the trench boot project And currently we are doing two things in parable in parole Me is focusing on txt implementation for for the grub. I had Had a nice presentation together with peo from free mdep about this work and yesterday and Free mdep is focusing on AMD SK need implementation For the grub. I hope that I will be able to release The rfc for Intel txt at the turn of February and March And on top of that AMD SK need implementation will be Merged We are going to do that in that way because we think that there will be a lot of common parts between these two Features provided by different companies Finally, I was able to convince red hard forks to forward port all Patches which are carried in fedora and sorry to for far port to upstream all patches carried in fedora and red hat and here I would like to convince other Distance to do the same because currently it is difficult to at least for for example for red hat to merge upstream with with new new releases because they carry a lot of different patches also it is difficult for us because there we got some questions about things which currently are not upstream and This creates a lot of confusion Also red hunt plans to introduce Linux K execute usage to load another OS from from from the grab It means that Grab will run from small Small like a new environment and it will use kx to kx to start a new operating system At the end of last year, I met with frame that folks and we also discussed some Interest features for example or an undone grab for environment file It will be it can be used by some embedded devices to safeguard Upgrades and currently it is not possible to do that safely. So for example if you if something Bad happens that happens during the upgrade then After a reboot machine were not able to start or something like that. So this environment file And how it works it should be improved Frem de Polk also are looking for TPM 2.0 support in led legacy systems currently there is a TPM driver in the grab but It uses EFI calls. So it depends on EFI structure But not system not all systems especially embedded system provide you if I so it is not possible to use This TPM feature on non-EFI system There is also some there was also some discussion about Python integration with the grab this can be some This is can be surprising for some people, but it is used for some female validation tools And I think that this is quite interesting usage for Python We are also planning a grab 2.06 release this year. We are going to freeze the code around March and the release Probably no later than then in June Starting from one and now we are planning to release the grab yearly if our infrastructure and our And then our infrastructure and police how we maintain the grab improve of course we are able to Make that release says More often currently all patches which are posted on the mailing list are at least by tested So we do not accept any patches which broke any any target any platform Which is which is provided which is provided by the by the grab As I said, as I said, we are working on new code review and test system I hope that we will be able to announce the details by the end of this year and next year We will be able to use it As a replacement For for the grab develop a list or or something like that We also this we are also Discussing a Linux kernel UFI boot protocol in equation unification for all targets Currently right now. The problem is that x86 boot protocol on the ufi Mostly reminds something which which was used on by legacy bios machines It simply does not use load file Sorry, not a lot fire load a lot images to start image calls from from ufi and Things is completely different on arm risk 5 etc. As far as I can tell this both platforms you use just ufi calls to load and execute PE binary, so we are thinking to Change this boot protocol and make it common for all platforms which which use ufi as a call it as a firmware This is the this discussion just started, so I'm not able to provide Any details we have some rough idea right now, so but I hope that we will have something in a female something Present in quite good stage in a female in a few months, maybe maybe faster and Finally We are planning to admit officially that grab upstream is not able to support 62 sex sectors and be our gap on a 36 x86 86 PC targets, sorry This issue comes up from time to time On grab the well and some people try or some distance try to solve that the problem by cutting out some some features For example as far as I can tell it Somebody tried recently to cut off Support for for one of less Come more more less common file system, so I think this is not good idea and We have because there will be more and more features the core image will be larger and larger And at some point we simply will not able to cut anything from this core image So we are going to finally say in the documentation that we we are we are not going to support the small and bigger ampere gaps probably we will suggest using ampere gaps larger than One kilo one kilo sectors or just simply use GPT with bios boot partition This is this is a suggested solution and it was It is worth mentioning here that that GPT partitions work without any Work without any issues on legacy bias platforms if you have a bias boot partition on GPT You are able to boot the crap or any anything Which support the bias boot partitions directly on the bias? System it does this thing creates any shoes for for you Or we can drop it and you will not complain Okay The note from you want to guy from even to was was note that They Do not allow to upgrade from the grab You don't force people to upgrade from grab one to group two so they think this is not a problem for them Perfect that's great Pain points so there we are still fighting with the problem that We don't have enough throughput to review old patches and There's there in my opinion huge delays on the mild increase because I'm not allowed to Spend all my time on maintaining Grab I would like to do that, but currently it is not possible so I would like to ask you to to If you are able to look at the patches and send sent at least reviewed by or something like that It will be helpful for me if you know somebody who knows The grab quite well or something I would like to know something in the grab that will that will be perfect Also, we still would like to improve The cooperation with distrust and other interesting parties as I said currently we are in quite Corporation with a refresh hat, so we are very happy and There are two problems which appear from from time to time or on the mailing list that people start posting patches and After a few exchanges of the emails they disappear from the mailing. This is this is annoying because let's say I'll spend my time or being patches and after that we simply Lose the future I lost lost my time reviewing reviewing the passes and I'm not able to take over this patch To take over the work on this part. So I lose my time. We lose teachers. So please don't do that and From time to time it seems that some people do not carefully read the my tennis comments so they I Send some replies with my comments and after after That I received a new version of the patches, but I see that some Comments are not taken into the account. So this is also annoying and please do that because this doesn't help and recently I Got I found out that some people start working on new feature. That's nice But there's don't get there. They start that work on the Not out the grab a stream, but they start work on the Specific grab version which is in the district. This is crazy. Especially if grades if the district carries tons of tons of patches Which are not forward ported to upstream so I Would like to encourage you if you would like to provide new feature start your work on grab upstream if you need some features which are needed for your work from specific distro, please forward port This feature first into the grab upstream and then start work I've of course it takes time, but I think that it will make my life as a upstream and then easier and also Grab up the grapple distro maintain as easier And I think that's it and I would like to start the discussion What do you care about in the mean the grab project? What is important for you? right now, I outlined our Work plan, let's say for four four year Is it okay for you? Do you think that we should change something in general after discussion for Various people. I think that we should focus on on the system which is a review process and also is automatic Tests of grab and all the patches which were provided to the graph. So I'm looking for questions This one If they have to deliver new features to their users and to their customers by a certain time Is it really You know that wrong that they work on their code base when doing it upstream Okay, the question was As I understand it correctly Does it make sense to work or I agree that maybe it is better if This works on on the new feature instead of on on on the on the grab Distro specific version instead of grab upstream and does it act like I accept it. I understood correctly I guess my question was Yes Yeah Oh As I understand correctly you are saying that if they are forced By customers to have a new feature in in the in the Specifics distro. I'm okay with that Okay, but I would like to ask you to Let's say as soon as possible to forward these patches to the graph upstream I'm not able to Forbid you to work on on a specific graph upstream. Okay, but I would like to convince you to don't do that Okay From from the last row Yes, first of all the question was is it possible to Shorted the release cadence, right? Yes currently. Yes and no It it will be possible if we have a new review system and We have we will have Some system which automates the testing of the graph. So I'm considering that that I hope that it will happen in year a year no later and then We will consider Shortening the vector cadence of release I The question was That I mentioned during my presentation that there is a TPM Implementation in the graph which use you have five features and the question is Do I suggest that you would should provide these ufi calls to have a to have to have a TPM if you would like to have a better in better Security infrastructure In the you would I think that it makes sense to have to have that feature But I'm not sure how how is it complicated to have that in you would because as like as far as I can tell you But is focused on the embedded systems. So it can it can not only okay So I think so I think that If you would like to use TPM infrastructure in the grab it makes sense to expose this TPM via ethicals to the grab Does it apply your question? Okay Okay They are we configuration and Kernel loading configuration as a certain one single file It is very complicated to manage Especially if the file is signed The kernel is updated the file needs to be regenerated when the glue stays the same What I'm saying, maybe it is a point to separate these two things the menu configuration and And The question is how to upgrade the system if for example, you take measurement of configuration file configuration Common light of the kernel or something like that. Yes What do you mean menu menu part do you mean generic configuration of The Okay Okay, okay, I understand I understand the engineer in general this is it is it goes into a larger topic in general because if you would like if you measure your system and you and then after that upgrade your System and you have much more problems than just upgrade Then just updating the measurements of the grab configuration You have to also upgrade the measurements of the kernel in it are the et cetera et cetera We are working on some dynamic route of trust systems in the Oracle and We in at initial phase of this work We are aware that at some point we may meet that these issues, but currently we don't have any Good idea how to how to solve so we have some rough ideas But we don't have good ideas how solve This problem so it times is up. I will be outside. You can catch me and chat if you need