 So, open source firmware is a very important part of the open source movement and increasingly it will become important for the buzzword of the day, the internet of things, IoT. Philipp will tell us about development of open source firmware and also give an outlook onto the future, what we can expect in the future and I think it's going to be a very interesting talk. I'm as I'm glad to see you all here and let's help him and give a warm hand to the speaker. Okay. So, we talk about open source firmware today, a love story. The slides are in English, I'm sorry, I tried to translate them into German but it doesn't really work. So, open source firmware or firmware development is mostly dependent on English terms and to translate them really hurts and nobody is going to understand them in German. So, I'll talk about me, I'm head of nine element cybersecurity, we made the open source firmware conference, I'm co-boat and Linux boot project member and also in the leadership there. Maybe some of you know me from the, well not the HEX Center but from the co-boat flashing, I'll do that on Congress for a few years, I'm active in the Hacker space, I do IT security, I've been doing it for 10 years and for five years I've been firmware developer and you can contact me via Twitter or my company email, so but what's the motivation, why do I do this? And I wanted to do something, wanted to do a talk about firmware development to people who don't know anything about that because we want to have new developers because it's very important and one of the things is that a lot of that is under NDA, it's very complex and people say oh my god firmware, that's even more complex than the Linux kernel development and yes that was one of the reasons, the other was everybody says BIOS and BIOS is basic input output system and that has been dead since the year 2000 and it means we talk about more modern things and the other story is why is open source firmware development important and there's this nice guy, maybe you have seen him, that's Minnich and he works with Google and when he was at Los Alamos National Laboratories they had a CPU cluster about 1024 PCs, that was a long time ago and there wasn't a lot of special hardware and very low level and so on and they had set them up and started them and hope that the cluster would go online with all these computers and they found after five minutes that nothing was happening, so and then they sent an intern to look at the display and to connect the display and see what happened and they all said press F2 to continue and with servers that's not really the best solution if the firmware requires manual input and in the end it prevents one from starting the systems and they really fought with that for years, the interns always had to restart the computers and they always had to press F2 and it wasn't very nice and that's one of the reasons, a good story why in the end we should think about open source firmware, at first let's talk about some hardware, it all starts with hardware and after that we look at what is firmware and about what firmware are we talking, this is bought by Facebook, it's called the open cellular, it's really an open source base station or it's an open hardware base station, they really do open hardware you can download the boards, the circuit board layouts and everything is there and you can do that at GitHub, I took that as an example and this thing also has open source firmware, but if you look at a block diagram these days what's in it, there are several circuit boards that are stacked upon each other, it's not everything on one board but there are several boards for various reasons, one is the host processor, there's the power supply, the front panel and that also is part of the main board, it's a huge block diagram, there are several components and it's all quite complex and if one takes a look in some more detail there we'll find that down there is Tiva and there's Intel Atom and there's something about a power controller and there's a DPM and they all have firmware and if we have a laptop or something like that, a thinkpad or something like that, there are 15 different processors, some of them are microcontrollers but some are really faster than that, there are some ARM cores or maybe even x86 and there's firmware everywhere these days, you just don't see them, you think you have one processor and there's a BIOS firmware or something, well no, not really, there's really a lot more, there's firmware everywhere and what we talk about today is the host processor firmware because if you talk about all the firmwares that would be too much and would take days to get through, in general you can say that hardware is made by OEMs or ODEMs, original design or original equipment manufacturer, this is for example Lenovo Dell or HP, they don't make the hardware themselves, they subcontract ODEMs, for example Westron or Quanta to make the hardware and they also design the layouts and Lenovo only subcontracts these and then sells the hardware to the customer, these OEM or ODEM they're also the customers by the sub vendors and the system on a chip vendors are for example Intel AMD Qualcomm, Cavium and other CPU manufacturers that you know, Intel's customers are not, we are not but in reality Lenovo and HP are the that produce the hardware are Intel's customers and what's also important is that most of these OEMs don't really like to write the firmware themselves because but this hardware requires firmware so they go to independent BIOS vendors, it's not a nice label, they should be called independent firmware vendors but there are companies that make the firmware on contract from the manufacturer and they boot up the hardware and make everything run and in the end that's really the logic behind it. So what we look at today is the host processor firmware, that's a flash chip, there's a red dot on it to identify it, not always but sometimes is a CP engine APU2, there's a header and you can read out the flash and these flash chips are everywhere in most systems on routers and desktops, laptops and servers everywhere are these flash chips, sometimes they have a different form, this is specific and there's also Vezon or something other packaging and well okay that's what we talk about today. If we look at this flash memory, there's no flash, what I talked about that I showed you and it's connected to the SPI bus is very fast, is very expensive because you have to put it onto the circuit board in addition, it's quite easy to integrate and the bus protocol isn't very complicated and there are drivers for everything and it's quite easy, then there's also EMMC and sometimes it is used for firmware, it has some problems though for example it's quite slow and although it's quite cheap it's really complicated to initialize it but that means the firmware has a lot of work to get everything run and to get started. Some notebooks have that but usually it's no flash and then there are those microcontrollers, they usually have internal flash memory with just a small memory, just a few kilobytes but not really megabytes or gigabytes and so you can see here there's an external flash programmer which you need to read to read it and the operating system doesn't support that or you want to write it and this board with a clamp there that you can also buy and the size of the nor flash has increased in recent years in times of around 2000, there wasn't a lot, there was maybe 512 kilobytes or maybe one megabyte. Today in current laptops there's 16 megabytes of memory and Google last week they had a core boot tree and they went up to 32 megabytes, that's the first one with 32 megabytes nor flash and it's going to be more and some already have 512 megabytes and with 512 megabytes there's a lot you can do, you have in addition to the firmware there you can have a Linux firmware and an Xserver and Node.js and whatever you want okay and that means the firmware running on our systems is growing without end, there's more and more memory and we'll have more and more firmware and it's really uncool if it were all closed source so let's talk about iBVs and before you saw it on the BIOS screen there's also phoenix technology inside and many more many of them are actually selling the software as well as a product and they're producing closed source but some of them are also producing closed source firmware for a few projects like U-boot, core boot, channel core so some of them are delivered with royalty fees and some are just giving us SDK courts and they're getting this as a so the SDK is maybe about 20,000 euros or even more expensive and in addition to that there there'll be royalty fees which means that it's something like usage fees so if you go there and want to sell hardware then for every hardware you have to pay maybe 50 euros a usage fee and 50 euros per device and if you sell a few 10,000 or 100,000 that's a lot of money and maybe so open source firmware is a lot cooler maybe so here's an iBV example they have a service page for converting services there are some that are those are mostly the good guys but they're not really great but it's better than the old conservative development and so let's see how firmware actually works there's a flash chip we have a host processor firmware and how does that work most just press the power switch and at one time Linux is booted and order bootload and then Linux and so that you can understand how that works you can't just easily categorize it firmware is different even open source firmware is different not everything is implemented the same way but there are always always a few things that are the same so at first there's an initial code a reset vector is executed so there's some initial code in the firmware which is executed by the so-called reset vector and then SRAM and cashRAM is being initialized or used then the system main memory is set up then many drivers are loaded as you can see it in Linux drivers it loads a lot of drivers during initialization and then some mechanisms are executed which are used for the operating system needed by the operating system which has some requirements and then the bootloader inside the firmware is being loaded if there is one and then the bootloader in the operating system is being loaded and then the operating system itself and we look at that in some more detail but that's roughly what it does so let's look at the flash chip first the flash chip can have partition tables some manufacturers thought it would be a nice idea if they already tell people or the IBVs how to partition it and there are some reasons why for example Intel there's this Intel firmware descriptor why they do it the partitioning is usually in four partitions for Intel systems and the flash chip is used as a configuration source for the for the IFD and for the it's a big it's a big theme there in there's the partition table header it's and then there's one that's called GBE partition that's the data used is required for the Gigabit Ethernet so the LAN adapter and the configuration data for the MAC address that's there then then there's the ME that's the Southbridge firmware for example and after that there's the BIOS the the real the actual firmware that does the initialization of the platform and it's not always the case and it's really just with Intel systems with ARM or AMD systems or others other architectures that it's usually not done the firmware does that by itself then there's ROM CC it's a strange name it's compiler whatever whenever DCC that's usually compiler and this compiler what it does is is legacy in the end it compiles an initial code from the firmware and it was only was only done with x86 legacy platforms and Intel x86 platforms and it was created by Eric Biedermann and it's one huge C file with 21 000 lines of code it's it's a real monster I looked at some of the ASCII art there and whatever whenever there's ASCII art it's it's it's never a good sign if there's ASCII art inside code and what the thing does is you have to know that with old Intel systems there's no there's no main memory in the beginning there's nothing absolutely nothing so if you don't have cash on memory so how do you do memory memory management and what you do is you use registers so we have CPU registers they are they are from the beginning and the compiler uses CPU registers and uses that as memory but there are some some problems with that so if you if you nest functions too deeply then the registers are full and there's a stack overflow and in this case not a stack overflow but in register overflow and this is really in the end what happens it's it's an invention of core boot and the code is still there and some old systems still use that it's it's you can't do that in any different way and with modern systems there's there's SRAM or cash less RAM that's the platform itself the system on a chip already supplies or provides memory so you have some sort of memory it's not really main memory but it's it's some kind of memory it's just a few megabyte cash SRAM can can everybody everybody can imagine that it's it's CPU caches that's maybe one or two megabytes you can use that as main memory it's great yeah it's easy to initialize and then you have at least you have a few megabytes of memory in the beginning so you can use a normal compiler if you have a stack and a heap you can use the gcc or you can or selang or something like that but cash SRAM is is very specific for x86 platforms if you look at this picture you have a system on a chip and the CPU the processor and there's the the ibb the initial the initial code it's in the in the flash and it has to be put into the SRAM somehow it's copied there into the SRAM and then later it is also copied into the main memory initially and that's how all this this booting mechanism works so at the very beginning a reset is happening and the initial code block is going to be copied into some form of memory somewhere and it has to be at a very specific position and this is very specific to the platform you're on so there is a platform specific address where the CPU is jumping in upon a reset and no matter what it is the CPU is going to execute it and the CPU is just jumping to this address and it's just going to jump to it for x86 this address and then the code is executed there this is just how the initialization of the platform is working it's actually quite easy so the memory is somewhere available the memory is mapped and the mmu is just pointing the ip to where it has to go so this initial code that i talked about so i just created a little bit this distribution is a little bit following the core boot so there is initial code that is executed by the initial code vector it is initially programmed in assembly but today in c but the additional thing that you do is to do cache sram or you're using directly the sram that is available but it's also doing we also have an spi flash so where the boot data is it is using an spi driver and a file system driver in the spi to load more code so this initial code it's going to be reloaded afterwards after some initial code is executed so in the upon the reset this is automatically executed that several code posts are getting executed afterwards but the debugging is difficult so as a core boot so this initial code uses the cache sram or sram and then next stage is the ram stage so we have cache sram or sram that's just two or three megabytes it's not a lot so but we want to have more memory we want to have the real memory so we have to train the ram so maybe i could put i could put in 10 slides about ram training but basically if the main memory doesn't work initially it has timings and if the not all the lines are the same length then you have to do some software for training it so for timings and there are some static values from the manufacturer or you calculate this in the firmware so you have fixed ram that's soldered on and you have ram that you can remove memory and maybe there's additional information in in the memory modules and these training data that we calculate they are usually cached so in the firmware in the flash you store them because this training for for example intel apollo platform that's an embedded system it takes 10 seconds to train the main memory and if you do that with every start then and then the firmware has to boot more and the the initial boot takes 20 seconds and nobody wants that so this data is being cached and with the next start they are reused and another important thing is for example this is the page table setup if you have more more memory than four gigabytes then you need page tables you can look at the linux code for that the memory management unit has to be activated but it doesn't activate all of it not all firmware initializes that and 32 bit systems you can't really use that and in the firmware there's always only less than four gigabytes but what's also important is that you need cpu caching and that's really an important part if the the cpu caches have been used as main memory but now they have to be used to communicate with the with the main memory so cpu caches communicate with main memory to get it faster and otherwise the cpu would have to access the main memory directly that's that's quite slow it's not very high performance and that has to be activated and and another thing is many of these firmwares have their own memory management for example with with coderas or there are some features in in in programming languages and there's also an allocator pool and they allocate memory and and release it again and in this rom stage everything like that is initialized and after that we have main memory finally and that means now we can tour the other funny things that we need to do and in this stage it's usually the case that we have the pc i device tree enumeration so if you have pc i devices so everybody has been using pc i if you have lots of devices then you have a bus with x86 it's it's a standard feature and you have to travel along the bus it looks like a tree and there are devices and you can turn them on and off and in the bias you can also turn them on and off and specific devices you can activate them or deactivate them and and that is being done there so the native graphics will be initialized and if you want to see something that you want to see what your firmware does the new graphics and option roms of learn adapters or wi-fi or whatever they have option roms they have to be loaded then their multi processor initialization has to be done there are things that are being done in this stage you can't do it earlier but it's it's it's not always the case there's an ea20 table and then there will be device drivers a huge number of device drivers all the things that linux initializes as devices that's quite important and then there are firmware interfaces well yeah and in general you have to say that that the last part of the firmware is the bootloader and the bootloader is really it's an own implementation and uses the device drivers that are there and uses and tries to load another bootloader or the operating system itself so the firmware already has a bootloader and before that is a bootloader and the operating system is one so it's duplicate code but well that's really the case there so bootloader already uses main memory because we already have that right so overall the firmware has as three parts pre-rem driver layer and so pre-rem is ibb on rom driver layer is the rem stage and that's huge drivers device drivers are huge and firmware and the bootloader the pre-rem is usually small because there's little memory available and let's talk about open source firmware so there are really three people who have invented or founded open source firmware that's Stefan Reinauer, Wolfgang Denk and Roland Millich. Roland Millich and Stefan Reinauer have worked on linux bytes and it's called core boot these days it has started in 1999 so we have 20th anniversary next year it was mostly x86 architecture and today we support a few more and u-boot used to be called ppc boot and was supporting power pc that was wolfgang denk and renamed it to u-boot for universal bootloader and started the same time as core boot as 1999 and now there are these two project and that those were the beginnings of the open source firmware development and if you look at this timeline in the beginning there was the first bias this was there was 1981 there was a long time ago then there were lots of closed source firmwares i didn't list all of them there are too many of those and around 1998 apple received intel from efi that's not the u efi that you have today but there was a pre version as a fork so they could make their efi stuff in 1999 there was core boot and u-boot there was the open source firmware community and they have been annoyed by open source by closed source firmware and 2006 by intel made u efi open source later and some part of the implementations have been open source by intel in 2008 and after that there was 2014 host boot by abm for power pcs and we'll look at that later and today 2018 there was linux boot um and if you look at that um there are more and more open source firmwares there are more than i have listed here but why do we want open source firmware there are few reasons uh one is that there are many small companies such as uh in the open hardware association they open source hardware association they work on open hardware and of course they need open source firmware it wouldn't make a lot of sense otherwise um and also many closed source companies um a lot of the open source closed source firmware is programmed badly and and managers do reviews and they shove parts back and forth as zip files and that's really a bad standard concerning software development there are no quality assurance and no tests and everything for example if if uh big companies want to have flexible solutions especially if you if you have a fragmented firmware landscape for example if facebook has a million servers they are already by all by different manufacturers they all have different firmware they all have different update mechanisms they all have different bugs and nobody wants that so different interfaces how the boot is pro progressing and software debugging is is hell really to debug firmware it's not really easy and and also there you can share features between companies and if i implement something in our company then for example google can use that there's open continuous integration there's open quality assurance open code reviews it's not perfect but it helps a lot and uh there's also you can you can uh you can employ lots of open source developers in your company which is a good thing and in the end there's by the free software licenses such as gpl there's a companies can really be pushed to to releasing the source to their firmware and so let's talk about security security is a huge problem because most of the security features should be audible auditable you should be able to look at that there should be documentation usually there isn't any for security features a reverse engineering of the firmware isn't really what you want to do and there is um with the measured boot functionality if you look at um you you create some some hashes but you don't really know what you are hashing um there's a kernel output what what kinds of hashes there are and it doesn't really tell me anything about the firmware you can get some information about that but it's very hard to see what what has been measured there especially if there are lots of blobs um so fixing security issues is is very hard with closed closed source firmware and it's never done it's not always done right um there are terminal hats and talks about really some issues there but you can you should really look at that and we have really been fighting against blobs I didn't really want to say the word but these are binary large objects they have all you've all heard about it it's code including intellectual property which includes some knowledge about by the company which they think they need to protect it's just being compiled and it's an executable and from the open source firmware this has to be executed for example there's an api for that and the the whole thing is really only for modern platforms except risk 5 and open power there are no there's no open source firmware that doesn't have blobs so all the manufacturers have this ip code and put it in and that's a huge problem most of the manufacturers don't really know why they do it it's just they have always been doing it like that and in the spectra you can see there's fsm and fsps and corewood those are blobs at different points in time they have to be loaded by by the firmware and there's there's more than that and all these blobs are loaded in the pre-rem environment and most of these will be loaded in the pre-rem the ip code is usually under nda there's it's from different companies and they don't even make it themselves they have secret bits that inside that and they have to don't need to disclose those and sometimes you can break the hardware if you do something wrong and every documentation by intel is is by default it is confidential there's no real open documentation there's some of it but if intel makes hardware documentation that's all that's always protected under an nda there's some advantages to that but they have a very restrictive management and they have legal departments they are not really at the height of the time it's not really evil but that's just how it is and we have been fighting like that for for about 20 years or something like that for 20 years we have been fighting against this lockdown of the firmware but there are many problems coming with the blobs if you're using them that's code duplication you have the fragmentation implementation core boot and then on the blob you cannot fix it there is no debugging everything is not available documentation is under nda the blob interfaces are for instance in a cobalt block you call it and the blob is sometimes done and then you can continue but you have no idea what's happening in there but with a free software license there is a problem in using these ones so then you have to send this to a legal department whether you can use this and so it's not so very nice to use these blobs and the support of the vendors for these blobs is very often not existing so you ask them and you might get an answer within three months so many of the blobs have to be erupt and so code wrappers have to be implemented and this is not actually what you want to do with a source firmware so if you have a look what is going to be required for blobs on the intel architecture you see on the right so there is a diagram of what's needed you have microcodes update fspm memory in it fspf that's the part of the ram stage part so the inter management engine audio block so you are loading basically a plethora of different blobs and this is not actually what you want to do this makes everything very difficult so let's come to the more interesting and good things so there are many open source projects in for example core brood i mentioned them several times because i'm working there so it is for a lot of different architectures whatever so there is not a good documentation but we are a very big community and you have in the rc channel very often about 300 people 200 developers so we have a public in continuous integration we have code reviews and soon some real quality assurance so once uh code is generated it will be pushed to the hardware and tested core boot is actually not a bootloader but it can actually load a bootloader it can actually load other bootloaders so actually it is there to deploy a secondary bootloader uboot is another community project it's quite similar it is supporting the similar architectures as core boot the documentation is a little bit better it has also very big community it also has a public and review they have their own bootloader implementation they can also support fe runtime so the enhanced firmware interface reload implementation so this can be actually used to mirror the ufe implementation so it can actually mirror the complete implementation for windows to access the bias tian decor is yet another one that is helping their arm is there very active now so they went there and said yes we want to do this for arm 64 but we are very small community but we are very conservative we have no qi qa no public ci but for some month there is stephano sitola and he is doing the community management so they are going to improving in there improving so they have so also microsoft bought into this and they are going to use this they are going to they're calling it project then there's also host boot by ibm that's for open power systems it's the really most open architecture that you find from the firmware point of view there are no blobs or almost no blobs and it's really only power pc it's really only supporting power pc and it's exactly for their hardware but they also have a payload mechanism such as like core boot and they have a good documentation and ibm makes lots of documentation you know about that they've been known for that and there's no public ci qa and you can look at it at at github open power and then there's arm trusted firmware and slim boot loader open bmc u bmc sound open firmware project there are so many others so many other firmwares you can take a look at all those i listed some of those and if you really look for it you'll find more and more and more and more people are getting involved about security frameworks there there's something everything is re reused reprogrammed newly programmed for firmware but there's no reuse of existing things and there's uefi secure boot most of that is from microsoft windows there's a good documentation it has measured boot support but it's really only by uefi there's no library they can use independently but it has an end user model so end users can really load their own keys into the firmware and the it all depends on flash protection mechanisms of the security and you can tell them you can tell it to to protect parts of the flash and there's x509 certificates and there's another security framework it's called google verified boot it is used by core boot u boot and open bmc but some some of it is not complete it has a library but it has no budget boot support there's poor documentation and it's really adapted to google and chrome os it's mostly has been developed for chrome os and there are multiple slots in the firmware in the flash there's something like a failure system and you you can there's one read only copy and so there's this ab or abc update scheme it's it's really done very well and in the end it's really just a library which has protection mechanisms and the protection mechanisms are based on the flash so you don't expect you to use sock mechanisms but you will really want to have the spi protection directly there's an spi no flash protection so the chip has its own protection mechanisms it's based on cryptographic keys so really normal keys no no certificates so well and the the last part now is about an old idea for a new approach so linux boot i didn't mention that most of you have probably heard about that it was in the news it's it's very well liked and what it's about is that linux boot in this project it was a google project it's it's it's under the gpl v2 and bst licenses and the idea is that the parts of the firmware are being replaced by the linux kernel so the tribe the driver layer that you know you can replace that with a unique linux kernel because it already has drivers the current really is only drivers so so many so many drivers as the linux drivers no no other kernel has that so you can replace the driver layer completely and you can more easily find developers linux developers are easy to find firmware developers are far away and a few and far between and there are very few code duplication they are well tested drivers which means they have been very well tested well well tested but better than those in the firmware and you can also replace the bootloader so you really don't need the system bootloader you can use replace the firmware bootloader so here's what it looks like you have a pre-rem you just cross out the driver layer and replace it by the linux kernel and strike out the bootloader and replace it by linux user space so how does that work everybody knows a linux kernel so you know in a drum fs that's the linux user space and linux kernel is the linux kernel and you take a complete linux kernel you put an init ram fs and it'll just run it sounds easy it's not quite as easy but if you really look at it at the top there's a firmware coreboard you would turn a core host boot and there's the linux kernel stuff there and it works but there are some limitations there are some to-dos that have to be done one is there the ps psi device enumeration isn't yet activated it's there but it's not not in there the the system management mode isn't there native graphic initialization already works the linux kernel already initializes the graphics and it works and you can do that in the firmware including 3d acceleration it's it's great the only problem is really hpi tables and e820 tables it's a requirement for the kernel they are not there you have to think about that we're not quite sure yet and there's only one boot line implementation and unfortunately so the inner ram fs is about the linux kernel we take the standard linux kernel inner ram fs is uroot and it's an it uses golang init ram fs generator works like busybox can add binary binaries and you can use and it supports multi boot v1 kxx support and you can use any operating system bsd windows linux whatever and there's a uefi tooling and and there's a coreboard interface support and system boot is the boot loader about which i've been talking it's completely implemented in golang the first boot loader in golang i don't think there's any other and all that is based on uroot and this busybox init id init id generator and from the hard disk you can use grub and grub2 assist linux or vi network with dhcp and you just do a kxx and boot into the operating system there's a very wide and measured boot firmware variables only for core boot not for uefi but if you're interested in that look at that it's just easy it's all golang and it's it's quite nice and you can maybe do graphics output or whatever it's it's not it's not too hard well the conclusion is there's a lot of open source firmware hardware the open compute project that's a huge project they have open source hardware with core boot there's the facebook open cellular i've talked about that there's purism they make laptops with core boot google chromebooks there's also all open source firmware and pc engines apu it's around 90 90 euros core boot there's scaleway a hosting provider has changed over to core boot to x80 on the x80 systems raptor computing system talos they have the open power pc they also don't have pcs they also have servers they are still quite expensive by they are around a thousand euros no now for the main board it's all you can almost afford it then there's the microsoft surface uses the open source firmware and lots of embedded boards and if you want to do something with open firmware just just do it right and all these already are supported by open source firmware then so i founded the open source firmware conference it was there last year and google um intel facebook opensusa 150 attendees it was in erlang and in germany and core boot linux board was also there and this year it will be in silicon valley if you want to go there and you are force developers and students and we can also get those people there it's it's planned for for the mid of september next year and it'll be a bit bigger and here's the last slide please visit visit our assembly uh we have an assembly just like we did the previous years 30 30 seats um you can have your hardware flashed if it is supported we'll have workshops or you can ask people who will help you we have a demo demo set up to play around with and uh we do that for core boot uh tiano core u boot linux boot and system boot u wrote so um just drop by and take a look i'm so i'm i'm sure that i don't have to boot anymore with toggle switches are there any questions after this very interesting presentation it was very interesting and very educational please come to the microphones we have one two three four five different microphones there's already one microphone five four a question is a sentence with the question marks afterwards so question doesn't include your life story how is this integrated with risk v do you have some plans for that so there are different uh ways u boot has a support for risk five risk v or risk five core boot has risk five support and if you have if you want to talk to play around with that you just get core boot or maybe u boot takes a bit longer you can you can play around with it they're just doing it with with these two platforms there are there's risk we support there's a question i'm microphone one i'm interested how this is integrated with the consumer products for example the thinkpants you mentioned so the new ones might have a problem with the interpret guard so you cannot simply add core boot there so how does it work with that so with newer laptops with core boot or something like that the thing is the modern laptops have a feature by intel which is called root guard and intel delanova and and hp can protect the firmware with that from modifications by a secure boot mechanism from the south bridge so we can't get around that but there are laptops where that has been switched off because the manufacturers say we want want core boot installed so you can buy from purism for example um and you can buy chrome box they they all have this and there you have the possibility to do things like that so so far we have no questions from the internet microphone number three please the question to the workflow when i use linux boot as a firmware when i'm booting with linux boot is the kernel that is working as a firmware so but i'm using as the starting the machine is the same uh that i'm actually running the operating system or am i replacing it with a different kernel so with linux boot the kernel is being replaced by a new kernel so the linux boot kernel is only for hardware initialization because it should be small so there's still restricted memory on the nor flash so it shouldn't be too big and later it lads by kxc a new kernel yes are there further questions no excuse me please thank me to thank philip for this ingenious talk so so there are now standing ovations here in the front and thank you yes thank you very much