1 |
On Tue, Jun 19, 2012 at 9:10 PM, Richard Yao <ryao@g.o> wrote: |
2 |
> On 06/19/2012 08:22 PM, Rich Freeman wrote: |
3 |
> Core Boot is a Linux distribution. I do not think that we should boot |
4 |
> Gentoo using their distribution any more than we boot Gentoo using RHEL. |
5 |
|
6 |
Well, maybe it is a distro in the sense that genkernel or dracut are |
7 |
distros (they bundle a bunch of tools in conjunction with a kernel to |
8 |
do something). The whole point of Core Boot is to be a BIOS |
9 |
replacement - either to do work on its own, or to boot something else. |
10 |
Like UEFI it aims to do more than just load one sector off the hard |
11 |
drive, check for a magic number, and jump into it. |
12 |
|
13 |
> In theory, the kernel could be modified to only execute signed binaries |
14 |
> and portage could be modified to produce signed binaries. The user could |
15 |
> build a system that required everything to be signed with the private |
16 |
> key of his choice. A hardened system that required signed binaries would |
17 |
> be even more secure than a typical system using Secure Boot where only |
18 |
> the bootloader, kernel and kernel modules are signed. The user would be |
19 |
> in full control of his hardware. The user would not need to pay for this |
20 |
> and the system would also boot faster. |
21 |
|
22 |
You can do all of this with the UEFI firmware that will come with your |
23 |
computer already. Why replace it? |
24 |
|
25 |
> The 80386's RESET state is emulated uniformly across all x86 and amd64, |
26 |
> so it should not take much effort to support the basic functions of |
27 |
> setting up the CPU, loading the kernel (from the EEPROM) and jumping |
28 |
> into it. Everything else is secondary. |
29 |
|
30 |
Fair enough, and the fact is that most modern OSes depend little on |
31 |
the BIOS for much of anything. I'm not sure that is absolutely |
32 |
nothing, but obviously the Core Boot folks have it working in some |
33 |
cases. |
34 |
|
35 |
> |
36 |
> Those are the only things that a BIOS replacement needs to do. As you |
37 |
> pointed out, Core Boot is trying to add value. That means that they are |
38 |
> doing far more than those basic functions. Other features are nice, but |
39 |
> not if they get in the way of being able to boot. Other things can come |
40 |
> the system boot process works. |
41 |
> |
42 |
> Did I miss any technical obstacles? |
43 |
|
44 |
Honestly, I'd probably ask one of the Core Boot folks. Has anybody |
45 |
already tried to make a core boot light? If their system already |
46 |
works on any board out there, then we're re-inventing the wheel. If |
47 |
theirs doesn't, then we need to ask why, since we're likely to run |
48 |
into the same barriers. |
49 |
|
50 |
In any case, this seems like a solution to a problem that we don't |
51 |
have. Any win7-certified motherboard is doing to be able to boot |
52 |
without secure boot just fine, so why do we need to replace it with a |
53 |
minimal firmware that does the same thing? I can see why one might |
54 |
want to improve on it, with Core Boot and such. However, I suspect |
55 |
the last thing we want in the Gentoo handbook is for every newbie to |
56 |
be flashing a Gentoo-made firmware onto their board and we get to deal |
57 |
with the bricks. |
58 |
|
59 |
Rich |