On Tue, Jun 19, 2012 at 9:10 PM, Richard Yao <r...@gentoo.org> wrote: > On 06/19/2012 08:22 PM, Rich Freeman wrote: > Core Boot is a Linux distribution. I do not think that we should boot > Gentoo using their distribution any more than we boot Gentoo using RHEL.
Well, maybe it is a distro in the sense that genkernel or dracut are distros (they bundle a bunch of tools in conjunction with a kernel to do something). The whole point of Core Boot is to be a BIOS replacement - either to do work on its own, or to boot something else. Like UEFI it aims to do more than just load one sector off the hard drive, check for a magic number, and jump into it. > In theory, the kernel could be modified to only execute signed binaries > and portage could be modified to produce signed binaries. The user could > build a system that required everything to be signed with the private > key of his choice. A hardened system that required signed binaries would > be even more secure than a typical system using Secure Boot where only > the bootloader, kernel and kernel modules are signed. The user would be > in full control of his hardware. The user would not need to pay for this > and the system would also boot faster. You can do all of this with the UEFI firmware that will come with your computer already. Why replace it? > The 80386's RESET state is emulated uniformly across all x86 and amd64, > so it should not take much effort to support the basic functions of > setting up the CPU, loading the kernel (from the EEPROM) and jumping > into it. Everything else is secondary. Fair enough, and the fact is that most modern OSes depend little on the BIOS for much of anything. I'm not sure that is absolutely nothing, but obviously the Core Boot folks have it working in some cases. > > Those are the only things that a BIOS replacement needs to do. As you > pointed out, Core Boot is trying to add value. That means that they are > doing far more than those basic functions. Other features are nice, but > not if they get in the way of being able to boot. Other things can come > the system boot process works. > > Did I miss any technical obstacles? Honestly, I'd probably ask one of the Core Boot folks. Has anybody already tried to make a core boot light? If their system already works on any board out there, then we're re-inventing the wheel. If theirs doesn't, then we need to ask why, since we're likely to run into the same barriers. In any case, this seems like a solution to a problem that we don't have. Any win7-certified motherboard is doing to be able to boot without secure boot just fine, so why do we need to replace it with a minimal firmware that does the same thing? I can see why one might want to improve on it, with Core Boot and such. However, I suspect the last thing we want in the Gentoo handbook is for every newbie to be flashing a Gentoo-made firmware onto their board and we get to deal with the bricks. Rich
