Uncategorized

Debsources: browse/search sources of all Debian releases

Matthieu Caneill of Debian announced Debsources. Excerpt of announcement below, for full announcement, see the debian-devel-announce mailing list archives.

https://twitter.com/zacchiro/status/938327579135807488

Announcing sources.debian.org

We’re happy to announce that Debsources, the Web application that allows to browse and search the entire source code of all Debian releases, is now hosted on the official Debian infrastructure and available at https://sources.debian.org . You may already know this service as previously hosted at sources.debian.net . We took the move to Debian hardware as the opportunity to officially announce it here.[…]

https://sources.debian.org
https://codesearch.debian.net/search?q=firmware
https://codesearch.debian.net/search?q=UEFI
https://codesearch.debian.net/search?q=coreboot

Hmm, “EFI” does not work as a search string, and there are Linux-centric UEFI commands that only use “EFI”, not “UEFI”…

Standard
Uncategorized

FWTS added to Debian

Canonical-based FWTS obviously has Ubuntu packaging, but  it now has Debian packaging!

https://ftp-master.debian.org/new/fwts_17.11.00-1.html

Looking forward to seeing an entry for Debian — and any other Linux distro which supports UEFI Secure Boot — alongiside the sole entry by Ubuntu here:

http://kernel.ubuntu.com/git/hwe/fwts.git/tree/src/uefi/securebootcert/sbkeydefs.h

Standard
Uncategorized

PureOS joins Debian derivatives census

PureOS is the Debian-based Linux distribution by Purism for their laptops.  Jonas Smedegaard has apparently joined Purism to help with PureOS:

“I am long time Debian developer with a special interest in Pure Blends (a.k.a. friendly assimilation of derivatives into Debian). Since about a month ago I am hired by Purism to help develop PureOS – a Debian derivative for which I will act as Derivatives Census contact.”

https://wiki.debian.org/Derivatives/Census/PureOS

Hector Oron of Debian, who invited PureOS into the Debian Derivative census, made a few interesting initial comments evaluating PureOS, some things that need I hope Purism addresses:

“The page says that PureOS modifies Debian binary packages. It is quite rare that distributions modify Debian binary packages instead of modifying source packages and rebuilding them. Does PureOS actually do this? If so could you describe what kind of modifications you are making? If not I guess the page needs to be fixed. The apt repository for PureOS does not contain source packages [for the contrib and non-free section], including for packages licensed under the GNU GPL. This may or may not be a copyright violation depending on whether or not you distribute those elsewhere. In any case, please add source packages to your repository so that Debian can automatically create patches to be presented to Debian package maintainers.”

For more info, read the thread on the debian-derivatives@lists.debian.org mailing list.

https://puri.sm/?s=Debian

Standard
Uncategorized

Hardened Linux: coreboot and CHIPSEC

A bit more information on Hardened Linux’s use of CHIPSEC, in this case coreboot-centric:

https://firmwaresecurity.com/2017/07/31/hardened-linux-using-chipsec/

“# Enabling some security features at runtime in case of which vendor provided implementation improperly.”

https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/scripts/harbian_fw/fw_hardening_runtime.py

There aren’t many CHIPSEC-based codebases, Hardened Linux is one relatively new one.

Standard
Uncategorized

Debian 9 “Stretch” released

Excerpts of announcement included below. For full announcement, see the debian-announce mailing list archives.

 After 26 months of development the Debian project is proud to present its new stable version 9 (code name “Stretch”), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team. Debian 9 is dedicated to the project’s founder Ian Murdock, who passed away on 28 December 2015.

The UEFI (“Unified Extensible Firmware Interface”) support first introduced in “Wheezy” continues to be greatly improved in “Stretch”, and also supports installing on 32-bit UEFI firmware with a 64-bit kernel. The Debian live images now include support for UEFI booting as a new feature, too.

A total of ten architectures are supported: 64-bit PC / Intel EM64T / x86-64 (amd64), 32-bit PC / Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), 64-bit IBM S/390 (s390x), for ARM, armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit “AArch64” architecture, and for MIPS, in addition to the two 32-bit mips (big-endian) and mipsel (little-endian), there is a new mips64el architecture for 64-bit little-endian hardware. Support for 32- bit Motorola/IBM PowerPC (powerpc) has been removed in “Stretch”.

https://www.debian.org/News/2017/20170617
http://ftp.debian.org/debian/doc/dedication/dedication-9.0.txt
https://www.debian.org/releases/stretch/installmanual
https://www.debian.org/releases/stretch/releasenotes

 

Standard
Uncategorized

Secure Boot BOF at DebConf17

Helen Koike of Collabora has proposed a BOF on UEFI Secure Boot at DebConf17, this August:

DebConf17 – BoF proposal to discuss secure boot
I want to send a BoF proposal to DebConf17 so we can meet there and discuss about secure boot. I would like to know if you are interested in attending and also which topics you suggest for discussion. I would appreciate if you could put your name and suggestions in this form in case you are interested https://goo.gl/forms/lHoEibY1H6FmSHSJ2 , or just reply to this email thread.

For full message, see the debian-efi mailing list archives.

https://lists.debian.org/debian-efi/2017/05/threads.html

https://docs.google.com/forms/d/e/1FAIpQLSdtHYNy9212iXP26tkjbb6XvgVSMjJzn2DYoAilFT1l89vemw/viewform?c=0&w=1

https://debconf17.debconf.org/

 

 

Standard