Talos II by Raptor Engineering

The Free Software Foundation has a new announcement, reminding you to pre-order a Talos II by Raptor Engineering before Septembert 15th deadline. The FSF includes the Talos II in their Respects Your Freedom hardware certification program.

Support the Talos II, Respects Your Freedom certification candidate: pre-order by 9/15

Raptor Engineering is now taking pre-orders for the Talos II until September 15th. The Talos II is a powerful system built from the ground up with freedom in mind. We’ve previously [supported] the work of the folks at Raptor Engineering. This time, rather than a crowdfunding effort, we are asking you to support their work by pre-ordering the [Talos II]. The system comes in a variety of forms to meet your needs, from a workstation to rack-mounted to the board by itself. Raptor Engineering has put in a great deal of effort researching and prototyping this system, and now it is ready for prime time. The Talos II is great for any hacker who needs a powerful machine, perfect for developing even more free software.[…]

https://www.fsf.org/blogs/licensing/support-the-talos-ii-a-candidate-for-respects-your-freedom-certification-by-pre-ordering-by-september-15

https://raptorcs.com/TALOSII/

 

FSF increases focus on firmware

The Free Software Foundation has updated their list of Campaigns, which includes mention of reversing firmware, and a blob-free version of Coreboot:

[…]
Reverse engineering projects.
We haven’t analyzed these in detail yet, but more broadly free drivers and free firmware (the goals of nearly all of the listed projects) have all four of our characteristics. Reverse engineering is one way to obtain free drivers and firmware, but the ideal is for manufacturers to publish full specifications and ship free drivers and free firmware, and this is what users should demand. We may want to reframe this page around free drivers, firmware, and hardware designs, noting priority reverse engineering tasks, but also encouraging users to make requests to vendors. The page also lists Replicant, a free version of Android. Phone operating systems were one of the most popular suggestions and merit their own entry (see potential additions below).

[…]
Coreboot.
A free BIOS has at least the universal and frontier characteristics. Several people suggested adding “and Libreboot,” the project to ship a version of Coreboot with no blobs, pushing further in the frontier direction. We intend to take this suggestion. We are also discussing whether to move this listing to the reframed page about free drivers, firmware, and hardware designs mentioned above.
[…]
Free software drivers for network routers.
The text of this listing concerns mesh networking, which may be too narrow to satisfy our criteria. In general free drivers for network routers probably meet the universal and frontier criteria, but it may make sense to fold this listing into a listing/page concerning free drivers and firmware for a large category of hardware (see reverse engineering above).
[…]

https://www.fsf.org/campaigns/priority-projects/changelog
https://media.libreplanet.org/u/libreplanet/m/the-state-of-free-revising-the-high-priority-projects-list/
https://www.fsf.org/blogs/community/a-preliminary-analysis-of-high-priority-projects-feedback

 

FSF: back the Raptor Talos Secure Workstation

A message from Donald Robertson of the Free Software Foundation, quoted verbatim:

Support the Talos Secure Workstation by January 14th Raptor Computing Systems is crowdfunding on Crowd Supply to produce, from the ground up, a high-powered computer with no proprietary software or firmware blobs called the Talos Secure Workstation. The project’s decision to raise funds via [Crowd Supply][0] means that you can support their work with anonymous payments, and without the use of [proprietary JavaScript][1]. We wrote about this project previously, and encouraged people to [voice their support][2]. While there are several companies that offer refurbished computers that have been freed to [Respect Your Freedom][3], the Talos Secure Workstation will be built from its inception with freedom in mind. But in order for that to happen, the project needs your help to meet their fund raising goal. The project has set a crowdfunding goal of $3.7 million and still has a ways to go to reach that mark. It may seem like they are asking for a lot of money, but relative to the scope of what the folks at Raptor Computing are trying to accomplish, it is a small amount. As Raptor Computing Systems Senior Electrical Engineer Timothy Pearson explained:

‘Large, complex systems such as Talos require minimum order quantities to be met for the component parts in use, in addition to R&D expenditure for prototyping, validation, and conformance testing. We have set the goal at the minimum level required to ensure that we can not only design the Talos systems, but also purchase the parts needed to manufacture these complex machines.’

They need every dollar they can get to make this system a reality. It is a difficult goal, but also one that is critical for the future of free computing. As they note in their explanation[4] of the problem:

‘As of this writing, all currently manufactured, low- to mid-range and higher x86 devices, with the exception of two obsolete AMD CPUs, incorporate a security processor that is cryptographically signed, updateable, unauditable, and for which no source code or documentation has been made public. Worse, these security processors must load and continually execute this signed firmware for the system to either be brought online (AMD) or for it to remain operational (Intel).’

If we want a future in which we can continue to have fully free systems that run only free software, we have to build that future ourselves. The Talos Secure Workstation is a proposed system to help secure that future. Their plans are to create a device that will meet the criteria for [Respects Your Freedom][3] certification, but in order for their plans to come to fruition, they need your help. You can support their work by backing the project via their [crowdfunding page][0], or even better, by purchasing a mainboard andaccessory package. Every little bit counts. Will you help support the future of free computing?

[0]: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation
[1]: https://www.gnu.org/philosophy/javascript-trap.en.html
[2]: https://www.fsf.org/blogs/licensing/interested-in-a-powerful-free-software-friendly-workstation
[3]: https://www.fsf.org/resources/hw/endorsement/respects-your-freedom
[4]: https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/a-word-on-lockdown

 

RMS blesses Crowd Supply for Open Hardware OEM use

Crowd Supply, the crowfunding platform for Open Hardware OEMs, was blessed this week by RMS and the FSF. Crowd Supply has helped new hardware startups and “Micro OEMs” like Bunnie Studios’ Novena, Purism’s Librem, and Inverse Path’s USB Armory.

“The FSF has selected Crowd Supply as its preferred crowdfunding platform, and will recommend Crowd Supply to hardware and software creators looking to crowdfund, sell or purchase products online. And third, Crowd Supply and the FSF will work together to promote and launch new software and hardware products that adhere to FSF’s guiding principles, with the first project to be announced soon.”

I am *VERY* eager to see more startups creating Open Hardware-based systems! I am looking forward to a few years from now when RISC-V-based devices start showing up on CrowdSupply…!

Going further, the FSF and Linux Foundation need to proactively start building the missing components, not waiting for Intel/ARM and OEMs to create Open Hardware, there’s little motivation for them to change their ways and their IP policies. The FSF needs to — first define, then… — fund Free Hardware, if they’re going in a separate direction from OSHWA’s Open Hardware. Personally, I wish the FSF would partner with OSHWA and focus on Open Hardware, instead of splintering the few non-closed hardware resources/efforts/funds.

More Information:
https://www.crowdsupply.com/free-software-foundation-endorses-crowd-supply-for-respecting-users-software-freedom
http://www.fsf.org/news/fsf-endorses-embedded-gnu-linux-distro-proteanos-as-fully-free
http://arstechnica.com/information-technology/2015/07/founder-of-gnu-bestows-blessing-upon-open-source-crowdfunding-site/

Linux distros (and FreeBSD): join the UEFI Forum

Hey Linux/FreeBSD distros: it’s great that you’ve got UEFI support including Secure Boot certs. But that’s not enough, you need to join the UEFI Forum, and help evolve UEFI to be more Linux-friendly.

Right now, the last time I checked, the only Linux distros that had joined were: Canonical (Ubuntu), Red Hat, and SuSE. As well as Linaro. Excluding SuSE and Redhat’s commercial products, that means that Ubuntu, Fedora, and OpenSUSE are the community Linux distros that may have the best UEFI support.

UEFI Forum members have access to:
* member-only communications (web forums)
* member-only invites to meetings/events (including the 1-3 plugfests they do each year).
* member-only access to software and specs the public doesn’t have.
* access to file bugs/change requests, which the public cannot do.

I think you get access to their non-public trunk, a subset of which is exported to the public as TianoCore, but I’m not sure. (Hypocritically, I’m not a member yet, still working on it, blocking on some new company infrastructure.)

If you join, you can help evolve and improve UEFI, and have early access to UEFI resources so your distros can be ready for any changes. You can attend the plugfests and do interop testing with other UEFI products/projects, to find problems before your users have to see them.

If you don’t join, you’ll be constantly reacting to UEFI Forum releases, have less resources than UEFI Member distros have, and if there’s a problem all you can do is whine and blame Intel and/or Microsoft, when you should look into the mirror instead.

The Linux Foundation should help enable community distros, which don’t have large corporations to back their membership, to get involved as well. The Free Software Foundation should join and participate, instead of keeping their heads in the sand and wish everyone would stop using UEFI. Embrace and Extend.

In addition to Linux distros, FreeBSD also supports UEFI, and is not a UEFI Forum member. iX Systems and FreeBSD Foundation: this also applies to you.

You also need to register your distro with the UEFI Forum’s ESP Subdirectory Registry, so you can have some UEFI binaries (boot loader, etc.) in a well-known location. Ex, if Debian’s cbootstrap gets ported to a UEFI Application, then \EFI\Debian\cbootstrap.efi would be an example of where the file would be stored. Right now, Debian is registered, but not a member of the UEFI Forum!?

Intel, ARM, Linaro, Red Hat, SuSE, and Canonical have been doing a great job improving UEFI so it works better with non-Apple, non-Microsoft operating systems. IMO, more distros need to get involved and help.

More Information:

http://uefi.org/members
http://uefi.org/join
http://uefi.org/registry

While I’m on my soapbox, Linux distros should consider some UEFI-centric rescue options in their boot CDs. ALT Linux Rescue ISOs include rEFInd boot manager, and let you optionally jump into UEFI Shell. You could use UEFI-aware GRUB for this, instead of rEFInd. Additionally, it would be nice to also give access to running: FWTS (FirmWare Test Suite), Intel CHIPSEC to test the hardware/firmware for security. It would also be nice to include the UEFI port of CPython 2.7x, along with the UEFI Shell, for more powerful diagnostic abilities. Distro installers should also consider installing UEFI Shell and UEFI Python and CHIPSEC onto system’s ESP, in an advanced mode, not just let them access via install ISO. Of course, there are security issues by enabling extra Pre-OS tools, user would need to opt-into all of this. Intel’s LUV-live, which Linaro is porting to AArch64, contains BITS (BIOS Interface Test Suite), FWTS, CHIPSEC all in one convenient location. I hope other Linux distros emulate some of LUV-live’s diagnostic and rescue abilities.