{"id":7310,"date":"2018-10-14T00:16:00","date_gmt":"2018-10-13T22:16:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=7310"},"modified":"2021-09-06T23:22:17","modified_gmt":"2021-09-06T21:22:17","slug":"foss-linuxboot-repaces-uefi-on-servers","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/10\/14\/foss-linuxboot-repaces-uefi-on-servers\/","title":{"rendered":"FOSS LinuxBoot replaces UEFI on servers"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/11\/Linux.jpg\" width=\"64\" height=\"76\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/?p=210312\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Vendors using Linux-Servers intends to move away from proprietary hardware with UEFI, Intel ME &amp; Co. The free LinuxBoot is the answer to the UEFI glue of the commercial manufacturers, but is limited to the server area. Here is some information about LinuxBoot.<\/p>\n<p><!--more--><\/p>\n<p>Microsoft, Intel and the rest of the industry are forcing the use of the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Unified_Extensible_Firmware_Interface\" target=\"_blank\" rel=\"noopener noreferrer\">Extensible Firmware Interface (UEFI)<\/a>, which is supposed to replace the legacy BIOS on main boards. U(EFI) describes a unified, extensible firmware interface between the firmware, the individual components of a computer and the operating system. The Linux and Open Source community's criticism of UEFI is quickly summarized: Untransparent and a lever to exclude unpleasant competition.<\/p>\n<h2>LinuxBoot as a new approach<\/h2>\n<p>The answer of the Linux community is LinuxBoot. LinuxBoot is, according to <a href=\"https:\/\/www.linuxboot.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">this project page<\/a>, a firmware for modern servers that replaces certain firmware functions such as the UEFI DXE phase with a Linux kernel and a runtime environment.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"LinuxBoot als UEFI-Ersatz\" src=\"https:\/\/d33wubrfki0l68.cloudfront.net\/fb5faff7373a56066d127aac1a207f2bf3d0381b\/02f35\/images\/linuxboot_info.png\" alt=\"LinuxBoot als UEFI-Ersatz\" width=\"635\" height=\"361\" \/><\/p>\n<p>The above scheme shows the architecture of LinuxBoot, which is based on UEFI-PEI (<a href=\"https:\/\/web.archive.org\/web\/20210316204539\/https:\/\/uefi.org\/sites\/default\/files\/resources\/PI_Spec_1_6.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Pre EFI Initialization<\/a>) and the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Coreboot\" target=\"_blank\" rel=\"noopener noreferrer\">Coreboot RomStage<\/a> components [1] to initialize the hardware, but then no longer needs UEFI modules. Advantages are mentioned:<\/p>\n<ul>\n<li>Improves boot reliability by replacing easily tested firmware drivers with hardened Linux drivers.<\/li>\n<li>Reduces boot time by removing unnecessary code. Usually makes the boot process 20 times faster.<\/li>\n<li>Allows the initrd runtime of Linux to be adapted to site-specific requirements (both device drivers and custom executables).<\/li>\n<\/ul>\n<p>According to the website, this has been a proven approach for nearly 20 years in military, consumer electronics and supercomputing systems &#8211; wherever reliability and performance are paramount.<\/p>\n<h2>LinuxBoot advantages<\/h2>\n<p>Apart from the fact that LinuxBoot is FOSS (Free Open Source Software), the developers on the project's website give further hints on the benefits in <a href=\"https:\/\/www.linuxboot.org\/page\/faq\/\" target=\"_blank\" rel=\"noopener noreferrer\">this FAQ<\/a>.<\/p>\n<ul>\n<li>LinuxBoot can use any file system that supports Linux, not just FAT (as with U(EFI).<\/li>\n<li>Boot guidelines can be implemented with normal Linux applications, such as shell scripts or binaries, instead of manipulating opaque NVRAM variables.<\/li>\n<li>Users or developers can run Linux applications directly from the ROM.<\/li>\n<li>LinuxBoot completely eliminates legacy partitions and LVM can be used for flexible disk management.<\/li>\n<li>LinuxBoot allows anyone to create and verify for themselves that the reproducible build matches what others have built.<\/li>\n<li>This makes it possible to ensure that the firmware is clean. Users can have the firmware confirm via TOTP that it has not been changed.<\/li>\n<li>Users can have a fully encrypted hard drive, with secrets data sealed with TPM and unsealed only if the firmware is not modified.<\/li>\n<li>Device drivers can be added for things that UEFI does not support.<\/li>\n<li>In addition, external hardware tokens such as a Yubikey can be used to sign the operating system installation and have the firmware validate the GPG signature.<\/li>\n<\/ul>\n<p>All in all, LinuxBoot offers some important advantages over U(EFI). I came across the topic again via <a href=\"https:\/\/itsfoss.com\/linuxboot-uefi\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article from itsfoss.com<\/a>. There I've learned that the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Open_Compute_Project\" target=\"_blank\" rel=\"noopener noreferrer\">Open Compute Project<\/a> has already been started in 2011 by Facebook. The goal was to develop the open source designs for some of the Facebook servers in order to make their own data centers more efficient. LinuxBoot has been tested on some Open Compute hardware listed in the itfoss.com article. LinuxBoot is available on GitHub. But so far it has not found its way into the typical clients for consumer devices. Nevertheless I find the development exciting &#8211; and I think, after the suspicion mentioned in <a href=\"https:\/\/techcrunch.com\/2018\/10\/04\/bloomberg-spy-chip-murky-world-national-security-reporting\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>, the whole thing could get even more impetus.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Vendors using Linux-Servers intends to move away from proprietary hardware with UEFI, Intel ME &amp; Co. The free LinuxBoot is the answer to the UEFI glue of the commercial manufacturers, but is limited to the server area. Here is some &hellip; <a href=\"https:\/\/borncity.com\/win\/2018\/10\/14\/foss-linuxboot-repaces-uefi-on-servers\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,921,580],"tags":[637,69,519],"class_list":["post-7310","post","type-post","status-publish","format-standard","hentry","category-devices","category-linux","category-security","tag-linux","tag-security","tag-uefi"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/7310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=7310"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/7310\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=7310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=7310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=7310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}