1f47a184d4
link only to the history page from every other page, and link to gnuboot vs canoeboot on the history page as is already the case link the history page from the footer instead of the header. it's still important that they be talked about, but i very much intend for them to take a backseat. right at the very back. they are not a part of my world; a world that i built myself. they have no moral authority over of it. afterall, why talk about vaporware? i wrote the versus page when i thought gnuboot might actually have teeth, but the developers turned out to be completely incompetent. which is a pity, because i could have benefited from them even if i didn't always agree with them. oh well! Signed-off-by: Leah Rowe <info@minifree.org>
58 KiB
| title | x-toc-enable |
|---|---|
| Canoeboot vs GNU Boot | true |
tl;dr as of 26 October 2023, Canoeboot code is about 1 year ahead of GNU Boot in terms of development, and about 2 years ahead in terms of documentation. Read on, if you want details. GNU Boot is also known as gnuboot. The purpose of Canoeboot is to demonstrate the inferiority of GNU policy, by providing the highest quality releases possible, based on Libreboot, keeping sync with Libreboot while showing what boards/features would have to be removed from Libreboot, if it were to comply with GNU Boot. In other words, Canoeboot is the logical conclusion of what is possible under GNU policy.
Libreboot's Binary Blob Reduction Policy provides an alternative, where users have boot firmware that is as much free software as possible, while not being dogmatic about it. You can learn more by reading that policy.
Canoeboot and GNU Boot are both forks of Libreboot, designed to comply with the GNU Free System Distribution Guidelines. This page is maintained, to show the differences between these two projects.
This current version of the page pertains to Canoeboot 20231026
versus GNU Boot 0.1 RC. You can find GNU Boot ("gnuboot") on the GNU Savannah
website.
You can also read the Canoeboot 20231101 changelog;
that release only came out 7 days after the 20231026 release, so the rest of
this page is more or less accurate, when combined with the facts on
the 20231101 announcement.
GNU Boot 0.1 RC based on Libreboot 20220710
This fact is very important; nonGeNUine Boot's 20230717 changelog is relative to Libreboot 20220710, and Canoeboot 20231026's changelog is relative to nonGeNUine Boot 20230717's changelog.
Therefore, this page will analyse differences in both projects, at these two
points. First, let's analyse GNU Boot, with the tag reset to 0.1-rc1, which
corresponds to commit ID a64d284fd798d843133c9d7274bba17bd7837174. Since GNU
Boot also contains the Libreboot history that it forked from, it contains the
Libreboot 20220710 release tag, so we can do this:
git log --graph --pretty=format:'%Cred%h%Creset %s %Creset' --abbrev-commit 20220710..0.1-rc1
Within the GNU Boot git repository, this would yield the following response:
* a64d284 .gitignore: order alphabetically
* 0df4fe5 GRUB: config from HDD/SSD: Add support for gnuboot_grub.cfg
* ce13d22 GRUB: Use GNU Boot logo
* 74b678c GRUB: Say the name GNUBoot in the grub menu
* eeddd2b build/dependencies: debian: adding python-is-python3 to build seabios properly
* 58b8e09 coreboot/fam15h: don't build ada toolchain for generic platforms
* f7c0fec coreboot/fam15h: update code base, deblob, unset CONFIG_STM (see bug #64535)
* de9297f coreboot/fam15h: fix crossgcc acpica build on newer hostcc
* c38348d coreboot/fam15h: fix for gcc/gnat building
* 0d77d99 coreboot/fam15h: fixing binutils not building properly
* b773079 coreboot/default, coreboot/fam15h: use GNU mirror for acpica
* bf17993 Continue Libreboot under the GNU project
And that's all. The fam15h-related fixed are actually merged from
the fsdg20230625 branch of Libreboot, made during July 2023. See:
https://browse.libreboot.org/lbmk.git/log/?h=fsdg20230625
The other patches are also merged (cherry-picked) from Libreboot! The above commit log is all that GNU Boot did, for their 0.1 RC1 release.
Therefore, to know the differences between Canoeboot and GNU Boot, I will copy
all items first from the nonGeNUine Boot 20230717 change log, and then the
Canoeboot 20231026 change log, but I will skip those entries that define
features which GNU Boot already has.
On this day, GNU Boot's current commit ID (in the main branch)
is 54c6ae497d49c233b654c171978baa77b90ffe17 from 12 October 2023. Most of
the changes since 0.1 RC1 up to that commit are just documentation changes,
and even still, only cherry-picking minor patches here and there that were
already done in Libreboot, in some cases years ago. It's worth noting that
the GNU Boot documentation is based on Libreboot documentation from late 2021
or at most, very early 2022.
I don't need to compare documentation, and it would take too long. Their documentation is 2 years out of date, what more is there to say?
Now, feature comparisons in the build systems:
Canoeboot 20231026 features that GNU Boot lacks
Board support
Canoeboot has these boards fully supported, that GNU Boot currently lacks support for:
Git revisions in Canoeboot 20231026:
- Coreboot (default): commit ID
d862695f5f432b5c78dada5f16c293a4c3f9fce6, 12 October 2023 - Coreboot (fam15h_udimm): commit ID
1c13f8d85c7306213cd525308ee8973e5663a3f8, 16 June 2021 - GRUB: commit ID
e58b870ff926415e23fc386af41ff81b2f588763, 3 October 2023 - SeaBIOS: commit ID
1e1da7a963007d03a4e0e9a9e0ff17990bb1608d, 24 August 2023 - U-Boot: commit ID
4459ed60cb1e0562bc5b40405e2b4b9bbf766d57, 2 October 2023
Git revisions in GNU Boot 0.1 RC1:
- Coreboot (default): commit ID
b2e8bd83647f664260120fdfc7d07cba694dd89e, 17 November 2021 - Coreboot (fam15h_udimm): commit ID
1c13f8d85c7306213cd525308ee8973e5663a3f8, 16 June 2021 - GRUB: commit ID
f7564844f82b57078d601befadc438b5bc1fa01b, 25 October 2021 - SeaBIOS: commit ID
1281e340ad1d90c0cc8e8d902bb34f1871eb48cf, 24 September 2021 - U-Boot: does not exist (no ARM/U-Boot support in Libreboot 20220710) NOTE: GNU Boot does support downloading, deblobbing and re-compressing U-Boot archives, and in fact does a better job of that than Canoeboot in some ways, but it does not yet actually build U-Boot, and it does not boot U-Boot in any way, on any actual mainboards.
As you can see, Canoeboot's revisions are a lot newer.
GRUB LUKS2 support with argon2
Canoeboot 20231026 contains a heavily patched version of GRUB, which contains
argon2 support. This allows full decryption of LUKS2 volumes, without having
to switch to different key derivation (PBKDF2) and without needing to use
LUKS1. You can simply use the default LUKS2 setup provided by any distro, and
it will work. More information is available about GRUB cryptomount, in
the GNU+Linux guide - search on that page for LUKS2 or argon2.
GNU Boot completely lacks this feature, as of 26 October 2023. It can only support LUKS2 if the key derivation is downgraded to PBKDF2 (insecure, or to LUKS1 (also insecure).
For all intentions, the average user cannot have a fully encrypted system on
GNU Boot. They must leave /boot unencrypted on GNU+Linux distros.
With Canoeboot, you can have encrypted /boot very easily. This is a boon for
security, because it reduces the chance of someone tampering with your data
successfully, and combined with other steps,
can be used to reduce the risk of evil maid attacks (by making it infeasible).
GRUB detached LUKS headers
GRUB 2.12 also supports detached LUKS headers, whereas GRUB 2.06 does not. GNU Boot currently uses GRUB 2.06 as its payload. Canoeboot and Libreboot both use GRUB 2.12 as a payload.
Serprog support
Canoeboot can build firmware images for RP2040 and STM32 microcontrollers,
using pico-serprog and stm32-vserprog respectively. This can be used to
set up an SPI flasher of high quality, but these parts are low-cost.
GNU Boot does not support this feature, as of 26 October 2023.
Simplified command structure
There are 9 shell scripts in Canoeboot 20231026, versus about 50 in GNU
Boot 0.1 RC1, because GNU Boot uses the pre-audit design; Libreboot used to
have lots of very simple scripts, but ended up with a lot of code repetition.
The new lbmk design generalises all of the logic, doing away with the very hacky logic that existed in the old build system design.
The interface in Canoeboot's build system is much easier to use. For example, the commands are shorter, and easier to remember. See: cbmk maintenance manual tells you everything about the Canoeboot build system.
GNU Boot doesn't even have a maintenance manual, in their version. Their
documentation exists in the same repository as code, but their
version of docs/maintain/ does not actually contain any instructions,
at least as of commit ID a64d284fd798d843133c9d7274bba17bd7837174 on 17
August 2023.
Better documentation
Canoeboot has much better documentation, but this is obvious if you've been paying attention. As already stated: GNU Boot's documentation is horribly out of date, even relative to the version of Libreboot that they're using! (which itself is also horribly out of date)
Canoeboot's build system is smaller
Smaller doesn't mean worse; in fact, Canoeboot's build system is more efficient. It's about 1250 sloc (source lines of code), when counting shell scripts in the core of the build system. Libreboot, Canoeboot and GNU Boot build systems all use the same design, written in shell scripts.
1250 sloc in Canoeboot, versus 2111 in gnuboot; gnuboot however lacks many of the features and improvements that you're about to see below. The Canoeboot build system does several times as many things, in half the amount of code! The code is generally just more reliable, less error prone, and easier to work with, in Canoeboot. GNU Boot uses a very old version of the Libreboot build system design, from long before I started any massive audits. There have been three Libreboot build system audits in 2023, as of 26 October 2023.
Three audits, and Canoeboot has inherited the improvements of all of them. GNU Boot's design is based on the pre-audit lbmk codebase.
Build system / performance improvements in Canoeboot:
- Much stricter, more robust error handling; too many changes to list here, so check the git log. Also, errors that are not errors are no longer treated as such; nonGeNUine Boot 20230717's build system was actually too strict, sometimes.
- Most logic has been unified in single scripts that perform once type of task each, instead of multiple scripts performing the same type of talk; for example, defconfig-based projects now handled with the same scripts, and preparing trees for them is done the same. These unifications have been done carefully and incrementally, with great thought so as to prevent spaghetti. The code is clean, and small.
- GitHub is no longer used on main Git repository links, instead only as backup
- Backup repositories now defined, for all main repos under
config/git/ - Single-tree projects are no longer needlessly re-downloaded when they already have been downloaded.
- GRUB LUKS2 support now available, with argon2 key derivation; previously, only PBKDF2 worked so most LUKS2 setups were unbootable in Canoeboot. This is fixed.
- Vastly reduced number of modules in GRUB, keeping only what is required.
- Use
--mtimeand option options in GNU Tar (if it is actually GNU Tar), when creating Tar archives. This results in partially reproducible source archives, and consistent hashes were seen in testing, but not between distros. - Always re-inialitise
.gitwithin lbmk, for the build system itself, if Git history was removed as in releases. This work around some build systems like coreboot that use Git extensively, and are error-prone without it. - More robust makefile handling in source trees; if one doesn't exist, error out but also check other makefile name combinations, and only error out if the command was to actually build.
- ROMs build script: support the "all" argument, even when getopt options are
used e.g.
-k - Disabled the pager in
grub.cfg, because it causes trouble in some non-interactive setups where the user sees an errant message on the screen and has to press enter. This fixes boot interruptions in some cases, allowing normal use of the machine. The pager was initially enabled many years ago, to make use of cat a bit easier in the GRUB shell, but the user can just enable the pager themselves if they really want to. - U-Boot can now be compiled standalone, without using the ROMs build script, because crossgcc handling is provided for U-Boot now in addition to coreboot.
- All helper scripts are now under
include/, and main scripts inscript/, called by the mainbuildscript - Generally purge unused variables in shell scripts
- Simplified initialisation of variables in shell scripts, using the
setvarsfunction defined underinclude/err.sh - Support patch subdirectories, when applying patches. This is done recursively, making it possible to split up patch files into smaller sets inside sub directories, per each source tree (or target of each source tree, where a project is multi-tree within lbmk)
- SPDX license headers now used, almost universally, in all parts of cbmk.
- Files such as those under
config/gitare now concatenated, traversing recursively through the target directory; files first, then directories in order, and for each directory, follow the same pattern until all files are concatenated. This same logic is also used for patches. This now enables use of subdirectories, in some config/patch directories. - General code cleanup on
util/nvmutil - Git histories are more thoroughly deleted, in third party source trees during release time.
- Symlinks in release archives are no longer hard copies; the symlinks are
re-created by the release script, because it clones the current lbmk work
directory via Git (local git clone), rather than just using
cpto copy links. - Properly output to stderr, on printf commands in scripts where it is either
a warning prior to calling
err, or just something that belongs on the error output (instead of standard output). - Don't use the
-Boption in make commands. - SECURITY: Use sha512sum (not sha1sum) when verifying certain downloads. This reduces the chance for collisions, during checksum verification.
- Set GRUB timout to 5s by default, but allow override and set to 10s or 15s on some mainboards.
- Support both curl and wget, where files are downloaded outside of Git; defer to Wget when Curl fails, and try each program three times before failing. This results in more resilient downloading, on wobbly internet connections.
- Don't clone Git repositories into
/tmp, because it might be a tmpfs with little memory available; clone intotmp/gitcloneinstead, within lbmk, andmvit to avoid unnecessary additional writes (mvis much more efficient thancp, for this purpose). - Removed unused
target.cfghandling in vendor scripts, because they use the concatenated config format instead (they always have). - Coreboot builds: automatically run make-oldconfig, to mitigate use of raw coreboot config where a revision was updated but the config was untouched. This may still result in a confirmation dialog, and it's still recommended that the configs be updated per revision (or switch them to defconfigs).
- Vastly simplified directory structure;
resources/scripts/is nowscript/, andresources/was renamed toconfig/; ifd and gbe files were also moved toconfig/ifd/. Commands are now 1-argument instead of 2, for example the./build boot romscommand is now./build roms. - memtest86plus: only build it on 64-bit hosts, for now (32-bit building is broken on a lot of distros nowadays, and lbmk doesn't properly handle cross compilation except on coreboot or U-Boot)
- (courtesy of Riku Viitanen) don't use cat on loops that handle lines of text.
Instead, use the
readcommand that is built intosh, reading each line. This is more efficient, and provides more robust handling on lines with spaces in them. - ALL projects now have submodules downloaded at build time, not just multi
tree projects such as coreboot - and a few projects under
config/githave had certaindependitems removed, if a given project already defines it under.gitmodules(within its repository). - Improved cbutils handling; it's now even less likely to needlessly re-build if it was already built.
- The release build script no longer archives what was already built, but instead builds from scratch, creating an archive from source downloads first before building the ROM archives. This saves time because it enables a single build test per release, whereas at was previously necessary to test the Git repository and then the release archive. Testing both is still desired, but this behaviour also means that whatever is built at release time is guaranteed to be the same as what the user would build (from archives).
- Improved handling of
target.cfgfiles in multi-tree projects coreboot, SeaBIOS and U-Boot. Unified to all such projects, under one script, and with improved error handling. - GRUB payload: all ROM images now contain the same ELF, with all keymaps inserted. This speeds up the build process, and enables easier configuration when changing the keyboard layout because less re-flashing is needed.
- Simplified IFD handling on ICH9M platforms (e.g. X200/T400 thinkpads); the ich9gen utility wasn't needed anymore so ich9utils has been removed, and now the IFD/GbE files are included pre-assembled (generated by ich9gen). Ich9gen can still be used, or you can re-generate with coreboot's bincfg; the ifdtool util can be used to edit IFD and nvmutil (part of Canoeboot) can change MAC addresses. The ich9utils code was always redundant for the last few years, especially since 2022 when nvmutil was first written.
- Running as root is now forbidden, for most commands; lbmk will exit with
non-zero status if you try. The
./build dependencies xcommands still work as root (they're the only commands available as root). - Enabled memtest86plus on more boards, where it wasn't previously enabled.
- Only enable SeaBIOS as first payload on desktops, but still enable GRUB as second payload where GRUB is known to work (on each given host). The text mode and coreboot framebuffer modes are provided in each case, where feasible.
- The
listcommand has been mostly unified, making it easier to tell (from lbmk) what commands are available, without having to manually poke around underscript/. - The
-T0flag is now used, universally, on xz commands. This makesxzrun on multiple threads, greatly speeding up the creation of large tar archives. - Universally use
-jin make commands, for multi-threading, but it relies onnprocto get thread count, so this only works if you havenproc(you probably don't, if you run BSD; BSD porting is still on TODO for Canoeboot) - File names as arguments now universally have quotes wrapped around them, and similar auditing has been done to all variables used as arguments everywhere in lbmk. There were cases where multiple arguments were wrongly quoted then treated as a single argument, and vice versa. This is now fixed.
- Re-wrote
.gitcheck; now, a global git name/email config is always required. The only behaviour (setting local config, and unsetting) was quite error-prone under fault conditions, where cleanup may not have been provided, or when execution was interrupted, resulting sometimes in accidentally committing tolbmk.gitas author namedlbmkplaceholder. - The new BSD-like coding style is now used on all shell scripts in lbmk. A few scripts still used the old lbmk coding style, as of audit 2.
- Scripts no longer directly exit with non-zero status, under fault conditions;
instead,
x_orerris used to provide such behaviour. This results in all exits from lbmk being consolidated toerr, under fault conditions. - zero exits are also consolidated, going only through the main script, which has its own exit function calledlbmk_exitthat providesTMPDIRcleanup. - BSD-style error handling implemented, with an
errfunction (and functions that use it) insideinclude/err.sh; there is alsox_which can be used to run a command and exit automatically with non-zero status, useful because it provides more verbose output than if you just relied onset -e, and it still works when a script does not useset -e- however, it is not used on all functions, because it works by executing$@directly, which can break depending on arguments. Therefore, some scripts just default to|| errfor providing breakage in scripts. - Memtest 6.2 now used (instead of 5.x releases). This is essentially a re-write, and it works on the coreboot framebuffer, whereas previous revisions only worked on text mode setups.
- NO MAKEFILE. The Makefile in lbmk has been removed. It was never meaningfully used because all it did was run lbmk commands, without implementing any logic itself. A Makefile may be added again in the future, but with a view to installing just the build system onto the host system, to then build ROM images under any number of directories. Lbmk's design is strictly no-Makefile, but it uses Makefiles provided by third party source trees when building them.
- Safer GRUB configuration file handling between GRUB memdisk and coreboot CBFS; it is no longer possible to boot without a GRUB config, because the one in GRUB memdisk is provided as a failsafe, overridden by inserting one in CBFS, but there is no config in CBFS by default anymore.
- The build system warns users about
elf/vsbin/, when it comes to flashing coreboot ROM images; it tells them to usebin/because those images do contain payloads, whereas the ones underelf/do not. - VASTLY more efficient build process; all coreboot ROMs without payload are
now cached under
elf/, as are payloads, then they are joined separately by the usual ROMs build script, and these cached ROMs contain many changes in them that were previously handled bymoveromin the main ROM build script. Under the new design, repetitive steps are avoided; payloads are inserted into a copy of the cached ROMs underTMPDIR, before being copied for keymaps and small files; this eliminates delays caused by slow compression (LZMA is always used, when inserting payloads). After crossgcc and the payloads are compiled, the ROM with coreboot builds in under a minute, whereas it would have previously taken several minutes on most Canoeboot-supported hardware. - VASTLY reduced GRUB payload size; modules that aren't needed have been removed resulting in much smaller GRUB payloads, that also boot faster.
- ALL defconfig creation, updating and modification are handled by the same script that also handles compiling, as mentioned in the bullet-point below.
- ALL main source trees are now compiled, downloaded, configured and cleaned
using the same script. The download (Git) logic is a separate file
under
include/and its functions are called by the main build script, which provides a stub for this. - Scripts are no longer executed directly, ever, except the main script. All
scripts are otherwise executed from
script/, inheriting theTMPDIRvariable set (and exported) by lbmk. - Generally improved user feedback in scripts, especially the vendor scripts.
- Coreboot, U-Boot and SeaBIOS are now downloaded, configured and compiled using the exact same script. Although these codebases differ wildly, their build systems use the same design, and they are compatible from a user-interface perspective.
- Vastly improved
/tmphandling; a universalTMPDIRis set (environmental variable) and exported to all child processes running lbmk scripts. On exit, the main tmp directory is purged, cleaning all tmp directories under it. - General simplification of coding style on all shell scripts.
- Fixed some variable initialisations in the coreboot ROM image build script
- Don't enable u-boot on QEMU x86 images (due to buggy builds, untested)
- Fixed coreboot-version file inserted into coreboot trees, when compiled on Canoeboot release archives.
- Very general auditing has been done, finding and fixing bugs.
- Reduced the number of scripts significantly. There were about 50 scripts in
the nonGeNUine Boot 20230717 build system. There are closer to 20 in today's
Canoeboot
20231026revision. - Many scripts that were separate are now unified. For example: the scripts handling defconfigs files on SeaBIOS, u-Boot and coreboot have now been merged into a single script, performing the same work better in less code.
- Ditto many other scripts; repeated logic unified, logic generalised. The logic for downloading coreboot and u-boot was unified into one script, basing off of the coreboot one, and then expanding to also cover SeaBIOS. Most building (e.g. handling of Makefiles) is now done in a single script.
- Far superior error handling; in many scripts, the
-eoption inshwas heavily relied upon to catch errors, but now errors are handled much more verbosely. Many fault conditions previously did not make lbmk exit at all, let alone with non-zero status, and zero status was sometimes being returned under some edge cases that were tested. Error handling is more robust now. util/ich9utils(containingich9gen) was removed, thus eliminating about 3000 source lines (of C code) from lbmk. Thenvmutilprogram, also provided by and originating from the Canoeboot project, can already change GbE MAC addresses. Coreboot's bincfg can generate ich9m descriptors, and ifdtool can manipulate them; so the features provided by ich9utils were superfluous, since they are available in other projects that we ship. We now ship pre-built ifd/gbe configs on these machines, which can be modified or re-assembled manually if you want to. This eliminates a moving part from Canoeboot, and speeds up the build a little bit.- ROM images (of coreboot) build much faster: no-payload coreboot ROMs are
cached on disk, as are payloads, where previously only the latter was cached.
These cached images have as much inserted into them as possible, to eliminate
redundant steps in the build process. The
elfdirectory contains these, and the existingbindirectory still holds the full ROM images (containing payloads) when compiled. - GRUB payload: vastly reduced the size of the payload, by eliminating GRUB modules that were not needed. About 100KB of compressed space saved in flash!
- GRUB payload: argon2 key derivation supported - this means LUKS2 decryption is now possible in GRUB. This work was performed by Nicholas Johnson, rebasing from Axel's AUR patch for GRUB 2.06 (Canoeboot currently uses GRUB 2.12).
- The new coding style is now used on many more scripts, including
the
build/boot/roms_helperscript - the new style is much cleaner, mandating that logic be top-down, with amain()function defined; it's basically inspired by the OpenBSD coding style for C programs, adapted to shell scripts. - All GRUB keymaps now included; a single
grub.elfis now used on all ROM images. Thegrub.cfggoes in GRUB memdisk now, but can be overridden by inserting agrub.cfgin CBFS; many behaviours are also controlled this way, for example to change keymaps and other behaviours. This results in much faster builds, because a different GRUB payload doesn't have to be added to each new ROM image; such takes time, due to time-expensive LZMA compression. This, plus the optimised set of GRUB modules, also makes GRUB itself load much faster. All of the fat has been trimmed, though still quite a lot more than a Crumb. - A lot of scripts have been removed entirely, and their logic not replaced; in many cases, Canoeboot's build system contained logic that had gone unused for many years.
- More reliable configs now used on desktop mainboards: SeaBIOS-only for start, but GRUB still available where feasible (in the SeaBIOS menu). This makes it more fool proof for a user who might use integrated graphics and then switch to a graphics card; the very same images will work.
- TMPDIR environmental variable now set, and exported from main parent process
when running lbmk; child processes inherit it, and a single tmp dir is used.
This is then automatically cleaned, upon exit from lbmk; previously, lbmk did
not cleanly handle
/tmpat all, but now it's pretty reliable. - A HUGE build system audit inherited from Libreboot, is part of the Canoeboot tree; the entire build system was re-written in a much cleaner coding style, with much stricter error handling and clear separation of logic. A lot of bugs were fixed. A LOT of bugs. Build system auditing has been the main focus, in these past 12 months.
cros: Disable coreboot-related BL31 features. This fixes poweroff on gru chromebooks. Patch courtesy of Alper Nebi Yasak.u-boot: Increase EFI variable buffer size. This fixes an error where Debian's signed shim allocates too many EFI variables to fit in the space provided, breaking the boot process in Debian. Patch courtesy Alper Nebi Yasak- Coreboot build system: don't warn about no-payload configuration. nonGeNUine Boot compiles ROM images without using coreboot's payload support, instead it builds most payloads by itself and inserts them (via cbfstool) afterwards. This is more flexible, allowing greater configuration; even U-Boot is handled this way, though U-Boot at least still uses coreboot's crossgcc toolchain collection to compile it. Patch courtesy Nicholas Chin.
util/spkmodem-recv: New utility, forked from GNU's implementation, then re-written to use OpenBSD style(9) programming style instead of the originally used GNU programming style, and it is uses OpenBSDpledge()when compiled on OpenBSD. Generally much cleaner coding style, with better error handling than the original GNU version (it is forked from coreboot, who forked it from GNU GRUB, with few changes made). This is a receiving client for spkmodem, which is a method coreboot provides to get a serial console via pulses on the PC speaker.- download/coreboot: Run
extra.shdirectly from given coreboot tree. Unused by any boards, but could allow expanding upon patching capabilities in lbmk for specific mainboards, e.g. apply coreboot gerrit patches in a specific order that is not easy to otherwise guarantee in more generalised logic of the nonGeNUine Boot build system. util/e6400-flash-unlock: New utility, that disables flashing protections on Dell's own BIOS firmware, for Dell Latitude E6400. This enables nonGeNUine Boot installation without disassembling the machine (external flashing equipment is not required). Courtesy Nicholas Chin.- Build dependencies scripts updated for more modern distros. As of this day's release, nonGeNUine Boot compiles perfectly in bleeding edge distros e.g. Arch Linux, whereas the previous 20220710 required using old distros e.g. Debian 10.
cbutils: New concept, which implements: build coreboot utilities like cbfstool and include the binaries in a directory inside lbmk, to be re-used. Previously, they would be compiled in-place within the coreboot build system, often re-compiled needlessly, and the checks for whether a given util are needed were very ad-hoc: now these checks are much more robust. Very centralised approach, per coreboot tree, rather than selectively compiling specific coreboot utilities, and makes the build system logic in nonGeNUine Boot much cleaner.- GRUB config: 30s timeout by default, which is friendlier on some desktops that have delayed keyboard input in GRUB.
- ICH9M/GM45 laptops: 256MB VRAM by default, instead of 352MB. This fixes certain performance issues, for some people, as 352MB can be very unstable.
- U-Boot patches: for
gru_bobandgru_kevinchromebooks, U-Boot is used instead of Google's own depthcharge bootloader. It has been heavily modified to avoid certain initialisation that is replaced by coreboot, in such a way that U-Boot is mainly used as a bootloader providing UEFI for compliant GNU+Linux distros and BSDs. Courtesy Alper Nebi Yasak. - lbmk: The entire nonGeNUine Boot build system has, for the most part, been made
portable; a lot of scripts now work perfectly, on POSIX-only implementations
of
sh(though, many dependencies still use GNU extensions, such as GNU Make, so this portability is not directly useful yet, but a stepping stone. nonGeNUine Boot eventually wants to be buildable on non-GNU, non-GNU/Linux systems, e.g. BSD systems) - nvmutil: Lots of improvements to code quality, features, error handling. This utility was originally its own project, started by Leah Rowe, and later imported into the nonGeNUine Boot build system.
- build/boot/roms: Support cross-compiling coreboot toolchains for ARM platforms, in addition to regular x86 that was already supported. This is used for compiling U-boot as a payload, on mainboards.
- U-boot integration: at first, it was just downloading U-Boot. Board integration for ARM platforms (from coreboot) came later, e.g. ASUS Chromebook Flip C101 as mentioned above. The logic for this is forked largely from the handling of coreboot, because the interface for dealing with their build systems is largely similar, and they are largely similar projects. Courtesy Denis Carikli and Alper Nebi Yasak.
- New utility:
nvmutil- can randomise the MAC address on Intel GbE NICs, for systems that use an Intel Flash Descriptor - General build system fixes: better (and stricter) error handling
- Fixed race condition when building SeaBIOS in some setups.
- GRUB configs: only scan ATA, AHCI or both, depending on config per board.
This mitigates performance issues in GRUB on certain mainboards, when
scanning for
grub.cfgfiles on the HDD/SSD. - GRUB configs: speed optimisations by avoiding slow device enumeration in GRUB.
Summary
So, in conclusion: this page is not trying to tell you why you should use Canoeboot; rather, it's just telling you that someone worse exists. Canoeboot and GNU Boot are both inherently flawed in their designs; both projects are completely inferior to the Libreboot project, for all the reasons laid out in the Binary Blob Reduction Policy - the Canoeboot project is provided, specifically, to prove the merits of that policy, by showing what Libreboot would have been by now if it continued adhering to GNU policy, instead of changing to its current Blob Reduction Policy.
Libreboot provides all of the same blob-free configurations as Canoeboot, when possible on any given mainboard, and that is the preference, but the FSF/GNU dogma states that the user must never run any proprietary software. This dogma is wrong; a more correct approach is to say that proprietary software is bad, because it restricts the user's freedom to study and modify the software; it removes their power to say no when the developer wants to change the program in a bad way, it leaves them at the mercy of that developer - the point is this:
Free software is good, and we should be promoting as much of it as possible. This means that a hardline no-blob approach like the policy implemented by Canoeboot (or GNU Boot for that matter), is entirely misguided, because it will only alienate those who just want some free software. Most people like the idea of software freedom but cannot go all the way yet; we should encourage people to make the right choices, but otherwise just help them in whatever way we can, meeting people where they're at right now.
And that is why Libreboot exists in the way that it does. Canoeboot serves as an
example of what would happen in the best-case scenario if Libreboot never changed
its policy. The best possible release of Canoeboot will still be missing a ton
of boards and features from Libreboot. Indeed, the Canoeboot 20231026 and
nonGeNUine Boot 20230717 both illustrate that quite nicely.
GNU Boot 0.1 RC3 and Canoeboot 20240102
Dubbed Canoeboot 20240102, though it's not actually a release. For context, first read: https://libreboot.org/news/audit4.html
Canoeboot imported these changes, in
revision 102ce12cea023783729d6a2cd1576afc95bf7540 on 2 January 2024. This
revision is referred to unofficially as Canoeboot 20240102.
These changes add the following noteworthy improvements, that benefit Canoeboot users:
- GRUB 2.12 stable release, instead of GRUB 2.12-rc1. The stable release came out on 20 December 2023.
- Generic cmake and autoconf handling now, in the build scripts. This means that many more projects can be added more easily to the build system (utilities and such)
- Higher default drive level of 12mA, instead of 4mA, when building serprog images for RP2040-based MCUs
- Generic fixes in the build system, better error checking; failed Git patching
now actually exits, whereas in previous releases (and also in GNU Boot's
build system, because it inherits Libreboot which had this bug for years),
in many older releases,
git amfailing does not cause the build system to exit. The build continues, erroneously. Libreboot fixed this in audit 4, and Canoeboot has imported this. - Crossgcc tarballs no longer bundled in releases, making them smaller. The build system still downloads these at build time, but this means that now you will only download what you need, when you build Canoeboot for a board.
- Single-tree projects are now configurable with
target.cfgfiles. This could enable use of crossgcc, if you setxarch, and make/cmake/autoconf arguments are now all configurable intarget.cfg- previously, this file was only possible for multi-tree projects. grub.cfg: the default config scanning now also searches for syslinux configs, in addition to extlinux, though it still looks for GRUB configs first. GRUB can parse syslinux/extlinux configuration files. Canoeboot's GRUB is also now configured to search for configs on the ESP (EFI System Partition), both on USB media and on the installed system. With these changes, Canoeboot now boots distros much more reliably, especially UEFI-based ones, even though UEFI is not implemented in Caneoboot on x86 yet.
These and other/subsequent changes will be merged with the lists above, when the next Canoeboot release comes out. The main lists of changes above are for the current binary release of Canoeboot, versus GNU Boot.
GNU Boot 0.1 RC3
The article above compares Canoeboot 20231107 and GNU Boot 0.1 RC1. It should
be noted that 0.1 RC3 is now available, but it doesn't really add any major
changes, and most of the changes are documentation changes. Here is a brief list
of changes that would be beneficial to users:
- Removed a few binary blobs that GNU Boot overlooked, which were included in the GNU Boot (these were also overlooked in Canoeboot releases, and have been handled in Canoeboot, thanks to reports sent by Denis Carikli of GNUBoot)
- The
CONFIG_USE_BLOBSsetting was disabled on all coreboot configs - it is an extra setting that reduces the chance of the coreboot build system accidentally downloading blobs. - Uses the coreboot build system to generate TOP SWAP bootblocks on i945, rather than using dd. This means that the 2nd bootblock is present in CBFS, reducing the chance that it will be overwritten at build time.
- They've started integrating the Guix package manager into their build system, for example they now use Guix (not to be confused with Guix System, which ironically cannot build GNU Boot due to lack of GCC-Gnat) to build GRUB. This results in higher maintenance burden and slows down development of GNU Boot - I considered using Nix in lbmk, but I need to be able to change everything quickly. Extra complexity like that is overkill. The benefit though is that users can more easily build the software, without thinking about it as much.
GNU Boot 0.1 RC has not altered the coreboot code on any machines, nor the GRUB code, and in fact it seems to be vanilla GRUB 2.06. Most of the changes by 0.1 RC3 have been further integration of the Untitled Static Site Generator maintained by Leah Rowe, adapting Untitled (which builds the Libreboot, Canoeboot and GNU Boot websites) so that it can be used with the GNU Savannah infrastructure more easily (as of 2 January 2024, the GNU Boot project is considering adapting the website for use with Haunt instead of Untitled).
GNU Boot's code complexity increased, considerably. Counting build scripts,
the GNU Boot build system is 3216 lines of code, as of 0.1 RC3 - whereas,
the Canoeboot 20240102 build system is 1127 lines of code. That's about
3x smaller, but don't let size fool you. Canoeboot's design
is highly efficient. It does a lot more than GNU Boot currently does. You'll
note that this figure of 1127 is lower than the one given for Canoeboot
version 20231107, above. That is because Canoeboot became more efficient
since then!
Despite the considerable reduction in code size, by comparison, the Canoeboot build system is much more powerful. It does a lot more, patching and building a lot more projects, including U-Boot, and it handles cross compilation too, for ARM - it also integrates Serprog firmware projects, for STM32 and RP2040 devices, and has much better support for autoconf/cmake-based projects.
The Canoeboot build system is so vastly efficient due to its design. GNU Boot is based upon and expanded from Libreboot 20220710, which used a much more complicated build system design. The Canoeboot build system inherits changes from Libreboot Build System Audit 1, 2, 3 and 4, the purpose of which was (and is) to reduce build system complexity, improving efficiency and reliability, while adding many more features. Essentially, Canoeboot generalises a lot more logic, handling codebases (download, patch, configure, compile) more generically with a single script, whereas GNU Boot has separate scripts for each project, and thus duplicates a lot of logic. While the latter design of GNU Boot is more flexible in some ways, it does result in much higher complexity.
It should be noted that GNUBoot's code complexity increased a lot, relative to Libreboot 20220710 which it forked, while not actually adding any new functionality (none that will be beneficial to most users). The 20220710 build system was 2117 lines of code, versus GNU Boot's 3216, Canoeboot's 1127 and Libreboot's (on 2 January 2024) 1562!
That's all. The information above, and more, will be properly merged into this page when the next release of Canoeboot comes out, or when/if GNU Boot makes considerable technical improvements to their project.
As of 2 January 2024, GNU Boot is still about 1 year behind on code and about 2 years behind on documentation, when comparing to the technical progress of Libreboot; the same numbers also apply to Canoeboot vs GNU Boot.
Canoeboot 20240504
On this day, 4 May 2024, GNU Boot still has not made much progress; they're still stuck on 0.1 RC3, without my fixes that I showed off in Canoeboot 0.1, that I sent to them;
Now I have Canoeboot 20240504, which is vastly more up to date than the
November 2023 Canoeboot release, based on the newest Libreboot 20240504
release (simultaneous release!)
You can check the full release announcement, but here is an abbreviated list
of commits from lbmk that are in the Canoeboot 20240504 release;
Canoeboot from November (previous release) was based on Libreboot 20231106,
so:
the changes below are therefore LB 20231106 to 20240504 but with non-FSDG
bits removed, and therefore it reflects the changes in Canoeboot (because I
always keep CB/LB in sync):
* 5bf25eac coreboot: update latitude release status
* 7a955a4c d510mo and d945gclf: disable for release
* d9c0346a build/roms: more useful status warnings
* a9bc6b25 mark lenovo x301 as stable for release
* 6e61052a Merge pull request 'coreboot/default: Add patches to fix S3 on SNB/IVB Latitudes' (#208) from nic3-14159/lbmk:latitude-fix-s3 into master
* 99617796 Merge pull request 'Implemented failsafe options at boot and inside menus for enabling/disabling serial, spkmodem and gfxterm' (#203) from livio/lbmk:failsafe into master
|\
| * 3e86b3ab Implemented failsafe options at boot and inside menus for enabling/disabling serial, spkmodem and gfxterm
* | 64ae2ddd update/release: purge test/lib/strlcat.c in u-boot
* | 748b2072 mark x4x boards ready for release
* | 9caff263 err.sh: update copyright info
* | 7db2ae0b update/release: say when an archive is being made
* | cd9685d1 Merge pull request 'dell-flash-unlock: Remove dependency on GNU Make' (#207) from nic3-14159/lbmk:dell-flash-unlock-updates into master
|\ \
| * | a5cb6376 dell-flash-unlock: Remove dependency on GNU Make
|/ /
* | 4bf3da31 Merge pull request 'Fixed QEMU x86 target's SMBIOS informations' (#205) from livio/lbmk:qemux86_fix into master
|\ \
| * | 707d7ce7 Fixed QEMU x86 target's SMBIOS informations
| * | d654a3e5 Fixed QEMU x86 target's SMBIOS informations
| |/
* | a18cd7f1 Merge pull request 'Fixed boot selection menu' (#204) from livio/lbmk:livio_290424 into master
|\ \
| * | b4d27d0c Fixed boot selection menu
| |/
* | 05c3f493 Merge pull request 'dell-flash-unlock-updates' (#206) from nic3-14159/lbmk:dell-flash-unlock-updates into master
|\ \
| * | 61f66a46 dell-flash-unlock: Update README for BSD
| * | 5e2e7611 dell_flash_unlock: Add support for FreeBSD
| * | 61dbaf94 dell_flash_unlock: Set iopl level back to 0 when done
| * | 355dffb7 dell_flash_unlock: Fix ec_set_fdo() signature
| * | 6fe2482f dell-flash-unlock: Remove unnecessary includes for NetBSD
| * | b737a24c dell-flash-unlock: Remove memory clobber from inline assembly
* | | 5c3d81ff correct dell latitude status for release
* | | 50f6943c set gru bob/kevin stable for release
* | | df5e3216 set dell latitudes stable for release
* | | 7e7c3c23 mark i945 machines as stable for release
* | | 310378c9 build/roms: simplified list handling
* | | 5003e02b build/roms: if release, allow all non-broken roms
* | | dbe259ef build/roms: always display warnings
* | | 0e2c56be build/roms: reduce indentation in skip_board()
* | | 91927760 build/roms: simplified status handling
* | | 230f68fd build/roms: simplified seagrub handling
|/ /
* | 515185a7 build/roms: support SeaGRUB *with menu enabled*
* | a88a8281 update/trees: simplified defconfig copying
* | 55204dc4 option.sh: don't use nproc (not portable)
* | a5c7cc1a fix target.cfg files on dell latitudes
* | d923d314 use mirrorservice.org for iasl downloads
* | 714d4b3e update/release: disable status checking
* | e614f906 build/roms: tell the user how to ignore status
* | f22305fb update macbook21/x60/t60 status
* | 6c4f07b3 allow disabling status checks during builds
* | 3ace925e update more board statuses before release
* | e7619225 Set status=unstable on dell latitudes
* | 5218bfb0 declare gm45 thinkpads stable for release
* | b99ebe05 kcma-d8/kgpe-d16: mark as tested(unstable)
* | e5cc3e55 Merge pull request 'dell-flash-unlock: add NetBSD support' (#194) from linear/lbmk:master into master
|\ \
| * | e119ffa5 dell-flash-unlock: add NetBSD support
* | | c0b4ba2e build/roms: update help, pertaining to status
* | | d88783b7 build/roms: let "list" specify status types
* | | b6014a65 erroneous return
* | | ce7fd754 build/roms: report status when building images
* | | 64177dbb exports variables from err.sh, not build
* | | a5082de4 GRUB: bump to today's latest revision
* | | 08859bb4 lbmk: export TMPDIR from err.sh, not build
* | | f5f2c58a build/roms: add missing deletion of tmp file
* | | f7283fa1 grub xhci support
* | | 33277897 allow users to specify number of build threads
* | | 6ebab10c safer, simpler error handling in lbmk
| |/
|/|
* db074b78 enable serial console on fam15h boards
* 4680d154 ./update trees -u coreboot
* 0add5571 NEW BOARD: dell 9020 optiplex sff
|\
| * 4a9fca57 Patch SeaBIOS: Add MXM support
* | b7bc713b update pico-serprog to new revision
| * | 381cb119 config/coreboot/default/patches : Renumber E6420, E6520, E5530 patches
|/ /
|\|
| * 0e3a5759 update revision: pico-serprog
|/
* 91792c0c update coreboot configs
|\
* | 8e2e9735 add vga-only 9020 config
|/
* 0c8fa201 update pico-serprog to Riku's new revision
* 2ad52ed3 Merge pull request 'flashprog: apply the good old MX25 workaround' (#180) from Riku_V/lbmk:master into master
|\
| * 112d2a4e flashprog: apply the good old MX25 workaround
|/
* 77770f5a remove remaining flashrom remnants (use flashprog)
* 36ddd6f6 update parabola dependencies for flashprog
* 182a029f update arch dependencies for flashprog
* e8523864 update trisquel dependencies for flashprog
* 4131981c update debian dependencies for flashprog
* af82d671 config/git: use flashprog instead of flashrom
* 9071160c git.sh: also reset xtree/tree_depend here
* 39688ebe update/trees: reset xtree/tree_depend before build
* e5ebaa85 update config/git/docs to latest revs
* 0a24b2e6 dell/e6*30: use generic PS2K/PS2M EISAID strings
* 614c5efa update coreboot/dell to same rev as default
* 4a6dc555 coreboot/default: update coreboot to January 2024
* ece54631 script/vendor/inject: remove erroneous check
* 8b4a4f79 fam15h boards: define xtree
* dcf7da9a coreboot/fam15h_udimm: define xtree
* f72a72af don't download projects on release archives
* 435441d0 update/release: generate changelogs
* a225e4d5 fix amd mainboard configs
* c9961182 git.sh: fix bad call to ./update
* 3e7e0c7d git.sh: support downloading dependency trees
* 8f3d3ead re-use crossgcc builds on the coreboot trees
* 8a9c70f2 allow multitree projects to define xgcc tree
* c6d243af u-boot: don't define xarch in default
* 9877eb09 coreboot/*/target.cfg: don't define xarch
* e329b365 grub/target.cfg: move --disable-werror
* b71d4fd0 coreboot/fam15h: disable -Werror on binutils 2.32
* 1d971fcd grub: use --disable-werror on ./configure
* 33e25a33 dependencies/arch: add pandoc to dependencies
* 37817e6b GRUB: insert only 1 keymap per board, in cbfs
* df007d22 build/roms: err if -k layout doesn't exist
* d44c9551 build/roms: regression fix: uninitialised variable
* 2b6beaf2 Merge pull request 'config/dependencies/trisquel: replaced package from ttf-unifont to fonts-unifont' (#177) from goodspeed/lbmk:master into master
|\
| * 59096d8d config/dependencies/trisquel: replaced package from ttf-unifont to fonts-unifont
|/
* a8a7a51b Merge pull request 'Dell-flash-unlock README updates' (#175) from nic3-14159/lbmk:dell-flash-unlock-updates into master
|\
| * 051b17f4 README.md: Add notes about iopl and AC adapter requirement
|/
* f5b04fa5 build/roms: tidy up payload configuration handling
* 0b081218 build/roms: remove unused variable
* 4870e84e build/roms: don't needlessly re-build grub.elf
* 0e955f1e build/roms: create elf/grub if non-existent
* 3b66a5bb git.cfg: simplified revision checking
* a7f58abb fix oversight in previous commit
* 2d7e7306 build/roms: rename more functions for clarity
* 62a5f543 build/roms: rename payload functions for clarity
* 042c7877 build/roms: simplify seabios dependency check
* fcf2b2bb build/roms: simplify grub dependency check
* 535c9007 add copyright 2024 leah rowe to edited files
* cea88fa8 git.sh: simplify submodule handling in git_prep
* 1fcbadb8 git.sh: further simplify git_prep
* 48551ced git.sh: unify am/submodule and tree copying
* ce67c99f git.sh cleanup: git am handling (remove patchfail)
* e6953dc4 git.sh: clean up handling of tmp_git_dir
* d819403a git.sh: fix regression: patches before submodulse
* f4a14bd9 git.sh: clean up git submodule/am handling
* 11a82163 Bump GRUB to 2.12 release
* f3098f56 git.sh multi-tree: grab submodules *after* patches
* 5fb6e36f update/trees: clean up the coreboot-version check
* 4c9ee172 update/trees: support custom make/autogen argument
* c6a0e495 update/trees: generic cmake handling
* 30337b8f update/trees: avoid namespace clash in function
* b0615581 update/trees: dont hardcode autoconf/bootstrap arg
* eb3a8e2b unify script/update/trees and script/build/grub
* 34ded35f lbmk scripts: general code cleanup
* 4e067799 disable u-boot on x86 qemu
* bc87b5f6 lbmk scripts: general code cleanup
* 0c1d08d8 build/serprog: err if basename fails
* eff9130b update/trees: further simplify crossgcc handling
* 6752780f coreboot: update hp elitebook configs
* 15298985 Merge pull request 'Add HP 8300 CMT port' (#173) from Riku_V/lbmk:hp8300cmt into master
|\
| * 74147ea4 Add HP 8300 CMT port
|/
* 0aca6332 lbmk scripts: shorter code lines
* 575332f2 fix flashrom build error (implicit enum typecast)
* b4ab3057 lbmk scripts: general code cleanup
* 38a7aa31 build/roms: rename two functions for clarity
* 746d9cad build: remove test command
* 655d3cdc lbmk scripts: general code cleanup/optimisation
* 25f9d948 git/pico-serprog: update revision again
* e0fee7a4 git/pico-serprog: update revision
* a48b3841 build/roms: improved error handling for roms
* 33695a56 build/roms: remove redundant check
* 9d5d98eb set version/projectname properly
* aa525142 update/trees: fix infinite loop
* 465077bc vendor/download: check whether configs exist first
* 39293279 vendor/inject: fix dodgy error check (cd command)
* 72cd169e update/release: don't test ./vendor inject
* e8eb52f8 update/release: don't insert crossgcc tarballs
* b0e5fc9d lbmk scripts: general code cleanup
* b111f484 build/serprog: general code cleanup
* 2f98ca6d build: simplified TMPDIR handling
* ab65ea4c general code cleanup
|/
* 3ccf1941 update coreboot configs
* 95788059 update/trees crossgcc: call err if arch isn't set
* 90ac30b1 update/trees: simplified crossgcc handling
* 4711098e Merge pull request 'config/ifd/xx30: Fix 16_ifd component density and count' (#170) from nic3-14159/lbmk:xx30_16_ifd_fix into master
|\
* | 7f98ab8e git.sh: simplify submodule handling
* | 124b5beb build initialise_command: simplify handling
* | 9c00746b update/release: minor cleanup
* | f6ebab57 option.sh scan_config: clean up if/else block
* | 3b7009aa option.sh: print error on stderr, not stdout
* | c75ca20c option.sh: don't rely on zero status on printf
* | 578f105d git.sh git_am_patches: reduce indentation
* | cbd19d81 git.sh fetch_config: simplify tree name check
|/
* b9f69f26 grub.cfg syslinux: support scanning /boot/EFI/
* 766bb46c grub.cfg: fix path
* 430918ee grub.cfg: handle btrfs subvols for extlinux.conf
* d74c6c71 grub.cfg: scan extlinux/extlinux.conf
* f1d6c143 grub.cfg: support grub and extlinux on ata/ahci
* 6db94c1a grub.cfg: merge isolinux/grub usb menuentries
* c4544e04 grub.cfg: handle extlinux in the default menuentry
* eaa1341b grub.cfg syslinux: support ESP and extlinux.conf
* b817001e grub.cfg: don't boot linux without a grub.cfg
* 2d6e5ca4 grub.cfg: scan lvm volumes last
* 49eed9ac Revert "grub.cfg: try luks2/crypto-lvm before non-crypto"
* aed4dff8 Merge pull request 'Dell-flash-unlock README updates from upstream' (#168) from nic3-14159/lbmk:dell-flash-unlock-updates into master
|\
| * ca28255d README.md: Add instructions for relaxing memory permissions
| * f4819081 README.md: Add references to Open Security Training
* | 20389655 grub.cfg: try luks2/crypto-lvm before non-crypto
* | 3a36c827 Merge pull request 'master' (#165) from risapav/lbmk:master into master
|\ \
* | 0a8ef113 Merge pull request 'Update config/grub/config/grub.cfg' (#167) from semigel/lbmk:semigel-btrfs-subvol-patch-1 into master
|\ \
| |/
|/|
| * ababbc09 Update config/grub/config/grub.cfg
|/
* 39a3de57 remove DEBUG handling in lbmk (not needed)
* 1eb4df67 fix several shellcheck warnings
* 54ca5f24 Merge pull request 'config/dependencies/debian: add unifont-bin & xfonts-unifont' (#163) from Riku_V/lbmk:debgrub into master
|\
| * 2e6073f2 config/dependencies/debian: add unifont-bin & xfonts-unifont
* | 2e779a54 handle errors on exits from subshells
* | 9558e2fc improved safety/error handling on multitree git-am
* | 7af200a1 Merge pull request 'fix void dependencies: openssl-devel' (#161) from Riku_V/lbmk:fixvoid into master
|\|
| * 6d8d2e75 fix void dependencies: openssl-devel
|/
* cb3fad07 Merge pull request 'fix void dependencies: freetype-devel' (#160) from Riku_V/lbmk:fixvoid into master
|\
| * 01a82431 fix void dependencies: freetype-devel
|/
* 5a6dec97 Merge pull request 'fix void dependencies typo' (#159) from Riku_V/lbmk:fivoid into master
|\
| * 50bfe1ca fix void dependencies typo
|/
* 4e00ac00 revert flashrom back to version 1.2
* 83c8248f dependencies/debian: fix libfreetype-dev
* 39aad578 grub: re-add fat/nt file system modules
* 47ef411e Bump GRUB revision to 8 November 2023 revision
* ce1176f5 fix typo in help text
* 70882902 build: set --author when running git init
* 5af3ae05 lbmk: don't use status for unconditional returns
* 64f93374 lbmk: support showing the revision in help text
* f4b2a588 build: don't generate version/versiondate as root
* c4d90087 add grub mods: diskfilter,hashsum,loadenv,setjmp
* d0d6decb re-add grub modules: f2fs, json, read, scsi, sleep
* d3ade208 Merge pull request 'nvmhelp' (#152) from Riku_V/lbmk:nvmhelp into master
* 86608721 nvmutil: print usage
* f12f5c3a nvmutil: fix makefile