From b7f2b8ed1053131ecf946e154cc2e85735ba976e Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Sun, 15 Nov 2015 18:37:16 -0500 Subject: Don't use html U, B or I tags. Use HTML5 tags strong and em --- diff --git a/site/contrib/index.php b/site/contrib/index.php index 4769d4a..da075e2 100644 --- a/site/contrib/index.php +++ b/site/contrib/index.php @@ -47,39 +47,39 @@

Francis Rowe

- francis7 (formerly fchmmr), or you can contact this person by the email address info@gluglug.org.uk (GPG)."); ?> + francis7 (formerly fchmmr), or you can contact this person by the email address info@gluglug.org.uk (GPG)."); ?>

Paul Kocialkowski

- Ported the ARM (Rockchip RK3288 SoC) based Chromebook laptops to libreboot. Also one of the main Replicant developers. - Contact Paul on the libreboot IRC channel by the alias paulk or paulk-<hostname> (hostname is variable). + Ported the ARM (Rockchip RK3288 SoC) based Chromebook laptops to libreboot. Also one of the main Replicant developers. + Contact Paul on the libreboot IRC channel by the alias paulk or paulk-<hostname> (hostname is variable).

Timothy Pearson

Ported the ASUS KGPE-D16 board to coreboot for the company Raptor Engineering of which Timothy is the CEO, and collaborated with Francis on merging it in libreboot. Timothy maintains this code in coreboot, helping Francis with the libreboot integration for it. - This person's contact details are on the raptor site, or you can ping tpearson on the freenode IRC network. + This person's contact details are on the raptor site, or you can ping tpearson on the freenode IRC network.

Patrick "P. J." McDermott

ProteanOS maintainer, responsible for maintaining ProteanOS builds on many libreboot targets, and contributes to libreboot."); ?> - pehjota, or you can find contact information on the ProteanOS website."); ?> + pehjota, or you can find contact information on the ProteanOS website."); ?>

Michał Masłowski

- mtjm on the libreboot IRC channel, or find contact information (including GPG keys) on the website http://mtjm.eu/"); ?> + mtjm on the libreboot IRC channel, or find contact information (including GPG keys) on the website http://mtjm.eu/"); ?>

Lisa Maginnis

FSF sysadmin, responsible for maintaining the libreboot and libreboot-dev mailing lists, and much of the infrastructure that libreboot uses (for instance, libreboot uses Savannah for Git hosting)."); ?> - nully in the libreboot IRC channel."); ?> + nully in the libreboot IRC channel."); ?>

Steve Shenton

remove the ME on ICH9-M laptops (originally the ThinkPad X200, and later expanded to more laptops)."); ?> - sgsit on the libreboot IRC channel."); ?> + sgsit on the libreboot IRC channel."); ?>

diff --git a/site/download/index.php b/site/download/index.php index eb1d25c..33242df 100644 --- a/site/download/index.php +++ b/site/download/index.php @@ -37,10 +37,10 @@

- + . . - +

These are stable releases, intended for general use. If you want something more up to date @@ -63,8 +63,8 @@

Download libreboot (unstable/beta releases)

- WARNING: the probability that these releases will brick your machine is above 70%. You may also be attacked by sharks. - Proceed with caution. + WARNING: the probability that these releases will brick your machine is above 70%. You may also be attacked by sharks. + Proceed with caution.

Over time, stable libreboot release cycles have become much slower, due to more boards being supported diff --git a/site/faq/index.php b/site/faq/index.php index 207ac9b..a0a41d4 100644 --- a/site/faq/index.php +++ b/site/faq/index.php @@ -115,8 +115,8 @@

Why is the latest Intel hardware unsupported in libreboot? #intel

It is extremely unlikely that any post-2008 Intel hardware will ever be supported in libreboot, due to - severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern Intel hardware. - If you have an Intel based system affected by the problems described below, then you should get rid of it as soon as possible. The main issues are as follows: + severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern Intel hardware. + If you have an Intel based system affected by the problems described below, then you should get rid of it as soon as possible. The main issues are as follows:

Intel Management Engine (ME) #intelme

@@ -126,20 +126,20 @@ located in the (G)MCH chip. In Q3 2009, the first generation of Intel Core i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside - the PCH chip, which itself replaced the ICH. Thus, the ME is present on all - Intel desktop, mobile (laptop), and server systems since mid 2006. + the PCH chip, which itself replaced the ICH. Thus, the ME is present on all + Intel desktop, mobile (laptop), and server systems since mid 2006.

The ME consists of an ARC processor core (replaced with other processor cores in later generations of the ME), code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography - engine, internal ROM and RAM, memory controllers, and a direct memory access - (DMA) engine to access the host operating system's memory as well as to + engine, internal ROM and RAM, memory controllers, and a direct memory access + (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited - internal RAM. The ME also has network access with its own MAC address + internal RAM. The ME also has network access with its own MAC address through an Intel Gigabit Ethernet Controller. Its boot program, stored on the internal ROM, loads a firmware "manifest" from the PC's SPI flash chip. This - manifest is signed with a strong cryptographic key, which differs + manifest is signed with a strong cryptographic key, which differs between versions of the ME firmware. If the manifest isn't signed by a specific Intel key, the boot ROM won't load and execute the firmware and the ME processor core will be halted. @@ -147,12 +147,12 @@

The ME firmware is compressed and consists of modules that are listed in the manifest along with secure cryptographic hashes of their contents. One module - is the operating system kernel, which is based on a proprietary real-time - operating system (RTOS) kernel called "ThreadX". The developer, Express + is the operating system kernel, which is based on a proprietary real-time + operating system (RTOS) kernel called "ThreadX". The developer, Express Logic, sells licenses and source code for ThreadX. Customers such as Intel are forbidden from disclosing or sublicensing the ThreadX source code. Another - module is the Dynamic Application Loader (DAL), which consists of a Java - virtual machine and set of preinstalled Java classes for cryptography, + module is the Dynamic Application Loader (DAL), which consists of a Java + virtual machine and set of preinstalled Java classes for cryptography, secure storage, etc. The DAL module can load and execute additional ME modules from the PC's HDD or SSD. The ME firmware also includes a number of native application modules within its flash memory space, including Intel Active @@ -164,12 +164,12 @@ Active Management Technology (AMT) application, part of the Intel "vPro" brand, is a Web server and application code that enables remote users to power on, power off, view information about, and otherwise manage the PC. It can - be used remotely even while the PC is powered off (via Wake-on-Lan). + be used remotely even while the PC is powered off (via Wake-on-Lan). Traffic is encrypted using SSL/TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT - application itself has - known vulnerabilities, which have been exploited to develop rootkits + known vulnerabilities, which have been exploited to develop rootkits and keyloggers and covertly gain encrypted access to the management features of a PC. Remember that the ME has full access to the PC's RAM. This means that an attacker exploiting any of these vulnerabilities may gain access to everything @@ -182,7 +182,7 @@ Intel Core i3/i5/i7 (Haswell) CPUs. It allows a PC OEM to generate an asymmetric cryptographic keypair, install the public key in the CPU, and prevent the CPU from executing boot firmware that isn't signed with their private key. - This means that coreboot and libreboot are impossible to port to such + This means that coreboot and libreboot are impossible to port to such PCs, without the OEM's private signing key. Note that systems assembled from separately purchased mainboard and CPU parts are unaffected, since the vendor of the mainboard (on which the boot firmware is stored) can't possibly affect the @@ -190,9 +190,9 @@

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include - an ME application for audio and video audio and video - DRM called "Protected Audio Video Path" (PAVP). The ME receives from + DRM called "Protected Audio Video Path" (PAVP). The ME receives from the host operating system an encrypted media stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the GPU, which then decrypts the media. PAVP is also used by another ME application to draw an @@ -203,8 +203,8 @@ DRM application called "Intel Insider". Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the omnipotent capabilities of the ME: this hardware and its proprietary firmware - can access and control everything that is in RAM and even everything that is - shown on the screen. + can access and control everything that is in RAM and even everything that is + shown on the screen.

The Intel Management Engine with its proprietary firmware has complete access to @@ -240,46 +240,46 @@ ROM would reject any modified firmware that isn't signed by Intel. Thus, the ME firmware is both hopelessly proprietary and "tivoized".

-

+

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware. -

+

More information about the Management Engine can be found on various Web sites, including me.bios.io, the smashthestack network, coreboot wiki, and - Wikipedia. The book - Platform Embedded Security Technology Revealed describes in great + Wikipedia. The book + Platform Embedded Security Technology Revealed describes in great detail the ME's hardware architecture and firmware application modules.

Firmware Support Package (FSP) #fsp

On all recent Intel systems, coreboot support has revolved around integrating a blob (for each system) called - the FSP (firmware support package), which handles all of the hardware initialization, including + the FSP (firmware support package), which handles all of the hardware initialization, including memory initialization. Reverse engineering and replacing this blob is almost impossible, due to how complex it is. Even for the most skilled developer, it would take years to replace. Intel distributes this blob to firmware developers, without source.

Since the FSP is responsible for the early hardware initialization, that means it also handles SMM (System Management Mode). This is - a special mode that operates below the operating system level. It's possible that rootkits could be implemented there, which could + a special mode that operates below the operating system level. It's possible that rootkits could be implemented there, which could perform a number of attacks on the user (the list is endless). Any Intel system that has the proprietary FSP blob cannot be trusted at - all. In fact, several SMM rootkits have been demonstrated in the wild (use a search engine to find them). + all. In fact, several SMM rootkits have been demonstrated in the wild (use a search engine to find them).

CPU microcode updates #microcode

- All modern x86 CPUs (from Intel and AMD) use what is called microcode. CPUs are extremely complex, + All modern x86 CPUs (from Intel and AMD) use what is called microcode. CPUs are extremely complex, and difficult to get right, so the circuitry is designed in a very generic way, where only basic instructions are handled in hardware. Most of the instruction set is implemented using microcode, which is low-level software running inside the CPU that can specify how the circuitry is to be used, for each instruction. The built-in microcode is part of the hardware, and read-only. Both the circuitry and the microcode can have bugs, which could cause reliability issues.

- Microcode updates are proprietary blobs, uploaded to the CPU at boot time, which patches the built-in + Microcode updates are proprietary blobs, uploaded to the CPU at boot time, which patches the built-in microcode and disables buggy parts of the CPU to improve reliability. In the past, these updates were handled by the operating system kernel, but on all recent systems it is the boot firmware that must perform this task. Coreboot does distribute microcode updates for Intel and AMD CPUs, but libreboot cannot, because the whole point of libreboot @@ -292,15 +292,15 @@ unstable (memory corruption, for example).

- Intel CPU microcode updates are signed, which means that you could not even run a modified version, even if + Intel CPU microcode updates are signed, which means that you could not even run a modified version, even if you had the source code. If you try to upload your own modified updates, the CPU will reject them. In other words, - the microcode updates are tivoized. + the microcode updates are tivoized.

Intel is uncooperative #intelbastards

For years, coreboot has been struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot developers, and companies, have tried to get Intel to cooperate; namely, releasing source code - for the firmware components. Even Google, which sells millions of chromebooks (coreboot preinstalled) + for the firmware components. Even Google, which sells millions of chromebooks (coreboot preinstalled) have been unable to persuade them.

@@ -318,8 +318,8 @@ anyway. Moving forward, Intel hardware is a non-option unless a radical change happens within Intel.

- Basically, all Intel hardware from year 2010 and beyond will never be supported by libreboot. The libreboot project - is actively ignoring all modern Intel hardware at this point, and focusing on alternative platforms. + Basically, all Intel hardware from year 2010 and beyond will never be supported by libreboot. The libreboot project + is actively ignoring all modern Intel hardware at this point, and focusing on alternative platforms.

Back to top of page @@ -372,7 +372,7 @@ coreboot do have onboard graphics chipsets, but these also require a proprietary Video BIOS, in most cases.

- There is the XGI Z9s PCI-E graphics card, documented under Board Ports in ../docs/tasks.html, which might be viable for you. + There is the XGI Z9s PCI-E graphics card, documented under Board Ports in ../docs/tasks.html, which might be viable for you.

Although not desktop hardware (it's a server board), libreboot does support @@ -413,7 +413,7 @@

What about ARM? #arm

- Libreboot has support for some ARM based laptops, using the Rockchip RK3288 SoC. + Libreboot has support for some ARM based laptops, using the Rockchip RK3288 SoC. Check the libreboot hardware compatibility list, for more information.

@@ -495,12 +495,12 @@ More information about payloads can be found at coreboot.org/Payloads.

- Libreboot inherits the modular payload concept from coreboot, which means that pre-OS bare-metal BIOS setup programs - are not very practical. Coreboot (and libreboot) does include a utility called nvramtool, which can be used - to change some settings. You can find nvramtool under coreboot/util/nvramtool/, in the libreboot source archives. + Libreboot inherits the modular payload concept from coreboot, which means that pre-OS bare-metal BIOS setup programs + are not very practical. Coreboot (and libreboot) does include a utility called nvramtool, which can be used + to change some settings. You can find nvramtool under coreboot/util/nvramtool/, in the libreboot source archives.

- The -a option in nvramtool will list the available options, and -w can be used to change them. Consult + The -a option in nvramtool will list the available options, and -w can be used to change them. Consult the nvramtool documentation on the coreboot wiki for more information.

@@ -511,8 +511,8 @@

Do I need to install a bootloader when installing GNU/Linux? #bootloader

- Libreboot integrates the GRUB bootloader already, as a payload. This means - that the GRUB bootloader is actually flashed, as part of the boot firmware (libreboot). This means that you do + Libreboot integrates the GRUB bootloader already, as a payload. This means + that the GRUB bootloader is actually flashed, as part of the boot firmware (libreboot). This means that you do not have to install a boot loader on the HDD or SSD, when installing GNU/Linux. You'll be able to boot GNU/Linux just fine, using the bootloader (GRUB) that is in the flash chip.

@@ -545,10 +545,10 @@

The Video BIOS is present on most video hardware. On all current libreboot systems, this is implemented using free software. The Video BIOS is responsible for initializing any sort of visual display; without it, you'd have what's called - a headless system. + a headless system.

- For integrated graphics, the VBIOS is usually embedded as an option ROM in the main boot firmware. For external + For integrated graphics, the VBIOS is usually embedded as an option ROM in the main boot firmware. For external graphics, the VBIOS is usually on the graphics card itself. This is usually proprietary; the only difference is that SeaBIOS executes it (alternatively, you embed it in a coreboot ROM image and have coreboot executes it, if you use a different payload, such as GRUB). @@ -702,8 +702,8 @@ The current theory (unproven) is that this will at least prevent malicious drives from wrongly manipulating data being read from or written to the drive, since it can't access your LUKS key if it's only ever in RAM, provided that the HDD doesn't have DMA (USB devices don't have DMA). The worst that it could do in this case - is destroy your data. Of course, you should make sure never to put any keyfiles in the LUKS header. Take what - this paragraph says with a pinch of salt. This is still under discussion, and none of this is proven. + is destroy your data. Of course, you should make sure never to put any keyfiles in the LUKS header. Take what + this paragraph says with a pinch of salt. This is still under discussion, and none of this is proven.

Back to top of page diff --git a/site/git/index.php b/site/git/index.php index 8b1a83c..34c1e9e 100644 --- a/site/git/index.php +++ b/site/git/index.php @@ -64,15 +64,15 @@ (such as coreboot) require a legal name, and this can be problematic for certain groups of people.

- Using your legal name is not required when submitting patches to libreboot. For reasons why we have this policy, read this article. You can use a pseudonym (alternative name), or your company name (if you have one), if you want or need to do that. You can also - submit patches without a name, if you want or need to do that (instructions are provided on this page). Also, read this article. Unfortunately, git appears to be stuck with these problems, when an author changes their name, and we don't have a concrete answer to it. + Using your legal name is not required when submitting patches to libreboot. For reasons why we have this policy, read this article. You can use a pseudonym (alternative name), or your company name (if you have one), if you want or need to do that. You can also + submit patches without a name, if you want or need to do that (instructions are provided on this page). Also, read this article. Unfortunately, git appears to be stuck with these problems, when an author changes their name, and we don't have a concrete answer to it. As far as we know, publishing your legal name isn't even required for copyright purposes; in fact, "pen" names are commonly used by literary authors.

- When submitting any kind of documentation, try not to use the terms him/her, she/he, his/her, or anything that is gender biased. Use their, they, them, those people, that person, and so on. You are making a huge difference. + When submitting any kind of documentation, try not to use the terms him/her, she/he, his/her, or anything that is gender biased. Use their, they, them, those people, that person, and so on. You are making a huge difference.

- If you're worried about receiving spam, you can supply patches with a non-existent email address; see notes below about noname@libreboot.org; you + If you're worried about receiving spam, you can supply patches with a non-existent email address; see notes below about noname@libreboot.org; you can use this whether providing a name or not. The email address doesn't exist, and will just bounce. We do not require a way to contact you, so a working email address is not required.

@@ -80,12 +80,12 @@ copyleft preferred)."); ?> https://www.gnu.org/licenses/license-list.html. NOTE: - not putting a copyright notice on a work does not mean it lacks copyright. Copyright is automatic in most countries. Not putting a license - on a work also does not make that work free; you have to declare a free license, otherwise the default, restrictive copyright laws apply for those + not putting a copyright notice on a work does not mean it lacks copyright. Copyright is automatic in most countries. Not putting a license + on a work also does not make that work free; you have to declare a free license, otherwise the default, restrictive copyright laws apply for those who wish to do anything with your work. Always put a license on your work!

- Small technical note: libreboot is working to convert all documentation to texinfo, where + Small technical note: libreboot is working to convert all documentation to texinfo, where it is currently written in HTML, directly. Therefore, please submit any new documentation under this format, during the transition period.

@@ -104,26 +104,26 @@

#download

- Libreboot development is facilitated by git, a distributed version control system. + Libreboot development is facilitated by git, a distributed version control system. You will need to install git (most GNU/Linux distributions package it in their repositories).

-

This also contains the documentation:"); ?>

+

This also contains the documentation:"); ?>

Use this command, to download the repository:
- git clone
+ git clone
...you can also browse this repository on the web

- A new directory named libreboot will have been created, containing libreboot. + A new directory named libreboot will have been created, containing libreboot.

-

Documentation is in the other repository:"); ?>

+

Documentation is in the other repository:"); ?>

Use this command, to download the repository:
- git clone
+ git clone
...you can also browse this repository on the web

- A new directory named libreboot-website will have been created, containing the libreboot website files. + A new directory named libreboot-website will have been created, containing the libreboot website files.

Back to top of page @@ -134,7 +134,7 @@

#contrib

- Libreboot development is facilitated by git, a distributed version control system that is in wide use today. Git provides many practical benefits, + Libreboot development is facilitated by git, a distributed version control system that is in wide use today. Git provides many practical benefits, making collective development of software very easy.

@@ -142,70 +142,70 @@


- $ git config --global user.name "Your Name"
- $ git config --global user.email your@emailaddress.com
- NOTE: you do not have to use your legal name; we don't care what name you use. Pseudonyms (alternative names) are OK. If you wish to be anonymous (no name), you can also use Libreboot Contributor as your name, and noname@libreboot.org as the email address. We will happily accept anonymous contributions in the libreboot project. + $ git config --global user.name "Your Name"
+ $ git config --global user.email your@emailaddress.com
+ NOTE: you do not have to use your legal name; we don't care what name you use. Pseudonyms (alternative names) are OK. If you wish to be anonymous (no name), you can also use Libreboot Contributor as your name, and noname@libreboot.org as the email address. We will happily accept anonymous contributions in the libreboot project.


- $ git config --global core.editor nano
- $ git config --global color.status auto
- $ git config --global color.branch auto
- $ git config --global color.interactive auto
- $ git config --global color.diff auto + $ git config --global core.editor nano
+ $ git config --global color.status auto
+ $ git config --global color.branch auto
+ $ git config --global color.interactive auto
+ $ git config --global color.diff auto

- NOTE: the above steps for colour make git use red/green font colours for showing diffs. If you are red/green colour-blind, please ignore the above steps. The default configuration in git is no-colour (all one colour, usually the default that your terminal uses). If you are colour-blind, git can display in other colours; refer - to the git documentation. + NOTE: the above steps for colour make git use red/green font colours for showing diffs. If you are red/green colour-blind, please ignore the above steps. The default configuration in git is no-colour (all one colour, usually the default that your terminal uses). If you are colour-blind, git can display in other colours; refer + to the git documentation.

- libreboot directory."); ?> + libreboot directory."); ?>

- When working with git, you will need your current working directory to be inside the libreboot directory that was just created.
- $ cd libreboot/ + When working with git, you will need your current working directory to be inside the libreboot directory that was just created.
+ $ cd libreboot/


- $ git status + $ git status

- git add path/to/file. You should also add any other files that are listed as modified in the git status. If there are deleted files in the git status, you can use git rm path/to/file. As long as you have added all the untracked files, it is generally easier to use:"); ?>
- $ git commit -a
- git commit)"); ?> + git add path/to/file. You should also add any other files that are listed as modified in the git status. If there are deleted files in the git status, you can use git rm path/to/file. As long as you have added all the untracked files, it is generally easier to use:"); ?>
+ $ git commit -a
+ git commit)"); ?>


- $ git commit --amend
+ $ git commit --amend

- $ git commit -a --amend + $ git commit -a --amend

- If you wish to use a different author name for the commit command, add --author="Author's Name <author's email address>" at the end. This + If you wish to use a different author name for the commit command, add --author="Author's Name <author's email address>" at the end. This could be a pseudonym (alternative name), or it could be because you are submitting a patch on someone else's - behalf. If you wish to be anonymous (no name), you can also use Libreboot Contributor as your name, and noname@libreboot.org as the email address. We will happily accept anonymous contributions in the libreboot project. + behalf. If you wish to be anonymous (no name), you can also use Libreboot Contributor as your name, and noname@libreboot.org as the email address. We will happily accept anonymous contributions in the libreboot project.

- Check once more that everything you want is added. Use the git status command to check for untracked changes/files, and adapt accordingly. - Once you've committed everything, your changes will appear in a diff format, using this command:
- $ git show
- Use PgUp/PgDown to navigate the diff output. This uses the less utility, so all the features from that (e.g. keyword search) are also available. + Check once more that everything you want is added. Use the git status command to check for untracked changes/files, and adapt accordingly. + Once you've committed everything, your changes will appear in a diff format, using this command:
+ $ git show
+ Use PgUp/PgDown to navigate the diff output. This uses the less utility, so all the features from that (e.g. keyword search) are also available.


- $ git log + $ git log


- $ git config --global --add alias.lol "log --graph --decorate --pretty=oneline --abbrev-commit --all"
+ $ git config --global --add alias.lol "log --graph --decorate --pretty=oneline --abbrev-commit --all"

- $ git lol
- git log, but it's much better and shows branches, etc."); ?> + $ git lol
+ git log, but it's much better and shows branches, etc."); ?>

@@ -232,7 +232,7 @@ - $ git clone + $ git clone "; ?> - $ git clone + $ git clone "; ?>

  • Texinfo is the official documentation format, for all GNU software.
    • -
  • GNU Emacs has decent integration for editing Texinfo documents. See Texinfo mode. We should promote use of Emacs +
  • GNU Emacs has decent integration for editing Texinfo documents. See Texinfo mode. We should promote use of Emacs (the lead develop of libreboot is attempting to learn it). It's also very useful in general. We could document it to a limited extent, with quick tips, cheat sheets and links to more guides on other sites.
  • @@ -102,7 +102,7 @@
  • Make libreboot possible to build from source without network access - DONE! (only in release archives. development in git requires network access, for downloading the extra modules that go into the release archives. There is no way to avoid - this, due to what libreboot actually is - a boot firmware distribution, combining several projects, much like you have GNU/Linux distributions + this, due to what libreboot actually is - a boot firmware distribution, combining several projects, much like you have GNU/Linux distributions which are identical in concept).
    • @@ -113,13 +113,13 @@
  • Modify the build system, to directly download (only in git. release archives would have them already) the build dependencies that libreboot currently tells the user to install from their distribution package repository, and build these from source, with - our own GCC (re-use coreboot's GCC, which libreboot already uses). This will make complete corresponding source provision easier, + our own GCC (re-use coreboot's GCC, which libreboot already uses). This will make complete corresponding source provision easier, because it would be automated; this is in contrast to the present setup, where the person distributing binaries has to include the sources for build dependencies from the distribution that they happened to use for compiling those packages.
    • This will also make everything self-contained, and coreboot already has integration for cross-compiling. We can make cross compilation of utilities for non-x86 architectures much easier, without relying on quirks from the user's GNU/Linux distribution, where the - only thing we need from their distribution is the necessary toolchain for building libreboot's own version of GCC, which would then take over
      • + only thing we need from their distribution is the necessary toolchain for building libreboot's own version of GCC, which would then take over
    • However, do not install these dependencies, only self-host them in the libreboot source archive. Also provide an option for the user to ignore libreboot's GCC and dependencies, and use what their GNU/Linux distribution provides, when building from source. diff --git a/site/gpg/index.php b/site/gpg/index.php index cba7377..72695f4 100644 --- a/site/gpg/index.php +++ b/site/gpg/index.php @@ -41,21 +41,21 @@


      - $ gpg --recv-keys + $ gpg --recv-keys

      - rom/ in that directory, and crossgcc tarballs under crossgcc/."); ?> + rom/ in that directory, and crossgcc tarballs under crossgcc/."); ?>


      - $ sha512sum -c sha512sum.txt + $ sha512sum -c sha512sum.txt


      - $ gpg --verify sha512sum.txt.sig + $ gpg --verify sha512sum.txt.sig

      @@ -72,4 +72,4 @@ \ No newline at end of file +?> diff --git a/site/index.php b/site/index.php index 185001b..c60ddca 100644 --- a/site/index.php +++ b/site/index.php @@ -53,18 +53,18 @@

      Libreboot is free software; we do not use the term "open source", because that term ignores the ethical ideals of the free software movement, focusing only on practicality and efficiency (short term convenience). Read this article for more information. However, libreboot also qualifies as an "open source" BIOS or UEFI firmware replacement, even if we don't like the open source argument (open source fails to teach users to value their freedom, which leads to proprietary software being accepted - as normal and acceptable, even though proprietary software is unethical and never the solution). + as normal and acceptable, even though proprietary software is unethical and never the solution).

      - Libreboot provides a fully free (deblobbed) coreboot tree, called coreboot-libre, with payloads and utilities already included. It attempts to make coreboot - easy to use, by providing a fully automated build and installation process (and tested, stable releases), along with documentation designed for non-technical users. + Libreboot provides a fully free (deblobbed) coreboot tree, called coreboot-libre, with payloads and utilities already included. It attempts to make coreboot + easy to use, by providing a fully automated build and installation process (and tested, stable releases), along with documentation designed for non-technical users. You don't even need to build from source if you don't want to; ROM images and utilities are also included in each release, pre-compiled from the available source code.

      - Libreboot has many practical advantages over proprietary firmware, such as faster boot speeds and better security. For example, you can install GNU/Linux with an encrypted /boot/ directory, verify a GPG signature on your kernel before booting it, load a kernel from the flash chip, and more! + Libreboot has many practical advantages over proprietary firmware, such as faster boot speeds and better security. For example, you can install GNU/Linux with an encrypted /boot/ directory, verify a GPG signature on your kernel before booting it, load a kernel from the flash chip, and more!

      - We are working on getting libreboot certified as an official component of the GNU system. + We are working on getting libreboot certified as an official component of the GNU system.

        • @@ -80,13 +80,13 @@

      How to help?

        @@ -102,7 +102,7 @@

        These systems come with libreboot and GNU/Linux preinstalled, where everything works out of the box. This is useful, for those who do not want to install the software on their own, but still want to use it. These systems are fully endorsed by the Free Software Foundation, - under their Respects your Freedom certification. + under their Respects your Freedom certification.

    • @@ -119,7 +119,7 @@ Not in the USA? That doesn't matter. The FCC's decision here will affect everyone.

    - Visit SaveWifi.org to learn more, and to find out what you can do about it. Europeans, read this article. + Visit SaveWifi.org to learn more, and to find out what you can do about it. Europeans, read this article.

    diff --git a/site/suppliers/index.php b/site/suppliers/index.php index 764e45c..eaf72ad 100644 --- a/site/suppliers/index.php +++ b/site/suppliers/index.php @@ -43,17 +43,17 @@

    Ministry of Freedom (UK)

    Ministry of FreedomBased in the UK and operating since 2013, the Ministry of Freedom (officially Minifree Ltd, formerly Gluglug) sells laptops with libreboot and Trisquel GNU/Linux preinstalled. - You can also ship your libreboot-compatible system to this company and have libreboot installed, as part of a libreboot installation service. + You can also ship your libreboot-compatible system to this company and have libreboot installed, as part of a libreboot installation service.

    - This company ships worldwide, to all countries. + This company ships worldwide, to all countries.

    The computers that Minifree sells are fully endorsed by the Free Software Foundation, - under their Respects Your Freedom hardware certification criteria. Minifree was the first company to ever achieve this on a laptop computer. + under their Respects Your Freedom hardware certification criteria. Minifree was the first company to ever achieve this on a laptop computer.

    - The director, Francis Rowe, is also the lead developer of libreboot (and founder of the libreboot project). Profits directly fund the libreboot project. + The director, Francis Rowe, is also the lead developer of libreboot (and founder of the libreboot project). Profits directly fund the libreboot project.

    Products available