[Git][reproducible-builds/reproducible-website][master] venice 2022: move https://pad.riseup.net/p/rbsummmit2022-firmware-keep to here

Tue Jan 24 12:43:58 UTC 2023


Holger Levsen pushed to branch master at Reproducible Builds / reproducible-website


Commits:
af639729 by Holger Levsen at 2023-01-24T13:43:46+01:00
venice 2022: move https://pad.riseup.net/p/rbsummmit2022-firmware-keep to here

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


2 changed files:

- _events/venice2022/agenda.md
- + _events/venice2022/firmware.md


Changes:

=====================================
_events/venice2022/agenda.md
=====================================
@@ -93,9 +93,9 @@ Day 3 - Thursday, November 3rd
   * The day started with a summary of Day 2 outcomes and a Day 3 Agenda Overview.
 * 9.30 Collaborative Working Sessions, break-out discussions continue.
   * Verifying packages at installation discussion (in-toto): FIXME https://pad.riseup.net/p/rbsummmit2022-installation-keep
-  * [taxonomy]({{ "/events/venice2022/taxonomy/" | relative_url }})
+  * [Taxonomy]({{ "/events/venice2022/taxonomy/" | relative_url }})
   * Debian FIXME https://pad.riseup.net/p/rbsummmit2022-debian-keep
-  * Firmware FIXME https://pad.riseup.net/p/rbsummmit2022-firmware-keep
+  * [Firmware]({{ "/events/venice2022/firmware/" | relative_url }})
 * 10.45 Break
 * 11.00 Collaborative Working Sessions, break-out discussions continue.
   * in-toto vs sbom (spdx) FIXME https://pad.riseup.net/p/rbsummmit2022-intoto-vs-sbom


=====================================
_events/venice2022/firmware.md
=====================================
@@ -0,0 +1,50 @@
+---
+layout: event_detail
+title: Collaborative Working Sessions - Firmware
+event: venice2022
+order: 130
+permalink: /events/venice2022/firmware
+---
+
+Reproducible Builds Summit 2022
+
+- What is Firmware
+  - Integrated software components
+  - Software w/o user interaction
+  - Usually means cross-compilation
+  - Usually "closed" systems with minimal user control
+  - Often limited resources (memory, cpu)
+- Build processes
+  - Open vs. closed toolchains
+    - Some are closed source
+    - Some are GCC (sometimes with patches)
+    - Some are clang
+    - Some are "something else" (sdcc?)
+- UEFI
+  - many laptops won't allow changing the firmware
+    - intel bootguard
+    - in theory, you could reproduce it and verify, but this is hard due to closed-sourced components and unknown contents
+  - should be reproducable if you build coreboot
+  - more of a political challenge than technical
+    - need access to source, toolchains, etc...
+- projects/companies that are involved w/ reproducable builds
+  - coreboot
+  - openwrt
+  - yocto
+  - openembedded
+  - trezor (crypto wallet)
+  - mullvad (vpn provider)
+- Benefits to end-users
+  - users can't trust their devices without knowing where the firmware came from
+  - companies purchasing equipment (network gear, etc...) have a strong need to trust the devices
+  - potential for "software escrow"
+- Some devices have higher trust needs
+  - 2FA tokens
+  - network hardware
+  - crypto wallets
+- Legal stuff
+  - Stricter GPL version that requires reproducability?
+- Why don't people do RB firmware now?
+  - they don't know about it
+  - they don't see benefit in it
+  - cost sensitivity



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/af6397293c6c4eb684c9f90284a7d10ff72bd0e1

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/af6397293c6c4eb684c9f90284a7d10ff72bd0e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230124/98f6e517/attachment.htm>
