verifiable source-only bootstrap from scratch

ahojlm at ahojlm at
Wed Mar 8 06:21:55 UTC 2023

Hello everyone,

For a very short introduction:

We seem to be the first project offering bootstrappable and verifiable
builds without any binary seeds.

The project's website is at [1]

A longer explanation:
We do not see any chance of achieving a fully verifiable bootstrap if
it needs a trusted platform (hardware + tools to put the initial binary
code, sources and scripts in memory). Even a hypothetically present
suitable platform, say built from vacuum tubes made by oneself, would
be insufficient. Hardly anyone else could duplicate the building effort,
to be able to verify the result.

On the other hand, if the results of a bootstrap converge for many
independent parties on many different platforms, then attacks to subvert
the verification become infeasible.

Looking from another, non-technical perspective, it is important that
everyone shall be able to verify the integrity of software, without
having to trust someone far outside one's physical contact circle.

In other words, verification can not be left to a scarce elite, defined
by access to resources and competence. The fewer are the parties who
have the facts, the less they can be trusted.

The resources and competence needed to make a reasonable estimation of
the validity of the bootstrap in our setup are at a general software
developer or system administrator level. This corresponds nowadays to
a very large cohort.

This project provides a verifiable path from scratch to a binary data
which is up to the task of serving as a trusted software development
platform, for further reproducible builds.

The guarantee of its integrity can only be held if the hardware running
it is sufficiently varied/diverse. That's why we chose an older
generation of ia32, which has many hardware and software implementations.

Even though compatible computers can become scarce (already the case
because of the shift to uefi-boot), availability of FPGAs and i486+
emulators is expected to persist. Note that it does not matter whether
the hardware/emulator or the pre-boot code (bios) are FOSS. The only
requirement is the diversity of their provenance.

The Minix-vmd OS kernel has been chosen because of its excellent balance
between compactness and the feature set.

The same is true for the choice of the Tiny C Compiler.

Another, non-technical, consideration was the advantage of providing a
bootstrap path without involving software with the GNU licenses, because
they are too restrictive for certain uses or tastes. Tiny C Compiler
has provisions for BSD licensing and we use only its compatible parts.

At the same time it is of course fully possible at will to use GCC and
other GNU tools available for Minix-vmd, or build them via TCC.

/ an 

[1] the site is available through the Tor/onion network
(for the advantages of convenient and privacy-friendly hosting) at
The onion url ensures authenticity of the site, the hostname corresponding
to its public key. Onion routing provides also traffic protection.
The corresponding access tool is Tor Browser Bundle, available among
others in Linux distributions like Debian, otherwise from
(VSOBFS project has no affiliation with the Tor Project)

More information about the rb-general mailing list