Over the years, the critical boot process in Linux-based machines has become complex and dependent on closed source—not to mention less secure than it should be.
In response, Two Sigma, the Massachusetts Open Cloud, Google, Facebook, Horizon Computing and the Open Compute Project have been collaborating to build LinuxBoot, a new open source firmware for servers that’s more secure, more flexible, and more resilient.
LinuxBoot is a replacement for the proprietary UEFI firmware (which itself was a replacement for the very old BIOS firmware). Like its predecessors, LinuxBoot resides in the ROM of the mainboard, in both servers and PCs. It consists of a minimal GNU/Linux kernel and an “initrd runtime.” Users can customize the system boot process and the LinuxBoot code to handle just the devices that are needed and discard all unneeded code. This also allows security-conscious users to establish a hardware root of trust very early in the boot and for cloud systems to perform remote attestation as to their configuration prior to booting their real OS.
The video below features Two Sigma security researcher Trammell Hudson presenting his work on the LinuxBoot firmware at the 34C3 congress in Germany (slide notes available here).
LinuxBoot is also now an official Linux Foundation project: https://www.linuxfoundation.org/blog/2018/01/system-startup-gets-a-boost-with-new-linuxboot-project/
For more information on the project, visit https://linuxboot.org/.