question about proprietory packages

question about proprietory packages

[gfp]

[-- Attachment #1.1.1: Type: text/plain, Size: 554 bytes --]

Hi,

I want to know briefly (for security reasons) what proprietary 
packages/programmes are on my laptop installed or run.

I unset IME (Intel Management Engine)

So my bootloader ist
/boot/efi and grub
/boot/efi/Guix/grubx64.efi

What is the difference of Grub, EFI, Shepherd, gnu-boot?

I assume gnu-boot is not for Guix.

In the manual I read Guix starts immediately with Linux libre kernel.

Could somebody briefly describe where are proprietary packages hidden in 
those running/initialising services?

thanks

Gottfried



[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2451 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 665 bytes --]

Re: question about proprietory packages

[Felix Lechner via]

Hi Gottfried,

On Wed, Jan 08 2025, gfp wrote:

> I want to know briefly (for security reasons) what proprietary
> packages/programmes are on my laptop installed or run.

I am not sure there is a single way.  I wouldn't install them in the
beginning.

> I unset IME (Intel Management Engine)

I would disable IME completely.  The options are very tricky.  I believe
the standard settings enable remote re-activation after it was turned
off.

> What is the difference of Grub, EFI, Shepherd, gnu-boot?

EFI is proprietary (but grubx64.efi is not).  Everything else is free
software.

> In the manual I read Guix starts immediately with Linux libre kernel.

That's after the boot process.  EFI and Grub come first.

> Could somebody briefly describe where are proprietary packages hidden
> in those running/initialising services?

Booring often requires proprietary firmware blobs.  They are usually
stored in ROM chips on your equipment.

Microcode updates are also proprietary.

Good luck!

Kind regards
Felix

Re: question about proprietory packages

[gfp]

[-- Attachment #1.1.1: Type: text/plain, Size: 1970 bytes --]

Hi Felix,

I bought a laptop of the company Tuxedo
where I can disable IME.

The options were really tricky. Difficult.

I will check again, if they enabled it again. Hopefully not.

I didn´t install any proprietary in the beginning.
But I don´t know, and that´s why my question,
if on my laptop is something installed beforehand.
I don´t have enough knowledge about boot process etc.

I assume Shepherd is the Guix init system like systemd in other linux 
distros. Is that right?

What is Grub? Is EFI a part of Grub?

I guess Guix community replaced "EFI" with "grubx64.efi"
that´s why we can find this file in the boot/EFI folder.

 > Booring often requires proprietary firmware blobs

What do you mean by "Booring" I don´t understand this word?
Thanks

Gottfried



Am 08.01.25 um 18:51 schrieb Felix Lechner:
> Hi Gottfried,
> 
> On Wed, Jan 08 2025, gfp wrote:
> 
>> I want to know briefly (for security reasons) what proprietary
>> packages/programmes are on my laptop installed or run.
> 
> I am not sure there is a single way.  I wouldn't install them in the
> beginning.
> 
>> I unset IME (Intel Management Engine)
> 
> I would disable IME completely.  The options are very tricky.  I believe
> the standard settings enable remote re-activation after it was turned
> off.
> 
>> What is the difference of Grub, EFI, Shepherd, gnu-boot?
> 
> EFI is proprietary (but grubx64.efi is not).  Everything else is free
> software.
> 
>> In the manual I read Guix starts immediately with Linux libre kernel.
> 
> That's after the boot process.  EFI and Grub come first.

> 
>> Could somebody briefly describe where are proprietary packages hidden
>> in those running/initialising services?
> 
> Booring often requires proprietary firmware blobs.  They are usually
> stored in ROM chips on your equipment.
> 
> Microcode updates are also proprietary.
> 
> Good luck!
> 
> Kind regards
> Felix


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2451 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 665 bytes --]

Re: question about proprietory packages

[Ekaitz Zarraga]

Hi,

On 2025-01-08 9:50 PM, gfp wrote:
> Hi Felix,
> 
> I bought a laptop of the company Tuxedo
> where I can disable IME.

Don't they disable that by default?

> The options were really tricky. Difficult.

Yes they are, but you can do it!

> I will check again, if they enabled it again. Hopefully not.
> 
> I didn´t install any proprietary in the beginning.
> But I don´t know, and that´s why my question,
> if on my laptop is something installed beforehand.
> I don´t have enough knowledge about boot process etc.
> 
> I assume Shepherd is the Guix init system like systemd in other linux 
> distros. Is that right?

Yes.
> What is Grub? Is EFI a part of Grub?

Grub is a bootloader.

In a very simplified way, which I hope is right:

1. EFI runs Grub.
2. Grub chooses the kernel to run and runs it.
3. The kernel runs the init system, which prepares everything for you.

> I guess Guix community replaced "EFI" with "grubx64.efi"
> that´s why we can find this file in the boot/EFI folder.

No, Grub is an EFI application (some software that can be launched from 
EFI). EFI is going to search in the /boot/efi folder for the 
applications that it can run. That's why Grub has to be there.

>  > Booring often requires proprietary firmware blobs
> 
> What do you mean by "Booring" I don´t understand this word?
> Thanks

I think he means Booting, with T.

> Gottfried
> 
Hope this helps,
Ekaitz

Re: question about proprietory packages

[gfp]

[-- Attachment #1.1.1: Type: text/plain, Size: 2301 bytes --]

Hi,
thanks for explaining this.

1.
I understood that
EFI is on the top
it runs Grub
and Grub runs the init system shepherd.

2.
Guix has a Grub without proprietary software AFAIU
and then remains the question about EFI.

3.
Can we exclude that EFI is without proprietary software?
Or has it only the task to run Grub?, because then it runs without 
proprietary software?

4.
Or are there other booting proprietary firmware blobs somewhere?
Or also Microcode updates?

5.
Do those things depend on the laptop or PC you have got?

I know Intel and ARM.
Risc-5 AFAIK has no proprietary software, is that right?
Or depends that on the company which produces Risc-5?

Thanks

Gottfried


Am 08.01.25 um 21:59 schrieb Ekaitz Zarraga:
> Hi,
> 
> On 2025-01-08 9:50 PM, gfp wrote:
>> Hi Felix,
>>
>> I bought a laptop of the company Tuxedo
>> where I can disable IME.
> 
> Don't they disable that by default?
> 
>> The options were really tricky. Difficult.
> 
> Yes they are, but you can do it!
> 
>> I will check again, if they enabled it again. Hopefully not.
>>
>> I didn´t install any proprietary in the beginning.
>> But I don´t know, and that´s why my question,
>> if on my laptop is something installed beforehand.
>> I don´t have enough knowledge about boot process etc.
>>
>> I assume Shepherd is the Guix init system like systemd in other linux 
>> distros. Is that right?
> 
> Yes.
>> What is Grub? Is EFI a part of Grub?
> 
> Grub is a bootloader.
> 
> In a very simplified way, which I hope is right:
> 
> 1. EFI runs Grub.
> 2. Grub chooses the kernel to run and runs it.
> 3. The kernel runs the init system, which prepares everything for you.
> 
>> I guess Guix community replaced "EFI" with "grubx64.efi"
>> that´s why we can find this file in the boot/EFI folder.
> 
> No, Grub is an EFI application (some software that can be launched from 
> EFI). EFI is going to search in the /boot/efi folder for the 
> applications that it can run. That's why Grub has to be there.
> 
>>  > Booring often requires proprietary firmware blobs
>>
>> What do you mean by "Booring" I don´t understand this word?
>> Thanks
> 
> I think he means Booting, with T.
> 
>> Gottfried
>>
> Hope this helps,
> Ekaitz


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2451 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 665 bytes --]

Re: question about proprietory packages

[Ekaitz Zarraga]

Hi,

On 2025-01-08 11:26 PM, gfp wrote:
> Hi,
> thanks for explaining this.
> 
> 1.
> I understood that
> EFI is on the top
> it runs Grub
> and Grub runs the init system shepherd.

Instead of top I would say bottom. It's the closest thing to the 
hardware. EFI is written in your motherboard.

> 2.
> Guix has a Grub without proprietary software AFAIU
> and then remains the question about EFI.
> 
Yes. Interesting point.

> 3.
> Can we exclude that EFI is without proprietary software?
> Or has it only the task to run Grub?, because then it runs without 
> proprietary software?
> 
It's not as simple as that but mostly yes, its task is to run Grub.

> 4.
> Or are there other booting proprietary firmware blobs somewhere?
> Or also Microcode updates?

Microcode is a different story. I don't want to answer you wrong but 
AFAIK microcode is some code that the processor runs internally, that 
handles how the CPU works. Think about the CPU as a machine that has a 
smaller CPU inside that controls how the outside CPU works. The outside 
one is the one you run programs on.

> 
> 5.
> Do those things depend on the laptop or PC you have got?

Yes. Both the microcode and the UEFI. But the UEFI is in the motherboard 
and the microcode is in the CPU if I'm not mistaken.

There are free software UEFI alternatives:
https://en.wikipedia.org/wiki/Coreboot

You need to flash the chip in the motherboard to install this. Some 
companies do that for you, or sell laptops with Coreboot preinstalled. 
You can do that yourself, but it's not easy for a non-technical person 
and you have to make sure your device is compatible.

> I know Intel and ARM.
> Risc-5 AFAIK has no proprietary software, is that right?
> Or depends that on the company which produces Risc-5?

No. RISC-V is free meaning that CPU description (the ISA is the 
technical concept here, but it's some kind of high-level description) is 
free (libre) but the implementation itself doesn't have to be. The code 
that it runs or the drivers neither.

> Thanks
> 
> Gottfried
>
Cheers,
Ekaitz

Re: question about proprietory packages

[Ian Eure]

Hi,

On Wed, Jan 8, 2025, at 10:26 PM, gfp wrote:
> Hi,
> thanks for explaining this.
>
> 1.
> I understood that
> EFI is on the top
> it runs Grub
> and Grub runs the init system shepherd.

EFI is the modern replacement for the legacy BIOS.  It's typically a proprietary firmware which is supplied by your hardware OEM.

Grub loads Linux, which executes Shepherd.

> 2.
> Guix has a Grub without proprietary software AFAIU
> and then remains the question about EFI.
>

Grub is a GPL-licensed GNU project, and fully Free Software.

> 3.
> Can we exclude that EFI is without proprietary software?
>

It depends on your hardware OEM and personal modifications.  It's possible to buy a computer with Coreboot (Free Software, but can load proprietary blobs) or Libreboot (Coreboot without the blobs); or to modify some models to run it.  

The majority of computers sold have proprietary firmware and cannot run Coreboot/Libreboot.  Unless you specifically sought out a manufacturer or reseller who offers this, your computer has proprietary firmware.

> Or has it only the task to run Grub?, because then it runs without 
> proprietary software?
>

It has numerous other features, like setting the date/time, boot order, possibly built-in hardware diagnostics, etc.

> 4.
> Or are there other booting proprietary firmware blobs somewhere?
> Or also Microcode updates?
>

It depends on your hardware configuration.  If you add or connect other hardware, that can also contain proprietary firmware.

> 5.
> Do those things depend on the laptop or PC you have got?
>

Yes, see above.  Most laptops also have an embedded controller (EC) which runs proprietary firmware.  These handle things like power/charging, keyboard controller, responding to the power button, etc.  I don't know of any Free replacement for this on any model of laptop.

> I know Intel and ARM.
> Risc-5 AFAIK has no proprietary software, is that right?
> Or depends that on the company which produces Risc-5?
>

I believe RISC-V is completely free, but I'm not certain.

All modern x86 hardware requires proprietary microcode, and cannot run without it.  It's embedded in the CPU, and can't be replaced, only updated.  You can choose not to update it, but it exists whether you do or not.  It's therefore impossible for x86 machines to run on 100% Free Software.

  -- Ian