Having the sd card to boot before as the internal emmc like the pinephone is really cool, because you can distrohop if you want or you can just backup your entire system cloning the card, is this possible? What will be the default boot order?
Hi eagle,
right now i have no device, Phone or Laptop to test. But the Documentary of
https://docs.puri.sm/PureBoot/GettingStarted.html
PureBoot say that you can set it to the SD Card. As any Linux you can have your /boot Partition there, just keep in Mind to have an Backup.
When your Smart Card fail your System will not boot until you replaced it with a proper Kernel and Settings.
However the boot order is just a configuration thing. You can have multiple Kernels and Boot Parameters in your Grub for different Systems and Partitions to boot. Think about your Desktop PC and a Grub Setting for Windows, and different Linux Systems on different Partitions.
Yes the Boot-System can do that too. But its just a Hardware-Trust-Feature for Backups and re-installations.
Will the Librem 5 use PureBoot though? I thought it might be using u-boot?
Anyhow, it should still be possible to do.
I think you’re right, at least in the devkit is what it’s being used.
https://developer.puri.sm/Librem5/Development_Environment/Boards/HowTo/Flashing_uBoot.html
I agree that there should be a way to boot from a microSD card, but there are security implications to think about.
Since the data on the eMMC Flash is encrypted, you won’t be able to access it when you boot from a microSD card, unless you have the same keys also on the microSD card. Maybe it will be possible to use keys on the smart card (OpenPGP) to access the encrypted data on the eMMC Flash.
From a security perspective, I don’t think booting from the microSD card should be set by default, since someone could potentially pop in a microSD card and then be able to make a call using your phone number without having to ever enter a password. Instead, I think this should be an option that can be enabled by the user.
but a very user friendly way. i m bored of cli and became crazy for easy things
You are wrong about CLI. In fact, CLI in Linux is an extremely handy tool. And user friendly, of course. You will understand this when you learn to use all its features. Whenever possible, I prefer CLI over graphical interface. For example, the easiest way to get help about Linux commands is in CLI, by entering the commands “man” or “info”.
It’s handy if you know how to use it, and if you have the time to learn make mistake and learn from them. I’m just pissed off to have to do things in terminal, searching for option on internet and so, just because i want a private device, when people using ios or android just click on a function.
I understand your point, but try to understand mine, very low time to do things due to job and family, my goal is to use privacy friendly device and try to bring my kids in the same path, i can’t do that for me neither convince kids in the long run to use this, if it’s a pain in the ass to do everything.
If is hard to less secure have an easy option to boot from sd, i switch my ask, to have an handy tool to make the full system image and restore for the emmc, because if i do a mess or just some broken update i don’t wanna install everything from zero, but just have a full usable backup. The sd seemed to me an easy way, but if there are a better one i don’t really care, just need a solution for a full system backup in a easy and user friendly way
That’s just it, people on iOS and android don’t just click on a function to make a private and secure backup because they can’t (at least, not the average user). This is all relatively new territory (for a mobile phone) so there will be proofs of concept and then CLI methods and then, eventually, some easy-to-use GUI application that does everything you want it to do. But we’re not there yet.
I know it is (or will be) possible to swap OSes on the L5. So that means its possible to boot from something other than the internal drive. How “secure” the process is depends on how much you trust whatever OS you’re installing and whomever made it. I distro-hop somewhat regularly and have never had a compromised machine, so its not as huge a deal as it could be. The potential is there, sure, but the potential that someone is going to decide that today is the day they cross the center line and hit my car head-on at 40 mph is also there. Its impossible to live life and prevent every single risk posed by the will of someone else.
At any rate, if you do your due diligence when installing another OS, you’ll likely be fine. If you want to back up your system easily and regularly, see if Timeshift is in the purism repo and use your SD card for that.
But you have to keep in mind, this phone and OS isn’t even in serious production yet. Things have to work right before they can work easily.
sudo apt-get call 3127658456
That’s a second tier question though.
First question: Can the firmware boot from SD at all?
In particular, it must be possible to do this without doing a chain boot from the eMMC, in case the eMMC is hosed. This would be a prerequisite if you want to distrohop.
I don’t think anyone has ever answered this fundamental question. There are multiple topics that discuss this question - without a conclusion, I think.
Second question: Can it be made user-friendly?
This is always going to be relatively low level stuff, so may not be user-friendly.
Do you consider using the BIOS settings or boot disk menu on a regular x86 computer in order to adjust the boot order to be user-friendly?
Both typically involving bashing on some key as the computer is powered on. The boot disk menu tends to be easier to use than changing the boot order in BIOS settings. There is no keyboard on a Librem 5. Would it be acceptable to you if you had to attach a keyboard to change the boot order?
On a spiPhone you have to hold down various buttons during power on, like a Vulcan death grip.
Good question, i don’t remember if someone told it was possible or not, because i could be confused with pinephone, but i hope so
a kind of selection on boot it’s fine for me, i think i.e. pressing vol down and vol up at the same time while booting could prompt the boot order and you will chose with the volume what bootable storage to u use
The i.MX 8M Quad can be fused to not allow booting from a microSD card.
I looked at the code at https://source.puri.sm/Librem5/uboot-imx/-/tree/librem5, but I couldn’t find anything to indicate whether booting from microSD is possible or not, but I don’t know what I’m looking for.
This post has some info:
https://community.nxp.com/thread/491892
It is my suspicion that
a) Purism won’t be fusing to disallow, and
b) it is nevertheless not possible at the current time
which would mean
c) the boot order is academic at the current time.
One thing that I did find looking through the uboot code is that Purism has enabled the option to boot from the Cortex-M4F core on the i.MX 8M Quad, which makes sense to get the RYF certification.
The bootloader (u-boot) starts either from eMMC or USB (uuu). Bootloader cannot be launched from an SD card.
u-boot then loads the kernel, dtb and initramfs, also either from eMMC or USB (with uuu). Loading those from an SD card is theoretically possible, but will require drivers in u-boot since the SD card reader is a mass storage USB device behind a USB hub.
Once the kernel is loaded, it can mount the rootfs from any device. I’ve already successfully booted operating systems on Librem 5 with rootfs on microSD or external USB drive this way.
I personally think it makes more sense to boot off USB versus micro SD. Much faster that way. Kinda inconvenient to have a flash drive poking out the bottom of your phone, though, if you’re looking to take some OS for an extended spin.
If you have stuffed up the contents of the eMMC drive and need to reinstall from scratch, it would be a great convenience to have a flash drive poking out the bottom of the phone - for the duration of that exercise.
That was my only real concern i.e. backup and restore and reinstall. Other than that I don’t have a particular desire to boot from SD card, and if I can do those things by booting from external USB then I am happy.
Thanks for your reply.
It will be possible somehow to backup and restore the whole emmc system in an easy way from usb with clonezilla like (dunno if support arm) what i really care is to backup and restpre the whole system
is it just me or have i become spoiled by the miriad of bootable-live-images out there that i spin up from an external usb-SSD (the cheapo kind) ?
booting from usb-thumb-drives is an exercise in patience