Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
stefan_ 6 hours ago

Good reminder that the Raspberry Pis only have good software support if you stick to whatever the foundation is releasing. Because that same foundation has stayed obsessed with their weird custom ways of doing things, instead of furthering efforts like UEFI on ARM. Some of it is insultingly stupid - like for revD of the 5, you better now update the magic boot partition of your RPi with the device tree overlay for revD, because it will use the old device tree, but also expect the overlay to be there so it can actually work. To say the least, that is never what overlays were supposed to be for.

morpheuskafka 5 hours ago | parent | next [-]

> custom ways of doing things, instead of furthering efforts like UEFI on ARM.

I thought uBoot was more or less the standard way of booting embedded Linux? Is it really worth bringing the entire UEFI environment, which is basically a mini OS, to such devices? Embedded devices are often designed to handle power loss or even be unplugged by users, so the boot up process is generally as lean as possible.

my123 4 hours ago | parent | next [-]

U-Boot nowadays speaks UEFI :) (and so does LK)

New Android devices all use a UEFI bootloader: https://source.android.com/docs/core/architecture/bootloader...

westurner 5 hours ago | parent | prev [-]

SecureBoot might be more useful than UEFI on SBC like Pi.

The grub EFI shim is signed, but does or doesn't verify kernel image and initrd and module (and IDK optionally drive and CPU and RAM hw) signatures?

mokutil does module signature key enrollment. Kernel modules must be signed with a key enrolled in the BIOS otherwise they won't be loaded.

To implement SecureBoot without UEFI would be to develop an alternate bootloader verification system.

But what does grub or uboot or p-boot do after the signed grub shim is verified?

westurner 4 hours ago | parent [-]

mokutil and these commands don't work without UEFI:

  mokutil --sb-state
  mokutil --help
  mokutil --import key.der
  mokutil --list-new
  reboot

  efibootmgr
  efivar

  fwupd
  fwupdtool
  fwupdmgr get-updates && \
  fwupdmgr update

  tree /sys/firmware/efi

  systemctl reboot --firmware-setup
actionfromafar 5 hours ago | parent | prev | next [-]

Could these choices have anything to with the alleged focus on Compute Module and less focus on the "normal" Raspberry? Does anyone know?

zokier 5 hours ago | parent [-]

not really, it has been like that since day1. it has more to do with the weird architecture of the bcm chips they use.

geerlingguy 4 hours ago | parent [-]

When your SoC is a GPU with CPU cores tacked on, it's a bit weird to boot things up.

jacquesm 5 hours ago | parent | prev [-]

You are off-topic.

Besides that, if there is one constant about Raspberry Pi related articles then it is that there is always someone criticizing them no matter how hard they work and no matter how much they've tried to do within the rules as set by their corporate overlords.

Note that the Raspberry Pi is a lucky break and that every time you piss on the project, the founders, the contributors and the people who hold the purse strings you're doing us all no favors because there are some of us that use these things and that are praying that the peanut gallery (usually purists who would rather have nothing at all than something slightly flawed) doesn't one day cause the big boss to say it's all over.

If the Pi doesn't suit you, then don't use it. If you want something else vote with your dollars of show how it is done and if you manage to put something out with the same power, form factor, price point and not have it be controlled 100% by China I will probably become a regular buyer.

stefan_ 5 hours ago | parent | next [-]

It is acutely on point. The only reason people have to put in work again and again to fix distributions like Fedora for Raspberry Pi models is because the foundation pulls stunts like that revD. Right now, you can take Buildroot at git master, build an RPi image and have it randomly not work on one of two what looks like identical RPi 5 boards. That's bad, and there is no reason for it.

jacquesm 5 hours ago | parent [-]

And you would solve this how?

Your comment only serves to illustrate exactly why big companies like BRCM are not seeing the case the way you do. Apple, if you want to start naming names puts out hardware that is far more closed than the Raspberry Pi foundation and yet you don't see the same level of aggression against Apple. What you do see is a couple of very talented hackers that won't take 'you can't' for an answer and that will RE stuff until they know enough to scratch their itch.

That's the way you solve these problems, not by writing take-downs.

Not having UEFI on ARM has never held me back. I do have a nice Apple laptop lying around here that is unusable because the network drivers need a functioning copy of Apple's OS on that machine to get bootstrapped. Rather than bitching at Apple about it I just stopped using and buying their products.

ciupicri 4 hours ago | parent | next [-]

Apple doesn't pretend to be open.

jacquesm 4 hours ago | parent [-]

Apple can afford to spend as much as they want on this and they are in control, they're as vertically integrated as it gets. Heck, they could divert some of their developer toll to this.

The Raspberry Pi foundation is emphatically not in control of Broadcom, and in spite of their success still has limited resources and needs to work with what they've got and to prioritize.

mschuster91 3 hours ago | parent | prev [-]

> Apple, if you want to start naming names puts out hardware that is far more closed than the Raspberry Pi foundation and yet you don't see the same level of aggression against Apple.

Ooooh of course, I 'member the days right here when they announced they'd drop Intel. And I am fairly certain the echo across the tech blogosphere was what led them to, while not openly announcing they'd support a competing OS like they did with Bootcamp, they'd at least not lock down the bootloader like on iOS devices.

> What you do see is a couple of very talented hackers that won't take 'you can't' for an answer and that will RE stuff until they know enough to scratch their itch.

Apple, to my knowledge, never explicitly said "you can't" - at least not on Mac devices, for iOS the situation is different. All they're saying is "we won't help you, but you may try your best".

> Not having UEFI on ARM has never held me back.

The thing is the lack of UEFI adoption in the ARM sphere is holding everyone back! An OS / distribution shouldn't have to manage devicetree overlays on its own, they should be provided by the BIOS/UEFI management layer as a finished component.

RPi is the biggest toppest dog in the embedded world, at least when it comes to an ecosystem. They would have all the muscle needed to force everyone else's hand.

> I do have a nice Apple laptop lying around here that is unusable because the network drivers need a functioning copy of Apple's OS on that machine to get bootstrapped.

What did you do to that thing? On any pre-ARM machine, the bare bootloader should always, even if the primary storage is gone, be able to bring up enough hardware to support a UI, an USB and networking stack to allow restoring it from the Internet. ARM machines I'm not sure, haven't had the misfortune of having to dig down that deep, but I think even they should be able to do that in case you somehow manage to fry your partition table. And even if you managed to fry that, any other Apple device should be able to do a DFU restore on its lowest level bootloader.

jacquesm 3 hours ago | parent [-]

Agreed that the EUFI thing could be better, but I don't see how you could compel Raspberry Pi to fix it without knowing the exact details of the license agreement that the foundation signed with Broadcom and I suspect that that more than anything is what is holding this back. It's not as if they're deaf or can't read at the Raspberry Pi foundation.

As for that machine: it's got a bunch of stuff on it and I have dongle with ethernet so I can live without it. It's one of the last line of Intel portables they made and there just aren't enough people that want this fixed and I'm not smart enough to fix it.

Meanwhile, and probably ironically, that too is a Broadcom chip...

000ooo000 3 hours ago | parent | prev | next [-]

Very sorry, but people are allowed to have opinions and to express them. If the opinions upset you, then don't read them - by your logic anyway.

mlvljr 5 hours ago | parent | prev [-]

[dead]