Canoeboot 20231026 released!

Leah Rowe in GNU Leah Mode™

26 October 2023

Return to index

Article published by: Leah Rowe in GNU Leah Mode™

Date of publication: 26 October 2023


This new release, Canoeboot 20231026, released today 26 October 2023, is based on Libreboot 20231021.

Canoeboot provides boot firmware for supported x86/ARM machines, starting a bootloader that then loads your operating system. It replaces proprietary BIOS/UEFI firmware on x86 machines, and provides an improved configuration on ARM-based chromebooks supported (U-Boot bootloader, instead of Google’s depthcharge bootloader). On x86 machines, the GRUB and SeaBIOS coreboot payloads are officially supported, provided in varying configurations per machine. It provides an automated build system for the configuration and installation of coreboot ROM images, making coreboot easier to use for non-technical people. You can find the list of supported hardware in Canoeboot documentation.

Canoeboot’s main benefit is higher boot speed, better security and more customisation options compared to most proprietary firmware. As a libre software project, the code can be audited, and coreboot does regularly audit code. The other main benefit is freedom to study, adapt and share the code, a freedom denied by most boot firmware, but not Canoeboot! Booting Linux/BSD is also well supported.

Canoeboot is maintained in parallel with Libreboot, and by the same developer, Leah Rowe, who maintains both projects; Canoeboot implements the GNU Free System Distribution Guideline as policy, ensuring that all of the software provided by it is free software.

Work done since last release

The following mainboards added in Libreboot 20231021 have been excluded in this Canoeboot release, due to the GNU FSDG policy: HP EliteBook 2170p, HP EliteBook 8470p, Dell Precision T1650 and Dell Latitude E6430. Other non-FSDG compliant boards are also excluded, such as newer ThinkPads that require Intel ME.

Canoeboot complies strictly with GNU Free System Distribution Guidelines, which means it does not contain binary blobs; as a result, it supports only a very restricted subset of hardware from Libreboot upon which it is based (Canoeboot is a GNU-friendly fork of Libreboot).

GRUB LUKS2 now supported (with argon2 key derivation)

This new Canoeboot release imports the PHC argon2 implementation into GRUB, courtesy of Axel who initially ported the code to run under GRUB 2.06, but this Canoeboot release uses GRUB 2.12 (an RC revision from git, at present).

Axel’s code was published to this AUR repository which Nicholas Johnson then rebased on top of GRUB 2.12, and I then imported the work into Libreboot, with Johnson’s blessing; Canoeboot has inherited this work in full.

These libreboot patches added argon2 support, and have been ported to Canoeboot in this 20231026 release:

This means that you can now boot from encrypted /boot partitions. I’m very grateful to everyone who made this possible!

Simplified commands (build system)

You can find information about using the build system in the Canoeboot build instructions and in the cbmk maintenance manual.

TWO massive audits. 50% code size reduction in cbmk.

Canoeboot’s build system, cbmk, is written entirely in shell scripts. It is an automatic build system that downloads, patches, configures and compiles source trees such as coreboot and various payloads, to build complete ROM images that are easier to install.

The primary focus of Libreboot 20231021 cultiminated in two audits, namely Libreboot Build System Audit 2 and then Libreboot Build System Audit 3.

The changes in those audits have been ported to this Canoeboot release.

Changes include things like vastly reduced code complexity (while not sacrificing functionality), greater speed (at compiling, and boot speeds are higher when you use the GRUB payload), many bug fixes and more.

Serprog firmware building (RP2040 and STM32)

In addition to coreboot firmware, the Canoeboot build system (cbmk) can now build serprog firmware, specifically pico-serprog and stm32-vserprog, on all devices that these projects support.

The serprog protocol is supported by flashrom, to provide SPI flashing. It can be used to set up an external SPI flasher, for flashing Canoeboot externally. This too has been ported from Libreboot.

Pre-compiled firmware images are available, for many of these devices, under the roms/ directory in this Canoeboot 20231026 release! Riku Viitanen is the one who added this capability to Libreboot, which was then ported to Canoeboot.

Updated U-Boot revision (2023.10)

Alper Nebi Yasak submitted patches that update the U-Boot revision in Libreboot, on gru_bob and gru_kevin chromebooks. Additionally, the cros coreboot tree has merged there with the default tree instead (and the default tree has been updated to coreboot from 12 October 2023).

Many improvements were made to these boards, which you can learn about by reading these diffs:

All of these patches have been ported to this Canoeboot release.

Coreboot, GRUB, U-Boot and SeaBIOS revisions

In Canoeboot 20231026 (this release):

Build system tweaks

resources/ now config/

The resources/scripts/ directory is now script/, and what was resources/ now only contains configuration data plus code patches for various projects, so it has been renamed to config/ - I considered splitting patches into patch/, but the current directory structure for patches is not a problem so I left it alone.

Also, the IFD/GbE files have been moved here, under config/ifd/. These can always be ge-generated if the user wants to, using ich9gen, or using a combination of bincfg and ifdtool from coreboot, and nvmutil (to change the mac address) from Canoeboot or Libreboot.

Full list of changes (detail)

These changes have been ported from the Libreboot 20231021 release, which are mostly the results of the two audits (mentioned above):

Hardware supported in this release

All of the following are believed to boot, but if you have any issues, please contact the Canoeboot project. They are:

Servers (AMD, x86)

Desktops (AMD, Intel, x86)

Laptops (Intel, x86)

Laptops (ARM, with U-Boot payload)


You can find this release on the downloads page. At the time of this announcement, some of the rsync mirrors may not have it yet, so please check another one if your favourite one doesn’t have it.

Special changes

Besides deblobbing, there are two critical differences in how Canoeboot’s build system works in this release, versus the Libreboot 20231021 build system:

This quirk is only a minor difference. Severals scripts that handled dependencies for building non-FSDG-compliant boards (such as blob download scripts) have been excluded in this Canoeboot release, because they are not needed.

As a result, the Canoeboot build system is about 1250 sloc when counting shell scripts of the build system; considerably smaller than older revisions, accounting for an approximate 50% reduction in the amount of code.

That ~1250 sloc in Canoeboot is with all the extra features such as serprog integration and U-Boot support (on actual mainboards, that you can flash it with). The build system in Canoeboot 20231026 is extremely efficient.


In addition to the Libreboot 20231021 changes, the following Libreboot patches were backported into this Canoeboot release, from Libreboot revisions pushed after the Libreboot 20231021 release came out:

Excluded mainboards

The following boards are missing in Canoeboot 20231026, but are supported in the Libreboot 20231021 release; this is because they do not comply with GNU FSDG policy:

Post-release errata

The following binary blobs were overlooked, and are still present in the release archive for Canoeboot 20231101 and 20231026; this mistake was corrected, in the Canoeboot 20231103 release, so you should use that if you don’t want these files. They are, thus:

Thanks go to Craig Topham, who is the Copyright and Licensing Associate at the Free Software Foundation; you can find his entry on the FSF staff page. Craig is the one who reported these.

The Canoeboot 20231026 and 20231101 release tarballs will not be altered, but errata has now been added to the announcement pages for those releases, to let people know of the above issue.

You are advised, therefore, to use the Canoeboot 20231103 release.

Update on 12 November 2023:

This file was also overlooked, and is still present in the release tarball:

This has now been removed, in the Canoeboot git repository (cbmk.git), and this file will absent, in the next release after Canoeboot 20231107. Thanks go to Denis Carikli who reported this. The patch to fix it is here:

Markdown file for this page:

Subscribe to RSS for this site

Site map

This HTML page was generated by the Untitled Static Site Generator.