is proud to release a solution to the challenge of
This is also applicable on untrustable and future hardware and software.
Reproducible builds on a variety of independent hardware and software implementations.
A circle of participants as wide as possible shall be able to reliably verify the build, now and in the future, regardless of their circumstances of hardware, OS or toolchains, as easily as possible.
Minix-vmd and Tiny C C99 compiler on ia32 represent a foundation well suitable for further bootstrap to other free open source platforms like Linux or/and *BSD.
Such continuation builds can be fully and reliably automated, due to the well defined starting point which this project provides.
Note that for this project itself complete automation is not applicable by the nature of the task, which includes unknown future host platforms.
We do not see any chance of achieving a fully verifiable bootstrap if it needs a trusted platform (hardware + tools to put the initial binary code, sources and scripts in memory). Even a hypothetically present suitable platform, say built from vacuum tubes made by oneself, would be insufficient. Hardly anyone else could duplicate the building effort, to be able to verify the result.
On the other hand, if the results of a bootstrap converge for many independent parties on many different platforms, then attacks to subvert the verification become infeasible.
Looking from another, non-technical perspective, it is important that everyone shall be able to verify the integrity of software, without having to trust someone far outside one’s physical contact circle.
In other words, verification can not be left to a scarce elite, defined by access to resources and competence. The fewer are the parties who have the facts, the less they can be trusted.
The resources and competence needed to make a reasonable estimation of the validity of the bootstrap in our setup are at a general software developer or system administrator level. This corresponds nowadays to a very large cohort.
This project provides a verifiable path from scratch to a binary data which is up to the task of serving as a trusted software development platform, for further reproducible builds.
The guarantee of its integrity can only be held if the hardware running it is sufficiently varied/diverse. That’s why we chose an older generation of ia32, which has many hardware and software implementations.
Even though compatible computers can become scarce (already the case because of the shift to uefi-boot), availability of FPGAs and i486+ emulators is expected to persist. Note that it does not matter whether the hardware/emulator or the pre-boot code (bios) are FOSS. The only requirement is the diversity of their provenance.
The Minix-vmd OS kernel has been chosen because of its excellent balance between compactness and the feature set.
The same is true for the choice of the Tiny C Compiler.
Another, non-technical, consideration was the advantage of providing a bootstrap path without involving software with the GNU licenses, because they are too restrictive for certain uses or tastes. Tiny C Compiler has provisions for BSD licensing and we use only its compatible parts.
At the same time it is of course fully possible at will to use GCC and other GNU tools available for Minix-vmd, or build them via TCC.
The host hardware and software does not have to be open source, nor needs to be trusted.
A reproducible raw disk image with an mbr partition table and a Minix-vmd installation (omitting GNU and X11) in the first partition, usable on hardware or emulators. When booted, it unpacks the OS data from its second partition (the disk’s second half) which then can be used at will.
Then the installation can be easily used and modified via scripting, if you supply an rc script as a compressed (by the “compress” utility) tar file on the disk’s second half. For examples see the z_* build scripts. Host-native “compress” is prepared as a part of the build.
Tiny C Compiler has proven to be capable of building the Linux kernel and also GCC.
We seem to be the first project offering bootstrappable and verifiable builds without any binary seeds.
Unfortunately yet without any data to verify against, with higher requirements and also you can end up building gcc with gcc or clang with clang, vulnerable to Trusting Trust :
(with the difference that we do not rely on any binary blobs, but on the diversity of the available implementations)
Minix and Minix-vmd developers, for providing the community with the kernels, programs and not least the handy bootstrapping tools (mkfs which can populate the file system)
ACK developers for opensourcing their nice ANSI C compiler
Tiny C Compiler developers, for the compact and capable C99 compiler
Everyone whose open source tools have been used in this project (TenDRA and much more)
My friends and colleagues, for your support and inspiration
All parts of the VSOBFS project not covered by someone else’s copyright are put in public domain.
For jurisdictions which do not recognize public domain the project is under Zero Clause BSD license (SPDX: 0BSD)
Copyright 2022-2023 an
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Last modified: 2023-03-08