I'm not too fond of this idea, as it will lead to duplicated effort. Plenty of code in Coreboot is written in Ada, so I assume little of it is written in C.

Libreboot exists, and targets truly free setups. It removes all blobs and platforms that can't be supported with only free software, and provides scripts to ease setting everything up, along with configs that are quite useful even when dealing with upstream Coreboot. I know because I used the module list to set up my GRUB2 payload.

oreful?

rustful.

Where you get the impression that any significant part of code in Coreboot is written in Ada?
Github says there are literally 2 orders of magnitude more C files than Ada files https://github.com/coreboot/coreboot/search?l=C

I build them with my trusted build of GCC.
I am.

Thank you. I am aware of how to bootstrap GCC. It actually takes more than 7 builds and I would not care if it was 70 or 700. It is all automated in my build system.

Of course I have tried all the "other" methods they suggest. Once again it looks like you have no idea what are you talking about. Their other method is to download and run the blob manually, instead of curl | sh. Not a tiny bit different.

What is that bit-for-bit proof and audit you are mentioning? Even if it was possible years ago it is hard to tell because ATM bootstrapping from rustc is broken.

Moreover to this day the language itself does not have a formal proof of correctness if you even know what that means.

Note that I qualified that link with "If it's the "running arbitrary shell scripts" part you have a problem with" because you seemed to be drawing a lot of attention to the | sh-based recommended installation procedure.

You bootstrap an older version of rustc that mrustc can handle, then use that to build newer rustc versions, and verify that, using a C++ compiler that has been verified through diverse double compiling and sources that are known to be free of backdoors, you get a compiled version of rustc that has the same file hashes as the self-hosted builds.

They documented the process that worked for them in the form of the TestRustcBootstrap.sh script in the mrustc repo.

On December 11th, 2018, that "older version that mrustc can handle" was rustc 1.19.0.

Currently, 1.20.0 appears to be the version specified in TestRustcBootstrap.sh.

I actually do. Given that you seem fine with GCC, please provide me with a link to either the C language's formal proof of correctness or, more usefully, GCC's formal proof of correctness. Google is failing me on both of those.

Efforts are being made to incrementally verify Rust. See, for example, the RustBelt project.

That was built with?

Because I'm pretty sure you had to compile your "trusted build of GCC" with something that was not trusted at some point in time.

That's how compilers work. You can't compile a compiler if you don't have a compiler. Catch-22

Lol no you are not.

You are not doing secure systems. Something like a Sel4 build for a military drone every single bit of build code/binary used has to be audited to prevent tampering.

7 build and audit that is 3 weeks of processing time on large systems gone. 70 build would basically be never able to complete because by the time you complete you are out of date and have to start again.


This was written in 1984.
Yes compilers that infect though the complete build process have appeared at different times. The longer the clean boot strap path comes the more risk that a infected compiler will be used and harder to find due to more code to hide in.

This is also why debian doing reproducible builds in the hope that multi parties don't end up with compilers all infected the same way but still this is still open to everyone using the same infected compiler somewhere in the process so all the results in fact matching up.

There should always be work to reduce clean boot strapping volume of code required and you really don't want to see clean boot strapping taking more 5 builds to make a compiler if possible and absolutely not more than 10. Yes 10 the audit process is already getting insanely hard.

My only critique of this opinion is that copper doesn't rust, it gets a patina. Patina is a type of calx, just like rust is a type of calx, again why Calx would have been a better name....

Except that, from what Graydon Hoare remembers, he named it after the fungi:

(Sort of like how, despite the icon, the Python programming language is actually named as a tribute to Monty Python.)