Operating Systems

Operating Systems, firmware and virtualisation

This page contains a concise overview of projects funded by NLnet foundation that belong to Operating Systems (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

Firmwire full-system 5G baseband emulation — Easier testing of 5G baseband modems with FirmWire

FirmWire is an open source full-system baseband firmware emulation framework for emulating, fuzzing, debugging, and root-cause analysis of smartphone baseband firmware. This project builds upon the framework to support newer, 5G capable, smartphones. Baseband processors are used in all modern smartphones for cellular network connectivity and are a remote attack surface. As such, baseband security is of utmost importance. Baseband firmware is complex, proprietary, and lacks public scrutiny. Emulation and reverse engineering are one of the few public ways to analyze baseband processors. These efforts will provide more transparency in baseband firmware and improve the community’s ability to analyze 5G security through emulation and fuzzing. Additionally, the reverse engineering efforts could aid in developing better open source drivers in the future.

>> Read more about Firmwire full-system 5G baseband emulation

Accessible security — Integration effort of independent security efforts like Qubes, Heads, coreboot, etc

The "Accessible security" project's initiative was sparked by the need for usable security made available to the average citizen. Several projects are contributing a part of this bigger puzzle: QubesOS, coreboot, Heads, me_cleaner, Whonix and others. Yet the average person does not have the sophistication to integrate these software projects. With some effort we can add some missing parts, help the effected projects usability, and facilitate access to cutting-edge developments, currently only usable by developers and more sophisticated users. Bringing these projects together will reduce the amount of expertise and effort required to benefit from these projects.

>> Read more about Accessible security

Alder Lake Desktop — Open firmware for widely used Desktop/Workstation motherboard

Modern firmwares are extremely complex pieces of software code. As such, it is not uncommon for some functionality to be bugged or to not be working as intended. Sometimes firmware updates break things that used to work, too. The first course of action is to request the mainboard manufacturer to resolve it, and typically the support team delivers a binary with a fix. However, when it comes to feature requests in the firmware, the manufacturers refuse to comply. The mainboard owner ends up with a piece of hardware not fulfilling the owner's needs and has to move to a different platform that is hopefully equipped with firmware containing the desired feature. However, this problem can be solved by offering freedom to the board owners. The freedom to modify and adapt the firmware to their own needs, what can be accomplished by open-source firmware.

The goal of the project is to implement open-source firmware support for the MSI PRO Z690-A WIFI DDR4 workstation/desktop platform and open the door to liberty of customization. MSI PRO Z690-A supports the newest 12th generation of Intel Core processors. Furthermore, there will be no dependency on the mainboard manufacturer to provide fixes, because an experienced community could do them for a worldwide benefit.

>> Read more about Alder Lake Desktop

Arcan-A12 Directory — Server side scripting API for Arcan's directory server

A12 is an explorative p2p protocol for fast and secure remote application interactions. Current desktop protocols are locked inside the constraints of their origins, and most of these have significant security and privacy issues. As a result, we've come to depend heavily on web frontends as the universal desktop application corset - which in return has caused a massive complication and overloading of the browser.

A12 establish a secure and interconnected network of personal compute devices, includes peer-to-peer channels and cryptography components. This project add a directory server that can be used as a trusted 3rd party rendezvous to establish such channels. It will expand the scripting API towards writing assistive 'apps' that can complement or split the workload handled on client devices; provide state synchronization and indexing/search between dynamic mesh networks created by linking directory servers together; dynamically launch and attach controlled sources.

>> Read more about Arcan-A12 Directory

Arcan-A12 Tools — A12 clients for different platforms and devices such as drawing tablets

The interaction patterns with our compute devices have switched from "one device - multiple users" over to "one user - multiple devices" and this new reality requires shift in how user personal data is shared and synchronised between their devices.

A12 is a network protocol designed to establish a secure and highly interconnected network of personal compute devices that has been developed as part of a larger Arcan umbrella project. The protocol includes peer-to-peer channels and cryptography components.

This follow-up project sets out to implement lightweight applications that will be capable of networking over A12 protocol to enable remote control, sensor and screen sharing, file sharing, notification sharing and enable other personal data flows. The end goal is convenience of having interconnected devices without sacrificing privacy and performance.

>> Read more about Arcan-A12 Tools

Android translation layer (ATL) — Run Android apps on Linux

The Android Translation Layer is an alternative implementation of Android application APIs on top of standard Desktop Linux, with the ability to run apps as-is using some AOSP components such as ART+libcore, modified to use system-provided libraries where possible to further the goal of being as lightweight as possible. That is in contrast with existing container-based solutions which require running a whole AOSP system in parallel to the host Linux system, resulting in considerably higher resource usage (both disk space and RAM) and longer startup times. The higher efficiency of ATL can make it viable to sideload apps also on more constrained devices. Another benefit of our approach is better integration with the desktop, such as native notifications.

>> Read more about Android translation layer (ATL)

Heads-OpenPGP — OpenPGP Authenticated Heads and long-time awaited security improvements

The work to be accomplished in this project will resolve Heads current missing accessibility, reproducibility and platforms locking improvements, including Heads missing authentication mechanisms prior of permitting recovery shell access or booting USB external media, possibly leading to data loss without evil-maid even having to unscrew anything. Also, a user currently losing his USB OpenPGP dongle would lose its private encryption subkey forever therefore losing access to all past encrypted content and lessening security until dongle replacement.

By considering Heads as a secure pre-boot "clean room" environment on initial flashing/reflashing of whole firmware, generating OpenPGP master key and subkeys in memory and implementing keys backup/restore mechanisms to/from/creating USB thumb drive encrypted storage, Heads will be able to rely further on OpenPGP (gnupg toolstack) and its detached-signing of content and signature verification against fused public (measured) key to authenticate the owner of the machine prior of letting him have access to the machine's persistent states. Having reproducible builds again will make auditability of the firmware easier, while locking the firmware prior of leaving Heads environment will prevent whole classes of SPI based persistent threats.

>> Read more about Heads-OpenPGP

bcachefs — Next generation file system

bcachefs aims to be a next generation Linux filesystem, with a fully modern featureset and vastly improved performance, scalability and reliability as compared to other next generation filesystems. Additionally, we aim to improve upon the state of the art in a number of areas such as extensibility, which will aid in development in other areas that have historically had to reinvent technology that already exists in local filesystems (distributed systems), repairability (online check and repair, self healing), and ease and correctness of development with the use of Rust.

>> Read more about bcachefs

Betrusted OS — An embedded OS for cryptographic devices

Betrusted OS will underpin the Betrusted ecosystem, and will enable secure process isolation. It will be written a safe systems language - namely Rust - to ensure various components are free from common programming pitfalls and undefined behavior. Unlike modern operating systems that trade security for speed, the Betrusted OS will prioritize security and isolation over performance. For example, it will be a microkernel that utilizes message passing and services rather than a monolithic kernel with modules. Unlike other deeply-embedded operating systems, it will require an MMU, and support multiple threads per process. This will let us add features such as service integrity and signature verification at an application level.

>> Read more about Betrusted OS

Betrusted software — A minimalist and secure OS for embedded communication devices

The Betrusted software project utilizes the strongly typed Rust programming language to build the first applications and libraries for the open hardware Betrusted.io project. Betrusted is pioneering a new class of open hardware communications device, with a grant by NGI Zero. The project will set up a virtual environment for betrusted (e.g. QEMU / RISC-V) in order to develop and test software as close to target as possible and unlock community collaboration and contributions. The second main task in the project is to write a Matrix protocol command line client in order to analyze the memory characteristics in the highly constrained betrusted environment. The additional time is to be allocated to development support for the Bestrusted OS, develop glue layers and verify necessary interfaces for applications, provide unit/integration tests and develop (test) applications for it.

>> Read more about Betrusted software

Anchorboot — Pre-built UEFI replacement firmware for ARM-based ChromeOS devices using coreboot/U-Boot

Despite their bad reputation as walled-garden systems, ChromeOS devices have huge potential to be FOSS-friendly as most things that make them work are published as free software. However, they use custom platform firmware purpose-built to boot their operating system with non-standard boot mechanisms, whose limitations make it significantly hard to run other OSes on these devices through their stock firmware, stifling this potential.

Anchorboot is a new platform firmware distribution for ARM-based ChromeOS devices using coreboot and U-Boot, with the aim to make it easy to install and use conventional Linux distributions on them through UEFI support. As part of this effort, we will first improve and extend integration between both projects to the ARM architectures, then work on a selection of Chromebooks to fix any issues and to port device drivers to either project where necessary. As each board's work is complete, we will prepare and distribute pre-built, tested firmware images ready to be flashed on these boards along with sources, instructions on how to use the images, and other documentation relevant to the devices.

>> Read more about Anchorboot

Cloud hosting service portability — Service portability for cloud hosting platforms

Configurious Monk or cMonk is a combination of a configuration portal and a set of deterministically configured services that can be used to provide ‘common internet services’ like DNS, E-mail, Matrix, Mastodon, Pixelfed, eduVPN, Nextcloud and more. cMonk's intended use is in large scale cloud deployments, intended for thousands or even millions of users. It is not intended for use in self-hosting situations, but might still be used that way.

The whole project is meant as a service-platform for 'at scale' operatoins, so we are specifically aiming at 24x7x365 availability which requires redundancy and automatic fail-overs everywhere. Configurious Monk is easy to use, and focuses on being ‘out of the way’ of the user. One of its key features is that it lets the user be in complete control. The ultimate form of control being that you can export all your data and configuration and take it elsewhere. Full service portability is the goal. It uses NixOS and the Nix package manager as its base and has an API that can be used to connect the configuration panel to other services.

>> Read more about Cloud hosting service portability

Converged Security Suite Improvements — Open source tooling for BIOS configuration

The Converged Security Suite has been developed as an open-source tool to provision and test systems where proprietary (and closed) Intel Security Technologies - such as "Trusted Execution Environment", "BootGuard", and "Converged BootGuard and TXT" (CBnT) - are enabled. Since this is a security-critical operation, transparent open-source tooling is needed to securely provision and test the configuration of your system within the limitations of a closed system.

However, current configuration tools are not available for technical scrutiny and only available under NDA. The same applies to test suites that validate the system and its configuration.The Converged Security Suite tries to change this by implementing an open alternative for those tools. Within this project, the team will implement Bootguard (provisioning and test suite) and add CBnT test suite support.

>> Read more about Converged Security Suite Improvements

Converged Security Suite +AMD — Add AMD support to Converged Security Suite

The Converged Security Suite has been developed as an open-source tool to provision and test systems where proprietary (and closed) Firmware Security Technologies - such as Intel "Trusted Execution Environment", Intel "BootGuard", and Intel "Converged BootGuard and TXT" (CBnT) - are enabled. Since this is a security-critical operation, transparent open-source tooling is needed to securely provision and test the configuration of your system within the limitations of a closed system.

The CSS made huge progress provisioning and testing Intel-based security mechanisms, and within this project we extend this to AMD's Platform Secure Boot, AMD's Secure Memory Encryption and AMD's Secure Encrypted Virtualization. The goal is to provide a test suite for those security mechanism in order to understand how they are configured and provide transparency into those features.

>> Read more about Converged Security Suite +AMD

GNU Guix - Cuirass — Continuous integration system for GNU Guix/Linux + Hurd

GNU Guix is a universal functional package manager and operating system which respects the freedom of computer users. The number of supported packages, almost 15.000 on 5 different architectures, is constantly increasing. With the recent efforts adding support for the GNU Hurd operating system, and the ongoing work to easily provide Guix System images for various boards, the need for a strong continuous integration system is critical.

This project aims to improve Cuirass, the GNU Guix continuous integration software to provide binary substitutes for every package or system image within the shortest time. This way, the user won't have to allocate important time and computation power resources into package building. The plan is to add to Cuirass an efficient offloading and work-balancing mechanism between build machines, an improved web interface allowing to monitor machine loads and other build related metrics. A user account section to setup customized monitoring dashboards and subscribe to build failures notifications will also be developed.

>> Read more about GNU Guix - Cuirass

Structuring the System Layer with Dataspaces — Implementing a secure and scalable system layer on mobile

The system layer is an essential but often-ignored part of an operating system, mediating between user-facing programs and the kernel. Despite its importance, the concept has only been recently recognised and has not received a great deal of attention. The novel Dataspace Model of concurrency and communication combines a small number of concepts to yield succinct expression of ubiquitous system-layer features such as service naming, presence, discovery and activation; security mechanism and policy; subsystem isolation; and robust handling of partial failure. This project will evaluate the hypothesis that the Dataspace Model provides a suitable theoretical and practical foundation for system layers, since a well-founded system layer is a necessary part of any vision of secure, securable, resilient networked personal computing.

>> Read more about Structuring the System Layer with Dataspaces

DeviceCode — Structured technical information about consumer devices

This project is about reusing crowdsourced technical data about devices. This data is useful for researchers and tinkerers, but it is typically not the data that vendors are willing to give, let alone under a license that allows reuse. Think of: chipset information, serial port layout & speeds, amount of memory, and so on. Several groups of people have collected this data in several places (mostly wikis) under an open data license, but they are hard to reuse by other projects that could be interested in this data. The goal of "DeviceCode" is to collect this information, rework it into a format that is easy to reuse by other projects without having to resort to Wiki scraping, and also clean up the data (as humans make data entry mistakes and put useful data in places where it shouldn't be), cross-correlate different sources and automatically enrich the data where possible.

>> Read more about DeviceCode

Extend EFI support in BSDs — Bring automated firmware update to BSDs

UEFI/EFI support covers boot integrity and as such has become a structural part of Linux, Windows, and other OS-es. There are a number of relevant operating systems however that are not able to benefit from this technical capability just yet. This project would fill that gap by extending EFI support to OpenBSD, NetBSD, and DragonflyBSD. This will allow proper hardware initialization as well as additional security features within those open source operating systems.

>> Read more about Extend EFI support in BSDs

Open source ESP32 802.11 MAC — Open source wifi drivers for ESP32

The ESP32 is a low-cost microcontroller with Wi-Fi connectivity. Currently, the Wi-Fi MAC layer of the ESP32 is closed-source. This project aims to change that: by reverse engineering the hardware registers and software, we can build a networking stack that is open-source up to the hardware, instead of having to use the proprietary MAC layer. This will improve security auditability, open up the possibility for features not supported in the proprietary implementation (for example, standards-compliant mesh networking), improve interoperability and make research into Wi-Fi networks with lots of nodes more affordable.

>> Read more about Open source ESP32 802.11 MAC

Fobnail — Remote attestation delivered locally

The Fobnail Token is a tiny open-source hardware USB device that provides a means for a user/administrator/enterprise to determine the integrity of a system. To make this determination, Fobnail functions as an attestor capable of validating attestation assertions made by the system. As an independent device, Fobnail provides a high degree of assurance that an infected system cannot influence Fobnail as it inspects the attestations made by the system. Fobnail software is an open-source implementation of the iTurtle security architecture concept presented at HotSec07; in addition, it will leverage industry standards like TCG D-RTM trusted execution environment and IEFT RATS. The Fobnail project aims to provide a reference architecture for building offline integrity measurement servers on the USB device and clients running in Dynamically Launched Measured Environments (DLME). It allows the Fobnail owner to verify the trustworthiness of the running system before performing any sensitive operation. Fobnail does not need an Internet connection what makes it immune to the network stack and remote infrastructure attacks. It brings the power of solid system integrity validation to the individual in a privacy-preserving solution.

>> Read more about Fobnail

fwupd — Automatic Firmware updates for BSD operating systems

Security holes in the equipment we run are discovered all the time, and firmware is continuously upgraded as a result. But how do users discover what they need to upgrade to protect themselves? The goal of the "fwupd/LFVS integration in the BSD distributions" is to reuse the effort done by the fwupd/LVFS project and make it available in the BSD-based systems as well. The fwupd is available on Linux-based systems since 2015. It is an open-source daemon for managing the installation of firmware updates from LVFS. The LVFS (Linux Vendor Firmware Service) is a secure portal which allows hardware vendors to upload firmware updates. Over the years, some major hardware vendors (e.g. Dell, HP, Intel, Lenovo) have been uploading their firmware images to the LVFS so they can be later installed on the Linux-based systems. The integration of the fwupd in the BSD-based systems would allow reusing the well-established infrastructure so more users can take advantage of it.

>> Read more about fwupd

Gash — Port Gash to GNU Mes for auditable bootstrap

For several years, the GNU Guix project has been reducing the amount of unauditable binary blobs used in bootstrapping its operating system, through efforts such as GNU Mes. This is needed to avoid "reproducibly malicious" behaviour within the software toolchain.

Gash is a POSIX-compatible shell written in Guile Scheme. Gash provides both the traditional shell interface, as well as a Guile library for parsing shell scripts. Once this project is completed, Guix (and other operating systems) can be bootstrapped from legible source, without depending on already compiled compilers or C standard libraries. This will allow to move step by step from a minimal Scheme interpreter to full-blown modern scheme dialects to subsequently much more advanced features and optimisations required during the bootstrap.

>> Read more about Gash

Genealogos — Nix to SBOM generator targeting the CycloneDX format

With the increasing importance of understanding the software supply chain, both for security and legal purposes, it has become necessary to provide users, administrators, and developers with an accurate picture of what's in the software they use. Like with any bookkeeping task, doing that manually is cumbersome and hard to keep up to date. The better course of action is to use the information encoded within functional package management tools like Nix. With Genealogos you can generate a compliance-ready CycloneDX Software Bill of Materials (SBOM) for any package available in the nixpkgs repository or in fact from any nix flake -- and automatically keep it up to date.

>> Read more about Genealogos

Genodepkgs — When Genode and Nixpkgs meet

The past decade has seen substantial improvements in the field of operating systems that have raised the standards for building high-assurance and security-critical systems. Unfortunately this technology is rarely utilized by smaller organizations and private users due to the cost of retooling, reconfiguring, and the lack of continuity between OS communities.

The Genode OS framework is a free-software toolkit of components that can be used to construct custom operating systems from a trusted codebase of drastically reduced complexity. Genodepkgs is an extension to the Nix package collection that integrates the Genode toolkit. This package collection, or Nixpkgs, is one of the most comprehensive collections of readily deployable software to date, and contains within it the NixOS Linux distribution. By extending the collection to cover Genode, a new diversity of operating systems can be realized using the variety of microkernels, device drivers, and utilities provided by Genode, as well as hybrid systems composed of an isolating Genode base layer and virtualized NixOS guests. Making such compositions possible by reusing the methods of NixOS can bridge the divide between contemporary Linux system administration and next-generation operating system developments.

>> Read more about Genodepkgs

GNU Mes — Help create an operating system we can trust

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library. The Mes bootstrap has halved the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security. That reduction was achieved by replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. After three years of volunteer work this funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

>> Read more about GNU Mes

GNU Mes on ARM — Trustworthy bootstrap for operating systems on ARM ISA

>> Read more about GNU Mes on ARM

Full-source GNU Mes on ARM and RISC-V — Expand full-source bootstrap to other CPU platforms

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large binary blobs of several 100s of megabytes, which (incredibly so!) is common practice for the software supply chains in use today. While these days users can reproducibly build software with modern functional package managers like Guix and Nix, the presence of potentially toxic code in these unauditable blobs or the propagation into binaries cannot be excluded. Users have no technical assurance that the executable they use corresponds with the source code - or whether the tool chain which compiled the source code introduce weaknesses or undefined behaviour. By making the toolchain 'bootstrappable' (as per bootstrappable.org), users can verify themselves for every step what happens - in the case of GNU Mes from one tiny (and orders of magnitude more easily verifiable) 357-byte file upwards. The final goal is to help create a "full source" bootstrap for any interested UNIX-like operating system and any type of architectures. In this project the project will add ARM and RISC-V, with other architectures on the roadmap.

>> Read more about Full-source GNU Mes on ARM and RISC-V

GNU Mes: Full Source bootstrap —

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions.

Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library.

The Mes bootstrap has greatly reduced the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security.

That reduction (from ~250MB to ~60MB) was achieved by first replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The second step was funded by NLnet (https://nlnet.nl/project/GNUMes) and replaced GNU Awk, GNU Bash, the GNU Core Utilities, GNU Grep, GNU Gzip, GNU SED, and GNU Tar with a more mature Mes, Gash and Gash-Utils.

The final goal is to help create a full source bootstrap for any interested UNIX-like operating system and non-intel architectures (see https://nlnet.nl/project/GNUMes-arm) This funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

>> Read more about GNU Mes: Full Source bootstrap

GNU Mes RISC-V — Bringing the trustworthy bootstrap to RISC-V

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme that comes with a small, bootstrappable C library. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. This funding will enable GNU Mes to work on the RISC-V platform, an instruction set architecture (ISA) that is provided under open licenses. Combining GNU Mes with an open ISA will provide an extra level of security and trust by extending the auditability of the system from the software to also the hardware.

RISC-V is a relatively new architecture so this effort requires the backport of many tools that were already available for GNU Mes in other architectures. Also the modular nature of RISC-V makes it an specially complex bootstrap target, because it needs to support all the possible RISC-V implementations. This project aims to overcome the current limitations to prepare GNU Mes and all the associated projects for a full RISC-V port.

>> Read more about GNU Mes RISC-V

RISC-V bootstrapping effort via GNU Mes — Allow bootstrapping Guix on RISC-V via GNU Mes

This project is a continuation of several previous modest effort that each made good steps in bringing the GNU Mes project to the quickly growing ecosystem of RISC-V. RISC-V is a relatively new instruction set architecture (ISA) for computer chips, and because it obviously has its own variant of the very lowest level of instructions, adopting this new hardware platform for practical use cases requires porting of some software and tools that were already available in other architectures. Such "chip agility" makes the overall technology ecosystem more robust, creating more diversity and consumer choice.

One aspect of working towards chip agility in a trustworthy manner is aiming for a "full source bootstrap", as pioneered by GNU Mes and others on other architectures. This addresses the security concerns associated with bootstrapping an operating system using large, unauditable binary blobs, which until recently was common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme that comes with a small, bootstrappable C library.

The goal of this project is to complete the port of Mes to RISC-V, and achieve the first full source bootstrap - which is then available to use for any interested UNIX-like operating system. As a first major step towards universal adoption, the project will subsequently package the whole process and include it in Guix's commencement module.

>> Read more about RISC-V bootstrapping effort via GNU Mes

GNU Mes Tower — GNU Mes with alternative scheme implementations and WASM

GNU Mes was created to provide transparency and strong technical assurances when bootstrapping an operating system - instead of using large, unauditable binary blobs that bring the risk of "reproducibly malicious" behaviour within the software toolchain. GNU Mes provides a transparent alternative: starting from a Scheme implementation of a C compiler, and a minimal Scheme interpreter written in C, to bootstrap the full GNU toolchain capable of building the rest of all open-source software.

The GNU Mes Tower projects will add the option to stay on the "Scheme" path without having to resort to C, starting from either same minimal Scheme interpreter with a specializer as a Scheme compiler capable of generating native binaries. To achieve self-hosting, a series of bootstrapping steps will be implemented to add features to each interpretation level one-by-one, maintaining specialization to native code. The sequence of more and more capable Scheme compilers will allow operating systems like Guix to be bootstrapped without C, and move from a minimal Scheme interpreter to full-blown modern scheme dialects to allow much more advanced features and optimisations during the bootstrap.

>> Read more about GNU Mes Tower

Grate project — Linux support for Tegra 2/3/4 devices

GRATE driver started as an attempt to create a open source re-implementation of proprietary software for Nvidia’s older Tegra system-on-chips (Tegra 2, Tegra 3 and Tegra 4). Although this goal is still yet to be achieved, progress is being made and GRATE project provides a strong support for a wide variety of various devices: smartphones, tablets, convertibles, all-in-one computers — all of which based on older Tegra SoCs. Decent devices that were considered an e-waste, not even by the users, but by the vendors themselves, gain a second life with strong Linux kernel support and open source bootloader substitution.

>> Read more about Grate project

GNU Guix — Discovery of service configurations in a declarative setup

GNU Guix is a universal functional package manager and operating system which respects the freedom of computer users. It focuses on bootstrappability and reproducibility to give the users strong guarantees on the integrity of the full software stack they are running. It supports atomic upgrades and roll-backs which make for an effectively unbreakable system. This project aims to enhance multiple facets; the main three goals are: (1) distributed package distribution (e.g. over IPFS), (2) composable and programmable user configurations / services (a way to replace "dotfiles" by modules that can be distributed and serve a wide audience), (3) broaden accessibility via, among others, a graphical user interface for installation / package management.

>> Read more about GNU Guix

Guix-Daemon — Transition to a Guile implementation of the guix-daemon

GNU Guix is a transactional package manager and a distribution of the GNU system that respects user freedom. A key component in Guix is the guix-daemon, currently implemented in C++. Much of the power and flexibility of Guix comes from all of the package definitions and surrounding tooling being implemented in GNU Guile, however this doesn't extend to the guix-daemon. This difference has been a limiting factor in making changes and improvements to the way the guix-daemon works and is interacted with. The expected outcome of this project is to have a Guile implementation of the guix-daemon, and to transition to this being the default guix-daemon used. This will improve the maintainability and portability of the guix-daemon and Guix overall, as well as unlocking future improvements to the guix-daemon and connected tools.

>> Read more about Guix-Daemon

Guix Peer-to-Peer substitutes —

We have seen a lot of progress in the fields of reproducible builds and peer-to-peer storage in recent years. Today Guix project provides a complete set of tools that allows users to have complete control over their software distribution. At the same time most Guix users rely on centralized infrastructure that provides binary artifacts (also called package substitutes) for practical reasons. This project aims to develop systems that will allow Guix users to participate in a process of collaborative building of a public build artifacts cache for different architectures in a tamper resistant way with the help of verifiable build results log. We want to make collective ownership of infrastructure and means for package distribution practical and provide instruments for establishing trust relationships within developer communities.

>> Read more about Guix Peer-to-Peer substitutes

Porting Guix to Riscv64 — Port Guix software collection to Riscv64 architecture

This project will work on bringing the Rust support of GNU Guix on Riscv64 up to fully supported, with the bootstrap chain from source. It will also bring Riscv64 in Guix up to the full level of support that is expected of commonly used architectures, ready to be used in all the applications where GNU Guix is already found. Riscv64, being an Open Architecture, freely available to anyone who wants to implement processors, goes a long way towards ensuring that our future computing platforms are free of hidden backdoors. GNU Guix, being a true Free Software Operating System and compiled from source from a small bootstrap binary, with reproducibility guarantees, is as close as the computing community has come to a fully auditable software chain that makes sure all the software we run on our computers is what we intend, and nothing more. By combining the Riscv64 architecture and GNU Guix for software we can reach toward a fully secure and auditable computing platform that we might consider trusting.

>> Read more about Porting Guix to Riscv64

Tooling to improve security and trust in GNU Guix — Contextual software vulnerability discovery

GNU Guix is a universal functional package manager and operating system which respects the freedom of computer users. It focuses on boostrappability and reproducibility to give the users strong guarantees on the integrity of the full software stack they are running. It supports atomic upgrades and roll-backs which make for an effectively unbreakable system. This project aims to automate software vulnerability scanning of packaged software to protect users against possibly dangerous code.

TPM 2.0 for HEADS — TPM 2.0 support for open source BIOS replacement firmware

HEADS is an open source custom firmware for laptops that aims to provide slightly better physical security and protection for data on the system. HEADS combines physical hardening of specific hardware platforms and flash security features with custom coreboot firmware and a Linux boot loader in ROM. This moves the root of trust into the write-protected region of the SPI flash and prevents further software modifications to the bootup code. HEADS allows to verify that laptop hardware has not been tampered with in transit or in your absence (so-called evil maid attack). Until now HEADS is mostly used with older Thinkpad X230 and T430 laptops. As part of this funded project we will develop HEADS to support state of the art hardware.

>> Read more about TPM 2.0 for HEADS

Nix Integration for Hop3 — Nixify the Hop3 self-hosted cloud platform

Hop3 is an open-source orchestration platform designed to simplify the deployment and management of distributed applications across cloud and edge environments. With a focus on flexibility, security, resilience, and ease of use, Hop3 empowers developers and small organisations to take full control of their IT infrastructure and data, ensuring digital sovereignty and avoiding vendor lock-in. The project will enhance the Hop3 platform by integrating Nix, a powerful package manager known for its ability to create reproducible environments, to improve build-time flexibility and ensure consistent, reliable run-time performance. As a test bed and showcase of this integration, we will package 20 diverse and impactful F/OSS applications. Additionally, we will develop new resilience and cybersecurity features to further strengthen the platform's robustness and security.

>> Read more about Nix Integration for Hop3

Implement sound support in the Hurd — Add audio capabilities to the multiserver microkernel from GNU

The GNU Hurd is a light weight kernel (the central part of an operating system) on top of the Mach microkernel, with full POSIX compatibility. The mission of the Hurd project is: to create a general-purpose kernel suitable for the GNU operating system, which is viable for everyday use, and gives users and programs as much control over their computing environment as possible. Hurd provides security capabilities like adding access to services for programs at runtime when and only while they need it, and to enable easy low-level development - like replacing a file system during runtime and real-time kernel debugging as if it were a normal program. This project adds an important feature to GNU Hurd: an audio-system with fine-grained access management to physical hardware.

>> Read more about Implement sound support in the Hurd

Ironclad — Hard real-time capable kernel written in SPARK/Ada

Ironclad is a partially formally verified, hard real-time capable kernel for general-purpose and embedded uses, written in SPARK and Ada. It is comprised of 100% free software, free in the sense that it respects the user's freedom. By providing a UNIX-like interface which ensures an easy porting process from Linux and BSD distributions, Ironclad aims to be a solution for developers searching for a security-first, resilient platform with the smallest barrier to entry.

This project will work on expanding hardware support for x86_64 Intel and AMD based systems, bringing Ironclad to RISC-V 64 bit based platforms, expanding several areas of the kernel, and work on Ironclad-based distributions.

>> Read more about Ironclad

KDE Plasma Wayland — Accessibility and advanced graphics input support for KDE Plasma Wayland

Plasma is the desktop provided by the KDE project, one of the largest and most successful open source initiatives in the world. Wayland is the successor of X11 for Unix desktops and the future for many reasons, including security and privacy. However there are some user groups that currently do not have their requirements satisfied. Some people have motor impairments of their arms/hands (such as restricted movement, tremors, or missing fingers) that make it hard or impossible to operate a traditional computer keyboard. Operating systems provide a number of options like sticky keys, slow keys, or bounce keys to accommodate for such disabilities. Another pain point is configuration of graphics tablet input devices. This includes things like mapping the tablet area to an output area, binding tablet/stylus buttons to actions, or configuring pen pressure curves. This project will implement support for these special user groups in KDE Plasma on Wayland.

>> Read more about KDE Plasma Wayland

KWin and Wayland input — Secure windowing system for KWin

When you run remote applications across the internet, you typically need a display server. Wayland is the future windowing system on Unix, a communication protocol that specifies the communication between a display server and its clients One core goal in its design was to provide a safe and secure system protecting users data and privacy. The traditional windowing system X11 does not, which means that programmes can just spy on inputs and outputs of every other programme. Making a secure system that is still usable comes with challenges. When clients need to communicate, channels of communication must be carefully designed to provide it in a secure and reliable way. One of these channels is when one client provides a virtual keyboard or input methods support (for example for CJK languages) and another client consumes the input data. The project aims at implementing communication channels for that through Wayland protocol extensions in KWin and provide test clients as well as improving the used protocol extensions upstream.

>> Read more about KWin and Wayland input

libnix — Native Nix on MS Windows

The libnix project improves the Windows support of the Nix package manager, by making nix and nix-build work natively on the Windows platform. By creating a ‘libnix’ on top of this, it will allow package managers like node, cargo, pip, and vcpkg to use Nix for building their dependencies. The effort helps bring declarative, reliable packaging systems to a wider audience.

>> Read more about libnix

Liminix — Nix-based OS for domestic WiFi routers, access points etc

Today you can reflash your broadband router with Linux (e.g. DD-WRT, OpenWRT, Tomato or variants) to provide unparalleled flexibility to do things that the manufacturer system was not capable of. However, managing this flexibility by hand is challenging, especially when keeping custom configuration in sync across devices or through version upgrades.

Liminix aims to provide an OpenWrt-style embedded Linux distribution based on the Nix language for congruent configuration management, and the Nix package system. On top of this we plan to implement seamless management of configuration and secrets across a network of Liminix devices, and robust dependency-based service/process management so that a device can respond usefully when hardware or network connectivity changes.

>> Read more about Liminix

Usability of Linux firewall userspace tools — Userspace tooling for Linux kernel Netfilter

Netfilter is the project offering the packet classification framework for GNU/Linux operating systems. Netfilter supports for stateless and stateful packet filtering, mangling, logging and NAT. Netfilter provides a rule-based language to define the filtering policy through a linear list, sets and maps. This language is domain specific and it provides a simplified programming language to express filtering policies.

Firewall operators are usually not programmers, although they are typically knowledgeable about shell scripting. Humans currently have few means to check for mistakes when elaborating filtering policies, which as a result can interact in unpredictable ways or cause performance issues - meaning one can never be sure how much they can be trusted to protect users.

Lack of correctness and inconsistencies emerge as the rule set increases in complexity. Introducing ways to assist the operator to spot these problems and to provide hints to express the filtering policies in a better way would help to improve this situation. Error reporting is another key aspect to assist humans in troubleshooting. This project aims to extend the existing tooling to introduce infrastructure to cover this aspects.

>> Read more about Usability of Linux firewall userspace tools

Verifying and documenting live-bootstrap — A reproducible, automatic, complete end-to-end bootstrap

The goal of the live-bootstrap project is to compile the necessary tools to compile Linux from a minimal binary footprint to avoid the possibility that a (binary) compiler could be used to introduce back-doors into the Linux kernel. As a user of the live-bootstrap project, one should be able to trace and review all steps and sources used. The goal of this project is to facilitate this.

>> Read more about Verifying and documenting live-bootstrap

The MacBook Liberation Project — Implement Coreboot support to various Apple devices

The MacBook Liberation Project aims to bring software freedom to the Apple MacBook by replacing its proprietary boot firmware with freedom respecting boot firmware. This will increase their longevity, privacy and security. Intel based models that are now partially compatible with coreboot will be made fully compatible with not only coreboot, but easily installable coreboot distributions like Libreboot as well. The focus will lie on support for all possible RAM and SPD configurations for these models as well as easy internal installation for end users.

>> Read more about The MacBook Liberation Project

Maemo Leste — An independent mobile operating system focused on trustworthiness

Maemo Leste aims to provide a free and open source Maemo experience on mobile phones and tablets. It is an effort to create a true FOSS mobile operating system for the FOSS community. Maemo Leste is based on GNU/Linux, and specifically - Devuan GNU/Linux. The goal is to provide a secure and modern mobile operating system that consists only of free software, obeys and respects the users' privacy and digital rights. The project also works closely with projects that aim to produce hardware that Maemo Leste and other community mobile operating systems could run on. The operating system itself takes much of its design and core components from the Nokia-developed Maemo Fremantle, while replacing any closed source software with open source software.

>> Read more about Maemo Leste

Maemo Leste Telepathy — Modernise open source real-time communications stack

In this effort project the Maemo Leste team will update the Telepathy real time communications framework (which should benefit all other users of that ramework) and add among others double ratched based OMEMO encryption to XMPP.

>> Read more about Maemo Leste Telepathy

Makatea — An x86, 64-bit Virtual Machine Monitor for the seL4, verified microkernel

The security of any software system depends on its underlying Operating System (OS). However, even compartmentalization focused OSes such as Qubes, which are "reasonably secure" depend on large trusted computing bases (e.g. hypervisors) with hundreds of thousands of lines of code. seL4 is an open-source, formally-verified microkernel that has matured and been maintained for over a decade. seL4's small size (10,000 Lines of Code) and formal verification make it an appealing base to implement a hardened, open-source, x86 64-bit Virtual Machine Monitor (VMM) on. Makatea is a new hypervisor written from the ground up, capable of paravirtualisation, Hardware-Assisted Virtualisation and device emulation. Makatea also will allow to run software originally written for other platforms wherever seL4 can be made to run - and do so in a very controlled environment.

>> Read more about Makatea

mobile-nixos — NixOS for mobile phones and tablets

The mobile-nixos project seeks to provide a coherent tool to produce configured boot images of NixOS GNU/Linux on existing mobile devices (cellphones, tablets). The goal is to provide a completely integrated mobile operating system, allowing full use of the hardware's capabilities, while empowering the user to exercise their four software freedoms to use, study, share and improve the software.

>> Read more about mobile-nixos

Mobile Test Farm — Test farm setup for aftermarket mobile operating systems

This project will deliver a useful contribution to the alternative mobile ecosystem: a physical continuous integration system that allows to connect different phones and which can be used to e.g. run regression tests for different operating systems on these devices to verify if core functionality isn't broken when e.g. a new kernel is added.

>> Read more about Mobile Test Farm

Mollymawk — Mollymawk - orchestration and management of MirageOS unikernels

Mollymawk is a deployment and orchestration tool designed to simplify the management of MirageOS unikernels and other virtual machines. In this project, we will focus on optimizing deployment, ochestration and scaling (up and down). Key enhancements we are looking at include implementing websockets, streaming services when deploying unikernel images, automated configurations (DHCP, DNS etc), support for virtual machines that are not MirageOS unikernels, mechanisms for autoupgrading unikernels with rollback options, notification of available updates, unattended updates, and managing multiple physical machines with a single mollymawk.

>> Read more about Mollymawk

Mainline Linux on ARM Chromebooks — Open firmware and standards-based boot for Mediatek MT818x/MT819x based devices

The project summary for this project is not yet available. Please come back soon!

>> Read more about Mainline Linux on ARM Chromebooks

Multisoni — Modern and efficient real-time audio playback engine

Multisoni is a versatile audio engine for all creative uses. For demanding real-time uses (such as video games, VR, live installations) there is a lack of free/libre audio authoring tools to map playback and effects to trigger events and interaction parameters, suitable for industrial purposes.

Multisoni is designed to meet this need: it manages many input sources - either samples or synthesis, with support for input plugins - source and effect patching, and rendering for a variety of output systems ranging from binaural stereo to complicated multichannel setups, drawing on existing open-source solutions for audio hardware abstraction and raw audio stream management. One of its main objectives is to put creative users - sound designers, composers - on an equal footing with developer users.

>> Read more about Multisoni

Securing NixOS services with systemd —

NixOS, with the nix package manager, provides different services that can be installed and configured in a reproducible, declarative way. But how does one know whether software sticks to what it is supposed to do, and prevent a malicious application to spy on others?

Systemd provides users with ways to specify fine-grained sandboxing options for their running service, taking advantage of the Linux kernel's security facilities. This project will improve the default configuration of the services that are available in NixOS using systemd, so that users may deploy services without granting them too much trust: the services would only have access to the parts of the system they require. From a security point of view, this limits the attack surface of the system and improves a lot of defense in depth. This also means that services wouldn't be able to snoop on all of the user's system.

To gain long-term benefits from this project, we will develop automated tools to help with finding the right configuration for a given service, and we will write documentation to help people who will want to secure other services with their task.

>> Read more about Securing NixOS services with systemd

UEFI Secure Boot support for NixOS — Add a self-sovereign root of trust as part of supply chain security

This project combines the power of the reproducible package manager Nix with the cryptographic protections of UEFI Secure Boot to provide concrete assurances about the authenticity of the software being booted into. Supply chain security works upward from a root of trust, which has to be in place before the very first bytes of code are even executed by a host’s CPU. UEFI Secure Boot helps provide this root of trust. Using UEFI Secure Boot, the host’s firmware will only boot the operating system if it is signed by a key stored in the firmware. This key may be issued by Microsoft, or in this project’s case, be generated by the user. This can help resist attacks from malware or other attacks against the system’s integrity. Obviously, when people use a commodity operating system commercially available to everyone (like Microsoft Windows) the security protection is far less and the risks are far greater than when someone generates a custom operating system with a reproducible tool like Nix. The Host and signing service will use TPM-backed attestation keys to mutually attest the authenticity of the requests.

This tool will initially support systemd-boot and uboot, however the project will be specifically designed with the intention of supporting additional bootloaders.

>> Read more about UEFI Secure Boot support for NixOS

Software vulnerability discovery — Automating discovery of software update and vulnerabilities

nixpkgs-update automates the updating of software packages in the nixpkgs software repository. It is a Haskell program. In the last year, about 5000 package updates initiated by nixpkgs-update were merged. This project will focus on two improvements: One, developing infrastructure so that the nixpkgs-update can run continuously on dedicated hardware to deliver updates as soon as possible, and Two, integrating with CVE systems to report CVEs that are addressed by proposed updates. I believe these improvements will increase the security of nixpkgs software and the NixOS operating system based on nixpkgs.

>> Read more about Software vulnerability discovery

Nominatim — Multi-lingual support in address search

Nominatim is an open-source geographic search engine (geocoder). It makes use of the data from OpenStreetMap to built up a database and API that allows to search for any place on earth and lookup addresses for any given geographic location. It is used as the main search engine on the OpenStreetMap website where it serves millions of requests per day but it can also be installed locally. You can easily set it up for a small country on your laptop. Nominatim has always aimed to be usable world-wide for any place in any language. To that end it has used generic, language-agnostic algorithms that assume a uniform data model. This has served us especially well while the OpenStreetMap database was in its early stages of development and changing fast. Now that it has matured, it is time to further improve the search experience by taking into account the particularities of different languages and the different practises when it comes to geographic addressing. We aim to restructure the part of the software that parses the place names and search queries to make it more configurable and make it easier to take into account languages and regional peculiarities.

>> Read more about Nominatim

Oils for Unix — Bringing shell environments into the 21st century

Oil is a new Unix shell. Shell languages provide an (IEEE standardised) interactive command language and interactive scripting environment used to control computer operating systems. Shell scripts are deployed and used visibly and invisibly to command or glue together different applications and control the execution of tasks. Oil is the upgrade path from traditional shells like bash to a better and more structured language and runtime. It already runs thousands of lines of unmodified POSIX compliant shell scripts (as well as bash scripts which aren't compliant), but in a safer and more reliable way.

OSH can be smoothly upgraded to YSH, a new shell language influenced by Python, Ruby, JavaScript, JSON, and YAML. YSH also offers a basic interactive shell UI, and a "headless" API for building GUIs on top of shell. Through its set of specification languages, scripts can be translated to fast C++.

Goal of this project is to implement various new builtin YSH methods and functions (Str, Dict, IO, ...), implement JSON / J8 Data languages, create a Flag parsing lib and test framework, and significantly improve documentation throughout the entire project.

>> Read more about Oils for Unix

Oil Shell — A new dialect of shell that is less error-prone

>> Read more about Oil Shell

Oil Shell — Modern shell language and runtime

Oil is a new Unix shell. Shell languages provide an (IEEE standardised) interactive command language and interactive scripting environment used to control computer operating systems. Shell scripts are deployed and used visibly and invisbly to command or glue together different applications and control the execution of tasks. Oil is the upgrade path from traditional shells like bash to a better and more structured language and runtime. It already runs thousands of lines of unmodified POSIX compliant shell scripts (as well as bash scripts which aren't compliant), but in a safer and more reliable way.

OSH can be smoothly upgraded to Oil, a new shell language influenced by Python, Ruby, JavaScript, JSON, and YAML. Oil also offers a basic interactive shell UI, and a "headless" API for building GUIs on top of shell. This project will finish the translation from statically typed Python to C++. This will let it match the speed of bash and existing shells, while offering reliable error handling, safe processing of user-supplied data, the elimination of quoting issues and better error messages and tools.

>> Read more about Oil Shell

OpenCryptoLinux — Make Linux run on OpenCryptoHW

OpenCryptoLinux aims to develop an open, secure, and user-friendly SoC template capable of running the Linux operating system, with cryptography functions running on a RISC-V processor. The processor will control a low-cost Coarse-Grained Reconfigurable Arrays (CGRAS) for enhanced security, performance, and energy efficiency. Running Linux on this SoC allows non-hardware experts to use this platform, democratizing it. This project will help build an Internet of Things (IoT) that does not compromise security and privacy. The project will be fully open-source, which guarantees public scrutiny and quality. It will use other open-source solutions funded by the NLnet Foundation, such as the RISC-V processors from SpinalHDL and the OpenCryptoHW project.

>> Read more about OpenCryptoLinux

openXC7 — Improve hardware support for open source FPGA tooling

FPGAs are reconfigurable chips capable of handling many electronic signals in parallel. They are used in network equipment like backbone switches, firewalls, video devices like surveillance cameras and radio equipment like mobile-phone base stations, radar systems and satellites to process high volumes of data with very low latency. FPGAs are also used to test digital circuit designs before they are manufactured as chips.

The functionality of FPGAs is determined by a configuration file which is loaded into the FPGA at power-on. The configuration file is usually generated from a design file by a proprietary tool provided by the manufacturer of the FPGA.

openXC7 will provide a complete set of open source tools to generate a configuration file for the widely used family of Xilinx Series 7 FPGAs from manufacturer Xilinx/AMD without having to use any proprietary tools. This will empower digital design engineers to have the guarantee that no backdoor is implemented on FPGA based devices by the proprietary design tool provided by the vendor.

The availability of the source code of the FPGA design tool will also allow anyone to come up with new use cases for FPGAs currently not possible with existing tools.

In this project the team will implement gigabit transceiver support, both for the widely used Artix7 and the Kintex7 families of devices, thus enabling complete open source network infrastructure (e.g. an open source 10 GB Ethernet switch). The second focal point will be identifying and fixing issues that arise from the community of users of the toolchain.

>> Read more about openXC7

p4-nix — Combine Programming Protocol-independent Packet Processors language with declarative Nix packaging

This project is aiming to democratize high capacity and high performance networking stacks by integrating the P4 DSL into Nix and making it easy to make an infrastructure relying on the technology by bringing up functional programming to the P4 world.

Bringing P4 to Nix gives us amazing flexibility for dealing with network devices, making it easy to deploy, make artifacts, and so on, all the while exposing it to end-users who wouldn't necessarily know or use P4 otherwise. This also gives us the opportunity to look into automated deployment of hardware based networking devices, such as FPGA targets, directly from within Nix.

>> Read more about p4-nix

Better support for display notches and cutouts in Phosh — Better custom shape screen support for Wayland

Mobile phones often have notches or cutouts in their displays (often to accommodate the camera), rounded corners or waterfalls (lower resolution areas at the edge of the screen).

The aim of this project is to propose and implement a Wayland protocol that gives applications the necessary information about these areas. This allows them to place UI elements in a sensible and visually pleasing way, color lower resolution areas properly and avoid having important information occluded.

Besides for mobile shells like Phosh this information is also important for e.g. video players and other full screen applications and out of the box support in toolkits is desirable.

postmarketOS: v23.12 and v24.06 Releases — New versions of the mobile operating system postmarketOS

postmarketOS keeps smartphones useful after they don't receive updates anymore: the original operating system gets replaced with an up-to-date lightweight open source software stack based on Alpine Linux. Oftentimes people use postmarketOS to upcycle their old smartphones to small home servers (like Raspberry Pis). While still experimental, we also work towards enabling all typical smartphone features too so postmarketOS can fully replace the original operating system. Besides extending the lifetime of smartphones, in postmarketOS we value the user's privacy, security and in general control over their own device. Unlike current mainstream smartphone operating systems, it is not needed to register an account and get tracked to use the operating system. Creating new releases allows us to keep the software stack up-to-date, to integrate important fixes, features and in general to get closer to provide a full smartphone experience.

>> Read more about postmarketOS: v23.12 and v24.06 Releases

postmarketOS — An independent mobile operating system

postmarketOS is a mobile phone operating system for phones (and other mobile devices), based on Alpine Linux. Just like desktop Linux distributions, we have a package manager and a carefully crafted repository of trustworthy and privacy focused free software that will actually serve the users and not exploit them for their data. By sharing as much code as possible between various phone models, postmarketOS scales well and it becomes feasible to maintain devices even after OEMs have abandoned them.

>> Read more about postmarketOS

postmarketOS daemons — Add modern service daemons to postmarketOS

postmarketOS keeps smartphones useful after they don't receive updates anymore: the original operating system gets replaced with an up-to-date lightweight open source software stack based on Alpine Linux. This project will add initial systemd support to postmarketOS, as well as making Pipewire the default audio server in postmarketOS. It will help switch the wifi backend to iwd by default, and design and prototype an immutable version of postmarketOS with an efficient A/B OTA mechanism with binary delta updates, and automatic rollback on failed updates.

>> Read more about postmarketOS daemons

Proper Webcam support in Qemu — Better virtualisation of camera interfaces

QEMU is one of the most popular open source machine emulators and virtualizers. It supports a wide range of architectures and is capable of emulating many types of hardware devices. Many people rely on QEMU to run alternative operating systems or even as a secure development environment.

Sometimes it is necessary to pass camera devices to the QEMU guest and make them available to the system. While it is possible to pass cameras using the generic QEMU USB host emulator, this only works with USB cameras and only makes them available to that single QEMU guest. However, many modern systems move away from USB cameras and provide other interfaces for the camera, and thus cannot be passed through.

Our solution is to use the operating system's video API instead to make the video device available. We will focus on providing proper support for the Video4Linux API to emulate a USB video device so that it works with the already existing OS drivers. With proper integration of a camera subsystem, this opens the door to supporting more camera APIs and even extending paravirtualized VirtIO devices in the future to improve video quality for next generation video devices.

>> Read more about Proper Webcam support in Qemu

Qubes OS — Bring the security of Qubes OS to people with disabilities

Qubes OS is a free and open source operating system uniquely designed to protect the security and privacy of the user. Its architecture is built to enable the user to define different security environments ("qubes") on their computer and visually manage their interaction with each other and the world. This project will improve the usability of Qubes OS by: (1) reviewing and integrating already existing community-created usability improvements, (2) implementing a localization strategy for the OS and its documentation, and (3) creating a holistic approach for improved accessibility.

>> Read more about Qubes OS

Raptor Lake Desktop — Implement open-source firmware for modern mainboards and chipsets

The Raptor Lake Desktop project aims to deliver open-source firmware support for a modern day motherboard (the MSI PRO Z690-A WIFI DDR4/DDR5 workstation/desktop), enabling users to customize and enhance their hardware. Through open-source firmware, users will have the freedom to modify and adapt the software according to their specific requirements. Building on the success of the Alder Lake Desktop initiative, this project focuses on two key goals: adding support for 13th generation Raptor Lake-S CPUs on existing boards and implementing open-source firmware support for the MSI PRO Z790-P WIFI DDR4/DDR5 boards. The project also includes the development of additional firmware features to improve system functionality and security, such as selective Option ROM loading, ESP partition scanning, power state after power fail option, PCIe Resizable BARs, and XMP memory profile selection. Through community involvement and feedback, the project aims to provide a more personalized and flexible computing experience for board owners.

>> Read more about Raptor Lake Desktop

Redox OS Unix-style Signals — Add Unix-style signal handling to Redox Operating System

Redox OS is a Unix-like microkernel based operating system written in Rust. It is intended to provide a secure and reliable alternative to Linux. Redox is continuing to add functionality to provide source-code compatibility for most Linux software. This project will provide Redox with Linux-compatible inter-process signals, including signalling to process groups, processes and threads, and improved process management.

>> Read more about Redox OS Unix-style Signals

Graphics acceleration on Replicant — Free software graphics drivers for mobile phones

The project aims to create a free software graphics stack for Replicant 9 that is compatible with OpenGL ES (GLES) 2.0 and can do software rendering with a decent performance, or GPU rendering if a free software driver is available. Replicant is a fully free software Android distribution that puts emphasis on freedom, privacy and security. It is based on LineageOS and replaces or avoids every proprietary component of the system. Replicant is so far the only distribution for smartphones that is endorsed by the Free Software Foundation as meeting the Free System Distribution Guidelines. Due to its strict commitment to software freedom, Replicant does not use the proprietary GPU drivers that shipped within other Android distributions. The project aims to put together a new graphics stack for the upcoming Replicant 9 that is GLES 2.0 capable. The project will then focus on improving the performance by fine tuning its OpenGL operations and leveraging hardware features. At last, focus will swift into the integration of the Lima driver, a free software driver for ARM Mali-4xx GPUs, which will allow to offload some GLES operations to the GPU. This will greatly increase graphics performance and thus usability.

>> Read more about Graphics acceleration on Replicant

Replicant on Guix — Reproducible build infrastructure for Replicant

The project summary for this project is not yet available. Please come back soon!

>> Read more about Replicant on Guix

Replicant on Pinephone 1.2 — Add basic support for the Pinephone 1.2 to Replicant

The goals is to first adapt support for the Pinephone and various other hardware (mainly from GLODroid), to make it generic and reusable by other Android distributions and smartphones to improve collaboration between Android distributions using mainline linux kernels.

>> Read more about Replicant on Pinephone 1.2

Finish porting Replicant to newer Android version — Alternative, free software version of Android

Replicant is the only fully free operating system for smartphones and tablets. All the other operating systems for smartphones and tablets use nonfree software to make some of the hardware components work (cellular network modem, GPS, graphics, etc). Replicant avoids that, either by writing free software replacement, by tweaking the system not to depend on it, or, as the last resort by not supporting the hardware component that depends on it. However it is based on Android 6, which is not supported anymore, thus it has way too many security issues to fix, so keeping using this version is not sustainable. This project consists in finishing to port Replicant to Android 9, which now has standardised an interface for the code that makes the hardware components work. Once done, it will also make the free software replacement automatically work on future Android versions.

Reproducible Builds — Make the build processes behind software distributions reproducible

Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.

>> Read more about Reproducible Builds

NetBSD Reproducibility — Extend Reproducibility for CTF Debugging Infos and NetBSD Image Creation

The NetBSD operating system is built from a single source code repository and supports a great variety of different hardware and CPU variants. NetBSD has a working infrastructure for being reproducible, thus you can verify eg. an install ISO to be created from an untampered repository. As NetBSD is technically always cross-compiled, it can be build on several platforms, most commonly on NetBSD itself and on Linux. This project aims to fix two issues where a Linux-based build host creates different output than a NetBSD host.

Ports using the newer GCC-12 based compiler usually use the CTF debugging format, where the binary representation (probably due to different sorting) differs between Linux and NetBSD builds. The second issue is with install image creation, where symlinks permissions and owner/permission bits from the building host leak into the image, breaking reproducibility. Both of these issues affect the widely used amd64 (usual PCs and Laptops) and arm/aarch64 (Raspberry Pi) ports.

>> Read more about NetBSD Reproducibility

Reproducible-openSUSE — Reproducible distribution of openSUSE rolling release

The Reproducible-openSUSE project is creating a proof-of-concept of a general-purpose Linux distribution based on openSUSE-Tumbleweed. By employing reproducible-builds, it allows independent verification that all its binaries correspond to the sources. This greatly reduces the amount of trust that users need to place in the build infrastructure. It is not only a proving-ground, but also a staging-area for upstreaming changes to make them useful to millions of users.

>> Read more about Reproducible-openSUSE

Robotnix — Reproducible Builds of Android with NIX

Robotnix enables a user to easily build Android (AOSP) images using the Nix package manager. AOSP projects often contain long and complicated build instructions requiring a variety of tools for fetching source code and executing the build. This applies not only to Android itself, but also to projects which are to be included in the Android build, such as the Linux kernel, Chromium webview, and others. Robotnix orchestrates the diverse build tools across these multiple projects using Nix, inheriting its reliability and reproducibility benefits, and consequently making the build and signing process very simple for an end-user.

>> Read more about Robotnix

Free and open source NPU Drivers — Libre drivers for Neural Processing Units

As of today, companies that sell components that include accelerators for machine learning workloads (NPU, TPU, DLA, etc) are generally engaged in vendor lock-in practices that interfere with the ability of their customers to freely choose their partners and adapt their software components to their own needs.

This project aims to incentivize providers of accelerating hardware to move to more fair practices by reverse engineering their hardware and writing open source implementations of the corresponding software stack, for interoperability purposes. These drivers become part of projects such as the Linux kernel and the Mesa project, and will become available to users via existing distributions such as Debian, Fedora and NixOS.

>> Read more about Free and open source NPU Drivers

Rocket CWMP — Remote governance and configuration for internet equipment

CWMP (CPE WAN Management Protocol) or TR-069 is a technical specification of a Broadband Forum designed for remote governing of a CPE. CWMP is a standardized and widely-used text-based protocol enabling communication between CPE and Auto Configuration Server (ACS).

Rocket CWMP is a modular CWMP-client capable of supporting TR-069, TR-181 and other technical reports. The project was started out of an industry gap regarding a production-ready, FOSS solution that meets the ISP requirements and the feature and security requirements of modern embedded devices. It is capable of integrating into existing solutions for automatic and remote software installation or provisioning of CPEs. The client is designed to be easily portable to different Linux platforms (OpenWrt and other Linux distributions such as Yocto, Debian, Ubuntu and others). Its modularity implies that developers can easily build new features based on their requirements. It would serve as a light weight glue between CWMP and embedded Linux software standards for configuration and statistics.

The end goal of this project would be to create and FOSS delivering mandatory remote management features in ISP ecosystem. ISPs would finally be equipped with a CWMP client that: a) is an open and extendable replacement of the closed software alternatives, b) is designed to easily include and configure various backend systems and c) allows replacing proprietary firmware and leveraging Open Source components.

>> Read more about Rocket CWMP

Security audit of Sailfish FOSS components — Analyse security of secrets, Sailfish ofono and Sailjail

Sailfish is a European mobile operating system developed by the Finnish company Jolla. This project will conduct independent security research into the Sailfish FOSS components, with a focus on its cryptography, 5G support and sandboxing of the SailfishOS operating system. The project will also compare Android and SailfishOS on their app permissions, encryption and isolation mechanisms. The researchers are not affiliated with the company behind the development of SailfishOS.

>> Read more about Security audit of Sailfish FOSS components

SpinalHDL, VexRiscv, SaxonSoc — Open Hardware System-on-Chip design framework based on SpinalHDL

The goal of SaxonSoc is to design a fully open source SoC, based on RISC-V, capable of running linux and optimized for FPGA to allow its efficient deployment on cheap and already purchasable chips and development boards. This would provide a very accessible platform for individuals and industrials to use directly or to extend with their own specific hardware/software requirements, while providing an answer to hardware trust.

Its hardware technology stack is based on 3 projects. SpinalHDL (which provides an advanced hardware description language), VexRiscv (providing the CPU design) and SaxonSoC (providing the facilities to assemble the SoC).

In this project, we will extend SpinalHDL, VexRiscv and SaxonSoc with USB, I2S audio, AES and Floating point hardware capabilities to extend the SoC applications to new horizons while keeping the hardware and software stack open.

>> Read more about SpinalHDL, VexRiscv, SaxonSoc

Secure Web Tokens for Linux — TPM 2.0 backed FIDO2/U2F tokens on Linux

This project aims to develop a systemd daemon that utilizes the TPM 2.0 security chip to provide FIDO2/U2F tokens for web browsers and operating system applications on Linux. Leveraging the ubiquitous presence of TPM2 in modern PCs, the daemon will enhance security and usability for Linux users. It will allow the integration of security chips as access tokens with web extensions, secure local passwords and HOTP/TOTP managers, and enable hardware-based lock screen authentication mechanisms.

The daemon will interface with the TPM2 chip to manage FIDO2 token generation. It includes support for the "uhid" kernel driver for button press emulation when no fingerprint reader is available for authentication. The project involves developing the daemon, ensuring seamless integration with systemd, and conducting extensive testing for functionality and security. Comprehensive documentation will be provided for setup and use, along with user guides for web extension integration. The outcome will be a robust, secure, and user-friendly solution for Linux users, elevating the baseline security and leveraging existing hardware capabilities to the fullest.

>> Read more about Secure Web Tokens for Linux

x86-64 VM Monitor for seL4 verified microkernel — Very restricted virtualized environment for higher security

The security of any software system depends on its underlying Operating System (OS). However, even OSes such as Qubes, which are "reasonably secure" depend on large trusted computing bases (e.g. hypervisors) with hundreds of thousands of lines of code. For example, the Qubes' Xen Security Advisory Tracker reports that 53/283 (18%) of Xen vulnerabilities over the last eight years affected Qubes. As a step towards facilitating the implementation of more secure, Qubes-like systems, we propose to retarget it to the seL4 microkernel. seL4 is an open-source, formally-verified microkernel that has matured and been maintained for over a decade. seL4's small size (10,000 Lines of Code) and formal verification make it an appealing Xen replacement for Qubes, however, its virtualization support is currently limited. As a first step to enabling Qubes on seL4 we will implement a hardened, open-source, x86 64-bit Virtual Machine Monitor (VMM) for the seL4 microkernel capable of hosting the core Qubes OS virtual machines.

SelfPrivacy — Reproducible self-hosting stack based on NixOS

Self-hosting can be a challenge even for a professional, let alone an unprepared user. We want to change that. SelfPrivacy is a free application that helps you set up and manage your self-hosted services. Our goal is to create an accessible tool that gives everyone an opportunity to create their own self-hosted infrastructure.

Our application supports multiple platforms and to use it, all you need is to register with a provider and copy the access token into the application. SelfPrivacy will set up the system, domain, DNS and install open source services such as E-Mail, Nextcloud, Jitsi, etc. SelfPrivacy automates the entire lifecycle: provisioning, updates, configuration changes, monitoring, backups and space management.

We encourage the use of private services that we provide, and we also develop infrastructure based on the NixOS distribution.

>> Read more about SelfPrivacy

Adding TPM Support to Sequoia PGP — Implement use of TPM 2.0 crypto hardware for OpenPGP

Protecting cryptographic keys is hard. If they are stored in a file, an attacker can exfiltrate them - even if the harddrive is encrypted at rest. A good practical solution is a hardware token like a Nitrokey, which stores keys and exposes a limited API to the host. For most end users, a token is a hassle: one needs to carry it around, it needs to be inserted, and it is not possible to work if it is left at home. And, it needs to be purchased. There is a better solution, which doesn't cost anything. A trusted computing module (TPM) is like an always-connected hardware token only more powerful (the keys can be bound to a particular OS installation, it can store nearly an unlimited number of keys, not just three) and TPMs are already present in most computers. This project will add support for TPMs to Sequoia PGP including comprehensive test suites and in-depth documentation for both software engineers: as an API and end-users as a way to use TPM bound keys through Sequoia's command-line interface (sq) for decryption and signing.

>> Read more about Adding TPM Support to Sequoia PGP

Multiprocess Mode in Servo — Speed up Servo with parallelisation

While Servo already has multi-process mode, it’s not enabled by default. The main reason is that it isn’t completely supported on every platform yet. Only Linux and macOS have full support. It also isn't tested in the WPT suite. In this project, we want to complete the feature set of multi-process mode in Servo, set it to default, and encourage other projects based on Servo (like the Verso browser) to use it, as they could massively benefit from this multi-process architecture.

>> Read more about Multiprocess Mode in Servo

SiCl4 — Tool for interactive reverse engineering of digital logic.

SiCl4 (silicon tetrachloride) is a tool for reverse-engineering digital logic designs. Starting from an FPGA bitstream or other types of netlists, this tool will assist users in interactively recovering higher-level structures. Algorithms will help with tasks such as finding shared subcircuits or identifying known patterns such as adders, counters, comparators, state machines, etc., so that the user can focus on understanding the higher-level functions of the target design. SiCl4 will be scriptable in order to allow for easy extension, and it will also integrate with the existing open-source EDA ecosystem.

>> Read more about SiCl4

Spectrum — A security through compartmentalization based operating system

Spectrum is an implementation of a security through compartmentalization based operating system, built on top of the Linux kernel. Unlike other such implementations, user data and application state will be managed centrally, while remaining isolated, meaning that the system can be backed up and managed as a whole, rather than mixed up in several dozen virtual machines. The host system and isolated environments will all be managed declaratively and reproducibly using Nix, the purely functional package manager. This will save the user the burden of maintaining many different virtual computers, allowing finer-grained resource access controls and making it possible to verify the software running across all environments. The Linux base, and a variety of isolation technologies from containers to virtual machines, will bring security through compartmentalization to a much wider range of hardware than previous implementations, and therefore make it accessible to many more people.

>> Read more about Spectrum

Spectrum Applications — Add running graphical applications to the compartmentalized desktop OS Spectrum

Spectrum is a project that aims to develop a secure, compartmentalized desktop operating system with security and usability improvements over other existing implementations. This project will improve Spectrum's support for running graphical applications. Currently, users have to manually create virtual machines by laying out a configuration directory themselves (or using a helper Nix function). Running a new application often requires some customisation work on the VM to set up the environment suitably for the application to run and defining access controls - and there is no facility to create a VM on the fly.

After this project is done, the system will be able to automatically start VMs on the fly for applications packaged as AppImages, and applications will be able to dynamically request access to files using the existing XDG Desktop Portals interface that is already implemented by major toolkits (so File→Open… will just work in unmodified applications, with the user able to select from all their files without the application being able to see them). The foundations will have been laid to go on to support applications packaged in other ways, such as Flatpak (which could be follow-up work, should this initial stage be successful).

>> Read more about Spectrum Applications

Transitioning SMM Ownership to Linuxboot — More robust defense Against Firmware Vulnerabilities

In an era marked by escalating cybersecurity threats, firmware security is one of biggest blind spots. One pervasive weakness lies in an architectural design called System Management Mode (SMM). Sometimes referred to as “Ring -2”, SMM is used by device manufacturers to interact with hardware like NVRAM, emulate hardware functionality, handle hardware interrupts or errata, and perform other functions.

The unrestricted, non-standardized control inherent to SMM implies significant security vulnerabilities. There is no shortage of Day-0 and Day-1 Firmware vulnerabilities related to SMM. Current industry practices open a wide door for cyber attacks, and the attacker can even bypass the secured OS kernel with the SMM loopholes.

This proposal introduces a novel SMM architectural design, by transitioning SMM ownership from core firmware (e.g. coreboot) to payload - in this case Linuxboot. This will leverage the robust, open-source nature of Linux’s SMM drivers, as its drivers that has been proven working very well over decades, and its open source nature made it easier for security reviews. This initiative aims to develop and universalize a secure architectural design in collaboration with chip vendors, and thus elevating the resilience and integrity of our digital ecosystem.

>> Read more about Transitioning SMM Ownership to Linuxboot

Storing Efficiently Our Software Heritage — Faster retrieval within Software Heritage

Software Heritage (https://www.softwareheritage.org) is the single largest collection of software artifacts in existence. But how do you store this in a way that you can find something fast enough, taking into account that these are billions of files with a huge spread in file sizes? "Storing Efficiently Our Software Heritage" will build a web service that provides APIs to efficiently store and retrieve the 10 billions small objects that today comprise the Software Heritage corpus. It will be the first implementation of the innovative object storage design that was designed early 2021. It has the ability to ingest the SWH corpus in bulk: it makes building search indexes an order of magnitude faster, helps with mirroring etc. The project is the first step to a more ambitious and general purpose undertaking allowing to store, search and mirror hundreds of billions of small objects.

>> Read more about Storing Efficiently Our Software Heritage

Servo Webview for Tauri — Integrated portable webview based on Servo engine into Tauri

The web ecosystem lacks a cross-platform, non-corporate controlled system for running web content. Tauri is a system for distributing cross-platform applications that relies on engines present on a system - effectively those owned by Apple, Google, and Microsoft. These permit varying levels of user control. The Servo project is a cross-platform, open source web engine.

While Servo's support for web features such as CSS and JS is still incomplete (making it difficult to rely on it for running arbitrary web content) it is actually a great match for Tauri already. This project would incorporate Servo into the Tauri project, enabling it to run applications in a consistent, open source web runtime on major desktop and mobile platforms. In doing so, the project would also identify and address the highest priority web compatibility issues in Servo, while preparing a roadmap for significant compatibility issues that remain unaddressed. Additionally, the project would identify any opportunities for reducing the binary size, supporting broad distribution of Tauri apps to as many users as possible.

>> Read more about Servo Webview for Tauri

Termux — Android terminal app and software distro/run-time

Termux is an Android app that provides a terminal emulator and a GNU/Linux distribution environment with 2000+ packages and executes programs natively on Android host OS/kernel, without any emulation or containerisation. It allows users to locally do most things that can be done on a Linux PC, like program in many languages, use text editors/IDEs, backup files, host websites and servers, and even run a full linux desktop interface.

Under the NGI Mobifree grant the following three improvements to Termux are planned to be implemented: 1) A termux-core library will be created which allows external projects to use Termux execution environment in their own apps. 2) A new APK Library File (APKLF) execution/packaging design will be implemented so that Termux can comply with security restrictions in Android 10 and newer that prevents apps from executing downloaded code. Currently Termux works by being compiled in backward compatibility mode. 3) Package sources will be patched to read paths from environment variables exported by the app, or compiled package files will be patched at install time, rather than relying on hardcoded paths in the package files to Termux rootfs.

>> Read more about Termux

Trenchboot as Anti Evil Maid — Integrate Trenchboot into Qubes OS as defense mechanism against physical compromise

Enhancing the security measures of Qubes OS is the primary objective of this initiative, which involves integrating the TrenchBoot Project into the Anti-Evil Maid (AEM) implementation. Traditional firmware security measures, such as UEFI Secure Boot and measured boot, have limitations that can be overcome by leveraging Dynamic Root of Trust (DRT) technologies and TPM 2.0.

TrenchBoot provides a secure environment for operating system launch and integrity measurements, ensuring greater protection. The project aims to extend support to both Intel and AMD hardware, addressing the current lack of TPM 2.0 support and AMD compatibility in the AEM implementation. Key objectives include implementing TPM 2.0 support in Xen, updating AEM scripts, and ensuring seamless integration with AMD hardware. The successful execution of this initiative will significantly enhance the security of Qubes OS and promote the adoption of DRT technologies in open-source and security-oriented operating systems. Thorough testing on various hardware configurations will validate the solution's effectiveness and reliability.

>> Read more about Trenchboot as Anti Evil Maid

TrenchBoot as Anti Evil Maid - UEFI boot mode support — Add UEFI to the Qubes integration of Trenchboot with AEM

Qubes OS is a free and open source operating system uniquely designed to protect the security and privacy of the user. Its architecture is built to enable the user to define different security environments ("qubes") on their computer and visually manage their interaction with each other and the world. TrenchBoot provides a secure environment for operating system launch and integrity measurements, ensuring greater protection.

The main objective of the TrenchBoot as Anti Evil Maid project is to enhance the security of Qubes OS by integrating the TrenchBoot Project with the Anti Evil Maid (AEM) implementation. Through comprehensive hardware testing, the successful execution of this initiative will promote the adoption of DRT technology in open-source and security-oriented operating systems, ensuring enhanced security for Qubes OS. This project will prioritize stability, testing, and ensuring the reproducibility of results for broader community adoption.

TrenchBoot for AMD platform in Linux kernel — Upstream TrenchBoot AMD support to the Linux kernel

TrenchBoot is a framework that allows individuals and projects to build security engines to perform launch integrity actions for their systems. Trenchboot is a unified framework to verify if bugs or vulnerabilities have compromised a system, based on dynamic RTM (DRTM). The framework builds upon Boot Integrity Technologies (BITs) that establish one or more Roots of Trust (RoT) from which a degree of confidence that integrity actions were not subverted is derived.

A previous effort successfully developed support for DRT technologies for AMD platforms in the Linux kernel. This project intends to upstream TrenchBoot support to the mainline Linux kernel and to the widely used GRUB boot manager.

>> Read more about TrenchBoot for AMD platform in Linux kernel

Trustix — Make build logs available as publicly verifiable, tamper-proof Merkle trees

Software build infrastructure is vastly underestimated in terms of its potential security impact. When we install a computer program, we usually trust downloaded software binaries. But even in the case of open source software: how do we know that we aren't installing something malicious which is different from the source code we are looking at - for instance to put us in a botnet or siphon away cryptocurrencies? Typically, we have confidence in the binaries we install because we get them from a trusted provider. But once the provider itself is compromised, the binaries can be anything. This makes depending on individual providers a single point of failure in a software supply chain. Trustix is a tool that compares build outputs across a group of providers - it decentralizes trust. Multiple providers independently build the software, each in their own isolated environment, and then can vouch for the content of binaries that are the outcome of reproducible builds - while non-reproducible builds can be automatically detected.

In this project the team will work on further enabling trust delegation, by offloading log verification to trusted third parties - heavily inspired by the Delegated Proof of Stake consensus algorithm. It will bring Trustix into the Nix and the Guix ecosystems that are most amenable to Trustix' approach. The ultimate goal is for Trustix to integrate seamlessly into the entirely decentralized software supply chain so we can securely distribute software without any central corruptible entity.

>> Read more about Trustix

tslib — Better configuration and callibration of touchscreen devices

tslib is somewhat older but widely used software for configuring the touchscreen of (mainly) embedded Linux devices including printers, mobile phones, etc. This nimble project concerns a bundle of improvements in terms of calibration, some accessibility research (to see if people with e.g. a tremor can be better served), and addressing a backlog of feature requests. In addition the project will use the help of NGI Zero to apply additional security scrutiny.

>> Read more about tslib

Tvix — Alternative Rust-based software build transparency

Tvix is a modern design and implementation of the Nix package manager (GPLv3). It brings a modular architecture in which components such as the build environment or package store are replaceable, which enables new use-cases and platforms. A graph-reduction evaluation model will make it possible to use Nix for package definitions and entire system configurations, its proven and tested use case, as well as for granular build definitions for individual components of software. Tvix will be fully compatible with nixpkgs, the existing package definition set for Nix, letting its users leverage more than a decade of community contributions and making it useful right out-of-the-box.

>> Read more about Tvix

Tvix-{Store/Build} — Improve store and builder component of Tvix

>> Read more about Tvix-{Store/Build}

UEFI Capsule Update for coreboot with EDK II — Implement more robust firmware updates in coreboot

UEFI capsule update is an industry-standard approach widely supported by hardware vendors, providing a secure method for delivering firmware updates. By adopting capsule update methods, the project aims to simplify the update process and enhance the user experience, providing a more reliable approach compared to complex flashrom-based updates, which are still common in the open-source firmware distributions based on coreboot. Due to security measures, OS-level access to firmware is intentionally restricted, which in turn makes it increasingly challenging to apply firmware updates from the operating system. This limitation poses difficulties in utilizing traditional flashrom-based methods for firmware updates. The expected outcomes of the project include enhanced firmware update capabilities, a simplified user experience, heightened security, and enhanced compatibility, all achieved by seamlessly integrating with fwupd, a popular firmware update management tool for Linux systems.

>> Read more about UEFI Capsule Update for coreboot with EDK II

UEFI isolation in VM from non UEFI firmware — Safer booting into UEFI-compliant operating system

UEFI is the successor to BIOS, which initialises the bare hardware of a computer before handing over to a bootloader. The UEFI specification defines the architecture of platform firmware used for booting and its interface for run-time interaction with operating systems. As such, UEFI is responsible for bootstrapping pretty much every modern computer. In the majority of cases this is done with very little transparency for users - essentially relegating this enormously responsible position to a "black box" that just blips on the screen. Unfortunately trust in vendors to live up to their huge responsibility to make this safe and robust is not always justified: quite a few issues and security vulnerabilities in the (mostly proprietary) UEFI implementations have come to the surface via real-world exploits. The key open source booting mechanisms (like coreboot and Linuxboot/u-root) are not UEFI compliant.

This project aims to close the gap in a pragmatic way: through virtualization - booting into a stripped down Linux and using the Kernel Virtual Machine (which is generally considered mature) to run the reference open source reference implentation of UEFI until it can hand over to a UEFI compliant boot loader. This is of course a security tradeoff (the early stage Linux used for virtualisation would not be able to use UEFI just yet itself in bootstrapping) , but it allows a single intervention to bridge to all different boot loaders and wholly avoid opaque proprietary ones by switching to open source ones. This also helsp to debug and assist in finding new solutions to cope with the shortcomings of native UEFI implementations.

>> Read more about UEFI isolation in VM from non UEFI firmware

Verso Views — A Functional Browser Based on Servo

Verso is a web browser based on Servo web engine. While Servo hasn’t been treated as a fully functioning browser, it is possible to build one based on it already. We plan to expand this into a formal and stable application release, eventually implementing the features, making it not just a general browser application but also a webview library for embedding purposes.

There are some missing features we still need to push into Servo. And there are also other works that require time and resources to make a barebone web engine into a stable application. We hope to take this project as a chance to finally make an individual repository using Servo as a dependency. In this way, Servo can focus on issues and features of the web engine itself. In the meantime, other chores related to the application itself can be off-loaded to other repositories and organizations.

>> Read more about Verso Views

Webview library with Verso for Tauri — Refactor parts of Verso into a WebView library

We aim to publish the Verso browser as a library in addition to the current application approach. This way other projects could use it as a dependency in their software, and render their content with it. The distribution of a shared library is a challenging set of problems (including, but not limited to bundle format, code signing, dependency linking, etc.) that we intend to solve. We also aim to find the best possible solutions to help developers use this library with ease. One of these approaches will be to integrate with Tauri as a webview backend.

>> Read more about Webview library with Verso for Tauri

video box — Affordable open hardware video-to-network

The goal of the FOSDEM video box project is to develop a cheap, compact, open hardware & free software video-to-network solution. Initial motivation came from scratching our own itch: replacing 60 bulky, costly, not entirely free boxes currently used at the https://fosdem.org conference. Several other conferences have already used the current setup successfully. We expect this number to grow in the future. The solution being free software and open hardware should make it flexible to adapt to different environments, like education. Being cheap and compact encourages experimental use in areas difficult to foresee. On the hardware side, we use the open hardware Olimex Lime2 board (EU built!) as a base. We plan an open hardware hdmi input daughterboard, iterating on a simplified prototype that helped us verify feasibility. On the software side, the core Allwinner A20 chip has attracted a lot of free and open source development already. That enables us to focus our efforts on optimising video encoding on this platform from a hdmi signal to a compact network stream.

>> Read more about video box

OpenIMSd — 4G/VoiceOverLTE support for open source mobile OSes

The OpenIMSd project aims to bring VoLTE (4G voice calls) to Qualcomm based phones (like the PinePhone) running Free Software Mobile Operating Systems including postmarketOS, Mobian, … We will create a daemon which runs in parallel to the Modem Manager, which configures the baseband via QMI and brings up all the required services to be able to place VoLTE calls.

>> Read more about OpenIMSd

Free Software Vulnerability Database — A resource to aggregate software updates

"Using Components with Known Vulnerabilities" is one of the OWASP Top 10 Most Critical Web Application Security Risks. Identifying such vulnerable components is currently hindered by data structure and tools that are (1) designed primarily for commercial/proprietary software components and (2) too dependent on the National Vulnerability Database (from US Dept. of Commerce). With the explosion of Free and Open Source Software (FOSS) usage over the last decade we need a new approach in order to efficiently identify security vulnerabilities in FOSS components that are the basis of every modern software system and applications. And that approach should be based on open data and FOSS tools. The goal of this project is create new FOSS tools to aggregate software component vulnerability data from multiple sources, organize that data with a new standard package identifier (Package URL or PURL) and automate the search for FOSS component security vulnerabilities. The expected benefits are to contribute to the improved security of software applications with open tools and data available freely to everyone and to lessen the dependence on a single foreign governmental data source or a few foreign commercial data providers.

>> Read more about Free Software Vulnerability Database

Free Software Vulnerability Database — A resource to aggregate software updates

The goal of this project is create new FOSS tools to aggregate software component vulnerability data from multiple sources, organize that data with a new standard package identifier (Package URL or PURL) and automate the search for FOSS component security vulnerabilities. The expected benefits are to contribute to the improved security of software applications with open tools and data available freely to everyone and to lessen the dependence on a single foreign governmental data source or a few foreign commercial data providers.

>> Read more about Free Software Vulnerability Database

Integration of Waydroid on mobile GNU/Linux — Run Android apps in Linux containers on mobile devices

Waydroid lets the user run Android within a container on a regular GNU/Linux system, bringing access to countless existing Android applications. This particular project aims to research and implement tighter integration between the Waydroid container and its host system in terms of hardware access (sensors, location, telephony, cameras) and desktop environment (notifications, media controls), while keeping the user in control of what and when is shared with the Android container.

>> Read more about Integration of Waydroid on mobile GNU/Linux

Wayland input method support — Better specification for Wayland input methods

As Linux distributions switch to Wayland, some functionality is still incomplete. One of them is being able to input non-Latin scripts. It is a necessity for a large portion of the world, yet it's not standardized across Wayland environments. The same text input functionality is needed for typing on mobile Linux, which, considering how many people use smartphones rather than laptops, might be even more important for Linux adoption. This project wants to bridge that gap, by continuing the effort of standardizing input-method protocols started for Phosh in Squeekboard, gtk, and wlroots.

>> Read more about Wayland input method support

Web Shell — Desktop and security environment for web apps

The WebShell project aims to define and implement a new secure dataflow and the accompanying APIs for allowing users to use their files in Web apps without authorizing the apps to access the user's file storage. At its core, WebShell consists of a container single-page application which can open remote components (primarily apps and file-system adapters) in sandboxed iframes and communicate with them through HTML5 message channels using the defined APIs. WebShell provides for file operations and the required UI (file menus, toolbars, dialogs) to support the familiar file operations (new, open, save, etc.) while apps merely implement serialization and deserialization of an individual file's content, after the user's explicit request. The project will build a fully-featured WebShell Desktop container, as well as a minimal WebShell container for testing and easy deployment of single apps. In addition, we will integrate a starter set of editor apps for common file types and a starter set of file system adapters, concentrating primarily on self-hosting and non-commercial web storage solutions like remotestorage.io and Solid storage.

>> Read more about Web Shell

XWiki — Bring wiki capabilities into the Fediverse

XWiki is a modern and extensible open source wiki platform. Up until now, XWiki had been focusing on providing the best collaboration experience and features to its users. We're now taking this to the next level by having XWiki be part of the larger federation of collaboration and social software (a.k.a. fediverse), thus allowing users to collaborate externally. XWiki is embracing the W3C ActivityPub specification. Specifically we're implementing the server part of the specification, to be able to both view activity and content happening in external services inside XWiki itself and to make XWiki's activity and content available from these other services too. A specific but crucial use case, is to allow content collaboration between different XWiki servers, sharing content and activity.

>> Read more about XWiki

xrsh — Interactive text/OS terminal inside WebXR

xrsh (xrshell) brings the FOSS-soul of unix/linux to WebXR, promoting the use of (interactive text) terminal and user-provided operating systems inside WebXR (=xrsh). Technically, xrsh is a bundle of freshly created re-usable FOSS WebXR components. These provide a common filesystem interface for interacting with WebXR, offering the well-known linux/unix toolchain including a commandline to invoke, store, edit and run WebXR utilities - regardless of their implementation. Think of it as termux for the VR/AR headset browser, which can be used to e.g. livecode (using terminal auto-completion!) for XR component (registries).

>> Read more about xrsh

ZSipOs — Open hardware for telephony encryption

ZSIPOs is a fully open source based encryption solution for internet telephony. It takes the shape of a little dedicated gadget you connect with a desktop phone. At its core the device does not have a normal chip capable of running regular software (including malware) but a so called FPGA (Field Programmable Gate Array). This means the device cannot be remotely updated (secure by design): the functionality is locked down into the chip, and the system is technically incapable of executing anything else. This means no risk of remote takeover by an attacker like with a normal computer or mobile phone connected to a network like the internet. The whole system is open hardware, and the full design is available for introspection. Normal users and security specialists get transparent access to the whole system and can easily check, what functionality is realized by the FPGA. This means anyone can verify the absence of both backdoors and bugs. ZSIPOs is designed to be fully compatible with the standard internet telephony system (SIP) which is the one used with traditional telephony numbers. The handling is done in principal by a regular internet phone (Dial, Confirm once – done). The cryptographic system is based on the standard RFC 6189 - ZRTP (with “Z” like Phil Zimmermann, the father of PGP), meaning it can also be used when using internet telephony on a laptop or mobile phone - of course without the additional guarantee of hardware isolation. There is no need to trust in an external service provider to establish the absolute privacy of speech communication. The exchange and verification of a secure key between the parties ensures end-to-end encryption, meaning that no third party can listen into the call. To that extent the device has a display to exchange security codes. The same approach can also also used for secure VPN Bridgeheads, secure storage devices and secure IoT applications and platforms. The ZSipOS approach is an appropriate answer on today security risks: it is completely decentralized, and has no dependency on central instances. It has a fully transparent design from encryption hardware to software. And it is easy to use with hundreds of millions of existing phones.

>> Read more about ZSipOs

Search

Navigate projects

By theme

Want to help?

Help us by protecting open source and its users with 5 minutes of your time.

Donate today

Your donation can help grow the future!