SPM Linux
1, computers
computers can help people to easily access and improve human knowledge,
and as a result do things to improve the quality of human life
digital circuits
in conventional digital circuits when the inputs change, the outputs can have temporary invalid values,
until they stabilize to the valid values
but for the circuit to do its job, gates with memory (registers),
must operate only when the inputs have correct values
one solution is to synchronize registers with a global clock signal
the period of clock signal is made long enough for the circuit to become stable
disadvantages of synchronous circuits:
, we have to split long operations into several smaller ones,
which can be performed in successive clock cycles (a technique known as pipelining)
otherwise the circuit would be slow and inefficient
, distributing a high'fan'out, timing'sensitive clock signal can be complicated
, electromagnetic interference at the clock frequency and its harmonics
, widely distributed clock signal takes a lot of power, and must run whether the circuit is receiving inputs or not
although "clock gating" can help to reduce some of the problems of synchronous circuits,
i think the real solution is to use asynchronous circuits
the only sane kind of asynchronous circuit which i could imagine is this:
, next to any data wire, there is a control wire which determines if the data is valid or not
, when a register wants to change its outputs, it first invalidates them,
for a duration equal to the delay of one gate
, any gate receiving an invalid input, invalidates its outputs
, this way all data which is going to change in the future, is first invalidated
, registers operate only when all inputs are valid
computer architecture
cpu, memory, peripherals, this seems to be the only practical architecture for the hardware of computers
cpu runs a sequence of simple computations, called instruction codes, one by one
compilers are special programs that generate instruction codes,
from a program written in a structured and human readable language
there is always the possibility of backdoors for closed source CPU,
especially if the boot firmware is also closed source
recently introduction of "secure execution environment" makes this situation even worse
it's a closed source, full'blown, always'running mini operating system,
with full access to the whole system (including memory and network)
furthermore they have made it practically impossible for users to disable it
this mess of a design cries out for hidden and quite sophisticated backdoors
on X86 architectures the default boot firmware on nearly all systems are closed source
flashing a CoreBoot based boot firmware is possible, but there still will be closed source parts (Intel FSP)
in addition, there is no easy way to get rid of Intel ME (or AMD PSP),
though there are some hacks to disable (but not completely remove) it:
ARM architecture is closed source too, but in most cases, the boot firmware is open source (U-Boot or EDK2)
ARM TrustZone can host an open source operating system too, apparently:
GPU with open source driver: Qualcomm/Adreno
open source CPU: RISC-V, Power ISA
boot firmware must have a read'only part and an updatable part
this way an interrupted flashing does not brick the device
also the read'only part checks the signature of the updatable part, to make sure it's not malicious
to protect the computer from physical attacks, you must:
, somehow prevent tampering with hardware
, protect boot firmware settings by a password
to prevent changing the storage device used for booting
these can make physical attacks more difficult, but keep in mind that:
physical access to a computer is root access, given enough time and resources
even with encrypted root partition, and secure boot, someone can replace RAM with a malicious chip,
that can discover the key used to encrypt the root partition (very sophisticated but not impossible)
so it's best to make computers as small as possible, so they can always be kept near the owner
the ideal computer would be a PC stick, containing a RISC-V processor, RAM and SSD,
plus a USB4 (without PCIe) port that connects to a hub
the hub:
, provides power
, has a USB dock (to connect peripherals like display and camera)
, wifi, Bluetooth, maybe even speaker and microphone
, extra ports: ethernet, audio jack, DP and HDMI
programs usually do not run directly on computer hardware
instead they run on a more sophisticated software machine (a virtual machine) called the kernel
in theory we can live without a kernel (an idea sometimes called a library operating system),
and it can be useful for some use cases (like embedded systems),
but a kernel based operating system makes developing and testing programs, much easier
Linux is a highly developed, constantly evolving, open'source kernel
2, SPM Linux
SPM Linux is a Linux based operating system, built and maintained using SPM (simple package manager)
SPM uses a simple and innovative method that unifies software building and package management
to install SPM Linux, first we need to be in a Linux system with these programs installed:
sfdisk mkfs.vfat mkfs.btrfs sed gnunet
to build packages from source, these extra programs are required too:
clang git ssh-keygen
for example you can boot into an Alpine Linux live system, and enter this at the command line:
; apk add sfdisk btrfs-progs gnunet
to build packages from source, add these too: clang git openssh-keygen
now, SPM Linux can be installed on a storage device, just by running this command (as root):
; sh spm/install.sh <arch>
if no architecture is provided, current system's architecture will be used
note that the above command must be run as root,
otherwise it just installs SPM package manager in user's home directory
to build packages from source, run this instead:
; sh spm/install.sh src <arch>
the user interface of SPM Linux is very simple
press "super" (mod+mod) or "alt+tab" to show the application launcher
press "super" or "alt+tab" again to go to previously viewed application (if any)
the first item in application launcher is "system"; it opens the system menu:
, session (lock, suspend, exit, reboot, poweroff)
, connections
, timezone
, password
, packages
to switch between windows, press "super+space" or "alt+space"
to close focused window, press "super+backspace" or "alt+escape"
the package management process is atomic
nonetheless, to have a really fail'safe system, redundant backups are necessary
so make sure to have an extra SPM Linux on a removable storage device
to run a program as root:
; sudo <command>
note that, this is not the traditional "sudo"
it opens a virtual terminal, shows the command at the top, and asks for root password,
and when "enter" is pressed, returns back to previous virtual terminal
but to actually go to this virtual terminal, and enter the root password,
one must press F8 (or F7, F6, F5)
this means that:
, a malicious program can't steal root password (eg by faking root password entry)
, to run a command as root, physical access is necessary,
because there is no other way to enter root password in a virtual terminal
for further explanation: