From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christopher Howard Subject: Re: Free firmware - A redefinition of the term and a new metric for it's measurement. Date: Fri, 10 Feb 2017 09:21:48 -0900 Message-ID: <06cfad8d-0222-1c63-522d-013ecd2e6ce8@alaskasi.com> References: <87tw8bjhqm.fsf@gmail.com> <2c7ae911-863f-4831-f024-060e5f899d3a@alaskasi.com> <87k2948d2q.fsf@gmail.com> Reply-To: Workgroup for fully free GNU/Linux distributions Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gnu-linux-libre-bounces+gldg-gnu-linux-libre=m.gmane.org@nongnu.org Sender: "gnu-linux-libre" To: David Craven , Maxim Cournoyer Cc: guix-devel , Workgroup for fully free GNU/Linux distributions List-Id: guix-devel.gnu.org On 02/10/2017 08:31 AM, David Craven wrote: > Hi Maxim > >> +1. I don't see how having blobs helps security at all. > > Well the problem I was getting at is that things are not as fixed as > they may seem. > Quoting wikipedia: > >>> Decreasing cost of reprogrammable devices had almost eliminated the market for mask ROM by the year 2000. > > Translation: ROM is not RO. > > It is not a theoretical threat, and just as dangerous as other threats > that people put a lot of effort in avoiding [0] > > I don't see how trusting the manufacturer when buying the product is > any different from trusting him down the road. I was talking about > malicious third parties. Obviously planting something in difficult to > upgrade persistent memory is a lucrative target for attackers - > manipulating firmware becomes plain uninteresting in the other case. > >> The companies that should be the rewarded are the ones that release >> firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. > >> Indeed, we ought to put our money where our mouth is, i.e. back the >> companies which are helping the cause of free software/hardware. > > I don't think they actually produce any silicon, toolchain or firmware > themselves. At least I didn't find a link to it. So they are basically > using other peoples silicon, toolchain and firmware. Giving them > credit for complying with the GPL is not quite right either. (But I > don't know who's behind the thinkpenguin and it looks like a great > accomplishement). > > To independently verify the claim that the firmware they are using is > indeed fixed, would actually require them to release both schematics > and datasheets of their designs. > > [0] https://www.wired.com/2015/02/nsa-firmware-hacking/ > Stallman did an extensive article in 2015 which I think is relevant to this discussion: https://www.gnu.org/philosophy/free-hardware-designs.en.html I don't have the schematics for TPE-R1100, though I think they would send them if I asked. It is based on the AR9331 SoC which is quite open. There was one other large chip on the board... I'll have to check what that is after I get home. -- Christopher Howard, Computer Assistant Alaska Satellite Internet 3239 La Ree Way, Fairbanks, AK 99709 907-451-0088 or 888-396-5623 (toll free) fax: 888-260-3584 mailto:christopher@alaskasi.com http://www.alaskasatelliteinternet.com