* Free firmware - A redefinition of the term and a new metric for it's measurement. @ 2017-02-03 14:37 David Craven 2017-02-03 17:40 ` Taylan Ulrich Bayırlı/Kammer 2017-02-14 12:15 ` Denis 'GNUtoo' Carikli 0 siblings, 2 replies; 25+ messages in thread From: David Craven @ 2017-02-03 14:37 UTC (permalink / raw) To: gnu-linux-libre, guix-devel Motivation: We want to be able to exercise our freedoms in all parts of our computing systems. This leads to the benefits of higher security and maintaining hardware devices after their end of life. Background: All peripheral devices work roughly the same. Host Controller Interface <-> Link Layer <-> Physical Layer The physical layer is a mixed signal circuit responsible for implementing the electrical interface of the device. The boundary between LL and PHY is a clock domain crossing. The PHY layer is implemented entirely in hardware and is fixed in silicone. The link layer is implemented either in digital logic also fixed in silicone or in complex peripherals partially in firmware. HCI <-> Microcontroller <-> Digital logic <-> PHY This leads to two models of loading the firmware that runs on the MCU. 1. The peripheral does not contain persistent storage and the firmware is loaded by the linux kernel through a standard API. 2. The peripheral contains persistent storage containing the firmware and uses a separate interface for flashing the firmware. Problem: Today as an example, a WiFi card using option 2 is considered more free than one using option 1. Implications on Security: While in the first case we can check the hash of the binary blob and be certain that the binary blob we are providing is what is running on the device, in the second case we do not even have that guarantee. A malicious party can reflash the firmware and no one would ever know. Security through obscurity is no security at all. Just as important a threat to security as a malicious party is human error. With the second model there is no simple way to fix vulnerabilities even if the vendor is aware and willing to fix it. Implications on Freedom: This also makes it much harder to write, debug and distribute free firmware if such where available. Solution: We need to encourage and allow option 1 as opposed to option 2. Hardware suggestions by the FSF should instead of focusing on a black and white - needs binary blobs or does not need binary blobs - focus on the following: 1. The firmware is freely redistributeable - allowing free software distributions to redistribute the firmware as opposed to the user having to download the firmware themselves and accept arbitrary terms and conditions. 2. The firmware can be loaded using the standard kernel api and the device does not contain any internal storage. 3. There is documentation available that enables the developement of free firmware. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-03 14:37 Free firmware - A redefinition of the term and a new metric for it's measurement David Craven @ 2017-02-03 17:40 ` Taylan Ulrich Bayırlı/Kammer 2017-02-03 18:18 ` David Craven 2017-02-14 12:15 ` Denis 'GNUtoo' Carikli 1 sibling, 1 reply; 25+ messages in thread From: Taylan Ulrich Bayırlı/Kammer @ 2017-02-03 17:40 UTC (permalink / raw) To: David Craven; +Cc: guix-devel, gnu-linux-libre David Craven <david@craven.ch> writes: > Solution: > We need to encourage and allow option 1 as opposed to option 2. > Hardware suggestions by the FSF should instead of focusing on a black > and white - needs binary blobs or does not need binary blobs - focus > on the following: > > 1. The firmware is freely redistributeable - allowing free software > distributions to redistribute the firmware as opposed to the user > having to download the firmware themselves and accept arbitrary terms > and conditions. Being freely redistributeable doesn't make a blob free software obviously, so endorsing such blobs would be out of the question as per the core principles of the FSF. Correct me if I misunderstand. > 2. The firmware can be loaded using the standard kernel api and the > device does not contain any internal storage. Sounds good. Having non-free software hidden within a hardware device is obviously no better than having the OS insert it there whenever the device is connected, as per the reasons you explained. (Assuming I understood it correctly that that's how it normally works; I'm a hardware noob. I actually thought firmware blobs are just code loaded into kernel space, like drivers. Embarrassing?) > 3. There is documentation available that enables the developement of > free firmware. Definitely yes. If I understand the situation correctly, I definitely agree that the FSF should stop being blind to proprietary software hidden within hardware devices in their endorsements. Such devices should be discouraged. But the FSF would never endorse any other proprietary software / binary blobs either, if I know anything about their principles. :-) (And I agree with those principles, to be clear.) Thanks for raising this issue. I had not heard of the trend of putting proprietary firmware directly into flash storage on hardware devices to give the illusion that they don't require binary blobs to run. Taylan ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-03 17:40 ` Taylan Ulrich Bayırlı/Kammer @ 2017-02-03 18:18 ` David Craven 2017-02-03 18:44 ` Christopher Howard 0 siblings, 1 reply; 25+ messages in thread From: David Craven @ 2017-02-03 18:18 UTC (permalink / raw) To: Taylan Ulrich Bayırlı/Kammer; +Cc: guix-devel, gnu-linux-libre Hi Taylan, > Being freely redistributeable doesn't make a blob free software > obviously, so endorsing such blobs would be out of the question as per > the core principles of the FSF. Correct me if I misunderstand. The requirements I proposed for the definition of free firmware is already more than most companies are willing to do. Any company willing to do these things should IMO get a medal pinned on their chest and not be disadvantaged. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-03 18:18 ` David Craven @ 2017-02-03 18:44 ` Christopher Howard 2017-02-03 20:12 ` David Craven 2017-02-05 22:53 ` [GNU-linux-libre] " Maxim Cournoyer 0 siblings, 2 replies; 25+ messages in thread From: Christopher Howard @ 2017-02-03 18:44 UTC (permalink / raw) To: Workgroup for fully free GNU/Linux distributions, Taylan Ulrich Bayırlı/Kammer Cc: guix-devel Hi David, I don't agree that just being given a redistributable blob is any wonderful thing. What you end up with down the road (and this is where we are now) is systems that need several (or many) blobs that only the providing company understands and controls. Usually these blobs are in control of critical or highly desirable functionality. You don't know for sure what the blobs do or whether or not they have security vulnerabilities. And sometimes the blobs come with restrict licensing allowing distribution but not allowing you to reverse engineer. For firmware development to be practical, you want more than documentation. You want source code. Also (for embedded development) you want a tool chain. You might have the source code but find it near impossible to build because you don't have a good tool chain. Yeah, with documentation, you might be able to engineer the source code and tool chain... but it might take you 3+ years, and then only if enough people are interested. And by that time no one will want the hardware anymore. This isn't a moderately annoying problem for x86, but it is a major problem for tablets, cell phones, and other embedded development. The companies that should be the rewarded are the ones that release firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. On 02/03/2017 09:18 AM, David Craven wrote: > Hi Taylan, > >> Being freely redistributeable doesn't make a blob free software >> obviously, so endorsing such blobs would be out of the question as per >> the core principles of the FSF. Correct me if I misunderstand. > > The requirements I proposed for the definition of free firmware is > already more than most companies are willing to do. Any company > willing to do these things should IMO get a medal pinned on their > chest and not be disadvantaged. > -- Christopher Howard, Computer Assistant Alaska Satellite Internet 3239 La Ree Way, Fairbanks, AK 99709 907-451-0088 or 888-396-5623 (toll free) fax: 888-260-3584 mailto:christopher@alaskasi.com http://www.alaskasatelliteinternet.com ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-03 18:44 ` Christopher Howard @ 2017-02-03 20:12 ` David Craven 2017-02-05 22:53 ` [GNU-linux-libre] " Maxim Cournoyer 1 sibling, 0 replies; 25+ messages in thread From: David Craven @ 2017-02-03 20:12 UTC (permalink / raw) To: Christopher Howard Cc: guix-devel, Workgroup for fully free GNU/Linux distributions Hi Christopher, I like to understand things. For me the most important thing is that I have the documentation available to me and can study how it works. For most modern chips there is simply no documentation available to me. But I guess you are right, even if I think that some hardware that works with linux-libre is less favorable than some that does not. Thank you for your reply. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-03 18:44 ` Christopher Howard 2017-02-03 20:12 ` David Craven @ 2017-02-05 22:53 ` Maxim Cournoyer 2017-02-10 17:31 ` David Craven 1 sibling, 1 reply; 25+ messages in thread From: Maxim Cournoyer @ 2017-02-05 22:53 UTC (permalink / raw) To: Christopher Howard Cc: guix-devel, Workgroup for fully free GNU/Linux distributions [-- Attachment #1: Type: text/plain, Size: 4182 bytes --] Hi, Christopher Howard <christopher@alaskasi.com> writes: > Hi David, I don't agree that just being given a redistributable blob is > any wonderful thing. What you end up with down the road (and this is > where we are now) is systems that need several (or many) blobs that only > the providing company understands and controls. Usually these blobs are > in control of critical or highly desirable functionality. You don't know > for sure what the blobs do or whether or not they have security > vulnerabilities. And sometimes the blobs come with restrict licensing > allowing distribution but not allowing you to reverse engineer. > +1. I don't see how having blobs helps security at all. David, you mentioned that having blobs could help manufacturers fix security issues (human errors) in their products; while true, this is a double-edged sword; it could also be used to insert spyware or whatnot, and very easily (simply release a new version of the blob for distribution, advertising it as bringing "fixes"). I think the FSF's position, as expressed in their "Respects Your Freedom" certification guidelines [0], is reasonable given the current state of things. Basically it says that "All the product software must be free software.", but grants some exceptions for software equivalent to hardware (e.g., fixed in ROM and non-upgradable) [1] and which runs on "secondary embedded processors" (which can include firmware built into I/O devices). For the time being, the hardware we use is closed. Just as we reluctantly accept to use non-free hardware for the time being, we can reluctantly accept to use non-free software which is equivalent to hardware. Whether the non-free firmware is stored as a loadable blob or in the ROM of a device doesn't change the fact that it's non-free. The subtlety is whether this firmware is used as hardware (upgradable) or software (easily replaced or extended). The later puts more control in the hands of the manufacturer, which is why the former is preferred. The RYF criteria page also states that they "want users to be able to upgrade and control the software on as many levels as possible.". In other words, a device with completely free firmware is more valued than a device with a closed firmware used as hardware, as it should be. Finally, preferring built-in, closed firmware to loadable blobs (closed firmware) could be seen as an incentive for manufacturers to release their firmware as free software (user-upgradable): releasing it as free software enables them to fix things (in a transparent manner) after the product is launched, which reduces risk (if the firmware is non-upgradable, the product could have to be recalled in case a serious problem is later found with it). > For firmware development to be practical, you want more than > documentation. You want source code. Also (for embedded development) you > want a tool chain. You might have the source code but find it near > impossible to build because you don't have a good tool chain. > The RYF criteria includes a "Compilation" (all the software must be buildable using free tools) and "Documentation", so this is at least summarily covered. > Yeah, with documentation, you might be able to engineer the source code > and tool chain... but it might take you 3+ years, and then only if > enough people are interested. And by that time no one will want the > hardware anymore. This isn't a moderately annoying problem for x86, but > it is a major problem for tablets, cell phones, and other embedded > development. > > The companies that should be the rewarded are the ones that release > firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. > Indeed, we ought to put our money where our mouth is, i.e. back the companies which are helping the cause of free software/hardware. My two cents, Maxim [0] http://www.fsf.org/resources/hw/endorsement/criteria [1] The "fixed" part is not worded directly in the RYF criteria, but from the anti-tivoization clause found in the GPLv3, I would expect that this is how they would consider the matter. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 832 bytes --] ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-05 22:53 ` [GNU-linux-libre] " Maxim Cournoyer @ 2017-02-10 17:31 ` David Craven 2017-02-10 18:21 ` Christopher Howard 0 siblings, 1 reply; 25+ messages in thread From: David Craven @ 2017-02-10 17:31 UTC (permalink / raw) To: Maxim Cournoyer Cc: guix-devel, Workgroup for fully free GNU/Linux distributions Hi Maxim > +1. I don't see how having blobs helps security at all. Well the problem I was getting at is that things are not as fixed as they may seem. Quoting wikipedia: >> Decreasing cost of reprogrammable devices had almost eliminated the market for mask ROM by the year 2000. Translation: ROM is not RO. It is not a theoretical threat, and just as dangerous as other threats that people put a lot of effort in avoiding [0] I don't see how trusting the manufacturer when buying the product is any different from trusting him down the road. I was talking about malicious third parties. Obviously planting something in difficult to upgrade persistent memory is a lucrative target for attackers - manipulating firmware becomes plain uninteresting in the other case. > The companies that should be the rewarded are the ones that release > firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. > Indeed, we ought to put our money where our mouth is, i.e. back the > companies which are helping the cause of free software/hardware. I don't think they actually produce any silicon, toolchain or firmware themselves. At least I didn't find a link to it. So they are basically using other peoples silicon, toolchain and firmware. Giving them credit for complying with the GPL is not quite right either. (But I don't know who's behind the thinkpenguin and it looks like a great accomplishement). To independently verify the claim that the firmware they are using is indeed fixed, would actually require them to release both schematics and datasheets of their designs. [0] https://www.wired.com/2015/02/nsa-firmware-hacking/ ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-10 17:31 ` David Craven @ 2017-02-10 18:21 ` Christopher Howard 2017-02-13 7:02 ` Maxim Cournoyer 0 siblings, 1 reply; 25+ messages in thread From: Christopher Howard @ 2017-02-10 18:21 UTC (permalink / raw) To: David Craven, Maxim Cournoyer Cc: guix-devel, Workgroup for fully free GNU/Linux distributions On 02/10/2017 08:31 AM, David Craven wrote: > Hi Maxim > >> +1. I don't see how having blobs helps security at all. > > Well the problem I was getting at is that things are not as fixed as > they may seem. > Quoting wikipedia: > >>> Decreasing cost of reprogrammable devices had almost eliminated the market for mask ROM by the year 2000. > > Translation: ROM is not RO. > > It is not a theoretical threat, and just as dangerous as other threats > that people put a lot of effort in avoiding [0] > > I don't see how trusting the manufacturer when buying the product is > any different from trusting him down the road. I was talking about > malicious third parties. Obviously planting something in difficult to > upgrade persistent memory is a lucrative target for attackers - > manipulating firmware becomes plain uninteresting in the other case. > >> The companies that should be the rewarded are the ones that release >> firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. > >> Indeed, we ought to put our money where our mouth is, i.e. back the >> companies which are helping the cause of free software/hardware. > > I don't think they actually produce any silicon, toolchain or firmware > themselves. At least I didn't find a link to it. So they are basically > using other peoples silicon, toolchain and firmware. Giving them > credit for complying with the GPL is not quite right either. (But I > don't know who's behind the thinkpenguin and it looks like a great > accomplishement). > > To independently verify the claim that the firmware they are using is > indeed fixed, would actually require them to release both schematics > and datasheets of their designs. > > [0] https://www.wired.com/2015/02/nsa-firmware-hacking/ > Stallman did an extensive article in 2015 which I think is relevant to this discussion: https://www.gnu.org/philosophy/free-hardware-designs.en.html I don't have the schematics for TPE-R1100, though I think they would send them if I asked. It is based on the AR9331 SoC which is quite open. There was one other large chip on the board... I'll have to check what that is after I get home. -- Christopher Howard, Computer Assistant Alaska Satellite Internet 3239 La Ree Way, Fairbanks, AK 99709 907-451-0088 or 888-396-5623 (toll free) fax: 888-260-3584 mailto:christopher@alaskasi.com http://www.alaskasatelliteinternet.com ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-10 18:21 ` Christopher Howard @ 2017-02-13 7:02 ` Maxim Cournoyer 2017-02-13 8:42 ` [GNU-linux-libre] " John Darrington 0 siblings, 1 reply; 25+ messages in thread From: Maxim Cournoyer @ 2017-02-13 7:02 UTC (permalink / raw) To: Christopher Howard Cc: guix-devel, David Craven, Workgroup for fully free GNU/Linux distributions [-- Attachment #1: Type: text/plain, Size: 3201 bytes --] Hi, Christopher Howard <christopher@alaskasi.com> writes: > On 02/10/2017 08:31 AM, David Craven wrote: >> Hi Maxim >> >>> +1. I don't see how having blobs helps security at all. >> >> Well the problem I was getting at is that things are not as fixed as >> they may seem. >> Quoting wikipedia: >> >>>> Decreasing cost of reprogrammable devices had almost eliminated the market for mask ROM by the year 2000. >> >> Translation: ROM is not RO. >> You have a point, although reading the article linked (from Wired), this kind of attack requires a lot of effort (to reverse engineer the proprietary interfaces used to reprogram the firmware of a HD). At this level of seriousness they might as well find other means to get at you, such as physically altering one of the device you use without you noticing. >> It is not a theoretical threat, and just as dangerous as other threats >> that people put a lot of effort in avoiding [0] >> They were using Windows and allowing people to shuffle USB keys. That fits strangely with "putting a lot of effort in avoiding security risks" ;). >> I don't see how trusting the manufacturer when buying the product is >> any different from trusting him down the road. I was talking about >> malicious third parties. Obviously planting something in difficult to >> upgrade persistent memory is a lucrative target for attackers - >> manipulating firmware becomes plain uninteresting in the other case. >> >>> The companies that should be the rewarded are the ones that release >>> firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. >> >>> Indeed, we ought to put our money where our mouth is, i.e. back the >>> companies which are helping the cause of free software/hardware. >> >> I don't think they actually produce any silicon, toolchain or firmware >> themselves. At least I didn't find a link to it. So they are basically >> using other peoples silicon, toolchain and firmware. Giving them >> credit for complying with the GPL is not quite right either. (But I >> don't know who's behind the thinkpenguin and it looks like a great >> accomplishement). >> Probably not themselves, but they could hire someone to work on it. I remember reading a story where ThinkPenguin had been involved in negotiating with a hardware company and played a part in having that company agree to release their firmware. Sadly I can't find that story anymore! And the company seems active in the free software community and promoting/defending values of the movement. You can have a look at their blog to see for yourself (https://www.thinkpenguin.com/blog). >> To independently verify the claim that the firmware they are using is >> indeed fixed, would actually require them to release both schematics >> and datasheets of their designs. >> >> [0] https://www.wired.com/2015/02/nsa-firmware-hacking/ >> > > Stallman did an extensive article in 2015 which I think is relevant to > this discussion: > > https://www.gnu.org/philosophy/free-hardware-designs.en.html > A recommended read for anyone interested in the idea of free hardware! Thanks for sharing. Maxim [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 832 bytes --] ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-13 7:02 ` Maxim Cournoyer @ 2017-02-13 8:42 ` John Darrington 2017-02-13 19:24 ` David Craven 0 siblings, 1 reply; 25+ messages in thread From: John Darrington @ 2017-02-13 8:42 UTC (permalink / raw) To: Maxim Cournoyer Cc: guix-devel, Workgroup for fully free GNU/Linux distributions, Christopher Howard [-- Attachment #1: Type: text/plain, Size: 1379 bytes --] On Sun, Feb 12, 2017 at 11:02:29PM -0800, Maxim Cournoyer wrote: Hi, Christopher Howard <christopher@alaskasi.com> writes: > On 02/10/2017 08:31 AM, David Craven wrote: >> Hi Maxim >> >>> +1. I don't see how having blobs helps security at all. >> >> Well the problem I was getting at is that things are not as fixed as >> they may seem. >> Quoting wikipedia: >> >>>> Decreasing cost of reprogrammable devices had almost eliminated the market for mask ROM by the year 2000. >> >> Translation: ROM is not RO. >> You have a point, although reading the article linked (from Wired), this kind of attack requires a lot of effort (to reverse engineer the proprietary interfaces used to reprogram the firmware of a HD). At this level of seriousness they might as well find other means to get at you, such as physically altering one of the device you use without you noticing. If the attacker *is* vendor who supplies the proprietary device then they would not have to reverse engineer it. -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 181 bytes --] ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-13 8:42 ` [GNU-linux-libre] " John Darrington @ 2017-02-13 19:24 ` David Craven 2017-02-13 21:21 ` [GNU-linux-libre] " Hartmut Goebel 2017-02-14 6:55 ` Maxim Cournoyer 0 siblings, 2 replies; 25+ messages in thread From: David Craven @ 2017-02-13 19:24 UTC (permalink / raw) To: John Darrington Cc: guix-devel, Workgroup for fully free GNU/Linux distributions, Maxim Cournoyer > If the attacker *is* vendor who supplies the proprietary device then they would > not have to reverse engineer it. You can always choose not to apply the vendors update. If for example the company you initially trusted with by purchasing their device gets bought by another company or you have some other reason to stop trusting it. CEO changed, their website was hacked or whatever. > A recommended read for anyone interested in the idea of free hardware! > Thanks for sharing. Don't know if you've heard of sifive [0]. If there is a startup that has the potential to create lasting change in the semiconductor industry, my money is on them... :) I should be getting one of the first riscv boards soon! [0] https://www.sifive.com/ ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-13 19:24 ` David Craven @ 2017-02-13 21:21 ` Hartmut Goebel 2017-02-13 22:48 ` David Craven 2017-02-14 6:55 ` Maxim Cournoyer 1 sibling, 1 reply; 25+ messages in thread From: Hartmut Goebel @ 2017-02-13 21:21 UTC (permalink / raw) To: guix-devel Am 13.02.2017 um 20:24 schrieb David Craven: > You can always choose not to apply the vendors update. Is the vendor always trustworthy? Think about vulnerabilities in e.g. router firmware from companies like Cisco and Juniper, which were undiscovered for a long time – and one can reasonably argue that these have been back-doors. Also Intel Chips include a lot of magic called "Intel Management Engine" (IME) or "Active Management Technology" [1]. [1] https://en.wikipedia.org/wiki/Intel_Active_Management_Technology -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible | ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-13 21:21 ` [GNU-linux-libre] " Hartmut Goebel @ 2017-02-13 22:48 ` David Craven 0 siblings, 0 replies; 25+ messages in thread From: David Craven @ 2017-02-13 22:48 UTC (permalink / raw) To: Hartmut Goebel; +Cc: guix-devel > Is the vendor always trustworthy? I agree with you. But the thing is that we already bought the device. It says on the label that the device does A and only A at time x when we bought the device. The question is do we need to add more trust than that to the equation. If we look at security as a function we are trying to maximize, we already introduced one axiom, that device does A and only A at time x. By putting the firmware in ROM instead of fixing it with a hash we are introducing a new axiom. That our previous axiom is time invariant. Also consider this: Device comes with firmware A 2015. The vendor creates an update B. In 2016 the same device comes with firmware B. You were happy with the device in 2015 but your laptop was stolen or broke. So you buy the same device in 2016. That is a hidden firmware update. How is that different than knowing that you updated your firmware? In this case you simply pretend that you have not updated your device, but the truth is - you really don't know. So the more axioms (assumptions) our security is based on - the weaker is the house of cards we are building. But I'm totally fine with burring this discussion. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-13 19:24 ` David Craven 2017-02-13 21:21 ` [GNU-linux-libre] " Hartmut Goebel @ 2017-02-14 6:55 ` Maxim Cournoyer 2017-02-14 10:41 ` [GNU-linux-libre] " David Craven 1 sibling, 1 reply; 25+ messages in thread From: Maxim Cournoyer @ 2017-02-14 6:55 UTC (permalink / raw) To: David Craven Cc: guix-devel, John Darrington, Workgroup for fully free GNU/Linux distributions [-- Attachment #1: Type: text/plain, Size: 1767 bytes --] David Craven <david@craven.ch> writes: >> If the attacker *is* vendor who supplies the proprietary device then they would >> not have to reverse engineer it. > > You can always choose not to apply the vendors update. If for example > the company you initially trusted with by purchasing their device gets > bought by another company or you have some other reason to stop > trusting it. CEO changed, their website was hacked or whatever. > Either ways, as long as it's opaque, either shipped in a (semi) fixed state or loaded at runtime, it's not auditable, so there's nothing too interesting to be discussed in regards of trust or freedom. The later at least doesn't clutter our view (and the Linux git tree) -- blobs have grown from ~10 MiB in Linux 2.6.33 [0] to 158 MiB (du -sh on a checkout of the the linux-firmware git tree [1] (pruned from its .git)) >> A recommended read for anyone interested in the idea of free hardware! >> Thanks for sharing. > > Don't know if you've heard of sifive [0]. If there is a startup that > has the potential to create lasting change in the semiconductor > industry, my money is on them... :) I should be getting one of the > first riscv boards soon! > > [0] https://www.sifive.com/ I had followed some earlier developments but had lost track recently! I'm happy to see that they have released the sources of their microcontroller chip design. Apparently the design (Apache licensed) is described using a tool/language called Chisel, which is Scala based and can generate two flavors of Verilog as well as a C++ version for simulation purposes. Interesting times! Maxim [0] https://www.fsfla.org/ikiwiki/anuncio/2010-03-Linux-2.6.33-libre.en [1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 832 bytes --] ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 6:55 ` Maxim Cournoyer @ 2017-02-14 10:41 ` David Craven 2017-02-14 17:47 ` Maxim Cournoyer 0 siblings, 1 reply; 25+ messages in thread From: David Craven @ 2017-02-14 10:41 UTC (permalink / raw) To: Maxim Cournoyer Cc: guix-devel, Christopher Howard, Workgroup for fully free GNU/Linux distributions > I had followed some earlier developments but had lost track recently! > I'm happy to see that they have released the sources of their > microcontroller chip design. It's more than a microcontroller chip design. The people behind sifive are from uc berkeley and also developed a full gcc toolchain backend, a linux port, a qemu and a clang port. They have taped out multiple chips capable of booting Linux, and are still working on putting the finishing touches on the privileged architecture spec which is an open collaborative effort of the RISCV foundation, before releasing their SoC.. The sifive developers play an important role there. Benchmarks for code size and performance show that their SoC and the ISA they developed is comparable to and out performs at least all ARM cortex-a chips with an in-order-pipeline. They also are developing and have taped out an out-of-order core. All of their developments are released as free hardware. Their specifications have enabled me to study a real world instruction set architecture, studying something like ARM or x86 - I'm sure people have looked at those manuals - are not something a beginner can study to any form of completeness, they are simply to large and too complicated. Cheers, David ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 10:41 ` [GNU-linux-libre] " David Craven @ 2017-02-14 17:47 ` Maxim Cournoyer 0 siblings, 0 replies; 25+ messages in thread From: Maxim Cournoyer @ 2017-02-14 17:47 UTC (permalink / raw) To: David Craven Cc: guix-devel, Christopher Howard, Workgroup for fully free GNU/Linux distributions [-- Attachment #1: Type: text/plain, Size: 1421 bytes --] Hi David, David Craven <david@craven.ch> writes: >> I had followed some earlier developments but had lost track recently! >> I'm happy to see that they have released the sources of their >> microcontroller chip design. > > It's more than a microcontroller chip design. The people behind sifive are > from uc berkeley and also developed a full gcc toolchain backend, a linux > port, a qemu and a clang port. > > They have taped out multiple chips capable of booting Linux, and are > still working on putting the finishing touches on the privileged architecture > spec which is an open collaborative effort of the RISCV foundation, before > releasing their SoC.. The sifive developers play an important role there. > > Benchmarks for code size and performance show that their SoC and the > ISA they developed is comparable to and out performs at least all ARM > cortex-a chips with an in-order-pipeline. > > They also are developing and have taped out an out-of-order core. All of > their developments are released as free hardware. > > Their specifications have enabled me to study a real world instruction set > architecture, studying something like ARM or x86 - I'm sure people have > looked at those manuals - are not something a beginner can study to > any form of completeness, they are simply to large and too complicated. > Impressive! Sounds like something I should look more into :) Thanks for sharing. Maxim [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 832 bytes --] ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-03 14:37 Free firmware - A redefinition of the term and a new metric for it's measurement David Craven 2017-02-03 17:40 ` Taylan Ulrich Bayırlı/Kammer @ 2017-02-14 12:15 ` Denis 'GNUtoo' Carikli 2017-02-14 18:43 ` [GNU-linux-libre] " David Craven 1 sibling, 1 reply; 25+ messages in thread From: Denis 'GNUtoo' Carikli @ 2017-02-14 12:15 UTC (permalink / raw) To: David Craven; +Cc: guix-devel, Workgroup for fully free GNU/Linux distributions On Fri, 3 Feb 2017 15:37:32 +0100 David Craven <david@craven.ch> wrote: > This leads to two models of loading the firmware that runs on the MCU. > > 1. The peripheral does not contain persistent storage and the firmware > is loaded by the linux kernel through a standard API. When using the Linux kernel, the firmwares are sometimes loaded by something else than the linux kernel: - In most Replicant devices, the modem firmware is in a separate eMMC partition in the device(Smartphone/Tablet), and it is loaded by libsamsung-ipc. - Some bootloaders such as u-boot have the ability to load some firmwares or FPGA bitstreams. > 2. The peripheral contains persistent storage containing the firmware > and uses a separate interface for flashing the firmware. This doesn't differenciate between a chip with internal non-voltaile memory, and a chip with external (potentially shared) flash chip. This can have some serious freedom privacy and security implications when the peripheral's firmware is on the same flash chip than the OS (GNU/Linux or Android/Replicant). In that case the processor running that non-free firmware can also access the OS partition. I think it is the case on some older qualcomm devices like the HTC Dream, where the modem firmware is on the same flash chip than the Android Operating system... On samsung smartphones and tablets supported by recent Replicant versions, libsamsung-ipc, which is a library that talks to the modem, loads the modem firmware. Thanks to that hardware architecture, the modem doesn't have access to the eMMC that holds the Android distribution (here Replicant). > Problem: > Today as an example, a WiFi card using option 2 is considered more > free than one using option 1. I understand the point, but let's approach the issue from another point of view to better understand its contradictions and the tradeoffs that have been made. Let's take it from a top-down perspective where the top is application software that runs on top of lower level software. Down goes deep down in the hardware, like down to how a resistor is made. If applications have to be free software (It's morally wrong not to respect the users freedom), the software that makes the hardware works also needs to be free software: - For the same reasons than applications have to be free software. - Since that software is more privileged it's very useful and important for it to be free software. - As you stated it also impacts the ability to use hardware beyond their end of life, which reduces waiste. Given the above one might wonder how deep we should go down and what is the fronteer between hardware and software. Given that even hardware and chip design has freedom privacy and security inplications it is desirable to have freedom there too. However given that we are not there I think that we need to have some criterias that are reachable. One can for instance use a computer that respects the FSF RYF criterias as of today. I am for instance using one to write this mail. My computer is not ideal though since: - Its hard disk has a non-free firmware - Its embedded controller has a non-free firmware Beside the fact that I added the tor-browser, all rest is RYF and FSDG compliant. The question for me is then how to use the acceptable/not-acceptable line to get more freedom out of it: - If redistributing (and using) non-free firmwares was: - still acceptable - not an issue in the FSDG guidelines - done in the FSDG compliant distributions Then we would probably: - Not have had the ath9k_htc firmware liberated (thanks to Thinkpenguin,Atheros and the people who made it possible) - May have more people using FSDG compliant distributions. Having the ath9k_htc firmware liberated was really really important, especially because: - The Intel WiFi cards present in many laptops require non-free firmware to work, at least with recent kernels. - Many laptop boot-firwmare(BIOS, UEFI) will refuse to boot if the user either changed the wifi card like with the default BIOS of the Lenovo Thinkpad X60 and X200, or removed it like with at least one of the HP Envy laptops. - The ath9k_htc compatible cards can still be bought and found and have been for a long time. - The ath9k_htc compatible cards supports modern-enough WiFi standards. With that we can still use WiFi by ignoring the intel wifi card and using an USB wifi card instead. There are also free software firmware to support some other peripherals such as: - Old b43 compatible wifi cards (OpenFWWF). - keyspan compatible devices. - Older atheros based USB wifi cards. - Probably few other devices. While this is really great and that each new free firmware is a great achievement and is really important, they are also crucial because we failed: - ATI GPUs are almost unusable with free software, in the best case we can load the radeon driver but do not have 3D accelerations and many of the features of that driver working because of the lack of a free firmware. - Intel WiFi cards are a pain, the user has to go buy new USB WiFi cards. I think that the solution is not to make the use and redistribution of such non-free firmwares okay, instead we should find way to make some people work to replace them with free software: - Intel WiFi Cards: The idea if and which ones can work without a non-free firmware. The easiest way to do it is to: 1) Look in h-node which intel WiFi cards work 2) Try to reproduce it and make them work with the same setup 3) Try to understand why they work 4) Try to forward-port what makes them work in recent linux-libre and send the patch upstream, to linux-libre (or linux if applicable). - Radeon GPUs: The people working on porting GNU/Linux to the Sony Playstation 4 have tools to work with radeon firmwares, and probably enough understanding and documentation to be able to create free software firmwares: https://github.com/fail0verflow/radeon-tools.git Theses are not the only hardware-related issues with reguard to free software, however they impact *a lot* of people, directly if they use FSDG distributions and harve hardware not supported by free software because of non-free firmwares, or indirectly because they cannot use such hardware or distributions. > Implications on Security: [...] Hardware design also has huge implications on security. Some busses allow access to the RAM used by the main processor, which holds the linux kenrel and other programs being executed... Preventing peripherals to access all of the memory is possible but depends on a lot of factors. With the PCI and derivated busses to work we need the following: - In the case of x86 computers, the hardware has to have an IOMMU, and that IOMMU has not to be flawed to allow PCI devices to bypass it. - The operating system needs to configure the IOMMU correctly. - In the case of AMD devices, the boot firmware(BIOS/UEFI) needs to have IVRS ACPI tables that contains part of the configuration of the IOMMU. - If the devices are enabled at boot, the boot firmware needs to setup the IOMMU before the RAM is initialized and accesible to the devices on the PCI/PCIe bus. To get more information on the availability of such feature on common computers, see https://www.qubes-os.org/hcl/ When taking security seriously, the fact that a non-free firmware is running in peripherals that can have access to the main system's RAM has to be taken into account. However I don't have a clear idea on whether it has to be dealt with within free software policies or not, and how much it is in the scope of free software. I don't think we, as the free software community, can ignore it as it means that some non-free code can take control of your computer... For instance in Replicant, we decided not to focus on devices that can permit non-free firmwares to take control of the main processor, and instead to prioritize work on devices where the hardware doesn't have any physical ways to allow a non-free firmware to access the main processor's RAM. Even if I disagree with your suggestion below, as I think it might not be the best strategy, I'll give some input nevertheless. For me the best strategy would be to have some people work on the technical issues not to have to adjust policies backward and allow more and more non-free software. If we have enough free firmwares, many GNU/Linux distributions may consider getting rid of non-free firmwares entierely. Making loadable and non-loadable firmwares policies consistent would then makes a lot of sense as it would probably have a good impact on freedom. We might also be able to leverage loadable firmwares code to make other peripherals with non-loadable-by-a-host-computer firmwares work. > 1. The firmware is freely redistributeable - allowing free software > distributions to redistribute the firmware as opposed to the user > having to download the firmware themselves and accept arbitrary terms > and conditions. Freely redistributable firmwares often have conditions that I find unacceptable. The validity of such conditions then depends on the jurisdiction you live in. Many have no-modification and no-reverse-engineering clauses. > 2. The firmware can be loaded using the standard kernel api and the > device does not contain any internal storage. You might want to consider the following alternative: - The firmware can be loaded using free software and the device does not contain any internal storage. - The firmware can be loaded using free software and the device does not contain any internal storage for code. - The firmware can be loaded using free software and the device does not contain any internal storage that can be used for other purposes than storing documented configuration data. The last two alternatives contains takes into account the storage of data such as the MAC Address and calibration data of network devices. > 3. There is documentation available that enables the developement of > free firmware. - There is sufficent documentation available to permit the development of a free firmware. - There is sufficent documentation available to permit the development of a free firmware, and to be able to understand the freedom/security/privacy implication of that hardware. The later might be interesting to: - Make sure that an IOMMU works correctly. - Have an idea of what the management engine bootrom does. - Have an idea of what a CPU does to the data during context switch. - Have an idea of the risk associated with the use of a network interface chip like the Intel e1000e: - Where is a firmware supposed to be stored, can you be sure that the card runs no firmware? - What a remote computer might be able to do to the chip? - Know if an external pc-card can access your main processor's RAM if you didn't load drivers that enable it. - Know which peripherals or busses have access to your RAM while your operating system is not started yet. - Know if a bus or device allow DMA: - Make sure that a superIO doesn't allow DMA access to the main processor's RAM in the dock connector of a laptop. - Make sure that the PCI lanes aren't exported on a dock connector of a laptop. Denis. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 12:15 ` Denis 'GNUtoo' Carikli @ 2017-02-14 18:43 ` David Craven 2017-02-14 20:11 ` Adonay Felipe Nogueira 2017-02-20 7:50 ` Denis 'GNUtoo' Carikli 0 siblings, 2 replies; 25+ messages in thread From: David Craven @ 2017-02-14 18:43 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli Cc: guix-devel, Workgroup for fully free GNU/Linux distributions Hi Denis, Thank you for your extensive feedback. > With that we can still use WiFi by ignoring the intel wifi card and > using an USB wifi card instead. I considered using this option but realized that I had a buggy thunderbolt controller in my laptop, that I can only update from a windows computer and therefore know for sure it can be modified remotely poses a much larger security issue, that I would not actually gain anything from replacing my wifi card. And besides these obvious and visible firmwares I have no clue what other non-free firmware is running on my laptop. I concluded that if I didn't know, that likely most linux-libre users didn't know either and where likely much less aware of what that could actually mean. While obviously you understand hardware and the hardware you are using, most people do not. And I think we need to make sure that people that don't - I consider myself being one of those people - can do the *best* with what we have and have the information available to us to make informed decisions. I bought my dell xps developer edition before I had any involvement with a GNU project, and I bought it because dell was actually providing at least some kind of linux support. I currently can't afford to buy a new laptop even if the one you are using is much more free. Besides I have the dream of building a replacement mainboard with a RISCV SoC for it. But that is still beyond my capabilities :) FYI: This dream mainboard would also feature a software defined radio [0] instead of a wifi card - another interesting free hardware project, although the sources have not been released yet. Another thing I found very frustrating was a conversation that I had on IRC. It went like this: Can guixsd run on a RPiv2? Yes, sure. You'll need to use vanilla linux and add some firmware, I'll show you how to do it. No thank you. I don't want to use binary blobs. I'll just use another distro until guixsd works without binary blobs. I expect that everyone recognizes the irony in that. > While this is really great and that each new free firmware is a great > achievement I agree. > When taking security seriously, the fact that a non-free firmware is > running in peripherals that can have access to the main system's RAM > has to be taken into account. > > However I don't have a clear idea on whether it has to be dealt with > within free software policies or not, and how much it is in the scope > of free software. > > I don't think we, as the free software community, can ignore it as it > means that some non-free code can take control of your computer... Yes with buggy thunderbolt controllers this is becoming a real problem. > For instance in Replicant, we decided not to focus on devices that can > permit non-free firmwares to take control of the main processor, and > instead to prioritize work on devices where the hardware doesn't have > any physical ways to allow a non-free firmware to access the main > processor's RAM. Replicant looks very interesting, especially since I owned quite a few of those nexus devices that are supported. Sadly not anymore :/ I wasn't aware that there was so much documentation available about mobile devices. How do you know all that stuff? :) Thank you for your input, David [0] https://xtrx.io/ ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 18:43 ` [GNU-linux-libre] " David Craven @ 2017-02-14 20:11 ` Adonay Felipe Nogueira 2017-02-14 20:47 ` David Craven 2017-02-20 7:50 ` Denis 'GNUtoo' Carikli 1 sibling, 1 reply; 25+ messages in thread From: Adonay Felipe Nogueira @ 2017-02-14 20:11 UTC (permalink / raw) To: guix-devel, gnu-linux-libre About that conversation involving some GuixSD user: He gave that kind of recommendation so easily? I'm shocked... Unless the conversation was cut somewhere, I didn't see indication that you wanted/want to develop free/libre replacement for the non-free software needed for RPI 2 to work. In this case, that is if he was wasn't made aware of such commitment (if it ever exists on your part), then he shouldn't have made such recommendation, according to [[http://www.gnu.org/philosophy/applying-free-sw-criteria.html]] and [[http://www.gnu.org/philosophy/is-ever-good-use-nonfree-program.html]]. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 20:11 ` Adonay Felipe Nogueira @ 2017-02-14 20:47 ` David Craven 2017-02-14 20:57 ` Christopher Howard 0 siblings, 1 reply; 25+ messages in thread From: David Craven @ 2017-02-14 20:47 UTC (permalink / raw) To: Adonay Felipe Nogueira Cc: guix-devel, Workgroup for fully free GNU/Linux distributions > About that conversation involving some GuixSD user: He gave that kind of > recommendation so easily? I'm shocked... The irony is that unless you know as much about hardware as Denis you ARE USING NON-FREE FIRMWARE. As proven by you suggestion to simply use a different distro. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 20:47 ` David Craven @ 2017-02-14 20:57 ` Christopher Howard 2017-02-14 21:01 ` David Craven 0 siblings, 1 reply; 25+ messages in thread From: Christopher Howard @ 2017-02-14 20:57 UTC (permalink / raw) To: Workgroup for fully free GNU/Linux distributions, Adonay Felipe Nogueira Cc: guix-devel Some folks are working a free firmware for Rpi2: https://wiki.debian.org/RaspberryPi2 What you say below is not necessarily true. You can buy libre systems. Of course, sometimes they cost more... but in a non-ideal world freedom sometimes comes with a price. Anyway, the point of projects like this and RYF and other libre projects is to make freedom available to everyone, even the "non-technical" folks. David, I think you need to give up wasting your time trying to convince a Gnu/Linux *Libre* list that proprietary kernel blobs are a good idea. Most people are here because they care more about freedom than getting the support of every manufacturer on the market. If you want to make headway, just register at any "Linux" forum on the web and you'll find that 80% of the people there already agree with you. On 02/14/2017 11:47 AM, David Craven wrote: >> About that conversation involving some GuixSD user: He gave that kind of >> recommendation so easily? I'm shocked... > > The irony is that unless you know as much about hardware as Denis you > ARE USING NON-FREE FIRMWARE. As proven by you suggestion to simply use > a different distro. > -- Christopher Howard, Computer Assistant Alaska Satellite Internet 3239 La Ree Way, Fairbanks, AK 99709 907-451-0088 or 888-396-5623 (toll free) fax: 888-260-3584 mailto:christopher@alaskasi.com http://www.alaskasatelliteinternet.com ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 20:57 ` Christopher Howard @ 2017-02-14 21:01 ` David Craven 2017-02-14 21:13 ` [GNU-linux-libre] " David Craven 0 siblings, 1 reply; 25+ messages in thread From: David Craven @ 2017-02-14 21:01 UTC (permalink / raw) To: Christopher Howard Cc: guix-devel, Workgroup for fully free GNU/Linux distributions, Adonay Felipe Nogueira > David, I think you need to give up wasting your time trying to convince > a Gnu/Linux *Libre* list that proprietary kernel blobs are a good idea. > Most people are here because they care more about freedom than getting > the support of every manufacturer on the market. If you want to make > headway, just register at any "Linux" forum on the web and you'll find > that 80% of the people there already agree with you. I really love guixsd and want people to use it. That's the only reason I'm trying to convince anyone of anything. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 21:01 ` David Craven @ 2017-02-14 21:13 ` David Craven 0 siblings, 0 replies; 25+ messages in thread From: David Craven @ 2017-02-14 21:13 UTC (permalink / raw) To: Christopher Howard Cc: guix-devel, Workgroup for fully free GNU/Linux distributions And to be clear I never suggested adding the raspberry pi firmware to a FSDG compliant distribution. I don't think the suggestion I made actually qualifies the raspberry pi firmware - or any current firmware for that matter. It was made to encourage hardware manufacturers that are willing to dip a toe in to becoming more open, without getting scorned for not going all the way. Anyway I'm sorry that this discussion has gotten out of hand. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-14 18:43 ` [GNU-linux-libre] " David Craven 2017-02-14 20:11 ` Adonay Felipe Nogueira @ 2017-02-20 7:50 ` Denis 'GNUtoo' Carikli 2017-02-21 12:15 ` David Craven 1 sibling, 1 reply; 25+ messages in thread From: Denis 'GNUtoo' Carikli @ 2017-02-20 7:50 UTC (permalink / raw) To: David Craven; +Cc: guix-devel, Workgroup for fully free GNU/Linux distributions On Tue, 14 Feb 2017 19:43:48 +0100 David Craven <david@craven.ch> wrote: > Hi Denis, Hi, > > > With that we can still use WiFi by ignoring the intel wifi card and > > using an USB wifi card instead. > > [Thunderbolt] poses a much larger security issue, > that I would not actually gain anything from replacing my wifi card. > And besides these obvious and visible firmwares I have no clue what > other non-free firmware is running on my laptop. While security is important, it's far from being the only reason that makes free software important. When security and freedom conflicts, I usually prefer freedom. That said, if you care about free software only for the security and privacy benefits: - With Respect Your Freedom(RYF) certified computer, firmware freedom matters a lot. - Not considering non-free firmware as an issue and having most FSDG distribution users run them would make freeing firmwares appear way less important. Most GNU/Linux users aren't even aware of hardware related freedom issues, because it just works. According to many of them the ATI GPU can be used with fully free software, and some even think that everything in their distribution is free software. This doesn't help promoting the importance of having free firmwares, and way less developers would want to work on their replacement. More broadly, users that need the hardware to work would not care anymore about free firmwares anymore either. To successfully convince Atheros to liberate the firmware of the ath9k_htc compatible chips, thinkpenguin probalby needed a valid buisness case, which probably was selling USB WiFi dongles to users that desperately wanted WiFi to work with free software. > While obviously you understand hardware and the hardware you are > using, most people do not. And I think we need to make sure that > people that don't - I consider myself being one of those people - can > do the *best* with what we have and have the information available to > us to make informed decisions. I think that not using non-free firmwares is the best decision for all users collectively. If more users and developers were taking that decisions, we would not have the issue we have here: - You have hardware that doesn't work because it requires non-free firmwares. - Many non-free firmwares aren't being replaced because there is not enough interest in replacing them, because many GNU/Linux distributions still ship non-free firmwares and it works for their developers and/or users. The more interest in free software replacement, the more probability there is to have them replaced with free software. > I bought my dell xps developer edition before I had any involvement > with a GNU project, and I bought it because dell was actually > providing at least some kind of linux support. I currently can't > afford to buy a new laptop even if the one you are using is much more > free. You may be able to find cheap or gratis laptops supported by the libreboot project but it will require you to spend time for that, with no guarantee of success. As for how cheap it can get, I bought a Lenovo Thinkpad X60 for about 50E. The downside is that, at that time, I was lucky to find it that cheap, and that its CPU is single core. Since I bought it to use it for coreboot/libreboot development/testing only, I didn't need a fast CPU. > Besides I have the dream of building a replacement mainboard > with a RISCV SoC for it. But that is still beyond my capabilities :) > FYI: This dream mainboard would also feature a software defined radio > [0] instead of a wifi card - another interesting free hardware > project, although the sources have not been released yet. RISCV is probably not yet ready to be used as a laptop SOC. However there are some microcontrollers projects with that architecture: - https://www.crowdsupply.com/onchip/open-v - https://www.crowdsupply.com/sifive/hifive1 As a side note, if you think that microcontrollers are not very useful, think again because, since you have some interest in security and probably privacy as well: - Microcontrollers can have critical security functions, as it is the case in this computer: https://www.crowdsupply.com/design-shift/orwl They can also be used for password external management. - We probably have the Hardware description language source for it under a free software license. > Another thing I found very frustrating was a conversation that I had > on IRC. It went like this: > > Can guixsd run on a RPiv2? > > Yes, sure. You'll need to use vanilla linux and add some firmware, > I'll show you how to do it. > > No thank you. I don't want to use binary blobs. I'll just use another > distro until guixsd works without binary blobs. > > I expect that everyone recognizes the irony in that. I don't. I don't see any issue with the above assuming that non-free firmwares are the only difference between the "other distro" and the free software distribution. Missleading users into thinking that they run 100% free software everywhere is not a good idea: - As a user, If I run Trisquel or Parabola, I assume that everything that this distribution ships is free software. - As a user, I don't want to have to review each package for proprietary software, this is the role of the distribution. - As a user knowing how hardware works, I however know that Trisquel or Parabola are not the only software running on my computer: - Coreboot/Libreboot runs without any blobs - The proprietary Embedded controller firmware runs. - The HDD firmware runs. - Some other firmware that I'm not aware of might run on some chips. It also depends on which laptop and peripherals I use: - If I use an X60 Tablet, it might have some touchscreen controller firmware. - If I use an external mouse, it might have a firmware too. > > While this is really great and that each new free firmware is a > > great achievement > > I agree. It would be sad not to continue freeing firmwares. Especially if more and more functionality and trust is being put in them. > > When taking security seriously, the fact that a non-free firmware is > > running in peripherals that can have access to the main system's RAM > > has to be taken into account. > > > > However I don't have a clear idea on whether it has to be dealt with > > within free software policies or not, and how much it is in the > > scope of free software. > > > > I don't think we, as the free software community, can ignore it as > > it means that some non-free code can take control of your > > computer... > > Yes with buggy thunderbolt controllers this is becoming a real > problem. Yes it is, however there are mitigations in some cases: - It might be possible to have them disabled, there might also be some other workarounds. - Thunderbolt tend to be present on recent hardware, and some of that recent hardware also have an IOMMU that can protect the RAM from DMA attacks. Note that not all recent computers supports it, see https://www.qubes-os.org/hcl/ for more details. - If you take firewire, and the firewire_ohci module, you have the following module parameter: > remote_dma:Enable unfiltered remote DMA (default = N) (bool) I didn't research yet how it works to understand what it exactly means, but some hardware, in some conditions, can mitigate such issues. > I wasn't aware that there was so much documentation available about > mobile devices. How do you know all that stuff? :) - I learned most/all that knowledge by working on Replicant and researching myself the various freedom privacy and security issues. - You can however take a huge shortcut and instead read the following: http://www.replicant.us/freedom-privacy-security-issues.php I think that documentation is really important and in many cases as much important as the sofware itself. > [0] https://xtrx.io/ You forgott to add a [0] in the mail text that points to this reference. Denis. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Free firmware - A redefinition of the term and a new metric for it's measurement. 2017-02-20 7:50 ` Denis 'GNUtoo' Carikli @ 2017-02-21 12:15 ` David Craven 0 siblings, 0 replies; 25+ messages in thread From: David Craven @ 2017-02-21 12:15 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli Cc: guix-devel, Workgroup for fully free GNU/Linux distributions > While security is important, it's far from being the only reason that > makes free software important. > When security and freedom conflicts, I usually prefer freedom. I agree here too. While security and privacy are a factor for me it's far from the most important. To me the most important is it's role in increasing computer literacy and education and how it helps small businesses to be competitive which leads to a distribution of wealth. I think it helps to remember that free software is a means to an end and focus more on the end. It is my impression that too much focus is being placed on the means. For example: All those services as software substitutes are extremely important for computer illiterates, for small businesses and for individuals that don't want to host their own mail servers etc. As an example, I doubt that it would be really that much more secure to host my own mailserver. While Snowden did make us aware that many large "cloud" service providers have had security breaches, I have not found any evidence of malice on part of many of those providers. The NSA was planting surveillance devices within and around their data centers. > I think that not using non-free firmwares is the best decision for all > users collectively. If more users and developers were taking that > decisions, we would not have the issue we have here: I understand the sentiment, but I don't think that this is an effective solution. Only because the firmware is in ROMs or a developer spent the time to reverse engineer a firmware for a device does not reward the right behavior and could actually lead to less free devices. > I don't. I don't see any issue with the above assuming that non-free > firmwares are the only difference between the "other distro" and the > free software distribution. I understand that that is the case for most FSDG distros, but guix has merit in it's own right. If we focus on the end instead of the means, guix can do a lot to increase computer literacy. > Missleading users into thinking that they run 100% free software > everywhere is not a good idea: I had the impression that a computer running linux-libre was more free than one that does not. When I realized that that was likely not actually the case and that it depended on an array of other factors I felt betrayed for having been led to believe that. > It would be sad not to continue freeing firmwares. Especially if more > and more functionality and trust is being put in them. I think that the best way to free firmwares is by creating truly free devices and firmwares. This sets an example and shows existing companies that it is actually possible to sustain a business while being open and creates the market pressure for them to release their firmwares. Again focusing on the end instead of the means, working on SDRs and their firmware is much more important than reversing an intel wifi firmware. The first can have a tremendous impact on computer literacy and for small businesses and may one day lead to truly free wifi cards, while the other "just" allows running linux-libre with intel wifi cards. I hope to not offend anyone - these are just my opinions and feelings :) David ^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2017-02-21 12:15 UTC | newest] Thread overview: 25+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-02-03 14:37 Free firmware - A redefinition of the term and a new metric for it's measurement David Craven 2017-02-03 17:40 ` Taylan Ulrich Bayırlı/Kammer 2017-02-03 18:18 ` David Craven 2017-02-03 18:44 ` Christopher Howard 2017-02-03 20:12 ` David Craven 2017-02-05 22:53 ` [GNU-linux-libre] " Maxim Cournoyer 2017-02-10 17:31 ` David Craven 2017-02-10 18:21 ` Christopher Howard 2017-02-13 7:02 ` Maxim Cournoyer 2017-02-13 8:42 ` [GNU-linux-libre] " John Darrington 2017-02-13 19:24 ` David Craven 2017-02-13 21:21 ` [GNU-linux-libre] " Hartmut Goebel 2017-02-13 22:48 ` David Craven 2017-02-14 6:55 ` Maxim Cournoyer 2017-02-14 10:41 ` [GNU-linux-libre] " David Craven 2017-02-14 17:47 ` Maxim Cournoyer 2017-02-14 12:15 ` Denis 'GNUtoo' Carikli 2017-02-14 18:43 ` [GNU-linux-libre] " David Craven 2017-02-14 20:11 ` Adonay Felipe Nogueira 2017-02-14 20:47 ` David Craven 2017-02-14 20:57 ` Christopher Howard 2017-02-14 21:01 ` David Craven 2017-02-14 21:13 ` [GNU-linux-libre] " David Craven 2017-02-20 7:50 ` Denis 'GNUtoo' Carikli 2017-02-21 12:15 ` David Craven
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.