From: Pjotr Prins <pjotr.public12@thebird.nl>
To: "Gábor Boskovits" <boskovits@gmail.com>
Cc: Guix-devel <guix-devel@gnu.org>
Subject: Re: Meltdown / Spectre
Date: Mon, 15 Jan 2018 09:07:45 +0100 [thread overview]
Message-ID: <20180115080745.GA12963@thebird.nl> (raw)
In-Reply-To: <CAE4v=pj7azvDfVPFY0D=3vEg3Hu0LBRF60S4v-VSRVt5ROFH2w@mail.gmail.com>
On Wed, Jan 10, 2018 at 03:04:44PM +0100, Gábor Boskovits wrote:
> I don't believe that making a microcode update available makes
> the situation worse. An earlier version is a non-free component
> of the system anyway. I believe, that it might well worth to
> provide the possibility to update it. I think it would be
> beneficial, if we got a singned blob for that, because you
> implicitly trust for example intel by buying their cpu, so a blob
> signed by them could also be trusted. The second thing that
> comes to my mind is to have a free tool to perform the microcode
> update, so that we can inspect, that nothing else on the system
> gets modified. I'm not very much into the microcode update
> stuff, but I think, that given the two assumptions I mentioned,
> it would be safe to provide these updates without compromising
> freedom and security more than what the current situation is.
I agree with you. The fact that we run untrusted hardware hardly gets
improved if we can't fix it ;). GNU Guix, however, by virtue of being
a GNU project is hampered by its free software credentials. We have to
do what people expect from free software.
The only way around this is to provide tooling outside GNU Guix.
Fortunately that is not too hard since microcode is independent
of the rest of the tooling. We could create a channel for this,
something to discuss at FOSDEM. Channels provide a workaround for
purely free software - one reason some of us are reluctant to
introduce them. You can see microcode patches coming for other
hardware too.
Pj.
--
next prev parent reply other threads:[~2018-01-15 8:11 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-06 13:20 What do Meltdown and Spectre mean for libreboot x200 user? Alex Vong
2018-01-06 17:23 ` Mark H Weaver
2018-01-06 17:43 ` Meltdown / Spectre Leo Famulari
2018-01-06 20:15 ` Mark H Weaver
2018-01-07 6:38 ` Mark H Weaver
2018-01-07 21:23 ` bug#30015: WebKitGTK nondeterministic build failures Mark H Weaver
2018-01-09 20:14 ` Efraim Flashner
2018-01-10 5:49 ` Leo Famulari
2020-03-22 20:40 ` Leo Famulari
2018-01-07 21:29 ` Meltdown / Spectre Mark H Weaver
2018-01-09 21:39 ` Alex Vong
2018-01-10 4:59 ` Leo Famulari
2018-01-16 10:57 ` Ludovic Courtès
2018-01-19 22:06 ` Mark H Weaver
2018-01-20 0:17 ` Leo Famulari
2018-01-21 16:26 ` Mark H Weaver
2018-01-24 14:23 ` Ludovic Courtès
2018-01-24 16:19 ` Mark H Weaver
2018-01-26 22:05 ` Mark H Weaver
2018-01-27 16:12 ` Ludovic Courtès
2018-01-10 15:00 ` ng0
2018-01-08 10:30 ` Ludovic Courtès
2018-01-10 5:27 ` Leo Famulari
2018-01-07 2:44 ` Chris Marusich
2018-01-08 17:22 ` Katherine Cox-Buday
2018-01-08 18:26 ` Marius Bakke
2018-01-08 21:51 ` Tobias Geerinckx-Rice
2018-01-08 22:01 ` Tobias Geerinckx-Rice
2018-01-09 20:13 ` Katherine Cox-Buday
2018-01-09 21:18 ` Tobias Geerinckx-Rice
2018-01-10 5:26 ` Leo Famulari
2018-01-11 19:45 ` Katherine Cox-Buday
2018-01-11 21:49 ` Adonay Felipe Nogueira
2018-01-10 10:46 ` Tobias Platen
2018-01-10 17:20 ` Leo Famulari
2018-01-10 6:43 ` Christopher Lemmer Webber
2018-01-10 18:41 ` Kei Kebreau
2018-01-16 3:58 ` Chris Marusich
2018-01-17 19:20 ` Gábor Boskovits
2018-01-14 15:11 ` Alex Vong
2018-01-09 23:10 ` Mark H Weaver
2018-01-10 5:04 ` Leo Famulari
2018-01-16 11:10 ` Ludovic Courtès
2018-01-17 2:38 ` Mike Gerwitz
2018-01-17 14:11 ` Ludovic Courtès
2018-01-10 9:36 ` Chris Marusich
2018-01-10 11:49 ` Adonay Felipe Nogueira
2018-01-10 12:35 ` Tobias Platen
2018-01-10 14:04 ` Gábor Boskovits
2018-01-12 0:25 ` Marius Bakke
2018-01-15 8:07 ` Pjotr Prins [this message]
2018-01-16 3:08 ` Mike Gerwitz
2018-01-16 10:04 ` Pjotr Prins
2018-01-12 7:39 ` Chris Marusich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180115080745.GA12963@thebird.nl \
--to=pjotr.public12@thebird.nl \
--cc=boskovits@gmail.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.