From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kei Kebreau <kkebreau@posteo.net>
Subject: Re: Meltdown / Spectre
Date: Wed, 10 Jan 2018 13:41:51 -0500
Message-ID: <87tvvtwo7k.fsf@posteo.net>
References: <874lnzcedp.fsf@gmail.com> <20180106174358.GA28436@jasmine.lan>
	<87lghapeu5.fsf@gmail.com> <87incc6z9o.fsf@gmail.com>
	<87fu7g436e.fsf@fastmail.com>
	<807794bd-5262-8b36-1f9f-dd3a316928ff@tobias.gr>
	<87d12i7pud.fsf@gmail.com> <87608ausb7.fsf@dustycloud.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46446)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kkebreau@posteo.net>) id 1eZLKK-0001QH-Lh
	for guix-devel@gnu.org; Wed, 10 Jan 2018 13:42:18 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kkebreau@posteo.net>) id 1eZLKG-0005kb-3s
	for guix-devel@gnu.org; Wed, 10 Jan 2018 13:42:16 -0500
Received: from mout01.posteo.de ([185.67.36.65]:57788)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <kkebreau@posteo.net>) id 1eZLKF-0005if-Kt
	for guix-devel@gnu.org; Wed, 10 Jan 2018 13:42:12 -0500
Received: from submission (posteo.de [89.146.220.130])
	by mout01.posteo.de (Postfix) with ESMTPS id F3AB920FF2
	for <guix-devel@gnu.org>; Wed, 10 Jan 2018 19:42:08 +0100 (CET)
In-Reply-To: <87608ausb7.fsf@dustycloud.org> (Christopher Lemmer Webber's
	message of "Wed, 10 Jan 2018 00:43:56 -0600")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Christopher Lemmer Webber <cwebber@dustycloud.org>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain

Christopher Lemmer Webber <cwebber@dustycloud.org> writes:

> Katherine Cox-Buday writes:
>
>> Tobias Geerinckx-Rice <me@tobias.gr> writes:
>>
>>
>>> I think the real and thornier question for GuixSD
>>> is: if the recent CPU vulnerabilities require a
>>> microcode update to fully mitigate, then how do we
>>> square not recommending proprietary globs like
>>> this in official channels with giving users all
>>> knowledge required to decide for themselves?
>>
>> Yes, this exactly.
>>
>> It's a unique (hm, is it?) situation pitting the ideals of copyleft
>> against the welfare of users. If an opaque microcode is required to
>> successfully mitigate these bugs, what is the moral stance to take?
>>
>> I don't have an answer and that's why I'm asking here :)
>
> It seems to me that this is one of those "you need to upgrade some
> lowest level firmware which you already didn't have access to in order
> to keep your system secure"... I dunno if GuixSD should ship something,
> but I wouldn't blame anyone updating their microcode for something this
> critical.
>

My interpretation of the GNU FSDG leads me to believe that GuixSD
shouldn't ship anything. Because the opaque microcode update in question
is proprietary and necessarily runs on the CPU, we cannot and should not
recommend it. See how Libreboot addresses this issue:
https://libreboot.org/faq.html#microcode.

> That said, if the microcode were free in the first place, this would
> probably be a lot easier to deal with?

Yes, this would not be a problem. The real problem is with the
proprietary and thus harmful nature of Intel's microcode. Even if the
FSDG allowed for nonfree firmware in this case, there is no way to
verify with certainty that the microcode update does what it claims (and
/only/ what it claims, for that matter).

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlpWXnAACgkQ5qXuPBlG
eg1RQA//SAb9zc9BOxixSPq6BQnDKb+KKx9LYlPWJk/YgvAnjKW1sKrOm35wx6h/
iE6TEeqafqHL18Vv75eis4CyUkYvu2S0w14cyoU7S4QoQbG3hdBHvxt5FSYLngGT
rcqlncc2R2n/d9Vjh8vqhCt30kjK25wrJBbNPEuMbf6CGFhwaH/t6NTtR2U4bVUN
aqWNsTI0/8hAA1wMDyp55kymvxs8POcpiPvOh1gRg8N8bzy8sXoKQBMvNld+YG/5
NoYm3tBWMyNx0Kl41rwEsBdJ/fNH/wN6cxzgg7xbhC5YlQmwK3qjp0Va6K+Oc2kk
1fKrGlrpvlOd95NihXYD9S2AYqkaoI5pRFH9ILtPndCx7Hyo/pUe/L6oi2uf1CSv
FEyMzgFbfaNjeHwzYI8JKg5GvBS/G77h2+vepia9w1G+BfO6rKIg5dNPLSUwn5gT
QX3GjWEgg6ZX9IwS1thoeC8qGEVbvKzeb0EUs75wBLWqV94bB+C/9Pe4jqSR+YK3
Ic57SDJ+uBvSt6OrAy4PoIPRLRV4I878sdKGygLplBhfJoZynqfwHRnu5/e0yzV0
qBkN5Br4Rm+XGnHtl957jAZ0W2sIApdyaq/C9asDePbMzUWv1gPo7vajDqaBPjh7
yMq1zyZcGv0dEnDyNElZrjqTUn8dtwdrLKRZ1s/R/CDSRDVuXeY=
=vq/t
-----END PGP SIGNATURE-----
--=-=-=--