[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a n
From: |
Denis 'GNUtoo' Carikli |
Subject: |
Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement. |
Date: |
Mon, 20 Feb 2017 08:50:12 +0100 |
On Tue, 14 Feb 2017 19:43:48 +0100
David Craven <address@hidden> wrote:
> Hi Denis,
Hi,
>
> > With that we can still use WiFi by ignoring the intel wifi card and
> > using an USB wifi card instead.
>
> [Thunderbolt] poses a much larger security issue,
> that I would not actually gain anything from replacing my wifi card.
> And besides these obvious and visible firmwares I have no clue what
> other non-free firmware is running on my laptop.
While security is important, it's far from being the only reason that
makes free software important.
When security and freedom conflicts, I usually prefer freedom.
That said, if you care about free software only for the security and
privacy benefits:
- With Respect Your Freedom(RYF) certified computer, firmware freedom
matters a lot.
- Not considering non-free firmware as an issue and having most FSDG
distribution users run them would make freeing firmwares appear way
less important.
Most GNU/Linux users aren't even aware of hardware related freedom
issues, because it just works. According to many of them the ATI GPU
can be used with fully free software, and some even think that
everything in their distribution is free software.
This doesn't help promoting the importance of having free firmwares,
and way less developers would want to work on their replacement.
More broadly, users that need the hardware to work would not care
anymore about free firmwares anymore either.
To successfully convince Atheros to liberate the firmware of the
ath9k_htc compatible chips, thinkpenguin probalby needed a valid
buisness case, which probably was selling USB WiFi dongles to users
that desperately wanted WiFi to work with free software.
> While obviously you understand hardware and the hardware you are
> using, most people do not. And I think we need to make sure that
> people that don't - I consider myself being one of those people - can
> do the *best* with what we have and have the information available to
> us to make informed decisions.
I think that not using non-free firmwares is the best decision for all
users collectively. If more users and developers were taking that
decisions, we would not have the issue we have here:
- You have hardware that doesn't work because it requires non-free
firmwares.
- Many non-free firmwares aren't being replaced because there is not
enough interest in replacing them, because many GNU/Linux
distributions still ship non-free firmwares and it works for their
developers and/or users.
The more interest in free software replacement, the more probability
there is to have them replaced with free software.
> I bought my dell xps developer edition before I had any involvement
> with a GNU project, and I bought it because dell was actually
> providing at least some kind of linux support. I currently can't
> afford to buy a new laptop even if the one you are using is much more
> free.
You may be able to find cheap or gratis laptops supported by the
libreboot project but it will require you to spend time for that, with
no guarantee of success.
As for how cheap it can get, I bought a Lenovo
Thinkpad X60 for about 50E. The downside is that, at that time, I was
lucky to find it that cheap, and that its CPU is single core. Since I
bought it to use it for coreboot/libreboot development/testing only, I
didn't need a fast CPU.
> Besides I have the dream of building a replacement mainboard
> with a RISCV SoC for it. But that is still beyond my capabilities :)
> FYI: This dream mainboard would also feature a software defined radio
> [0] instead of a wifi card - another interesting free hardware
> project, although the sources have not been released yet.
RISCV is probably not yet ready to be used as a laptop SOC. However
there are some microcontrollers projects with that architecture:
- https://www.crowdsupply.com/onchip/open-v
- https://www.crowdsupply.com/sifive/hifive1
As a side note, if you think that microcontrollers are not very
useful, think again because, since you have some interest in security
and probably privacy as well:
- Microcontrollers can have critical security functions, as it is the
case in this computer: https://www.crowdsupply.com/design-shift/orwl
They can also be used for password external management.
- We probably have the Hardware description language source for it
under a free software license.
> Another thing I found very frustrating was a conversation that I had
> on IRC. It went like this:
>
> Can guixsd run on a RPiv2?
>
> Yes, sure. You'll need to use vanilla linux and add some firmware,
> I'll show you how to do it.
>
> No thank you. I don't want to use binary blobs. I'll just use another
> distro until guixsd works without binary blobs.
>
> I expect that everyone recognizes the irony in that.
I don't. I don't see any issue with the above assuming that non-free
firmwares are the only difference between the "other distro" and the
free software distribution.
Missleading users into thinking that they run 100% free software
everywhere is not a good idea:
- As a user, If I run Trisquel or Parabola, I assume that everything
that this distribution ships is free software.
- As a user, I don't want to have to review each package for
proprietary software, this is the role of the distribution.
- As a user knowing how hardware works, I however know that Trisquel or
Parabola are not the only software running on my computer:
- Coreboot/Libreboot runs without any blobs
- The proprietary Embedded controller firmware runs.
- The HDD firmware runs.
- Some other firmware that I'm not aware of might run on some chips.
It also depends on which laptop and peripherals I use:
- If I use an X60 Tablet, it might have some touchscreen controller
firmware.
- If I use an external mouse, it might have a firmware too.
> > While this is really great and that each new free firmware is a
> > great achievement
>
> I agree.
It would be sad not to continue freeing firmwares. Especially if more
and more functionality and trust is being put in them.
> > When taking security seriously, the fact that a non-free firmware is
> > running in peripherals that can have access to the main system's RAM
> > has to be taken into account.
> >
> > However I don't have a clear idea on whether it has to be dealt with
> > within free software policies or not, and how much it is in the
> > scope of free software.
> >
> > I don't think we, as the free software community, can ignore it as
> > it means that some non-free code can take control of your
> > computer...
>
> Yes with buggy thunderbolt controllers this is becoming a real
> problem.
Yes it is, however there are mitigations in some cases:
- It might be possible to have them disabled, there might also be some
other workarounds.
- Thunderbolt tend to be present on recent hardware, and some of that
recent hardware also have an IOMMU that can protect the RAM from DMA
attacks. Note that not all recent computers supports it, see
https://www.qubes-os.org/hcl/ for more details.
- If you take firewire, and the firewire_ohci module, you have the
following module parameter:
> remote_dma:Enable unfiltered remote DMA (default = N) (bool)
I didn't research yet how it works to understand what it exactly
means, but some hardware, in some conditions, can mitigate such
issues.
> I wasn't aware that there was so much documentation available about
> mobile devices. How do you know all that stuff? :)
- I learned most/all that knowledge by working on Replicant and
researching myself the various freedom privacy and security issues.
- You can however take a huge shortcut and instead read the following:
http://www.replicant.us/freedom-privacy-security-issues.php
I think that documentation is really important and in many cases as
much important as the sofware itself.
> [0] https://xtrx.io/
You forgott to add a [0] in the mail text that points to this reference.
Denis.
- Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., (continued)
Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., Denis 'GNUtoo' Carikli, 2017/02/14
- Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., David Craven, 2017/02/14
- Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., Adonay Felipe Nogueira, 2017/02/14
- Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., David Craven, 2017/02/14
- Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., Christopher Howard, 2017/02/14
- Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., David Craven, 2017/02/14
- Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., David Craven, 2017/02/14
Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement.,
Denis 'GNUtoo' Carikli <=
Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement., David Craven, 2017/02/21