Quote of the week [LWN.net]

Since around 1996, Linux has carried sourceless firmware encoded as sequences of numbers disguised as source code. UTUTO and gNewSense pioneered the efforts of removing them. Cleaning Linux up is a substantial amount of work, so the existence of Linux-libre has alleviated one of the main difficulties in maintaining GNU+Linux distros that abide by the GNU Free Software Distribution Guidelines.

— The Linux-libre project celebrates 15 years

to post comments

Spherical cows, indeed.

Posted Mar 2, 2023 14:13 UTC (Thu) by pizza (subscriber, #46) [Link] (21 responses)

I suppose good for them for doing this.. but how does this actually get more Free Software in front of more people, instead of a circle-jerk of True Believers trying to use increasingly-obsolete hardware that's gaining new exploitable security issues on a regular basis?

It's their time to use as they see fit, but it makes the Devuan "we're going to respin an entire distro to avoid libsystemd pollluting our filesystems" attitude look reasonable in comparison.

Spherical cows, indeed.

Posted Mar 2, 2023 15:56 UTC (Thu) by farnz (subscriber, #17727) [Link] (10 responses)

A related question; if they'd spent the time spent on this on firmware RE and replacement, how much more hardware would be runnable with entirely Free firmware than currently the case?

I already disagree with the FSF's "RYF" certification, because it's set up to entrench non-free firmware at the expense of Free firmware (by saying that loadable DRM-free firmware is banned because there's as yet no Free version, but non-free firmware that's DRM-protected to prevent replacement is A-OK if you don't make the flash chip's write-protect pin software-controllable). I now also wonder how much more Free firmware we'd have if projects like this aimed to replace non-free loadable firmware with Free firmware, instead of making it harder to use loadable firmware.

Spherical cows, indeed.

Posted Mar 2, 2023 19:11 UTC (Thu) by pizza (subscriber, #46) [Link]

> I already disagree with the FSF's "RYF" certification, because it's set up to entrench non-free firmware at the expense of Free firmware (by saying that loadable DRM-free firmware is banned because there's as yet no Free version, but non-free firmware that's DRM-protected to prevent replacement is A-OK if you don't make the flash chip's write-protect pin software-controllable).

s/software-controllable/documented/

(Suffice it to say I also _strongly_ disagree with the FSF in this regard)

Spherical cows, indeed.

Posted Mar 9, 2023 6:35 UTC (Thu) by Vipketsh (guest, #134480) [Link] (8 responses)

> A related question; if they'd spent the time spent on this on firmware RE and replacement, how much more hardware would be runnable with entirely Free firmware than currently the case?

Zero.

I find it quite humerous when the peanut gallery makes lofty goals like "oh, just reverse engineer it". The reality however is that reverse engineering is incredibly hard and takes a very dedicated person a long time to do so. Suffice to say there are few who are capable and fewer still who take the journey. Hoping for firmware to be reverse engineered and a free one written is dream land.

Not to mention that today, thanks to the security circus, pretty much everyone is demanding "secure boot" -- i.e. that only authorised firmware can ever run on the device. This little fact already kills any chance for free firmware.

I also think that everyone who gets all hysterical about firmware is loosing sight of the big picture. Firmware today, especially in smaller devices, is doing what 20 years ago was hard coded into logic gates, but nobody seems to get all fired up about "we need free logic gates" or "those logic gates may need a security fix". There also somehow doesn't seem to be a hysterical effort to image chips to find rom code to be concerned about. If you don't see it, it's fine ? What about FPGA code ? More and more systems have these things inside, but again, there seems to be little worry that they need to be replaced.

Spherical cows, indeed.

Posted Mar 9, 2023 11:39 UTC (Thu) by mikebenden (guest, #74702) [Link] (1 responses)

> nobody seems to get all fired up about "we need free logic gates"

Funny, someone did a FOSDEM talk about precisely that topic:
https://fosdem.org/2023/schedule/event/rv_selfhosting_all...

Spherical cows, indeed.

Posted Mar 9, 2023 16:34 UTC (Thu) by Vipketsh (guest, #134480) [Link]

Sure, there are people interested in it and that's great. I do wish more S/W people would have an interest in hardware as I think communication between the two would then be much smoother.

What I was referring to however is that those OSS H/W threads seem to garner generally positive reactions of "oh wow cool", while any mention of "firmware" seem to produce threads of yelling demands "I want free firmware" or at least "I want all firmware loadable [because maybe some free version will materialise]". We will be running proprietary firmware for the foreseeable future loaded from all of ROM, flash, and disk, irrespective of the FSF's actions or anyone yelling otherwise.

I also don't think anyone will be running OSS hardware either. The presentation there makes it pretty clear:
> 50MHz CPU
which is 60-80 times lower just in frequency than what we all use and, I would guess, >100-200x slower in benchmarks. This is not usable day-to-day. They also mention:
> 8 Rocket cores at >100MHz, 8GB RAM on VC707
which sounds a bit better, but this board has a Virtex7 on it whose list prices start above $4,000. Few people have that kind of money to spend on just a hobby.

Spherical cows, indeed.

Posted Mar 9, 2023 14:42 UTC (Thu) by pizza (subscriber, #46) [Link] (2 responses)

>> A related question; if they'd spent the time spent on this on firmware RE and replacement, how much more hardware would be runnable with entirely Free firmware than currently the case?

> Zero.

There's at least one -- I've used the open source firmware for the fx2 chips often used to bootstrap FPGAs and to communicate with them over USB. Works quite well, arguably more stable than the official stuff.

Spherical cows, indeed.

Posted Mar 9, 2023 15:55 UTC (Thu) by Vipketsh (guest, #134480) [Link] (1 responses)

> open source firmware for the fx2 chips

In comparison this is a trivial task. The fx2 chips are fully documented and so is the FPGA interface. The task then is to pretty much to just write some code -- a lot easier than reverse engineering.

The only possible reverse engineering here is the USB side of things, but that has little to do with firmware since you can "just" use usb-monitor on the host with all the comfort that provides.

Spherical cows, indeed.

Posted Mar 9, 2023 16:13 UTC (Thu) by pizza (subscriber, #46) [Link]

> In comparison this is a trivial task. The fx2 chips are fully documented and so is the FPGA interface. The task then is to pretty much to just write some code -- a lot easier than reverse engineering.

I don't disagree with your assessment; I was just pointing out that there are more than "Zero" examples of proprietary runtime-downloadable firmware being replaced with fully Free alternatives.

(And, of course, by the FSF's definition, no FX2-based devices "RYF"... until they suddenly did. Granted, that FGPA bitstream that's loaded over more than likely doesn't "RYF" either as even if the "source code" is available, actually synthesizing the bitstream nearly invariably requires a highly proprietary toolchain...)

Spherical cows, indeed.

Posted Mar 9, 2023 15:51 UTC (Thu) by farnz (subscriber, #17727) [Link]

On the other hand, the time spent on pushing vendors to put non-free, "secure boot" (i.e. manufacturer approval required) firmware into Flash instead of loading each time it boots has also failed to pressure any vendor into freeing their firmware.

If you're going to engage in theatre around firmware, as the FSF does, then saying that it must be possible for Free firmware to run on your hardware is a lot more important (IMO) than saying that firmware must be locked away in Flash and not loaded from RAM.

Spherical cows, indeed.

Posted Mar 10, 2023 3:18 UTC (Fri) by pabs (subscriber, #43278) [Link]

We also need free ASICs and we need to be able to trust the silicon produced by fabs. Bunnie has been doing a lot of work on hardware supply chain security stuff, hist latest blog post about that:

https://www.bunniestudios.com/blog/?p=6712

Spherical cows, indeed.

Posted Mar 10, 2023 3:21 UTC (Fri) by pabs (subscriber, #43278) [Link]

The secure boot issue also applies to situations where the vendor released *only* *libre* firmware too, for example the Intel SoF audio firmware is libre, but some hardware vendors block loading anything other than Intel-signed builds:

https://github.com/thesofproject/sof/issues/5814

Spherical cows, indeed.

Posted Mar 2, 2023 21:28 UTC (Thu) by flussence (guest, #85566) [Link] (9 responses)

linux-libre is interesting as an intentionally obnoxious art piece, but in no way does it make my computer or anyone's more Free. What the FSF is engaging in here is just a rephrasing of the “individual responsibility” gaslighting lifted from elsewhere in affluent centrist handwringing political circles. Calling it a "circlejerk" is far more polite than I would've put it; in practice the way they behave seems more like a deliberate attempt to undermine legitimate attempts to empower users by diverting attention to these preachy book-burning tarpit projects.

The people actually writing drivers and tools so I can more fully use my hardware are the ones driving big-F freedom - and I couldn't care less how many blobs are involved as long as they work well, and make the computer serve me instead of vice-versa. I don't see anyone from the GNU reality distortion field ever coming within a hundred miles of grasping that concept.

Spherical cows, indeed.

Posted Mar 6, 2023 7:42 UTC (Mon) by smurf (subscriber, #17840) [Link] (7 responses)

It's actually worse. A thing with its firmware firmly ensconced in ROM is Not A Problem according to the FSF, while the same thing with firmware loaded from outside is – even though the latter affords far more freedoms: aside from bug fixes, you can't replace the code with something more open-source-y if it's on a write-once medium, now can you?

The world could do with a great deal less ideology-over-real-world handwaving.

Spherical cows, indeed.

Posted Mar 6, 2023 14:52 UTC (Mon) by pizza (subscriber, #46) [Link] (3 responses)

Yep. And before anyone complains about how this is just a theoretical distinction, back in the day, the Intersil Prism 802.11b devices were sold with onboard flash and without. The firmware for those two variants was bit-for-bit identical. In practice, the firmware in the onboard flash was always ignored due to pretty heinous bugs in older versions and the relative riskiness/difficulty of updating the flash. So, given that the official drivers never actually used the onboard flash firmware, they droppped it entirely as a cost-saving measure.

According to the FSF, the ones with onboard flash "Respect Your Freedom", but only if the firmware running is entirely contained within flash, and the ones without flash do not. Either way you still have a binary copy of the non-free firmware on your system.

(A more pedantic reading of RYF could be taken to mean that the devices with onboard flash only "RYF" if there's no known way to update it in-system; so the mere existence of a firmware updater tool, even if it's entirely Free Software, makes the hardware no longer RYF. Sigh.)

Spherical cows, indeed.

Posted Mar 9, 2023 6:36 UTC (Thu) by Vipketsh (guest, #134480) [Link] (1 responses)

I guess the general idea from the FSF is that if the code is immutable the manufacturer must make sure it really works before shipping the device. Of course that is dream land because one of the major reasons designers make chips with firmware is to be able to move a whole bunch of work out of the path to getting the chip manufactured, thus lowering time-to-market. That work is then done by "firmware team" while the chip is being manufactured, packaged, tested and on the way to the customer.

Spherical cows, indeed.

Posted Mar 9, 2023 15:57 UTC (Thu) by farnz (subscriber, #17727) [Link]

Worse than that in the general case - the firmware team is designing firmware that they know can be upgraded in the field, and it's FSF policy-compliant device manufacturers who are putting it into non-upgradeable ROM. As a result, the team who are doing the work, and testing that it's all correct before shipping a device, are doing so in the full knowledge that any bugs can be fixed in the field by a new firmware image, while the users are locked down to a single, potentially buggy, firmware version. So the testing never happens (because nobody expects the firmware to be locked to a single version, apart from a minority who follow FSF RYF policies).

Spherical cows, indeed.

Posted Mar 20, 2023 21:53 UTC (Mon) by flussence (guest, #85566) [Link]

If I'm interpreting that interpretation right, that would mean if Intel started burning the ME remote backdoor code into ROM so that the hack to disable it by zeroing out that part of the firmware updates no longer works… it would be more Free by the FSF's rulebook.

Spherical cows, indeed.

Posted Mar 6, 2023 15:11 UTC (Mon) by farnz (subscriber, #17727) [Link] (2 responses)

Even better - a thing with its firmware in flash that's not known to be software-writable, but with DRM to ensure that the firmware came from the hardware manufacturer is fine.

In contrast, a piece of hardware with firmware soft-loaded each boot, where we have full documentation for the hardware, but where no-one's implemented a Free firmware for it yet, is not OK, but will become OK once someone takes the documentation and writes a free firmware. The FSF, of course, doesn't see itself as responsible for getting someone to write that Free firmware.

This feels wrong - why should the chip with DRM be preferable to the one that supports Free firmware if it exists? It just feels wrong to say that non-free firmware is A-OK as long as it can't be replaced, rather than to say that we care about the ability to replace all firmware with Free firmware over time.

And this isn't completely hypothetical - I'm dealing with a bunch of chips right now that are basically a small amount of application-specific hardware and an ARM Cortex-M series CPU core doing most of the work in firmware. Under current FSF policy, the chips with DRM that prevents Free firmware and an SPI flash loader are somehow "better" than ones without the DRM or the SPI flash loader, where we know the CPU core in use, and its memory map, from public documents, plus have documentation for the firmware loading and starting process, so that we can run Free firmware on it, and reverse-engineer the various blocks in the chip to get a Free firmware that's as good as the manufacturer non-free firmware, or better.

Spherical cows, indeed.

Posted Mar 21, 2023 6:53 UTC (Tue) by pabs (subscriber, #43278) [Link] (1 responses)

I wrote ideas for fixing that aspect of RYF here:

https://libreplanet.org/wiki/Group:Free_Software_Foundati...

A copy of them for LWN:

Change the criteria to require non-free firmware on secondary processors be able to be upgraded, downgraded, locally modified, replaced or reverse engineered. One way to see this is that some freedoms are better than zero freedoms. (Paul Wise, 2022-08-24)

Change the criteria to require that free software running on the main processors must be protected from modifications by non-free firmware on secondary processors, through the use of an IOMMU or similar technology. (Paul Wise 2022-09-05)

Any thoughts? What else needs adding?

Spherical cows, indeed.

Posted Mar 21, 2023 13:56 UTC (Tue) by farnz (subscriber, #17727) [Link]

Posted in a different LWN comment, summarizing the suggestion that the FSF dismissed in early 2013. I think that to influence manufacturers, there should be levels of RYF; there should be a top tier for "everything is perfect", and lower tiers that let a manufacturer get RYF certification, but tells them what they need to do to get top tier certification.

As well as the obvious non-free/Free separation, I also believe that there's a valuable separation between "runs once and exits" and "runs all the time" - this allows you to buy off-the-shelf microcontrollers that require non-free code to set up external interfaces, but then run entirely Free firmware after they've run their set up code. You'd not be able to get the top tier of certification this way, but it provides a route for you to run code that you can't Free (because it's bought in as part of licensed silicon blocks) before switching over to code you can Free (because you own it).

Spherical cows, indeed.

Posted Mar 9, 2023 16:11 UTC (Thu) by eduperez (guest, #11232) [Link]

IMHO, linux-libre seems to exists just to be able to say "I only use free software", even if that entails redefining the term "software".