|
|
Subscribe / Log in / New account

The FSF's Free Software Awards

The FSF's Free Software Awards

Posted Mar 20, 2023 22:49 UTC (Mon) by mjg59 (subscriber, #23239)
In reply to: The FSF's Free Software Awards by gioele
Parent article: The FSF's Free Software Awards

Something that has unmodifiable non-free code in ROM can be RYF certified. Something that has free firmware that can be updated at runtime can be RYF certified. But something that has non-free firmware that can be updated at runtime can't be, even though it's (in many cases) viable to reverse engineer that firmware and replace it with free code. Hardware that *could* run free firmware is denied certification, while code that can *never* run free firmware (because it's in ROM) is granted it. This creates a set of perverse incentives that don't actually do anything to encourage the creation of free firmware.

to post comments

The FSF's Free Software Awards

Posted Mar 21, 2023 6:42 UTC (Tue) by pabs (subscriber, #43278) [Link] (9 responses)

I wrote ideas for fixing that aspect of RYF here:

https://libreplanet.org/wiki/Group:Free_Software_Foundati...

A copy of them for LWN:

Change the criteria to require non-free firmware on secondary processors be able to be upgraded, downgraded, locally modified, replaced or reverse engineered. One way to see this is that some freedoms are better than zero freedoms. (Paul Wise, 2022-08-24)

Change the criteria to require that free software running on the main processors must be protected from modifications by non-free firmware on secondary processors, through the use of an IOMMU or similar technology. (Paul Wise 2022-09-05)

Any thoughts? What else needs adding?

The FSF's Free Software Awards

Posted Mar 21, 2023 8:13 UTC (Tue) by joib (subscriber, #8541) [Link] (7 responses)

Thank you for making an effort at injecting some sanity into the RYF program. I think a reason why people resort to 'whining' on LWN and elsewhere is that, rightly or not, FSF is perceived as a cult that espouses whatever RMS says as gospel. And the whole RYF issues has been brought to their attention many times before and, if anything, it seems they have only caused them to double down on their original approach. You might as well spend your time on tilting at other windmills that have a higher chance of success, like convincing the pope that premarital sex is ok. But if there's really an opening to change things this time, I'm happy to see it.

As for your criteria, they look good, but they seem to miss e.g. the issue of CPU microcode updates? Regardless of whether the microcode is FOSS or not (most likely not), pretending that not updating it improves your freedom is actively harmful. And that applies to system firmware that executes on the main CPU, like the BIOS, as well.

Maybe it would be useful to have different 'levels' of 'firmware freedom'? E.g.

1. Device has fully FOSS firmware, and allows the owner to freely modify/replace/upgrade/downgrade/etc.

2. Device has proprietary firmware, and allows the owner to freely modify/replace/upgrade/downgrade/reverse engineer/etc.

3. Device has FOSS firmware, but requires signing/encryption keys to successfully load it that the owner doesn't have access to.

4. Device has proprietary firmware which needs to be signed and/or encrypted before successfully loading, and the owner doesn't have access to these keys.

5. Device has non-upgradeable firmware, or is trivial enough to not have any firmware at all (a RYF-certified resistor, anyone?).

I think it would be perfectly justifiable to give the RYF stamp only to devices that fulfill level 1 above. Yes, that would drastically reduce the number of RYF-certified devices, but at least then RYF would be a useful label and not something actively harmful like today. Perhaps devices fulfilling level 2 could be called "RYF candidate status", with the potential to graduate to full RYF level 1 if somebody develops a functioning FOSS firmware for it. And just leave levels 3-5 out of scope of RYF entirely?

The FSF's Free Software Awards

Posted Mar 21, 2023 8:24 UTC (Tue) by joib (subscriber, #8541) [Link]

Actually, my level 5 and the suggestion that it's out of scope of RYF is partly what has caused the current problem, so that needs some rethinking. But probably every device that has upgradeable firmware does have some tiny piece of non-upgradeable firmware that loads the main firmware. So where should one draw the line?

The FSF's Free Software Awards

Posted Mar 21, 2023 8:57 UTC (Tue) by pabs (subscriber, #43278) [Link]

The FSF person I contacted seemed receptive to the problems with RYF, so it seems possible to change it, if they can hire a new person for the position I mentioned elsewhere in the thread.

The FSF's Free Software Awards

Posted Mar 21, 2023 9:17 UTC (Tue) by pabs (subscriber, #43278) [Link] (4 responses)

CPU microcode almost meets my criteria, you can upgrade/downgrade it with a reboot but you can't modify or reverse engineer it due to signing & encryption. I guess an exception to the rule would have to be made for CPU microcode.

I like your idea of RYF levels, although I'm not sure the FSF is interested in anything other than 1, they only accept other levels because level 1 basically doesn't exist yet.

You missed mentioning embedded firmware that is updatable but the update mechanism is unpublished proprietary software (but no signing etc), IIRC the OpenMoko FreeRunner WiFi chip was like that and the firmware was also ultra-buggy.

Maybe another option is this:

Clearly enumerate each part (including the different hardware layers (IP/etc), read-only software, embedded/uploadable firmware, FPGA gateware etc) of the device and list who has the access needed to understand, modify, rebuild and replace each item and how that access is granted (licenses/etc). Then score each device based on the proportion of proprietary parts and their importance to most end users. Could give different scores depending on the audience too. Group the devices into thresholds based on those scores.

The FSF's Free Software Awards

Posted Mar 21, 2023 12:01 UTC (Tue) by farnz (subscriber, #17727) [Link] (3 responses)

Part of the problem with RYF as it exists today is that it's a straight binary - I pointed this out to them over ten years ago, and basically got told to shut up because they knew better.

My suggestion was to have three levels of RYF, giving vendors reason to do better over time.

  1. Gold. All firmware must be Free. If the firmware is not replaceable by the user, then there is good technical justification for why this is not possible, it must be possible for the user to verify that the firmware embedded in hardware matches the source they have for it, and it must be possible for a running system to avoid using the non-replaceable firmware without loss of functionality or performance.
  2. Silver. All replaceable firmware must be Free. Where non-replaceable firmware is non-free, it must be possible for a running system to avoid using the non-free firmware without loss of functionality or performance. This thus requires CPU microcode, FPGA configuration bitstreams and the like to be Free, but allows boot ROMs to be non-Free, provided that the boot ROM just loads a Free firmware from an external source (host system, external Flash, whatever).
  3. Bronze. All replaceable firmware must be Free; non-Free firmware must not be trivial for the manufacturer to replace either.

The idea is that Gold is where we want everyone to be - all firmware is Free, and the user is treated as the ultimate authority on their device. Silver is an acceptable compromise - once you're booted, no non-Free firmware is involved, but the boot phase may involve non-free embedded boot ROMs and the like (e.g. TI Sitara SoCs have a ROM bootloader that brings up enough of the SoC to load the "real" firmware from external storage). And Bronze is the current FSF RYF policy, a compromise to let you test the waters with RYF.

Beyond that, I suggested that the FSF offer guidance on what needs to change for a device to climb the rankings - so while a laptop might get Bronze, the FSF would then say things like "to move to Silver, this laptop needs the CPU microcode and SSD firmware Freed. To move to Gold, this laptop needs CPU microcode, SSD firmware, SSD boot ROM and WiFi controller boot ROM Freed". The goal here is twofold: one is that you can look at that list and decide that you're willing to compromise on the non-free parts, and the second is that manufacturers who submit a device for certification can both trivially get Bronze, and have guidance on who to lean on if they want Silver or Gold in future (e.g. "I have an alternate CPU vendor that'd meet Gold if I switched, I just need to find an SSD vendor who meets Silver and I've got a Silver grade device").

I was told, however, quite firmly, that the FSF was sufficiently influential that vendors would Free their firmware just to get RYF certification, and that adding layers of certification wouldn't encourage more freeing of firmware. It's now 10 years later - how many vendors have done that?

The FSF's Free Software Awards

Posted Mar 21, 2023 13:41 UTC (Tue) by Wol (subscriber, #4433) [Link]

> The idea is that Gold is where we want everyone to be - all firmware is Free, and the user is treated as the ultimate authority on their device.

And if "user <> owner"?

What if it's a multi-user system?

My work laptop is locked down. It's annoying and frustrating at times, but it's not my work laptop so I don't have any real say in the matter, And rightly so. If I can't do my job because it's locked down, then that's not my problem ...

I do agree with having a scale of freedom - you often have to make trade-offs and who are you to dictate which trade-off is right for me :-) - but people should have choices, and telling them that the manufacturer can change the deal after they've bought the device (PS2 anyone?) should NOT be acceptable.

Cheers,
Wol

The FSF's Free Software Awards

Posted Mar 21, 2023 16:36 UTC (Tue) by pizza (subscriber, #46) [Link] (1 responses)

> 3. Bronze. All replaceable firmware must be Free; non-Free firmware must not be trivial for the manufacturer to replace either.

But that still doesn't address the fundamental flaw RYF as it exists today, namely the absurd claim that having replaceable non-free firmware is somehow "less respectful of your freedom" than non-replaceable non-free firmware. (where "replaceable" actually means "the end-user has no way of doing so", not "there is no simple-ish technical means to do so")

(It also flies completely in the face of the reality of "best practice" hardware design of the last couple of decades -- field-upgradability of firmware is usually a hard requirement, often due to legal mandates)

> I was told, however, quite firmly, that the FSF was sufficiently influential that vendors would Free their firmware just to get RYF certification, and that adding layers of certification wouldn't encourage more freeing of firmware. It's now 10 years later - how many vendors have done that?

What's sad is that even ten years ago, it should have been clear to them that they did *not* have sufficient influence. After all, 10 years ago was still 5 years after the GPLv3 landed, and the wholesale abandonment/replacement of GNU software (and other than the Linux kernel, copyleft in general) was well under way at that point in time.

The FSF's Free Software Awards

Posted Mar 21, 2023 16:51 UTC (Tue) by farnz (subscriber, #17727) [Link]

I agree that my suggestion then for Bronze wasn't ideal - it was based on the assumption that the FSF had thought about it, and had decided that this was the minimum acceptable compromise. I was suggesting that they should add extra levels above this minimum compromise to make it clear that the desired target is Free firmware everywhere, and got told not to bother them.

The FSF's Free Software Awards

Posted Mar 23, 2023 9:06 UTC (Thu) by eduperez (guest, #11232) [Link]

The FSF does not want to fix RYF, because RYF works for its intended purpose: be able to say "I only use free software".

The FSF knows that current hardware cannot run without a firmware, and the FSF knows that hardware with a free firmware is almost impossible to find; the FSF could not use any modern hardware and maintain their ideals at the same time... unless they convince everyone that immutable firmware is not software. This problem has existed since the beginnings of the free software movement, when people began to point out that using hardware with a closed firmware was a contradiction with the purist rules of free software advocates.

The absurdity of RYF rules is not a bug, it's a feature.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds