Originally posted by debianxfce
View Post
GNU Linux-libre 4.12 Kernel Released, More Driver Deblobbing
Collapse
X
-
My two cents:
I think that removing blobs is a good step in the right direction: we are not here to run proprietary software, be it an application, the OS, or the drivers; so, my initial reaction is to applaud this project. However, after reading some of the literature about this project, it seems to me that it could be giving a dangerous and false sense of security. Let me explain.
Yes, blobs can contain backdoors, but devices without blobs can also contain backdoors. Most (if not all) devices need a firmware to run; some devices get that firmware from the OS in the form of a blob, and some devices get that firmware from an EEPROM loaded at the factory. For example, you will not see any device driver uploading a blob to your keyboard, yet your keyboard does have a firmware, and that firmware could hide a keylogger, that you will never find out about. Your (blob-less) network card could be spying on your communications. Your hard disk contains contains a processor, too.
Removing one attack vector is always a good thing; but making people believe that you have removed all attack vectors is another thing.
So, yes, it is a nice project, thank you; but, no, we are not there yet.
Comment
-
-
Originally posted by debianxfce View PostFree software community do not have such resources and skills that Asus, Amd and Intel have. I do not want to replace fully working Asus bios with any coreboots or use Stallman made firmware in gpu drivers.
edit: typos/spellingLast edited by Davidovitch; 04 July 2017, 10:28 AM.
Comment
-
-
Originally posted by debianxfce View PostStallman made firmware in gpu drivers.
If they wanted to do something constructive, they should already have a disassembled/reverse engineered version of those blobs. And offering just a chopped variant of kernel with crippled functionality is not a viable option for most of users.
Comment
-
-
A good alternative to proprietary hardware and also blob free
could be https://www.raptorengineering.com/TA...ease_specs.php
Talos™ Secure Workstation
- Open-toolchain FPGAs
- Blob-free operation
- Fully libre (open-source) IBM OPAL primary firmware w/ PetitBoot interface
- Fully libre (open-source) OpenBMC secondary (IPMI / OoBM) firmware
- NO signing keys preventing firmware modification
Comment
-
I've used Linux-libre for two years on a Dell laptop, with Parabola - a free-software Arch derivative. Works great, very quick. Only hardware that didn't work was WiFi, so I bought a $10 usb WiFi dongle on amazon that works with the free drivers.
It's very cool to run a fast, modern system with no non-free software. You can run Debian this way also, or Slackware. And there's an Ubuntu derivative that uses it called Trisquel. Popular for systems that don't need fancy graphics, as you get complete control over the software.
Comment
-
Comment