Announcement

Collapse
No announcement yet.

Debian To Consider Changing How It Treats Closed-Source Firmware

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Debian To Consider Changing How It Treats Closed-Source Firmware

    Phoronix: Debian To Consider Changing How It Treats Closed-Source Firmware

    While most Linux distributions will include linux-firmware.git firmware files as the collection of firmware/microcode binaries needed by various mainline Linux kernel drivers, Debian does not. While the kernel drivers are open-source, the firmware files tend to be binary-only/closed-source, but these days are increasingly necessary for any level of functional support. Thus Debian is left in the awkward position of either providing poor hardware support and users left wondering what's going on or to make some improvements to better deal with today's world of firmware necessities...

    https://www.phoronix.com/scan.php?pa...ering-Firmware

  • #2
    Debian should also fix the installer to be fewer clicks and have a luks/btrfs option because otherwise that part of the UI is convoluted.

    Comment


    • #3
      There's some truly asinine way of thinking behind treating firmware as software. While technically it is, it's factually not. Why? It's not executed by your device CPU, it's executed by the device you're using.

      Secondly, tons of modern devices already come with ROM built-in, so that makes the whole conversation even mooter. Even if you somehow reject external firmware you're already running some ROM.

      Lastly, people who advocate for firmware-free releases or devices pretend they have the original schemes/blueprints for their devices and that devices do exactly as they are told. That hasn't been true for the absolute majority of electronic devices released over the past two decades. In fact nowadays truly open devices are such a rarity you have to Google for them hard and then they are a lot more expensive than their "closed" counter parts.

      Personally I'm not content with the status quo and it would be great to have laws which made devices more or completely open but I don't see it happening any time soon considering DMCA and other related laws protecting the profits of media industries.

      Comment


      • #4
        Originally posted by birdie View Post
        There's some truly asinine way of thinking behind treating firmware as software. While technically it is, it's factually not. Why? It's not executed by your device CPU, it's executed by the device you're using.

        Secondly, tons of modern devices already come with ROM built-in, so that makes the whole conversation even mooter. Even if you somehow reject external firmware you're already running some ROM.

        Lastly, people who advocate for firmware-free releases or devices pretend they have the original schemes/blueprints for their devices and that devices do exactly as they are told. That hasn't been true for the absolute majority of electronic devices released over the past two decades. In fact nowadays truly open devices are such a rarity you have to Google for them hard and then they are a lot more expensive than their "closed" counter parts.

        Personally I'm not content with the status quo and it would be great to have laws which made devices more or completely open but I don't see it happening any time soon considering DMCA and other related laws protecting the profits of media industries.
        It's based on Stallman's original rationale that, if you have to physically remove and replace a chip, it's part of the hardware and can stay closed while, if it can be updated without physically replacing hardware, then it's software and should be subject to the same Free Software zealotry as everything else.

        ...and, to be honest, I can see his point. Part of the reason I'm still back on a creaky old Athlon II X2 270 is that I can't afford a Raptor Systems machine and don't like the idea of having to run a closed-source Ring -3 hypervisor like the Intel ME or AMD PSP just to get the system to boot. On that front, Intel and AMD are effectively denying me access to choose the true OS a newer system runs and dodging criticism by PR-spinning it as firmware.
        Last edited by ssokolow; 19 April 2022, 06:15 AM.

        Comment


        • #5
          I fully agree in the solution number 5.

          Comment


          • #6
            So with a modern device which requires firmware, the vendor has basically 3 different options:
            1. Put the firmware on ROM. This of course has the big downside that if the FW needs to be updated (say, a security issue or a bugfix) the device has to be thrown away (hooray, more e-waste), or then maybe the vendor can desolder the ROM chip of an RMA'd device and replace it with a ROM chip with the newer code.
            2. Put the firmware on flash. This is nicer than the previous as the FW can easily be updated.
            3. Don't store the FW permanently on the device, but instead have the device driver load it into device RAM as part of the device initialization. This is often the preferred way, as it can save on the BOM cost vs option 2.
            IMHO the FSF position wrt non-free firmware is that option 1 is ok but 2 and 3 are bad is nonsensical. Yes, there is the issue that the vendor might become evil and add some anti-features with options 2 and 3. And if they are really evil, prevent downgrading the firmware after initially installing the evil updated version. But, again IMHO, this pales with the practical advantages of 2 and 3 being vastly preferable in reality.

            And if we're going to claim that even option 1 is evil and all software, including firmware, should be free, sure by all means, but then stopping at the firmware isn't really any particularly logical limit either. We should go all the way and demand FOSS Verilog/VHDL/etc. source of the hardware we're using. (Nice as that thought may be, it's of course completely impractical in today's world).

            Now the issue with Debian here is with option 3, as that's the thing about including non-free firmware in the installer images. Option 2 is the same from a freedom perspective, but is not a problem for installing Debian, as there is some version of FW already on the device. Which might be updateable later on with fwupd/LVFS, but the Debian installer can still proclaim innocence.

            Personally I think the solution 5 mentioned in the blog post is the best way forward, but then again I'm not a DD so I don't have a vote in this matter.

            Comment


            • #7
              I fully support number 3. Debian users most likely already know about the firmware images but they should be treated differently and should be advertised and published in a different way.
              The firmware "issues" should not stop users using Debian in any way.

              Comment


              • #8
                Originally posted by birdie View Post
                There's some truly asinine way of thinking behind treating firmware as software. While technically it is, it's factually not. Why? It's not executed by your device CPU, it's executed by the device you're using.
                By that definition OpenCL, shader and cuda is Hardware.

                Secondly, tons of modern devices already come with ROM built-in, so that makes the whole conversation even mooter. Even if you somehow reject external firmware you're already running some ROM.
                I would have bet on all current devices having software upgradeable firmwares. Shure graphicscards and CPUs have an integrated rom for version 1 but allmost always you are using a newer firmware.

                Lastly, people who advocate for firmware-free releases or devices pretend they have the original schemes/blueprints for their devices and that devices do exactly as they are told. That hasn't been true for the absolute majority of electronic devices released over the past two decades. In fact nowadays truly open devices are such a rarity you have to Google for them hard and then they are a lot more expensive than their "closed" counter parts.
                The difference between closed hardware and closed software is, you can check the hardware once and then trust it. Software needs to be checked at every update.

                Comment


                • #9
                  Originally posted by Anux View Post
                  The difference between closed hardware and closed software is, you can check the hardware once and then trust it. Software needs to be checked at every update.
                  What?

                  Comment


                  • #10
                    Originally posted by Anux View Post
                    The difference between closed hardware and closed software is, you can check the hardware once and then trust it.
                    Even that isn't really true anymore, with vendors swapping out ICs willy nilly within the same product line and model number. It's more than just checking an SKU once and then declaring it safe. To be sure constant periodic checking would be required to be certain that the ICs haven't changed. So only models within a certain timespan could be certified for safety. anything newer shoud be checked again.

                    If the firmware can be updated as well, it becomes nigh impossible to be certain. Then the only way to be certain is to put the machine in a sound-proof, airgapped, fully darkened room with military-grade electromagnetic shielding.

                    Comment

                    Working...
                    X