Libreboot discusses Binary Blob Policy

36 replies [Last post]
Lef
Lef
Offline
Joined: 11/20/2021

https://libreboot.org/news/policy.html

I agree with some things and disagree with others.

I agree that the RYF program is flawed. I seem to remember a post that I cannot find now by jxself (and apologies in advance if my memory is a fabrication) that said the RYF program presents what is most free, and when something becomes more free it will expect partners to drop their products in favor of the new one or make their products equally free. Since libreboot has freed the Asus C201, which has both a free bios and free Embedded Controller unlike any given thinkpad, the thinkpads should've been dropped years ago. It seems to me that Leah is saying the RYF program should be dropped altogether because it miseducates people (the libreboot x200 is totally free, there's no better possibility! is what Leah is worried people are taking away) and dropped in favor of a scale model (less free to more free). I agree with such.

I disagree with the issue of microcode. I'm not really interested in the discussion of whether it's software or not which may well be relevant to the FSF guidelines, only if I can study it. To say 'there's nothing to study, the blob is literally just the thing' is not true, it may be true that there is no source code, the thing is just a blob, but someone made the blob based on some set of principles, and they should be able to explain how they came about that blob. As for the issue of 'you already have non-free microcode, but yours is bad, just fix it' this is a practical question. Does the current problem and the fix outweigh my sense of dignity from making a sacrifice for principle? It may (if your computer crashed every 3 minutes without the microcode you may decide it may too). Though it may not.

I disagree with the issue of tying "Right to Hack" with "Right to Repair." I think the connection between being able to upgrade your ram and knowing what your CPU is executing is not very close. "Right to Repair" also leads to different conclusions than "Right to Hardware Hack", but that's not very relevant.

Avron

I am a translator!

Offline
Joined: 08/18/2020

Does any HDD or SSD exist without a secondary processor running non-free software/firmware?

I also find the "exception for secondary embedded processors" disturbing and the way it is presented problematic: either it is a compromise and that should be made clear (and the "100% free software" title should be removed) or it is not and then, there is no point to have something removed later as is mentioned now. I am not an expert, I would welcome someone to contradict me.

Then, I was also unable to find on the FSF/GNU website the aspects described on the Libreboot website about embedded controller and disk controllers. Shouldn't that be described in the RYF pages? Or is that elsewhere?

About the C201, does anyone sell any?

On microcode, I don't manage to get Leah's explanations: because what it can do is very limited, it should not be considered as software and it would be ok to use updates without something more than just a binary with no details? That is not very convincing. That said, if updated microcode can be run, that shows the burnt-in microcode is software, it isn't circuitry, the microcode would benefit from being free software. Is that different from ARM CPUs that have no microcode but whose design is not open? I don't know.

On ROMs: if a ROM can be desoldered and replaced by reprogrammable memory, there would certainly be benefits from its contents being free software but on the other hand, you cannot expect people to do that as massively as replacing software in an existing reprogrammable memory, so the benefits are still less (freedom 0 is not really there).

Lef
Lef
Offline
Joined: 11/20/2021

> Does any HDD or SSD exist without a secondary processor running non-free software/firmware?

I don't believe so.

> About the C201, does anyone sell any?

Not to my knowledge.

> it isn't circuitry

This is actually a neat point, if Leah wants to tie Right to Hack to Right to Hardware Hack than even if it is circuitry than we should have the schematics for it.

SkedarKing
Offline
Joined: 11/01/2021

I think that Respects Your Freedom project, should be changed to:

Respects Your Privacy

I say this because, libre hardware is not ever going to be 100% due to corporations, goverments, etc...

Maybe it can be 95%, but 100%? I would like to believe otherwise, but 100% sounds outlandishly impossible.

I would love to be wrong though!

But yeah, 100% if it ever happens, is maybe 5-10 decades away at least, if not way more.

;)

Avron

I am a translator!

Offline
Joined: 08/18/2020

I think that Respects Your Freedom project, should be changed to: Respects Your Privacy

If no one can inspect what the software does, how can you know it respects your privacy?

I would call it "Respects your software freedoms", because that is what it is really about ("Freedom" seems to be about freedom in general). I am ok that there are limitations but they should be clearly stated.

Legimet
Offline
Joined: 12/10/2013

You can inspect what software does by reverse engineering it.

Avron

I am a translator!

Offline
Joined: 08/18/2020

If you have nothing to do for the next few centuries, yes.

Legimet
Offline
Joined: 12/10/2013

You don't have to know exactly what software does to know if it respects your privacy. Actually, if you have Windows running in a virtual machine and you never give network access to the virtual machine, that would respect your privacy despite being proprietary.

Avron

I am a translator!

Offline
Joined: 08/18/2020

I would not trust a virtual machine on that. I'd say you should not have the machine running non-free software connected to any network or writable removable disk. So you can play games or edit thing to print. That limits a lot what you can do.

Lef
Lef
Offline
Joined: 11/20/2021

> Respects Your Privacy

This has nothing to do with the FSF goals though.

> I say this because, libre hardware is not ever going to be 100% due to corporations, goverments, etc...

Disagree.

No consumer electronics are going to be 100% libre due to DRM. There is very much a possibility of getting niche hardware though. IBM POWER and RISCV are great strides in that direction.

As well you can build your own libre computer:
https://hackaday.com/2020/11/23/full-8-bit-computer-on-breadboards/

Of course 8 bit computers aren't very interesting these days... but you can.

SkedarKing
Offline
Joined: 11/01/2021

I thought that was an FSF goal though?

As for no consumer electronics being 100% libre, due to DRM, that is my point, corporations and governments love DRM.

But yeah, the possibility of niche hardware being 100% free, sounds tricky too, maybe its possible?

I would think 100% would be near impossible, but meh, idk...

Either way, respecting privacy means getting rid of DRM in my opinion, thus, I still think Respects Your Privacy is a good idea.

I would say, it would have to be put to a vote by the majority of FSF members, but meh, it might not matter even then.

I think a lot of members probably agree with you.

Either way, I don't think 100% freedom respecting hardware is possible without people learning how to print their own hardware easily with a 3d printer, with an extremely easy guide.

And even then, I recall what happened to the design which allowed people to 3d print their own guns...

it was effectively disabled and forced shut so no one else could use it.

I don't know if this would happen as quickly, but knowing how these entities of greed and power work, aka corporations and government, its very possible they might do this...

Hard to say...

jxself
Offline
Joined: 09/13/2010

This is ostensibly a formal project document about how something's handled *in the project*, not about how someone else does it, And so: The libreboot and osboot binary blob policies should limit themselves to talking about that topic - i.e. documenting how libreboot and osboot handle it ("This is what *we* do.") And as a result, "commentary" (I'll just leave that as that in quotes) on how others handle it should be out of scope. As it is it seems, to me, more a denouncement on the RYF program in the guise of a formal project "policy", even ending with a call to end it.

Unless the intention really is to publish a document that the libreboot & osboot projects are adopting a formal position to denounce the RYF program and call for the FSF to end it. And in that case it seems even less like a policy to document about how binary blobs are handled *in the project*.

lanun
Offline
Joined: 04/01/2021

Introduction: "It was decided that a formal policy should be written, because there is quite a bit of nuance that would otherwise not be covered. Libreboot’s policies in this regard were previously ill defined."

Conclusion: "I propose that new guidelines be written, to replace RYF."

https://libreboot.org/news/policy.html

andyprough
Online
Joined: 02/12/2015

>"simply catalog all systems on a grand database of sorts"

We already have h-node.

>"like h-node.org, but better"

"New and Improved" h-node.

>"call it something like: the freedom catalog"

I'll just call it h-node.

Lef
Lef
Offline
Joined: 11/20/2021

This is like saying bash should never refer to POSIX when they make a decision or offer any commentary why they might do something differently. The Libreboot project tries to follow the FSF/RYF guidelines, but finds it unsatisfactory. The FSF/RYF also de facto requires Libreboot for many of the approved products, so Libreboot should not only discuss how other decisions affects it's own process but also discuss how it's decisions affect others.

SkedarKing
Offline
Joined: 11/01/2021

I don't think her intention was to denounce the FSF or cause any trouble to the FSF, I think she is trying to help the FSF, reach more people.

the RYF program, really only supports mega old hardware...

There is newer hardware that supports privacy just as well if not better, albeit at the slight reduction of freedom.

My point being, I think the FSF needs to either clarify on this issue, or be somewhat more reasonable depending on the circumstances, for instance, since libreboot isn't fully free, why not just at the bare minimum support intel me disabled coreboot/osboot ivy bridge laptops/devices and stuff on the same wavelength?

Truth to be told, EC Firmware is not free regardless of libreboot, osboot, coreboot, etc...

Either way, I support her on this, but I understand if this is not something everyone agrees on, I just think Respects Your Privacy criteria, is better, aka, it cannot have DRM required to use it, meaning, any malicious functionalities that cause problems that are huge issues that the FSF has outlined on their guide of why DRM is bad.

Edit: By huge problems, I mean DRM in general from that guide the FSF/GNU guide, just to clarify.

Legimet
Offline
Joined: 12/10/2013

Agreed, I think Leah makes some great points. FSF is already compromising on the EC firmware but forbid less consequential things like the microcode updates. The FSF always seems to excuse blobs as long as they comes with the hardware and the distribution (of GNU/Linux, or Coreboot) doesn't have to include them. But this distinction doesn't really matter as far as the user's freedom is concerned.

Avron

I am a translator!

Offline
Joined: 08/18/2020

Is the following correct:
- most computers work fine without microcode updates
- there is no HDD/SSD using free firmware (and making/distributing free software without using any HDD/SSD at any stage might be a huge step backward)
- computers running without EC firmware are very difficult to find

If yes, perhaps the FSF criteria are not unreasonable as a compromise. Of course, I don't know whether this is the reasoning behind these criteria (and I wish that would be explained).

Legimet
Offline
Joined: 12/10/2013

There are computers with free EC firmware, such as the Purism and System76 laptops. I know that these laptops have other problems, but this shows that free EC firmware isn't far-fetched.

lanun
Offline
Joined: 04/01/2021

> this shows that free EC firmware isn't far-fetched.

Given that Purism is a scam, and System76 laptop price starts at $1300+ if you want it to be shipped, far-fetched is in fact what comes to mind. But maybe you were specifically referring to the FSF position on the matter? The SFS, which I founded a moment ago with a small group of software freedom activists, clearly states that EC has to be fully free to get our approval. The Society for Freedom in Software.

Legimet
Offline
Joined: 12/10/2013

I know you're trolling (and just to remind you, this isn't the troll lounge), but I'm not commenting on other aspects of those computers, only the freeness of their EC firmware. The point that Avron was asking about - whether "computers running without EC firmware are very difficult to find" is not true. Whether those laptops are affordable or a scam are valid questions, but tangential to the point that we were discussing.

Also, the C201 Chromebook is supported by Libreboot and has free EC firmware. It is much more affordable and freer than Purism/System76.

lanun
Offline
Joined: 04/01/2021

I'm glad you amended your original post about EC freedom to add some welcome precisions.

That said, I think you owe me apologies for accusing me of trolling. I think you were in fact the one trolling me:

2022-01-06 23-07-42.png 2022-01-06 23-09-37.png 2022-01-06 23-11-27.png 2022-01-06 23-18-21.png 2022-01-06 23-25-15.png
Legimet
Offline
Joined: 12/10/2013

Whatever, you win. I'm a troll for editing my comments.

andyprough
Online
Joined: 02/12/2015

>"I'm a troll"

Not so fast. I haven't seen a ruling from the TLCPLC (Troll Lounge Certification and Professional Licensing Committee). It is strictly illegal to advertise yourself as a troll without passing the certification exams and receiving approval for professional licensing.

Avron

I am a translator!

Offline
Joined: 08/18/2020

Ok, so say the free EC firmware is not that difficult to find.

However, I was also raising the problem of the HDD/SSD firmware. Do you know any HDD/SSD not running non-free firmware?

Without HDD/SSD, could the FSF run their servers? Could Trisquel make a distro?

Legimet
Offline
Joined: 12/10/2013

> Any computer with HDD/SSD not running any non-free firmware?

I doubt it.

For the C201, check Ebay.

Avron

I am a translator!

Offline
Joined: 08/18/2020

> For the C201, check Ebay.

Availability is scarce, from US only (so qwerty keyboard, not what I use).

In any case, I can't use only computers without HDD/SSD.

SkedarKing
Offline
Joined: 11/01/2021

Actually, it just occured to me, Respects Your Privacy is not the best name for such a program after all, I think it should be called:

DRM-Free Hardware instead of Respects Your Freedom.

DRM-Free Hardware I think is definitely possible, although, I still think that EC Firmware should be taken way more seriously, but yeah, anyone have a thought on this?

To be honest, maybe Jxself was right, Respects Your Privacy would be too different from their mission goals probably, but DRM-Free Hardware, I think would make more sense, given they are very against DRM to begin with. :)

Anywho, thoughts?

Also, curious on your opinion libreleah, if you see this post, what you think about the idea of DRM-Free Hardware instead of Respects Your Freedom.

lanun
Offline
Joined: 04/01/2021

lanun's policy about posting in the Trisquel Forum:

1. Introduction: It was decided that a formal policy should be written, because there is quite a bit of nuance that would otherwise not be covered. lanun's policies in this regard were previously ill defined.

2. Conclusion: I propose that I be named moderator of this forum, to replace David.

https://lanun.org/news/policy.html

andyprough
Online
Joined: 02/12/2015

>"I propose that I be named moderator of this forum"

We already have David.

>"to replace David"

"New and Improved" David.

>"lanun [dot] org..."

"Warning: Potential Security Risk Ahead. Firefox detected a potential security threat and did not continue to lanun.org. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details."

You trying to steal my credit card information AGAIN lanun?

lanun
Offline
Joined: 04/01/2021

Oh no! Our little project website has been taken over, again, by that mysterious Abeoji.

My Korean friends tell me it is probably codename for an infamous mafia boss. I guess I'd better go into hiding for a while.

Farewell. Do not talk to strangers.

EDIT: I'll be busy browsing through Street View pictures.

lanun
Offline
Joined: 04/01/2021

Clearly this topic has already been summarized in a previous thread:

"The FSF doesn't promote my company anymore. I'm still an avid free software activist but I'm going my own way nowadays."
https://trisquel.info/en/forum/osboot-or-libreboot#comment-163388

Fair enough.

lanun
Offline
Joined: 04/01/2021

This also sounds quite fair, given the above:

"If there's something I can do to help them, I'm at their disposal."
https://trisquel.info/en/forum/osboot-or-libreboot#comment-163395

If there is anything we software freedom conscious people can do, it is to help each other. Even if we do, chances of long term success are slim, but as RMS rightfully pointed, if we do not then the fight is already lost.

koszkonutek
Offline
Joined: 03/19/2020

In order to understand RMS, you need to think like RMS. I admit, it is not easy - I often find it difficult, too! Nevertheless, his reasoning (concerning appliances, but I suppose the issue with ECs and SSDs/HDDs is analogous) which probably shaped the RYF criteria seems interesting. It does not develop different categories of freedom. If RYF was to be rethought, I'd like to see if it can be done while keeping in line with that resoning (maybe even getting closer to it?)

> As for microwave ovens and other appliances, if updating software is not a normal part of use of the device, then it is not a computer. In that case, I think the user need not take cognizance of whether the device contains a processor and software, or is built some other way. However, if it has an "update firmware" button, that means installing different software is a normal part of use, so it is a computer.

https://stallman.org/stallman-computing.html

SkedarKing
Offline
Joined: 11/01/2021

I think the closest to this you could come would be:

DRM Free Hardware

Especially considering, one of FSF's missions is to defeat the very idea of DRM.

I think defeating hardware backdoors and DRM should be given a much larger focus then the FSF currently gives it.

That does heavily effect freedom anyhow.

The intel me, when disabled, is supposedly, realitively harmless.

If you consider it a problem even when enabled, you would have to do the same for some of the crap firefox has on it as being a problem, such as pocket for example, eme and other disgusting spyware that it ships and I very much include derivatives of firefox that are considered libre.

Also, I honestly, think that Stallman should be promoting intel me disabled devices with coreboot, as long as they have no backdoors on by default and of course, it isn't told to the users how to turn them on...

I know of one bios, that makes turning on intel me... way too easy. Which is just bonkers.

Also, not everyone will want a slow as molasses computer from intel gen 2. Heck, even gen 3 might be a hard sell.

I wish he would use wisdom to understand this. Maybe someday?

Or maybe someone will eventually take over who will?

I don't know...

But if someone don't, a new FSF/GNU alternative will probably end up being created and will be needed at some point.

But this, would not help right now.

So yeah, I am puzzled about this whole situation.

I honestly don't get it...

That's about all I have to say here.

Peace yall...

commodore256
Offline
Joined: 01/10/2013

If non-free software is on a ROM, the FSF doesn't bat an eye, but if non-free software is on a PROM, the FSF loses their minds.

koszkonutek
Offline
Joined: 03/19/2020

Not exactly. The firmwares covered by RYF exception (fw in ThinkPads' EC, HDDs, SSDs) also reside, in a great number of cases, on a PROMs