Realtek operational on Trisquel 10
I picked up an old ThinkPad in the dark market. It came with a Realtek 8188CE, so I had to rely on USB ath9k-htc.
But when I started Trisquel 10 Live session, I found that the Realtek wireless NIC was operational, too, which indicated that certain non-free firmware had been loaded to the dedicated memory and executed by the dedicated processor. (Therefore I shut down the computer and removed it physically.)
I learned that certain non-Atheros wireless NICs hold copies of non-free firmware somewhere on the cards, so what is Trisquel's policy regarding such wireless NICs? I suggest that such non-free firmware be blocked for PCI/e-based wireless NICs because it's extremely dangerous, but can be reluctantly tolerated for USB-based ones.
I could upload a screenshot later when it's convenient for me.
I don't think Trisquel has any policy regarding this. Actually, RMS is OK with proprietary code that is in ROM because it cannot be updated.
RMS's definition about "circuit" is mislead. Such "circuit" as the "onboard" non-free firmware can be extremely dangerous, especially when the peripheral has DMA capability, e.g., PCI/e-based NIC. However, RMS may be forgivable, because when he suggested such definition (a long time ago), the danger of peripheral firmware hasn't yet been fully discovered.
Whether such "circuit" is really immutable in unknowable. Peripheral firmware is beyond the reach of host operating system (and any security mechanism deployed on it). It is perfectly possible that the "onboard" non-free firmware downloads something from Internet and flash it (i.e., upgrading itself). The whole process is even undetectable by the host operating system. We therefore can't blindly consider it never happens.
Such non-free firmware could steal everything from your memory, including private keys in their decrypted forms, while the user is defenseless against it.
I am not an expert, maybe is simply a new free driver updated with new functions
Such firmware can indeed by dangerous; however, RMS isn't suggesting otherwise. His point is that any software program can be implemented as a hardwired circuit (like all programs were in the early days of computers), meaning there is no ethical difference between a non-upgradeable piece of software and a microchip that we can't modify for technological reasons.
As for guaranteeing immutability, would flashing not require connection to interfaces unnecessary for read-only access? This should be testable to the same standard as a suggestion about secret embedded secondary processors or backdoors, which is ultimately no more trust than I imagine would be required to use the processor anyway.
In fact, how is the integrity of the main CPU (which runs the host operating system) verified any more than the peripheral CPU?
But how is non-upgradeable nonfree firmware any better than upgradeable nonfree firmware? That's what never made sense to me.
For example, see this page where RMS says "I wish ATI would free this microcode, or put it in ROM". Freeing the microcode would increase user freedom, but putting it in ROM would not.
Freeing the microcode would increase user freedom, but putting it in ROM would not.
My guess is that if one rejects the device with the non-upgradeable nonfree firmware, one should also reject any hardware whose design is not entirely published, as it could have some non-upgradeable nonfree firmware inside. Or even reject hardware without a free design that one could use to build the component from it. That would be nice but perhaps we are still far from there.
> how is non-upgradeable nonfree firmware any better than upgradeable nonfree firmware?
I always thought that the criteria here is not free vs. nonfree, but hardware vs. software: non-upgradable firmware is assimilated to hardware, upgradable firmware is not. Everyone is free to redistribute (resell or give away) their own second-hand hardware, and most do not need to modify it, except for a few experimental purposes.
Hardware freedom is a great, but unrealistic goal in the foreseeable future, so focusing on software sounds wise.
Security issues are related but separate considerations. The most damning thing about it is the uncertainty of the current situation: it is fine to accept some risks, but we need to be able to assess them. That is the reason why I would rather use firmware-less NICs, which is an available option in most cases.
I get that hardware freedom is unrealistic at this point. However, where I disagree with RMS is his opinion that ATI putting their microcode in ROM would be an improvement. Taking nonfree software and putting it in "hardware" makes the hardware usable with distributions like Trisquel, but all other things being equal, does the user actually gain any freedom?
If you take this idea to the extreme, you can put all software in ROM and call it an improvement in user freedom since the computer is now just an appliance.
Exactly.
Software freedom is precisely what makes all the difference between appliances and personal computers.
WC [1], MC [2] and toasters are appliances, not personal computers. The first two are used to remotely control human interfaces and make them press a small lever on the last one, or sometimes slightly more complex tasks like sending personal data to complete strangers.
EDIT: [1] Windows Computer, [2] MacOS* Computer.
For example, see this page where RMS says "I wish ATI would free this microcode, or put it in ROM". Freeing the microcode would increase user freedom, but putting it in ROM would not.
You have truncated the sentence: "I wish ATI would free this microcode, or put it in ROM, so that we could endorse its products and stop preferring the products of a company that is no friend of ours."
I don't have the full context but here the consideration is apparently that ATI *in general* is (or was at the time this was written) more friendly towards free software than some other company that is not explicitly mentioned, so RMS thought it would be preferrable that ATIs products could be endorsed, so they can be preferred to the ones of the other companies, even if that comes at the price of such a limitation.
You can disagree with that strategy but clearly that does not say that putting the firmware in ROM would increase user freedom and I have seen no sentence from RMS that he thinks it would.
EDIT: My message does not appear as a reply to the message I was replying but since I have quoted what I am replying to, it should be understandable.
Yeah I understand that the FSF has to draw the line somewhere. However, as a user if you are comfortable using hardware with nonfree firmware in the ROM, why would you be uncomfortable if the firmware had to be loaded by the OS?
However, as a user if you are comfortable using hardware with nonfree firmware in the ROM, why would you be uncomfortable if the firmware had to be loaded by the OS?
Running nonfree firware means the risk to run malware. Every time nonfree firmware is updated, the risk is that the malware is improved. To me, the ROM reduces the opportunities for updates as compared with something loaded by the OS. That does not mean I am comfortable with it, but I would be even less comfortable with something loaded by the OS.
> as a user if you are comfortable using hardware with nonfree firmware in the ROM, why would you be uncomfortable if the firmware had to be loaded by the OS?
I have a feeling that your question is primarily related to relative comfort with compromising on the ethos of sofware freedom, and not primarily with security matters. Please let me know if my feeling is misguided.
If I am right, then my answer is that, as a user, I am not comfortable with any nonfree firmware and always choose any other available option, be it at some extra (although most often rather modest) cost, especially about wireless NICs, not unlike many other users of this forum would in a similar situation. We then have to turn to the many domains where no other option is available, which invariably reminds me of this famous paper from Alexandre Oliva, oft referred to in this forum:
https://www.fsfla.org/ikiwiki/blogs/lxo/pub/who-is-afraid-of-spectre-and-meltdown.en.
If firmware loaded by the OS is stored on writable memory (I'm not knowledgeable enough to know either way), that would be the critical difference. Software that cannot be modified does not inherently limit the freedom or trust of the user any more than the physical CPU does, unlike software which can be modified and consequently change its behavior at any time.
Of course, putting firmware on a ROM can itself be unethical.
Maybe because it would have been the lesser of the two evils, no one else would have to distribute non-free firmware for the device to function? Unclear, what exactly was being said on 4chan in 2013 with ati and nvidia? Time bomb style malware possible with "unchangeable?" hardware? Spectre/meltdown (cpu "bugs?") got some mitigations from the linux kernel like page table isolation.
"(it is known that the NSA has procured malicious weaknesses in some computing hardware)."
" Any program in your computer, that someone else is allowed to change but you're not, is an instrument of unjust power over you; hardware that imposes that requirement is malicious hardware."
https://www.gnu.org/philosophy/free-hardware-designs.en.html
"so what is Trisquel's policy regarding such wireless NICs? "
"Checking for compatibility
The Free Software Foundation (FSF) previously maintained a hardware directory. The FSF has this begun migrating data on the community supported site h-node.
The h-node wifi site is a resource that will help users find information about if wireless cards work with all Free Software. Users are encouraged to submit hardware information to h-node because this will help the community know which hardware is supported and which to avoid."
https://trisquel.info/en/wiki/setup-wireless-card
When in doubt about harware related freedom, I always go to nadebula.1984. h-node cannot always tell everything, while nadebula.1984 is talking from within the chip, so no blob is left unturned.
I do hope Trisquel 10 will convince nadebula.1984 to join us Trisquel daily users, as some of his recent comments seem to indicate.