[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a n

From: David Craven
Subject: Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement.
Date: Fri, 10 Feb 2017 18:31:34 +0100

Hi Maxim

> +1. I don't see how having blobs helps security at all.

Well the problem I was getting at is that things are not as fixed as
they may seem.
Quoting wikipedia:

>> Decreasing cost of reprogrammable devices had almost eliminated the market 
>> for mask ROM by the year 2000.

Translation: ROM is not RO.

It is not a theoretical threat, and just as dangerous as other threats
that people put a lot of effort in avoiding [0]

I don't see how trusting the manufacturer when buying the product is
any different from trusting him down the road. I was talking about
malicious third parties. Obviously planting something in difficult to
upgrade persistent memory is a lucrative target for attackers -
manipulating firmware becomes plain uninteresting in the other case.

> The companies that should be the rewarded are the ones that release
> firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100.

> Indeed, we ought to put our money where our mouth is, i.e. back the
> companies which are helping the cause of free software/hardware.

I don't think they actually produce any silicon, toolchain or firmware
themselves. At least I didn't find a link to it. So they are basically
using other peoples silicon, toolchain and firmware. Giving them
credit for complying with the GPL is not quite right either. (But I
don't know who's behind the thinkpenguin and it looks like a great

To independently verify the claim that the firmware they are using is
indeed fixed, would actually require them to release both schematics
and datasheets of their designs.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]