[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a n

From: Maxim Cournoyer
Subject: Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement.
Date: Sun, 12 Feb 2017 23:02:29 -0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)


Christopher Howard <address@hidden> writes:

> On 02/10/2017 08:31 AM, David Craven wrote:
>> Hi Maxim
>>> +1. I don't see how having blobs helps security at all.
>> Well the problem I was getting at is that things are not as fixed as
>> they may seem.
>> Quoting wikipedia:
>>>> Decreasing cost of reprogrammable devices had almost eliminated the market 
>>>> for mask ROM by the year 2000.
>> Translation: ROM is not RO.

You have a point, although reading the article linked (from Wired), this
kind of attack requires a lot of effort (to reverse engineer the
proprietary interfaces used to reprogram the firmware of a HD). At this
level of seriousness they might as well find other means to get at
you, such as physically altering one of the device you use without you

>> It is not a theoretical threat, and just as dangerous as other threats
>> that people put a lot of effort in avoiding [0]

They were using Windows and allowing people to shuffle USB keys. That
fits strangely with "putting a lot of effort in avoiding security risks"

>> I don't see how trusting the manufacturer when buying the product is
>> any different from trusting him down the road. I was talking about
>> malicious third parties. Obviously planting something in difficult to
>> upgrade persistent memory is a lucrative target for attackers -
>> manipulating firmware becomes plain uninteresting in the other case.
>>> The companies that should be the rewarded are the ones that release
>>> firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100.
>>> Indeed, we ought to put our money where our mouth is, i.e. back the
>>> companies which are helping the cause of free software/hardware.
>> I don't think they actually produce any silicon, toolchain or firmware
>> themselves. At least I didn't find a link to it. So they are basically
>> using other peoples silicon, toolchain and firmware. Giving them
>> credit for complying with the GPL is not quite right either. (But I
>> don't know who's behind the thinkpenguin and it looks like a great
>> accomplishement).

Probably not themselves, but they could hire someone to work on it. I
remember reading a story where ThinkPenguin had been involved in
negotiating with a hardware company and played a part in having that
company agree to release their firmware. Sadly I can't find that story
anymore!  And the company seems active in the free software community
and promoting/defending values of the movement. You can have a look at
their blog to see for yourself (

>> To independently verify the claim that the firmware they are using is
>> indeed fixed, would actually require them to release both schematics
>> and datasheets of their designs.
>> [0]
> Stallman did an extensive article in 2015 which I think is relevant to
> this discussion:

A recommended read for anyone interested in the idea of free hardware!
Thanks for sharing.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]