Hi, Quoting Simon Josefsson (2025-03-08 13:43:26) > My point was that there is no reasonable way to gain confidence about > security properties of any piece of non-free microcode. Everyone can now > produce AMD microcode that corrupts your machine in advanced ways that evade > detection, but we don't know if such malicious corruption is included in the > official microcode. Having source code for the microcode would help gain > confidence in it, and is the reasonable request. If the request is denied, I > would consider the vendor not trustworthy and look into options.
I do not understand something about this argument. If you don't trust the vendor, then it makes no difference whether or not new official firmware/microcode can be uploaded/flashed or not. If you don't trust the vendor, then the initial microcode that came with your device might already be doing things that go against your interests. Of course we cannot have much confidence in a piece of microcode of which we do not have the source code. But we also cannot have much confidence in a piece of hardware with non-flashable firmware of which we don't have the vhdl/verilog sources. So what is the difference? If I don't trust vendor X, then I cannot buy hardware from them independent of whether or not the vendor allows me to flash proprietary binary blobs from them. If I do trust vendor X, then why would I not trust their proprietary binary blobs? I do not think you will find many on this list who will disagree with the sentiment that it would be great if we had sources, schematics etc for many more things. On the other hand, I don't think you can currently buy a device that is capable to run, for example, a modern web browser and is fully open. This is why I voted in the last GR as I did. I'm typing this on an MNT Reform which is probably among the most open computers you can buy today but the chips in it are *not* open silicon. Yes, it would be great if they were and it would be great if the firmware blobs I need would not be proprietary. But I already chose to trust the manufacturers of the chips in my laptop or otherwise I would not be typing these lines. Why would I trust the silicone from vendor X and distrust the firmware/microcode from vendor X? Having non-free-firmware enabled by default in the Debian installer just continues pursuing a trust relationship you already decided on entering when you bought the hardware, no? Thanks! cheers, josch
signature.asc
Description: signature
