Every ARM SoC is proprietary, closed hardware. Same applies to most other hardware components like Wi-Fi / NFC / cellular radios, touchscreens, cameras and even batteries. There is nothing open about it, and not shipping the firmware updates just exposes users to vulnerabilities.
Conversation
Try not to get duped by projects pushing an ARM SoC and other proprietary hardware components as open hardware without proprietary firmware. There are several projects very deliberately misrepresenting this, misleading users and putting them at risk by not providing the updates.
1
1
12
Full security updates covering all components are incredibly important. Being able to update firmware/microcode rather than replacing hardware over and over again is not a negative. Verified boot, keystore HSMs and other hardware-based security features are also important things.
1
2
10
It's also important to note that hardware isolation is orthogonal to whether a component is implemented on the same die. In fact, in many cases, components on the SoC chip have better isolation than those outside it due to lack of security work across organizational boundaries.
1
1
9
Privacy and security have been hijacked for marketing by not just companies but also open source projects. You cannot believe what you read on these topics from most companies, projects or the media. The industry is full of scammers, dishonesty and ignorance. It's sad all around.
2
3
14
Replying to
if you'll throw away security and privacy in pursuit of freedom, you don't understand freedom in the first place
1
Replying to
Preventing users from installing firmware updates is also hardly freedom, and yet that's apparently what passes for it these days. Hiding the fact that the hardware and firmware is proprietary with no way to update it doesn't make things better in any way but rather much worse.
1
2
1
Hiding that it's proprietary and running embedded malicious blobs is harmful. Failure to ship updates to embedded malicious blobs is a tradeoff.
2
The 'malicious' in that statement is conjecture, and open source software can do things you would consider malicious too. That includes things that go unnoticed for a long time despite people having the sources and building from them. It's not some magic panacea eliminating it.
So for example, what exactly does the Wi-Fi firmware do that's at malicious? Why wouldn't you want to install an update fixing a remote code execution vulnerability? If you keep using the old version (which is not in any way more open), attackers get an easy way into the device.
1
2
1
Also, if someone does discover a backdoor, and it gets removed in a firmware update, wouldn't you want to install that? Some of vulnerabilities being regularly fixed in both open and closed source software could even be intentional ones - and if you can't update you can't fix it.
1
i bet the next RCE in Qualcomm WLAN will be in the open source qcacld kernel module, not the closed source firmware blobs