Reading up on the @Puri_sm Librem 5. Nice idea, but it's a damn shame they're using the @FSF RYF certification as a goal and to guide the development process. RYF is total nonsense that encourages *decreasing* user freedom.
Show this thread
-
Of course, you still want to be firewalled from devices using proprietary firmware wherever possible (in the form of interfaces that are secure, e.g. no free memory read/write from the blob), but that has nothing to do with not allowing the free side to send the blob over.
Show this thread
But RYF instead says you must hide and bury any firmware you end up having to have. And so @Puri_sm end up having to do utter nonsense, like using a secondary CPU core to load the DDR4 controller firmware into the hardware, just so they can claim the binary blob is elsewhere.
-
-
They store the blob on write-protected SPI flash (because users must not have the freedom to modify any firmware they do wind up running), and write some code for the secondary CPU just so that the main CPU doesn't get digital cooties from (eeeeeew) touching the DDR4 code.
Show this thread -
Keep in mind this isn't even about the secondary (or main) CPU *running* the firmware. The firmware is always run by an embedded processor in the DDR4 PHY anyway. This is just about having the main CPU never even *see* the firmware. See no evil, hear no evil, speak no evil.
Show this thread -
So it doesn't matter that the DDR4 controller firmware has access to all RAM and obviously can pwn the main CPU at will. As long as you bury it in read-only memory, and make sure it never is accessed by the main CPU, the FSF will give your product their meaningless rubber stamp.
Show this thread -
What if the firmware is backdoored? Who knows! You're not supposed to touch it from the main CPU, lest you get digital cooties (eeeeeeeew). Just don't think about it. Move on. Everything's Libre™ (except the parts you can't see). It'll be fine.
Show this thread -
So yeah, screw you, FSF. I want that blob compiled into the main CPU's u-boot, from a freely downloadable blobs repo, where I can do whatever I damn well want with it. Which is the sane engineering approach, and the most user-freedom-respecting thing to do.
Show this thread -
Link to the story from
@Puri_sm. The fact that their engineer had to design that horrible nonsense workaround with a straight face and write the blog post to top it all off makes me sad.https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurdle/ …Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.