Slashdot Mirror
Intel Skylake & Broxton Graphics Processors To Start Mandating Binary Blobs
An anonymous reader writes: Intel has often been portrayed as the golden child within the Linux community and by those desiring a fully-free system without tainting their kernel with binary blobs while wanting a fully-supported open-source driver. The Intel Linux graphics driver over the years hasn't required any firmware blobs for acceleration, compared to AMD's open-source driver having many binary-only microcode files and Nouveau also needing blobs — including firmware files that NVIDIA still hasn't released for their latest GPUs. However, beginning with Intel Skylake and Broxton CPUs, their open-source driver will now too require closed-source firmware. The required "GuC" and "DMC" firmware files are for handling the new hardware's display microcontroller and workload scheduling engine. These firmware files are explicitly closed-source licensed and forbid any reverse-engineering. What choices are left for those wanting a fully-free, de-blobbed system while having a usable desktop?
Q: What guarantee do we have that these binary blobs don't contain root kits?
A: None.
This really isn't acceptable. :(
They aren't "mandating" anything. You buy their product, and they provide some closed source software with it that you need to get some of the functions. It sucks, but it isn't a "mandate".
You might want to consider letting it not bother you too much, though. After all, these chips have been full of proprietary code in the equivalent of ROM for a long time. The fact that some of it is migrating into RAM doesn't really change things very much.
If you really don't like loading proprietary blobs from RAM, use embedded processors; they usually don't do that because it wouldn't work very well in their environment.
If you really want to run a "fully-free, de-blobbed system", you need to get an open source processor and an open source motherboard.
What choices are left for those wanting a fully-free, de-blobbed system while having a usable desktop?
How about don't use these new systems? And keep on using what you have used in the past?
I am Slashdot. Are you Slashdot as well?
Be a conehead. Use that telex machine thing. Be a pepper. Go for it. Be all you can be. Aim high. Jump in a lake. Just not a skylake. Partake of toe jam and jelly not found in any store. Worship his holiness.
Intel's latest gen APU hangs with AMDs, but it's also almost twice the price, and that's before you factor in that the AMD board is cheaper and they tend to have better combos on Newegg. I can get a 7850k with a good board and 8 gigs of ram for $236 bucks. The equivalent i5 setup is going to be $450.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Maybe, but you'll have to have an awfully attractive proposal and back it with heavyweight talent that already had a good reputation for delivering the goods.
For example, if a major video card vendor went belly-up for reasons not related to their tech (i.e. for plain old poor business practices) and their best coders banded together and started a kickstarter with a goal of $5B above and beyond the $1B they were personally tossing into the pot, they'd get my attention. But then again, they probably would be looking for traditional venture capital funding rather than kickstarter-type funding.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If it weren't for the fact that these binary blobs are updateable, no one would care. For example, your hard disk certainly has a "binary blob" in the form of its firmware, but because the OS isn't able to update it, no one cares and happily ignores it. However, the moment someone releases a hard drive where the OS can supply the binary blob so that the hard disk firmware is easily updated, the open source community will immediately reject this new device even though the only difference between it and the old device is that the old one, in the event of a firmware bug, could not be updated and simply remained unreliable for the lifetime of the device.
Indeed, that's probably what is happening here. Intel likely had such code in their cards all along, but previously the code was in a non-reprogrammable ROM. Now they've decided to add a new feature to their cards to allow bugs that are discovered in this code to be corrected, and everyone is simply going to complain about it. They were happy when no one could access the code and fix the bugs, but now that Intel can do it, they're not willing to accept not being able to do it themselves as well.
It's rather silly. Just imagine if the card could accept a binary blob, but refused it if it didn't match cryptographic checksums in the hardware that cannot be updated. It would be effectively the same as if the firmware were stored in a ROM in the hardware itself in that no one would ever be able to modify that code, but you can still bet that the open source community would be up in arms over not having access to the source code simply becase, whenever they can touch binary code, they're unable to accept the fact that they don't have the source to that binary code.
Your dictionary pedantry adds no value and in fact obscures the issue.
Well said. Being right is never a substitute for feeling righteous.
I did kernel hacking for 10 years. I've fixed bugs in Ethernet drivers and helped document (and work around) hardware errata. I've also had to deal with trying to rebuild Nvidia drivers when the binary blob was no longer compatible with the latest kernel source. Having open-source drivers is key for those of us that actually *do* work on this stuff.
While I'm inclined to dismiss binary blobs as largely innocuous in most scenarios, you are oversimplifying things considerably.
1) Just because *I* don't have the time or interest to modify display firmware, doesn't mean I'm not in a position to benefit from *other people* doing so. Witness the entire Linux infrastructure, which owes its existence to the fact that the software stack of the time was NOT locked down, and critical hardware was all reasonably well documented.
2) The binary blobs are themselves dangerous - driver software is typically running with very high security clearance, and you have absolutely NO idea what is going on inside those blobs. Couple that with the fact that we now KNOW the NSA (and presumably other organizations as well) have actively recruited several major companies to collaborate in compromising the security of commodity hardware, and we're in the position of being completely unable to trust ANY binary-blob software in a security-critical scenario. Since Intel was pretty much the go-to option for decent(ish) fully open-source display accelerators, that alone validates a subset of the original question: What are our options now if we want a modern desktop that can be be audited for security?
--- Most topics have many sides worth arguing, allow me to take one opposite you.
At this point you may have to keep your new computers on their own network that is not attached to the Internet. Use the older computers where such a security audit is necessary and only allow them onto the Internet.
Besides binary blobs as security problems, we also do not know everything we need to about the rest of the hardware in the system. Anyone that can acquire computer hardware from the last 15 years and Internet access for less then a day can get a system up and running with tools to compile software with. That's a pretty low barrier to entry, especially considering you can teach yourself to program for free with books from the city library. Sure, they are old, but its still coding.
Can't do that with hardware. Even if you can learn how to model and design hardware, you still need access to a fabrication factory to make your parts. This will cost a lot, especially if your first design isn't perfect.
We're screwed for the time being.