Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Skylake & Broxton Graphics Processors To Start Mandating Binary Blobs

Posted by Soulskill on from the give-the-people-what-they-want-or-actually-maybe-not dept.

An anonymous reader writes: Intel has often been portrayed as the golden child within the Linux community and by those desiring a fully-free system without tainting their kernel with binary blobs while wanting a fully-supported open-source driver. The Intel Linux graphics driver over the years hasn't required any firmware blobs for acceleration, compared to AMD's open-source driver having many binary-only microcode files and Nouveau also needing blobs — including firmware files that NVIDIA still hasn't released for their latest GPUs. However, beginning with Intel Skylake and Broxton CPUs, their open-source driver will now too require closed-source firmware. The required "GuC" and "DMC" firmware files are for handling the new hardware's display microcontroller and workload scheduling engine. These firmware files are explicitly closed-source licensed and forbid any reverse-engineering. What choices are left for those wanting a fully-free, de-blobbed system while having a usable desktop?

6 of 193 comments (clear)

  1. rootkit? by Anonymous Coward · · Score: 5, Insightful

    Q: What guarantee do we have that these binary blobs don't contain root kits?
    A: None.

    This really isn't acceptable. :(

    1. Re:rootkit? by BlueStrat · · Score: 5, Funny

      Q: What guarantee do we have that these binary blobs don't contain root kits?
      A: None.

      This really isn't acceptable. :(

      Aw, c'mon! It's not like the NSA would risk vital US infrastructure, foreign trade, and financial/military/corporate/individual security by deliberately compromising the security of widely used operating systems, software, and/or encryption!

      That's just crazy talk.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:rootkit? by WaffleMonster · · Score: 5, Insightful

      Q: What guarantee do we have that these binary blobs don't contain root kits?
      A: None.

      This really isn't acceptable. :(

      This is madness. They own the hardware. If you don't trust the vendor they can still screw you in hardware. Your fucked either way.

      I don't recall people bitching about CPU microcode or any of a dozen subsystems in a typical computer which run on closed proprietary firmware.

      I actually think this is something we should be encouraging more of. What is dangerous is systems downloading firmware from onboard field upgradable roms because attackers have leveraged these vectors to destroy gear and persist ownage even after compromised systems have been completely wiped.

  2. Artificial hardware vs software distinction by iamacat · · Score: 5, Interesting

    If the same blob was included in chip's ROM, nobody would think it's different from before right? The only difference here is that Intel is saving some money by not having a flashable ROM in the chip and instead having host OS provide the same blob on each boot. It's not like Windows driver gets a better blob or accesses some secret features not given to Linux developers.

    If you are interested in open source hardware this is not in. But open sourcing all code running on main CPU is a significant step in itself and has many practical advantages (like being able to run/write whatever OS you want).

    If community has done more with existing open hardware contributions like OpenSparc, I think we would see many new ones.

  3. I've personally fixed bugs by Chirs · · Score: 5, Insightful

    I did kernel hacking for 10 years. I've fixed bugs in Ethernet drivers and helped document (and work around) hardware errata. I've also had to deal with trying to rebuild Nvidia drivers when the binary blob was no longer compatible with the latest kernel source. Having open-source drivers is key for those of us that actually *do* work on this stuff.

  4. Re:This matters because... by Immerman · · Score: 5, Insightful

    While I'm inclined to dismiss binary blobs as largely innocuous in most scenarios, you are oversimplifying things considerably.

    1) Just because *I* don't have the time or interest to modify display firmware, doesn't mean I'm not in a position to benefit from *other people* doing so. Witness the entire Linux infrastructure, which owes its existence to the fact that the software stack of the time was NOT locked down, and critical hardware was all reasonably well documented.

    2) The binary blobs are themselves dangerous - driver software is typically running with very high security clearance, and you have absolutely NO idea what is going on inside those blobs. Couple that with the fact that we now KNOW the NSA (and presumably other organizations as well) have actively recruited several major companies to collaborate in compromising the security of commodity hardware, and we're in the position of being completely unable to trust ANY binary-blob software in a security-critical scenario. Since Intel was pretty much the go-to option for decent(ish) fully open-source display accelerators, that alone validates a subset of the original question: What are our options now if we want a modern desktop that can be be audited for security?

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.