[coreboot] Liberating people and beyond x86 Was: [Resend] Tapping into the core (33C3)

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Tue Jan 17 00:58:47 CET 2017 

On Mon, 16 Jan 2017 16:34:06 -0500
"Taiidan at gmx.com" <Taiidan at gmx.com> wrote:

> Bootguard can be bypassed by simply swapping compatible CPU's from
> two computers/laptops, correct?
AFAIK, on many laptops the CPU is soldered now. Since such CPU are
probably BGA, I don't see it as a viable option for most people.
When people do not have enough skills to do something, commerce
typically can bridge that gap, however I fear that:
- The costs of such swap would be significant, I might be wrong though
  as the manufacturing technology evolves.
- Users would have some psychological barrier about buying a laptop
  that is known to be worth a given price second hand or new, at a
  price that is way higher.

> The bigger issue is, do we really want to support a company that will 
> one day succeed in shutting us down?
The question for me is not between supporting or not supporting such
company but rather when to stop supporting it entirely. More on that
below.

> while x86 is the only real option for a mobile workstation
It depend on the use case, people are different and use computing and
technology differently.
I currently use a Lenovo Thinkpad X60 as main computer. I currently
do not need to compile huge quantity of source code like an entire
GNU/Linux or Android distribution, so it works for me.

I did a compilation speed test between the Chromebook C201 and one of
my X60, compiling u-boot on the C201 for the LG Optimus black took about
1/4 less time on the Chromebook. That said, even if the compiled code
was exactly the same, the GNU/Linux distribution was not the same
between both devices, and power management setup might have impacted
the tests.

> I feel as though all desktop/server development should be focused on
> POWER as IBM isn't yet entirely hostile to the idea of free firmware
> (in 2012 a new kgpe-d16, compatible RAM, cpu's etc would be as much
> as a power habanero is now, it isn't really that expensive the only
> issue is that they don't depreciate in value as much as an x86 device
> so it isn't as easy to pick up older models for cheap)
There is no doubt that, if we could, we should, as a community, focus
on POWER8 and architectures friendly to free software.

However we might also want to think about how to handle the transition
between both. A lot of people are still used to x86 hardware and some
even still use legacy proprietary OS like Microsoft Windows.

More and more people are learning about privacy issues. A huge number of
people also want to do something about it. According to Eben Moglen,
that's about 1/5 of the Internet, that is about 400000 people.

More and more people will also realize its importance[7] as it would
ruin people's lives (sic[9]). The damage caused by privacy leaks would
probably probably increase a lot in the future (sic[9]), due to the kind
of data that may be stored (think about your complete DNA) but also
because the kind of information you will be able to deduce from the
data will be way more sensitive than it is now[8], due to algorithmic
progress on the relevant topics.

Free software and user control of the technology is required (but not
sufficient by itself) to have some trustworthiness in our own
computing and technology in general.

However many people (still) have a day job, a family, and no time for
that. So how do you bring in so many people to free software?
Especially if you need to change hardware, and that the new hardware
won't run the legacy proprietary OS you were used to.

It might be possible if you split the issue in several parts:
(1) A given person can start by migrating to GNU/Linux on hardware they
    have or are familiar with. We are still not there, since many
    people didn't switch yet, as the various jokes on "The year of the
    GNU/Linux desktop" reminds us.
(2) Once the person migrated to GNU/Linux, on untrustworthy hardware,
    running it on trustworthy hardware might not be that different.

Having interacted with many (non-tech) people willing to switch to
GNU/Linux or switching to it, I've an hypothesis on why very few people
actually switched to GNU/Linux.

I think that it's mainly due to the lack of professional support
for individuals: Most people still using legacy proprietary software
can simply go to the computer shop nearby to get their software problem
fixed. Such computer shop typically do not know how to fix common
issues in GNU/Linux distributions. GNU/Linux user groups also don't
scale enough to accommodate that much people, and are not available
7/7, and are often available the week-end, that is, when people want to
spend time with their families instead of getting their computer fixed.

Increasing the availability of commercial support might be possible, for
instance by identifying common issues and having a certification that
would ensure that shops can fix such common issues with a good enough
quality for most people. Few companies[1] seem to be involved in medium
scale support of individuals (not businesses). Such companies
probably have better information on what the common issues are than the
GNU/Linux user groups, as they interact with more diverse people.

To help such user transitioning we also probably need computers that are
made to ensure that GNU/Linux runs fine, even if they are x86 and run
proprietary blobs in the boot firmware.
This is made possible by Coreboot since the OS<->Boot firmware
interface is free software.
There is also at least one free software friendly company[2]
that design laptops, and that are exercising some control over the
choice of components that goes into such laptops.

Now helping people transition to use GNU/Linux isn't enough, we also
need to make sure that hardware that respects people's free do exist at
the end of the transition, and that such hardware also works well.

Since the Crowdsupply campaign of the POWER8 "Talos Secure
Workstation"[3] didn't work out, probably due to the lack of people
willing to pay a (way) higher price than other free software friendly
computers like the novena, how do we go from there?

We also need to bother about security, and ensure that computers that
can run fully free software are also secure, that the security is
unobtrusive and still encourage the user to experiment with the software
and hardware.

As I understand the "Talos Secure Workstation" would also have shipped
with a free software root of trust[4][5] that would be user modifiable.

Such hardware would also have permitted to experiment with different
approaches on how to ensure that the computer remains trustworthy and
has not been tempered with, without the knowledge of the owner of the
computer, that is, the user.

As I understand it, this feature might go into some minifree desktops
and servers in the future[6], so we will hopefully be able to do such
experimentation.

References:
-----------
[1]https://hypra.fr
[2]https://puri.sm
[3]https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation
[4]https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-1
[5]https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-2
[6]https://minifree.org/product/libreboot-d16/
[7]http://craphound.com/news/2016/07/03/peak-indifference-privacy-as-a-public-health-issue/
[8]https://media.ccc.de/v/33c3-8238-retail_surveillance_retail_countersurveillance
[9]That said we shouldn't wait for privacy issues to be solved
   automatically:
   - The cost of that waiting would be that many lives would be ruined.
   - That doesn't take into account the relationship between
     privacy and power. People might really really strongly want
     and require privacy but could be prevented to get it.

Denis.

More information about the coreboot mailing list