On Wed, 18 Jan 2017 18:11:21 -0800 Julius Werner jwerner@chromium.org wrote:
I think it's fair to penalize boards for this, but not as hard as for other components. The machine is still perfectly useable with text mode or software rendering. I would say this is way less severe than a non-free EC (which essentially means you can't trust your keyboard), for example. It should rank somewhere among the low inconveniences, maybe similar to a non-free WiFi chip.
Couldn't one just use a separate USB keyboard to circumvent that?
A. Everything free. B. Non-essential component (e.g. GPS sensor) requiring proprietary firmware. C. Network component (e.g. WiFi) requiring proprietary firmware if it can be bypassed (e.g. USB, expansion card). D. Input/output-sniffing component (pointing device, keyboard, display, audio) requiring proprietary firmware if it can be bypassed, or CPU requiring microcode if it can be bypassed (e.g. just using factory ROM code). E. CPU or equivalently privileged processor requiring non-resident proprietary boot firmware. F. Network component requiring proprietary firmware that cannot be bypassed (e.g. no USB ports). G. Input/output-sniffing component requiring proprietary firmware that cannot be bypassed, or CPU requiring microcode that cannot be bypassed. H. CPU or equivalently privileged processor requiring resident proprietary firmware (e.g. Intel ME, Qualcomm TrustZone).
My concern is mainly the number of levels. If we make this too much of a smooth gradient type thing people won't really understand just how bad G and H really are.
Okay, sure... colors or naming could make that more clear, or just squash some of these categories together. I didn't really want to exemplify the granularity here, just how I think different non-free components should be weighted against each other to fairly represent the risk to the user.
I like how most boards (with ME & Co.) would just get an 'H' :)
We could also try a system of points that get added together to reach a certain category (e.g. proprietary microcode is worth 5 malus points, proprietary WiFi could be 2, and resident proprietary firmware with full access short-circuits to the lowest category).
Personally, I like the category-based approach more, as I assume most people would bother less about how many points their hardware scores, instead of in what "freedom" or "security" category their hardware is classified. I think the category approach pulls people more towards libre-friendly hardware.
Btw, great effort and interesting discussion :)
Regards,
Merlin
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot