[coreboot] Proposal: "Freedom level" field for boards supported by coreboot

[Timothy Pearson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/18/2017 07:06 PM, Julius Werner wrote:
> Sounds like a good idea in general, but I think the categories might
> need some more tweaking. I guess we all have different favorites that
> we care about here (e.g. I'm partial to most ARM platforms), we should
> have a balanced discussion about what should be weighted more than
> what and why to make sure the categories end up fair to all platforms.
> 
> For example, it seems like you're trying to slot RK3288 as "bronze",
> which I'd say is argueably the most free platform coreboot supports
> right now. I assume your rating comes from the external board
> components requiring proprietary firmware in this case. So a few
> points to start discussion:

The only reason for the Bronze classification is the GPU firmware /
driver.  I'll admit I'm not as familiar with the RK3822 GPU as I'd like,
so if I made an error and it operates without binary blobs then the C201
would be reclassified Platinum.  You can't exactly stick a third-party
GPU on that SoC to get around the built-in GPU, so if it's not free it's
a major problem.

> - Is it fair to make external board components weigh more heavily than
> processor internals? I think at least external board components that
> are not essential (e.g. anything but keyboard, pointing device,
> display, network, maybe audio) or can be replaced with other
> components (e.g. USB can replace almost everything) should have the
> least impact on freedom level. In particular, it's not really fair to
> punish a board for including an optional non-free component that other
> boards don't have at all (like a laptop with a WiFi chip which
> essentially always require proprietary firmware vs. a desktop board
> that has nothing but empty PCIe slots).

I am trying to head off the easiest thing possible for the manufacturer
- -- that is, produce a board that has one feature set for Windows, and
another very limited feature set for libre software.  I don't think the
rankings should be able to be gamed in that manner; when a consumer buys
a board they expect that the advertised features of that board work, and
without proprietary software so if we've listed it as Gold or Platinum.

> - Anything required on the processor (e.g. microcode) should always
> weigh more heavily than external components. Disabling an external
> component (even something like keyboard/display) still leaves the
> system somewhat functional, whereas you can never disable the
> processor. Since microcode can essentially do anything I think it
> should always give a harsh rating unless it's feasible to run the
> board with the ROM-internal version.

Why are you assuming the internal ROM microcode is safe?  I certainly
wouldn't go there; in fact, the errata sheets for most processors show
the exact opposite.

> - Why are you making an exception for the EC, of all things? The EC is
> usually the keyboard controller which is one of the most highly
> sensitive things there are. I think a proprietary keyboard controller
> should definitely be counted worse than a proprietary WiFi chip, for
> example (because they WiFi chip cannot sniff into your HTTPS stream,
> but the keyboard controller can totally read the password you typed).

I make a very limited exception for an EC that is only an EC; that is,
it has no ability to transmit any information it gleans to a third
party.  I'd like to see that exception disappear ASAP, but I think we
should wait until the free EC implementation for the Lenovo machines is
finished so that we at least have some examples of true Silver class
machines.

> So as a quick brainstorming, I'd rather suggest a ranking roughly like
> this to fairly reflect the risk the user is exposed to:
> 
> A. Everything free.
> B. Non-essential component (e.g. GPS sensor) requiring proprietary firmware.
> C. Network component (e.g. WiFi) requiring proprietary firmware if it
> can be bypassed (e.g. USB, expansion card).
> D. Input/output-sniffing component (pointing device, keyboard,
> display, audio) requiring proprietary firmware if it can be bypassed,
> or CPU requiring microcode if it can be bypassed (e.g. just using
> factory ROM code).
> E. CPU or equivalently privileged processor requiring non-resident
> proprietary boot firmware.
> F. Network component requiring proprietary firmware that cannot be
> bypassed (e.g. no USB ports).
> G. Input/output-sniffing component requiring proprietary firmware that
> cannot be bypassed, or CPU requiring microcode that cannot be
> bypassed.
> H. CPU or equivalently privileged processor requiring resident
> proprietary firmware (e.g. Intel ME, Qualcomm TrustZone).

My concern is mainly the number of levels.  If we make this too much of
a smooth gradient type thing people won't really understand just how bad
G and H really are.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJYgBKnAAoJEK+E3vEXDOFba1kIALeBwN+Mx14WB3feh7f0PUzd
33hz3OgDtGnXeU+pzbTmM0m5Qsjl1EHUTiHDoAAdPvYA26TYWxcEMRHO0ntqfpF3
E87UJ7S5LJdwsF+qyVfUE43MD5l5UT17noGnFZYDq0tuPuto26RTQ+T7J07bcEfq
zYx7oHy+0ljHLaBqCTHn4bt5EhZDN0SRjjI+Kc09SBWe+Xaf8A/XCMT2RrU/nX5G
braFykJFvDljAjdne0ugJV5rVxzF5Dca8w981wGlmAyWENphVaDsFDX3BrRJ2iI9
A72H9cmYWrfCGM8lO7ktPz6+zali2b2tCrFQgZymVwi1PwGD9ewWkzVXA5ThMYg=
=T9uo
-----END PGP SIGNATURE-----