Ariadne Conill, creator of the Audacious music player, initiator of the IRCv3 protocol, and leader of the Alpine Linux security team, criticized the Free Software Foundation's policies on proprietary firmware and microcode, as well as the rules of the Respect Your Freedom initiative aimed at certification of devices that meet the requirements for ensuring user privacy and freedom. According to Ariadne, the Foundation's policies limit users to obsolete hardware, encourage manufacturers seeking certification to over-complicate hardware architectures, discourage the development of free alternatives to proprietary firmware, and prevent the use of proper security practices.
The problem is caused by the fact that the βRespect Your Freedomβ certificate can only be obtained by a device in which all supplied software must be free, including firmware loaded using the main CPU. At the same time, firmware used on additional embedded processors can remain closed, if they do not imply updates after the device falls into the hands of the consumer. For example, the device must ship with a free BIOS, but the microcode loaded by the chipset to the CPU, firmware to the I/O devices, and the configuration of the internal connections of the FPGA may remain closed.
A situation arises that if proprietary firmware is loaded during initialization by the operating system, the equipment cannot receive a certificate from the Open Source Foundation, but if the firmware for the same purposes is loaded by a separate chip, the device can be certified. This approach is considered flawed, since in the first case the firmware is visible, the user controls its loading, knows about it, can conduct an independent security audit, and can easily be replaced if a free analogue becomes available. In the second case, the firmware is a black box, which is difficult to check and the presence of which the user may not be aware of, falsely believing that all software is under his control.
As an example of manipulations aimed at obtaining the Respects Your Freedom certificate, the Librem 5 smartphone is given, the developers of which, in order to obtain and use for marketing purposes a mark of compliance with the requirements of the Free Software Foundation, used a separate processor to initialize the equipment and load firmware. After completion of the initialization stage, control was transferred to the main CPU, and the auxiliary processor was turned off. As a result, the certificate could have been formally obtained, since the kernel and BIOS did not load binary blobs, but apart from introducing unnecessary complications, nothing would have changed. Interestingly, in the end all these complications were in vain and Purism was never able to obtain a certificate.
Security and stability issues also arise from the Open Source Foundation's recommendations for using the Linux Libre kernel and Libreboot firmware, cleared of blobs loaded into the hardware. Following these recommendations can lead to various types of failures, and hiding warnings about the need to install firmware updates can lead to uncorrected errors and possible security problems (for example, without updating the microcode, the system will remain vulnerable to Meltdown and Specter attacks). Disabling microcode updates is perceived as absurd, given that an embedded version of the same microcode, which still contains vulnerabilities and uncorrected errors, is loaded during the chip initialization process.
Another complaint concerns the inability to obtain the Respect Your Freedom certificate for modern equipment (the newest model of certified laptops dates back to 2009). Certification of newer devices is hampered by technologies like Intel ME. For example, the Framework laptop comes with open firmware and is focused on complete user control, but it is unlikely that the Free Software Foundation ever recommends it due to the use of Intel processors with Intel ME technology (to disable the Intel Management Engine, you can remove all Intel ME modules from the firmware , not related to the initial initialization of the CPU, and deactivate the main Intel ME controller using an undocumented option, which, for example, is done by System76 and Purism in their laptops).
An example is also the Novena laptop, developed in accordance with the principles of Open Hardware and supplied with open source drivers and firmware. Since the operation of the GPU and WiFi in the Freescale i.MX 6 SoC required loading blobs, despite the fact that there were not yet ready free versions of these blobs in development, in order to certify Novena, the Open Source Foundation required that these components be mechanically disabled. Free replacements were eventually created and made available to users, but certification would have prevented users from using them since the GPU and WiFi, which did not have free firmware at the time of certification, would have to be physically disabled if shipped with a Respect Your Freedom certificate . As a result, the Novena developer refused to undergo the Respect Your Freedom certificate, and users received a full-fledged, not a stripped-down device.
Source: opennet.ru