[prev in list] [next in list] [prev in thread] [next in thread] List: openbsd-misc Subject: Re: Blob-free OpenBSD kernel needed From: Theo de Raadt <deraadt () cvs ! openbsd ! org> Date: 2015-06-06 0:30:33 Message-ID: 201506060030.t560UXjK022258 () shear ! ucar ! edu [Download RAW message or body] > Hello, Hello Mr. Whoever you are, > It has come to my attention that OpenBSD does not included non-free > drivers, dubbed "blobs" - which is excellent. However, you still > include non-free firmware in the kernel and some packages. That is false. The kernel includes a few minor firmwares which are FREELY PROVIDED by the vendors of that hardware, since those vendors chose to not put those firmware onto ROMS on their cards. Those firmwares are FREE. Please indicate a single vendor who wants MONEY for that firmware. They don't want money. They want people to use the hardware which they skipped on adding a ROM to. That is why the firmware is free. A few other firmwares are slightly less free. Meaning they are free for money, but they try to stipulate subtle rules we do not want to impact the freedom of our source tree with. To solve this specific problem, a few creative developers in the group have found a way to package those up and make them available on the internet. OpenBSD has a tool built in which will download those, so that our base source tree remains full of freedom. Those are treated the same. If the hardware exists, we load it onto the hardware. The firmwares are NOT RUN BY THE HOST CPU. They are running on the network or other such hardware which you foolishly purchased! > With spying revelations, it is well-known that non-free firmware can > contain backdoors. ( just one recent example: > http://www.wired.com/2015/02/nsa-firmware-hacking/ ) You are speaking in riddles. Non-free firmware can contain backdoors just as well. 99% of the hardware we run on contains firmwares *IN ROM*. Those could contain backdoors. You use such machines. You sent your email from a machine containing ROM firmwares. Quite often, those are not in true ROM, either, but rewriteable using tricks that the vendors know, but which we don't know. > I would feel a lot safer if the kernel and packages were fully free, > containing no non-free drivers nor non-free "firmware". That's nice. Then don't run hardware which needs those firmwares. See, your problems are solved so easily! > At the very least provide a separate branch of known "clean" 100% > free packages and kernel. For example the non-free athn and rsu > firmware are currently in the repository, and I would suspect other > non-free firmware is into the kernel. You are so full of BS! The firmware for the athn driver is NOT IN THE REPOSITORY! For USB devices, the driver needs at least version 1.1 of the following firmware files, which are loaded when an interface is attached: /etc/firmware/athn-ar7010 /etc/firmware/athn-ar7010-11 /etc/firmware/athn-ar9271 A prepackaged version of the firmware can be installed using fw_update(1). There is Makefile somewhere in the ports tree which KNOWS where to find that firmware on the internet. That's it. Your definition of free is so clouded! Same with the rsu firmware. WHERE in the source repository do you see the bytes that came from the vendor? > Offering a stripped kernel and separating those few packages only > increases the security of OpenBSD. That is BS. If you don't want to run those firmware, don't buy and insert those particular USB devices. > Also, We can probably find replacements for most all the non-free > firmware. You are quite a persistant idiot. Find replacement of a firmware that a vendor wrote for their specific undocumented chip; which runs on the custom processor and hardware on the athn USB device? That runs on the rsu hardware, which is probably some kind of crappy vendor-modified ARM or MIPS or 8085 derived cpu attached to a blob of Verilog logic they designed in their own lab? You don't know jack shit about computers or electronics, that much is obvious. > Taking for example this replacement for some of the athn > firmwares: https://github.com/qca/open-ath9k-htc-firmware That is not a "device firmware". Those Atheros devices contain no cpu, only gate array logic to do their work. As a result, a driver has been written which runs on the NATIVE HOST CPU, meaning, inside Linux or OpenBSD. Same as our ath(4) driver. That is a non-firmware designed chipset. Once again you show that you don't know shit. > All we'd need is a driver to load those instead of the blobs. Good luck with that buckeroo. Looking forward to your complete rewrite of the Broadcom NetXtreme II 10/100/Gigabit firmware, by the way. There are about 25 versions of this product, and they have 4-6 MIPS 64-bit cpus running different firmwares on them. Total size, around 260K. It's like a bunch of independent operating systems running on propriety hardware! Please remember to send your new firmware source for that hardware nicely indented; we like the tabs + 4-space mode described in our style(9) page! Fact is, modern hardware simply "is what it is". Telling people that OpenBSD should not run on such hardware is a gigantic illusion. You come off like a child, demanding freeeeeeedom. I hope your next mail goes straight to Linus Torvalds. He is also encouraging people to use the hardware they accidentally bought in exactly the same way!! The nerve of him. [prev in list] [next in list] [prev in thread] [next in thread]