Intel CPUs to further restrict open-source firmware

Just made an account to see what the people here thought. It’s likely AMD follows up with their own. Will Purism finally stop trying to hold onto the currently less relevant than ever amd64 architecture and go onto something like ARM or PowerPC?


RISC-V is the future for open-source firmware.


Intel recently joined RISC-V, I’m somewhat wary of it now. Sure, it’s an open platform, but there’s the possibility that it IE6es things.

Not to mention, the aforementioned ARM and PPC64 are mature platforms – they can be put into, say, a laptop tomorrow. RV still has some more growing to do. I could see a future where PPC64le and RV compliment each other as desktops and laptops, respectively, however.

what exactly do you base that on? An open ISA doesn’t necessarily translate into open firmware. There are still lots of IP blocks that can’t easily be open sourced


Intel may have joined the RISC-V International standards organization, but even at the “premier membership level,” I don’t think it is possible for them to steer the course of that ship. PowerPC is RISC instruction set architecture, so in my mind, RISC-V is the next logical step and the future for RISC processors.

There aren’t any good choices at this point. POWER9 is way too expensive for normal PCs and POWER10 uses proprietary blobs from Synopsys to initialize the memory and use PCI express, so the only viable PowerPC option are old Motorola chips from 2011.

ARM is also a mess. The RK3399, RK3566 and RK3568 currently needs blobs, and they would be underpowered for a PC. The RK3588 is powerful enough to be the CPU for a PC, but it will probably years before it has good mainline Linux support, and I have no idea what it requires in terms of blobs. You can build a RYF PC with the i.MX 8M Quad, but again it will be underpowered, and the Allwinner A64 is hopelessly outdated.

All the RISC-V processors currently in production that I can find require blobs, like the Si-Five processors which use a proprietary driver from Imagination. We have had promising press releases from Alibaba and NXP, but at this point we have no idea if there will be any RISC-V processors that can run on 100% FOSS. Lot of people have ideas and post open source RISC-V cores on github, but actually making it to production looks doubtful.


NXP is still making PowerPC proper for lighter weight applications – the T2080 is currently being used in a laptop project over in Italy. Quad 1.8, so not the fastest, but quick enough for full-speed YouTube and much faster than the MNT laptop.

Then there’s the T4240, which is 12-core…

I wouldn’t call POWER9 overly expenive – a typical build should cost somewhere around $2,800-3,000, which seems to be reasonable to me compared to PC builds on /r/buildapc.

1 Like

Fair, but you get closer to freedom by moving towards freedom, not by moving away from it. SiFive understands this:

In my opinion, if Purism wants the free-ist hardware possible, they will beginning planning for RISC-V processors for future hardware. It might be years in the future, but it’s the future for the most freedom-respecting hardware.


I usually stay out of posts like these (because they tend to be very subjective and do cause division sometimes) but this was something I found interesting.

I’ve been in the computer industry for 2 decades now, I’ve been a developer for almost as long and I’ve had a career in both IT and software development for 17 years (collectively). If history has taught me anything is that, nothing is fool-proof, anything can be overcome with the will, and persistence (along with motivation), and everything can be reverse engineered. So as Intel (and AMD) continue to try to block open-source software, firmware, and hardware, it will never be able to block it 100% of the time. There will always be someone (or group of someones) that finds a way around it. It’s just a matter of time, resources, and sometimes money.

That being said, there will be outliers, and unique use-cases where Intel will have customers that need non-approved firmware (some car manufacturers use Intel chips in some management and data processing components within vehicles, and some manufacturing machines will require custom, non-approved firmware for factory use). This means that chips without these blocks will exist, and workarounds will be available at some point.

Everything is hackable given enough time, and knowledge. Nothing is 100% safe. At least, that has been my experience over the years.


To further that thought … the problems are often not in the CPU but in related chips. The ISA can be fine. The CPU itself can be fine. But you can still have plenty of closedness and unverifiability.

The assessment has to be over the whole system … ISA, CPU, related chips.


… given enough money (cough) you can license a design for an ARM CPU, and presumably verify that there are no CPU backdoors (given the expertise) - and ARM would be fine, but that doesn’t say enough about a computer that uses that CPU - since most computers are going to need RAM, general I/O interfaces, video output, various built-in peripherals and functions, …

While that might be true in theory, in practice it could be decades and the hardware could be completely obsolete or even unusable by the time it is ‘hacked’, particularly with an uncooperative manufacturer who may be going out of its way to thwart your attempts to open and verify.

It also may be the case that the resources (money, people) are not available to do this in practice.

My own opinion is that Intel is a dead loss.

It is just a question of ‘when’.


The problem is that Si-Five doesn’t seem to care much about FOSS, and frankly I don’t see much evidence that it cares about openness in general. Sure, it is using an open ISA, but that doesn’t mean that its hardware is really freer. It is sort of like saying a book is free because the letters in its alphabet are free. AFAIK, Si-Five hasn’t released much free/open source material, so its hardware actually isn’t any freer than an ARM or x86 processor.

In fact, Si-Five’s hardware requires more blobs than most ARM or x86 chips, because Si-Five decided to partner with Imagination to provide its GPU and NPU, so its processors need proprietary drivers for graphics and AI. At least Intel and AMD contribute to the mainline kernel so their hardware can run with FOSS and ARM provides documentation to the community, so FOSS drivers can be created. At this point, I see little hope that we will ever have a FOSS driver for Imagination’s PowerVR GPUs.

If Si-Five had cared about FOSS, it would have insisted as part of its deal with Imagination that it release enough documentation on its GPU and NPU so that the community can create FOSS drivers or it would have partnered with VeriSilicon to use a Vivante GPU which already has a FOSS driver. I assume that Si-Five couldn’t partner with ARM or AMD to get a GPU because it’s CPU cores represent competition, but even NVidia with its checkered history with the FOSS community, would have been a better partner than Imagination, since NVidia’s GPUs can run on FOSS drivers.

NXP is promising to create a RISC-V chip based on the i.MX 8M platform and Alibaba says that it wants to work with the FOSS community when releasing its XuanTie XT9xx processors. Both NXP and Alibaba are members of the OpenHW Group, which are collaborating to use free/open source RISC-V cores, whose source code is available online. There are much better companies than Si-Five, so we should stop lauding the company, when it is doing little to help promote either open hardware or FOSS.


Perhaps the Si-Five CFO sees the benefits of Stalking, Monitoring, Recording people and selling the people’s Internet habits or just control people themselves? :thinking:

I doubt the U.S. would allow the Chinese to sell much tech stuff right now. Remember what happened to Kaspersky?

When I step back and look at the many comments here, it seems that there is a battle between technologies. One wants freedoms and the other wants control. The Controller has it easy since people are merging what they use with what works at the office, school… and the other, the Frees it is hard to work between both let alone a long learning curve. It’s like keeping up with the Joneses because it’s easier. IMO.

There is also the matter of the many hundreds of sanctions world-wide that is going to start new borders, additional rules etcetera regarding technology.


1 Like

I don’t mind using my personal cell phone for doing the business of my employer. But there are limits. If the business-use apps start limiting my freedoms or allowing anyone to spy on me personally, I will tell my employer that I can’t use a cell phone unless they issue one to me. I wouldn’t mind carrying two phones.

Also, the best way that Intel could restrict the use of their CPUs could be to implement secret unpublished operational codes that can only be generated cryptographically via the compiler. Only Microsoft would need to know the secret op-codes and even then, only the compiler would have the cryptography keys which can only be inserted as machine code at compile time. Then only Microsoft compilers would work on the restricted CPUs. With a good cryptography scheme, discovering the secret op-codes and figuring out exactly how and when to insert them in to the machine code could be virtually impossible. Has anyone here ever had any success editing raw machine code from a text editor? Try doing that while simultaneously breaking a strong cryptography scheme. Add to that, the DCMA (digital millennium copyright act), and the legal prohibitions against cracking cryptography. If they want to lock us out and if governments allow them to do it, we’ll be locked out.

1 Like

And that’s just the main CPUs. Then there’s the Homunculus CPU (the IME), which is further along the road of being totally closed.

1 Like

They could even examine fundamental differences in the kernels of Windows and Linux and build booby-traps that detect the Linux kernel and refuse to execute. To the degree that Linux is opensource, hardware can be developed that refuses to work with it. The reverse isn’t true since Windows is closed source.

Then there are the legal issues. The terms of purchase of the CPU or end-product could require the user to run only approved programs, and then create a certificate system to prohibit opensource code in certified software.

But just look at the Apple desktop operating systems. There is actually a way to run Apple operating systems on non-proprietary PC hardware using esoteric hardware hacks. They call it the “Hackintosh”. And you can do it. But it’s very difficult to get working and thus, very few people actually do it, even though it can be done.

1 Like

I think this would be quite difficult for either kernel. It’s not as if the CPU can guarantee to update itself over the internet, in response to a moving target. Whatever fundamental difference the CPU tries to use, the kernel could be reissued to break that point of discrimination. Sure, when Linux changes to achieve that, Intel would see that, as it is all in plain sight, but there’s already a zillion CPUs in silico. (Yes, there is the CPU firmware component that is more readily altered to follow the moving target but high security sites that don’t allow internet access would not get any firmware updates.)

The real point would be:

that - extending the secure boot mechanism so that only kernels that are signed by Intel can boot on an Intel CPU - and then sign something from Microsoft (with the contract with Microsoft preventing them chaining to another kernel) and refuse to sign any Linux kernel.

1 Like

You know the Librem5 IS arm64 architecture right?

Unfortunately it can be challenging to find applications for it, many Linux versions of Zoom and other commercial apps have a Linux “pc” build .deb installer that is intel and we need to push for them to build arm64.

Similar issues are happening with the new Mac computers I hear.

1 Like

Librem 5 is a phone. Librem laptops and the mini still use Intel Core, and they’re what I was referring to with that comment. Lenovo is coming out with an ARM-based Thinkpad, which should help with the program compatibility issues.

Although, depending on who’s watching, it “could” lead to Monopoly practices which could be challenged. Granted it’s no guarantee that OSS would win but it could be possible. It all depends on exactly how far each company is willing to go. There are a lot of Intel customers (large corporations) that need CPUs that don’t run Windows (or Linux/Mac). If this happened those businesses would likely go with another provider which would cost Intel some $$$. So its all in how it balances the financial spreadsheet.


… which should help with the program compatibility issues.

I worry more about FOSS GPU drivers for the various ARM chipsets. The reason one can’t easily slap Linux on your typical Android phone is the lack of FOSS drivers (one can only use the binary blob drivers from Android if you have the Android kernel). I certainly won’t run out to
get the Lenovo ARM-based Thinkpad until FOSS drivers are available. And that doesn’t even get into the complication of lack of devicetrees for ARM devices ( ).

1 Like