It was deliberately left out because that wasn’t the point. My point was stated in the last two sentences.
Nevertheless, it is a vital omission from your analogy, which I believe renders the analogy unhelpful for thinking about our real situation.
Creepy updating blob firmware undermines the freedom of device owners. By denying a Respects Your Freedom certification because a device includes such blobs, FSF does not undermine the freedom of device owners in their ability to control or understand what their devices are doing.
FSF may plausibly be undermining the freedom of manufacturers to undermine our freedom in how we want to use our devices, but that is, more or less, the entire point of the RYF certification
You’re applying my analogy to an argument I’m not making. Kindly quit putting words in my mouth,
I tried to explain before why this is a total theoretical point. This firmware is already there! It is just hidden away from your sight by putting it into some chip where you can not see, analyze, study or change it. But it is there! And the, at least for me, wrong turn of the FSF RYF is that as long as this firmware is hidden away from you then it is OK while if you can see it and have even more freedoms (to replace it, study it etc.) then it is not OK.
Sorry, but this to me makes no sense at all.
Or to make this a bit clearer, just because some chip does not need a firmware download at runtime it does not at all mean that there is no firmware. Current silicon and hardware technology trends into more and more software defined hardware, i.e. by some form of firmware. We can not prevent that and IMHO it also does not make much sense. By trying to limit ourselves to components that run without a firmware download at runtime we either limit us to ancient hardware or to hardware which is even more locked down by their makers and vendors than the ones with the firmware download - if it gets downloaded at runtime then I can change it, replace it, eventually modify it etc. All of that I can not do (most of the time) if the firmware is in hardware. Take the Atheros WiFi we currently use as an example. The card has a firmware, but it is embedded in ROM on the card and can not be changed by the user. Is this really better?
I have tried to point this out before, if someone (regardless of who) would pull out these blobs, that are there anyway, into the open, then these IMHO must follow some rules that I would really never compromise on, like:
- irrevocable perpetual license to copy and redistribute the ‘blob’ as part of anything a user chooses
- the blob must not contain code that gets executed by the same CPU running the operating system
No. 1 guarantees certain freedoms that are vitally necessary, e.g. to ship the blob in any form or fashion someone would choose and that also the proprietor of the blob can never ever revoke that freedom and with that eventually jeopardize e.g. an OS distribution or such.
No. 2 is a safety precaution so that no untrusted code will eventually get executed in the operating system domain that could jeopardize user’s security.
The discussion is not and can not be about “closed source firmware” yes or no. These are already there and are accepted, even by the FSF and the RYF. The discussion we need to have is about where this kind of firmware can be stored, eventually what kind of firmware this can be and which rules we want to apply to it. Again, these firmwares are there, we have them already, the FSF RYF accepts them under certain terms, which IMHO are questionable, and these firmwares will not go away, rather the contrary.
I think I didn’t really get this point until this most recent explanation of yours. Thanks for getting through to me
I see the validity of your point, and I can see how the ability to study and modify the firmware would enhance some aspects of user freedom.
Nevertheless, I still support the FSF stance. There are key differences between firmware blobs that require updates and firmware blobs that cannot be updated. Firmware that cannot be updated (at least not easily) can be thought of as more or less like proprietary hardware.
We can legitimately separate the issue of closed-versus-open hardware from the issue of software freedom. If a company can push a firmware update that the device owner cannot effectively audit or edit, then the owner of the device loses an important aspect of control over their own device. Manufacturers maintain control over the components that they make in a different and troubling way versus when they use firmware blobs that they cannot readily update.
Realistic or no, I deeply appreciate the FSF stance, as it seems like a logical way to put freedom for device owners and for software first. Although I accept the validity of your point about the ability to study and change firmware blobs, this benefit, in my view, is far outweighed by the control of our devices that updating binary blobs give over to tech corporations.
The hardware Purism produces is not RYF certified because it relies on non-free software. For the RYF certification it is irrelevant where non-free software is stored. The only reason why this matters is because PureOS is endorsed by the FSF and therefore it must not include any non-free software. Purism praises its hardware with the endorsement of PureOS a little too much and for some people this might also be a bit misleading. The RYF certification, which those devices do not have (and which no computers with adequate performance have), does not say where non-free firmware must be stored, it says that there must not be any non-free firmware that runs on the device.
Some people are also in doubt if it was a good move of the FSF to endorse PureOS at all, since this endorsement is used to market devices that do not respect your freedom as no usable computers can right now.
The problem comes from Purism using the endorsement of its software to sell its hardware and the security issues come from non-free software and free software not doing well if you put them together.
Although I knew this, I bought the Librem 14 hoping that the hardware is as free as still usable, knowing that Purism will use the money to develop free software and knowing that the money will also be used to develop hardware that will have the RYF certification. The misleading marketing made me think twice, though.
Purism is also financially supporting the Libre-SOC (through NLnet), a project to develop a fast CPU, GPU and VPU (one chip) of which not only all the firmware would be free software (in contrast to other modern processors) but also would the hardware design be available under the terms of a free license (which is not even required by the FSF). This will still take years until it is ready, however. Hopefully it works.
I hope Purism will switch to less misleading marketing in the future but I also get the unspoken point: How many people would buy the devices if Purism told them “Hey, we’re selling expensive devices as we need money to develop something that is actually as good as what you want! Wanna buy one?”
Did you hear about RYF certified laptops with outdated, vulnerable, proprietary microcode? FSF thinks that microcode is proprietary which is why your’re not allowed to update it without losing the certification.
The hardware Purism produces is not RYF certified …
That is currently true. It is also my opinion that the Librem 5 should not be certified RYF.
However, what Purism is counting on is the following “exception” that the FSF specifies in regard to RYF (https://ryf.fsf.org/about/criteria)
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
For the Librem 5 Purism seems to be hoping that since the proprietary firmware is resident
to the Wifi module and the cellular modem and only runs on the processors contained
within those modules that those will meet that exemption. IMO it doesn’t because those
two modules were made with the intention to update the firmware. One might note that
there are some RYF certified USB wifi devices and USB BT devices that have embedded firmware just like the above — with the only difference is that they were made in a way that
doesn’t allow the update of the firmware.
Couldn’t FSF certify the device without the WiFi and modem cards?
I don’t know that that would really be useful. Saying “most of the phone is RYF certified” would do more harm than good.
It’s not “most of the phone”. It’s technically a full working pocket PC with (optional) functions of smartphone and wireless communications.
But it’s marketed as a phone, not a computer with phone attachments. This is especially the case since the L5 comes with those things installed.
It’d be one thing if they sold the L5 as a RYF-certified computer with optional non-certified modules for cellular and bluetooth connectivity, but they don’t. They sell it as a mobile phone.
They still will be able to sell it as a mobile phone. It works like one. Just that the certification does not extend to the phone, but only to the computer.
Are you able to use an external SSD with proprietary firmware together with an FSF-certified laptop? How about an external proprietary WiFi module? Will the laptop loose the certification if you sell them together?
Right, but I think being told “it’s a RYF-certified computer with phone attachments” would be a bit of a rude awakening to people who care about such things, especially with how hyped the L5’s openness is. As it turns out, I’m not one of those people, so maybe I have it wrong.
I honestly have no idea. But selling them together isn’t the issue, it’s selling them as a coherent system. Hence, “most of the system” is RYF certified.
I actually think that it is the FSF that has been misleading people, rather than Purism. The FSF should make it clear to the public that its RYF certification allows for secondary embedded processors running proprietary firmware, and that RYF devices may store that firmware in a separate storage location from the main file system. If people understood what the actual rules of RYF are, then they wouldn’t accuse Purism of deceiving them, but the FSF didn’t want to talk about its secondary processor exception, so it leaves the device manufacturers in the horrible position of having to explain to the public that the RYF certification isn’t what they think it is. If a device manufacturer says publicly that RYF devices are allowed to have proprietary firmware in its separate components (WiFi/BT, cellular modem, GPS, USB controller), then it appears to be contradicting the public messaging of the FSF, because the FSF failed to explain the RYF rules properly.
The problem is that that isn’t how hardware works in the modern world. Yes, there are some components that may never need a firmware update, but many components, such as the CPU, GPU, cellular modem, GNSS, WiFi/Bluetooth, etc., do need firmware updates not only for security reasons, but also to stay current with updating standards. Using a buggy processor with the same microcode from 2008 in 2022 is incredibly wrongheaded. The standards for WiFi and cellular modems are so incredibly complex and changing and require their own processor and operating system, so it harms the user and the environment to demand that these components can’t be updated.
Let’s take the example of the BM818 modem, which will probably need firmware updates in order to be able to support VoLTE. If we interpret RYF rules to say that no proprietary firmware updates are allowed, that means that people will have to prematurely junk their devices and keep buying new ones just to get the latest firmware, which is a huge waste of resources and will make most people avoid buying RYF devices, since they simply aren’t useful. A phone that can’t be upgraded to support VoLTE when the 2G and 3G networks are being shut down and a PC that can’t be upgraded to plug the latest security holes like Meltdown and Spectre become useless ewaste.
I was very concerned about these problems when I wrote the FSF asking it to clarify whether RYF allows upgrading of proprietary firmware, since the text is ambiguous on this point, when it used words like “intends” rather than clear language like “not allowed”. Despite repeated emails the FSF never answered me. Maybe the FSF is so disorganized, that there is nobody answering emails at firstname.lastname@example.org, but I suspect that people at the FSF know that it is insane to not allow firmware updates, and nobody wants to deny the Librem 5 RYF certification for reasons that make no sense in the real world, so they simply refused to answer my question.
I don’t know who is making the decisions at the FSF, but the organization simply does not function when it can’t even answer clear questions about its RYF certification rules. Even Leah Rowe, the founder of Libreboot, thinks that the RYF criteria has major problems. She writes:
OSHW and Right To Repair are not covered at all by RYF (FSF’s Respects Your Freedom criteria), the criteria which Libreboot was created to comply with. RYF also makes several concessions that are ultimately damaging, such as the software as circuitry policy which is, frankly, nonsensical. ROM is still software.
The worst part about the RYF rules is that they often hinder people from working on freeing the firmware (as Leah Rowe and @nicole.faerber point out), which should be the whole point of a RYF device in my opinion. Looking at how much progress the community has made on freeing the firmware for the Quectel EG25-G modem in the PinePhone, I really have to question whether locking away the firmware in separate inaccessible chips and not allowing firmware upgrades is actually counterproductive to our cause. As Nicole Faerber says, we should have criteria for firmware, rather than pretending that it is unchanging hardware, which is frankly denying reality and does nothing to make our devices freer.
Couldn’t FSF certify the device without the WiFi and modem cards?
Doubtful. For example, the FSF doesn’t endorse Debian because Debian has
a non-free repository. Debian’s non-free repository is not default and not required,
but FSF takes offense at Debian providing it at all. The FSF is not always consistent,
but if one applies that same standard to the Librem 5, it shouldn’t be RYF certified in
I actually think that it is the FSF that has been misleading people, rather than Purism. The FSF should make it clear to the public that its RYF certification allows for secondary embedded processors running proprietary firmware, and that RYF devices may store that firmware in a separate storage location from the main file system.
The FSF has made that clear. I cited that exception above. Questions on Bluetooth
What the FSF hasn’t made clear is what they mean by “… within which software installation is not intended after the user obtains the product”. I take it to mean that the user can not
update the firmware without going through an unusual means (e.g. buying a chip
programmer/flasher). I think the ease with which one can update the firmware on
the modem and wifi card for the Librem 5 shows that firmware updates are “intended
after the user obtains the product.”
Yes, it is clear if you take the time to read the FSF’s RYF certification requirements web page, which the vast majority of people won’t do.
However, it is not at all clear from the FSF’s main RYF page:
Respects Your Freedom Certification
The “Respects Your Freedom” certification program encourages the creation and sale of hardware that will do as much as possible to respect your freedom and your privacy, and will ensure that you have control over your device.
The desire to own a computer or device and have full control over it, to know that you are not being spied on or tracked, to run any software you wish without asking permission, and to share with friends without worrying about Digital Restrictions Management (DRM) – these are the desires of millions of people who care about the future of technology and our society.
Unfortunately, hardware manufacturers have until now relied on close cooperation with proprietary software companies that demanded control over their users. As citizens and as customers, we need to promote our desire for a new class of hardware – hardware that anyone can support because it respects your freedom. That is why the Free Software Foundation launched this certification program, to find retailers committed to providing users with devices they can truly own.
Nor is it clear in the description on the “About the Respects your Freedom Program” page:
The “Respects Your Freedom” certification program certifies retailers who sell hardware in a manner that respects the rights of their users and that comes with only freedom inside. In order to gain certification, retailers go through a rigorous review process, in which the Free Software Foundation reviews every aspect of the user experience, from initial purchase through flashing modified versions of firmware. At every level, the retailer must adhere to the program’s strict certification criteria, ensuring that users are never even directed to nonfree software or documentation.
Once they have gained certification, vendors are granted the privilege of using the RYF certification mark on the certified device and associated sales pages. The device is then listed here on our site to make it easy for users to find devices they can trust. Of course, the retailer must continue to adhere to the program’s criteria in order to maintain their certification. If you think there may be an issue with a currently certified retailer, don’t hesitate to let us know at email@example.com.
Nor did the original press release in 2010 explain the secondary embedded processor exception:
The FSF’s criteria seek to cover all aspects of user interaction with and control of a device: they say the hardware must run free software on every layer that is user upgradeable, allow the user to modify that software, support free data formats, be fully usable with free tools, and more.
FSF license compliance engineer Brett Smith said, “Every software component needed to produce endorsable hardware is now available. We have several GNU/Linux distributions that only include free software, and are completely functional on the right hardware. We have the LinuxLibre kernel that does not include nonfree microcode. And we have cutting edge mobile platforms like Android and MeeGo that are based on free software. In the past we’ve spoken to manufacturers who were interested in making free software-friendly hardware, but they worried about connecting with customers. With our endorsement mark and the strong criteria that back it, we plan to bridge that gap and demonstrate to manufacturers that they stand to gain plenty by making hardware that respects people’s freedom instead of curtailing it.”
I have been following Linux hardware for the last two decades, and I had no clue that RYF devices allowed proprietary firmware until I actually went looking for the RYF certification requirements a couple years ago. We just had a whole discussion on this thread from people who didn’t understand that having proprietary firmware running on secondary embedded processors is allowed by RYF, which is proof that the FSF has done a poor job of explaining to the public what the RYF certification actually means.
You raise a good point. I would completely agree with you If RYF aimed for devices that do a reasonably good job Respecting Your Freedom after considering the components currently available on the market.
But that is not what RYF aims for. RYF aims for devices that really Respect Your Freedom, and updating firmware binary blobs are not compatible with that. If manufacturers care about the RYF standard, then they should eliminate the blobs and provide the firmware source code, and we should try to help make that happen, rather than trying to pressure FSF into abandoning its standard.
FSF has always been radical, and that is what’s special about them. It would be sad to see them fall into resignation that no hardware manufacturers will ever free their firmware.
I deeply appreciate the work Purism is doing, and we need them to keep pushing the boundaries of device-owner freedom, but they cannot do it alone. Chip manufacturers are becoming increasingly crucial to the existence of freedom-respecting devices. The appropriate answer for “Purism can’t reach this unrealistic standard” is not “abandon the standard,” but should be “component manufacturers must change their practices and release the source code for their firmware.”
I would agree with you if you can point to empirical evidence that the RYF as it currently stands is causing any firmware to be freed. As far as I know, there are no examples of RYF actually causing a company to free its firmware. In contrast, I can point to the EG25-G modem as an example where the firmware is being freed because the PinePhone was designed so it was easy to update the firmware and the community was encouraged to hack it. In contrast, we still don’t have instructions from Purism how to update the firmware on the BM818 modem on the L5.
Let’s be realistic. No company is going to release the firmware for a cellular modem, WiFi/Bluetooth or GPU chip out of fear of being sued due to patent violations. It is basically impossible to implement these chips without violating patents, so everyone tries to hide the details as much as possible so their competitors don’t have proof that they are violating their patents.
On the other hand, we do have some hope of actually getting hardware manufacturers to comply with the criteria that @nicole.faerber laid out, so we are much better off demanding something that is obtainable.
At this point, RYF is mostly certifying rebadged antiquated hardware like Thinkpads from 2008, which doesn’t nothing to actually change the hardware industry. If the FSF wants to have any power to influence actual hardware makers and convince them to improve their practices, it must be willing to work with companies that are producing NEW hardware, because they actually have the power to talk to component suppliers and try to convince them to change their behavior. However, making a standard which is impossible for new device makers to comply with means that every company is just going to throw up their hands and say “it’s impossible to work with the FSF, so why even bother trying.”
it is important that we have a RYF standard that allows companies to do business in the real world if we want more documentation from hardware companies, firmware which we have a legal right to distribute and include in distros, firmware which doesn’t need to be executed by the CPU used by the principal operating system, more companies that are willing to collaborate with the FOSS community and reference designs that can be used in open hardware schematics.
If the RYF is interpreted to mean that no proprietary firmware updates are allowed, then we have zero chance of any new computing devices being produced with cellular modem/GNSS or WiFi/Bluetooth chips in them. We might see a Lulzbot 3D printer and other oddities like that, but we will never see a new laptop, tablet or phone with RYF certification, which basically makes RYF pointless, because it isn’t achieving any change in the real world.