@lxo
Do you genuinely honestly actually audit the source code of every single piece of software running on your system and compile it all yourself, including web code?
Either you have a lot of time on your hands and a lot of skill, or you're running a very minimal system, or you actually don't.

@lxo
And even if you do, most people* can't. So for them, they need third-party audits, which as I have previously pointed out, can be done without source code. Or otherwise they try to get their software from sources they trust.

*For example, rocket scientists and brain surgeons

@lxo
Then you personally know other programmers that you trust to audit it for you. Again, most people don't have that.

@lxo The nature of side channel attacks is that CPU-imposed barriers are no longer as strict as they should be. This means that hypervisor boundaries are porous - it's possible to extract material from other virtual machines. I understand the perspective that simply avoiding executing any untrusted software removes that risk, but I do not control the software running in other VMs on the same hardware. How do you solve that?

@lxo so I can't run a service that allows others to run software of their choosing on my hardware?

@lxo Real world evidence suggests that from a practical perspective and with appropriate mitigations, the boundaries are solid. But if we're assuming that the security boundaries are porous, why do we bother with the security boundaries at all? Why not allow ptrace() to read memory across user boundaries?

@lxo Do they fix them for good? I doubt it - any more than I doubt any security update fixes all bugs of that category. But they do fix the vulnerabilities that are publicly known and could otherwise be trivially exploited, and the fact that we haven't seen them exploited in the wild despite the relatively low cost and potential high gain strongly suggests that they work well enough.

Could a state-sponsored attacker still win? Possibly! But that's the all-or-nothing argument again.

@lxo What you're doing here is protecting against a theoretical attack (Intel providing backdoored microcode updates) and leaving yourself open to a known attack (sidechannel data exfiltration). You may well have a use case where that's not a concern to you - you may be the only user on your system, there may be no secret data on the system, that kind of thing - but that's not everyone's case, and people should be able to make an informed choice about that.

They shouldn't have to, but that's the choice that exists in the real world - anyone using an Intel CPU is placing trust in Intel not to have backdoored it in some way (which is true even for non-microcoded CPUs). The threat you're describing is one where Intel is initially trustworthy but becomes untrustworthy - we have no evidence to say that's ever happened, so you're protecting against a theoretical threat while leaving yourself open against a demonstrated threat

@lxo deployment of a back door via CPU microcode update is a theoretical event. Some people will have that in their threat model, and will want to avoid those updates as a result. Absolutely legitimate choice. As you say, those people should also be ensuring every other avenue of untrustworthy software in their system is closed off. But that's not everyone, and that's not a policy decision that should be imposed without ensuring people understand the tradeoffs.

@lxo I think we're using inconsistent terminology. I'm using "backdoor" to describe CPU behaviour that alters its security properties in an attacker controlled way. With that definition the ability to update microcode is not in itself a backdoor, as making use of it is under the user's control. Obviously it can be used to deliver a backdoor, but that is an event that has never been observed.

@lxo It's an advertised feature that does nothing unless the operating system actively engages with it. A backdoor is something that's hidden from the user, and which directly gives someone else access to something they shouldn't. Introducing hardcoded credentials into sshd would be a backdoor - an advertised feature that has no security impact unless someone actively makes use of it isn't.

@lxo it's advertised in the same way as paging is, even if CR3 is never mentioned in user-facing adverts. It's not hidden. If you want to argue that we should do more to educate users on the tradeoffs of using proprietary blobs, then I would absolutely agree with you - but so far we have a track record of Intel shipping updates that do block the demonstrated attacks, and not of them violating existing security assumptions in the process. The available evidence is that they improve security.

@lxo the majority of the performance loss isn't in the microcode updates, it's in the OS making use of new functionality in those updates - if you pass mitigations=off you regain the performance even with the new microcode, and you can choose the set of mitigations applied to fit the particular threat model you have. By removing the ability to update it you remove the ability for users to make that choice, without reducing the quantity of non-free blobs the system depends on.

@lxo and I completely understand you making the choice not to trust an opaque update! For a bunch of threat models it's probably the right choice. What I object to is you making that choice on behalf of all of your users, and not making it clear to them what the impact may be.

@lxo Brings no benefit for you, brings significant benefit for others. And, clearly, the CPU is running non-free microcode whether an update is loaded or not - replacing one blob with another doesn't increase the number of blobs the running system depends on.

But "fallacy"? Obviously it's removed. https://www.fsfla.org/ikiwiki/selibre/linux-libre/ uses the word "removed" several times. You removed the code that allowed someone to update the microcode. The fact that it can be added back doesn't mean it wasn't removed.

@lxo If I don't trust Intel to avoid introducing deliberate security backdoors via microcode updates, I should also not buy any new Intel CPUs - they might have introduced a backdoor. I shouldn't buy an old one either - the old one might have a backdoor that my current one doesn't. Either Intel is trustworthy, in which case the microcode updates are as safe as the microcode the CPU ships with, or they're not, in which case I should never trust any Intel CPUs at all.

@lxo putting non-free code on a read-only optical disk doesn't stop it being non-free code. Putting it in read-only memory doesn't stop it being non-free code. It's code. You've come up with an entirely arbitrary definition to stop having to care about it.

@lxo Intel has the power over how your CPU behaves, whether you load new microcode or not. If you trust your existing CPU but don't trust future Intel you shouldn't load new microcode and you shouldn't buy new CPUs. The power dynamic has an impact on a number of things, but not your ability to determine whether your CPU is trustworthy.

@lxo @wouter but you're happy to endorse hardware that contains code that can never be modified, even to the extent of promoting it over hardware that runs non-free code that *could* be freed. I accept this isn't the case for Intel microcode, but it's still an incoherent position.

@lxo does sticking a copy of Linux on a CD and locking the player and attached computer in a black box mean that the owner of that box should have no expectations of being able to modify what is very clearly code? From an external perspective the operation of the box may be indistinguishable from a hardcoded CPU, but if we *know* that it contains free software, why is it ethical to prevent the owner from performing any modifications they desire?

@lxo @wouter you encourage users to buy hardware containing software they will never be able to free instead of buying hardware that a sufficiently driven user may be able to free. But even if it's never freed, it is easier in many cases to examine and audit that non-free software if it's loadable and very hard if not impossible if it's embedded in ROM in the device. I have personally done so for various devices I own, and have identified security issues that were rectified by the manufacturer.

@lxo @wouter would this have been better if I could fix it myself and share those improvements with others? Yes! Absolutely! Would it have been worse if that code had been fixed in the hardware, making it impossible to rectify those issues? I think so!

@lxo @wouter (and nothing with code in ROM is doing it with a replaceable chip these days, it's all going to be in mask on the SoC or fused in at manufacturing time)

@lxo I'm somewhat bewildered to have an FSF board member say that I should have no ethical expectation to be able to modify GPLed software running on something I own as long as the vendor does a good enough job of nailing the box shut.

@lxo @wouter there's plenty of firmware that isn't signed or encrypted, but even signed firmware gives the ability to inspect the security of the device in a way having it in mask ROM doesn't. For me, that's an important freedom.

@lxo except it's clearly *not* equivalent to a hardware circuit, that's just an assertion you've made. And in your repeated mentioning of replacing ROMs I'm becoming concerned that you don't actually know much about hardware.

@lxo yes, it's a fantastical example that's intended to demonstrate that your argument is non-sensical. Your position seems to be that if the box is closed then it's not software, but if someone were to figure out how to open it it would become software. That's clearly not how any of this works.

• resistance from hardware vendors, who were used to having all the pieces strictly in their hands, but were finding advantage in moving some pieces out of the black box, so they started coming up with various tricks to have the cake and eat it too. it looks like we may have just been lucky in blindsiding the OS vendors, who couldn't mount such a resistance in a timely fashion, even when they also made the hardware. now they have restricted boot, walled app stores and whatnot, and they're coming for our primary computing devices too.

• lack of resistance from the community, that welcomed this move and didn't counter it, out of ignorance about the difference between bits inside the black box and those outside, of rationalization over the hardware vendors gambit, and of evidently not caring enough to go even as far as reverse engineering the bits that weren't guarded by crypto dogs, preferring to ship the binary blobs until someone else came up with an alternative

@lxo it makes no retroactive difference - it is software, it always was software, all the normal ethical considerations should apply. Now, in the same way that free software published in a book can't be modified in place, there may be practical considerations that would limit exercise if those freedoms - in which case we should argue that implementations that make their exercise easier are preferable to ones that don't

@lxo yes, you have come up with an incorrect model in order to avoid admitting you're running non-free code.

@lxo if you're willing to call them programs, why do the four freedoms not apply? At minimum, why do you not deserve the right to know what these programs are actually doing?

@lxo (the program in your hard drive can, by the way, be updated by the vendor - but it's different to the microcode case because it's in mutable storage and never in ROM and so the update is permanent)

@lxo the firmware in your WiFi card isn't doing your computing, but RYF insists that the program running there must either be in ROM or free. Why is it different to your hard drive?

@lxo so why is it not relevant to RYF but WiFi is?

@lxo That's not what RYF says:

"The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product"

Hard drive firmware is intended to be installed after the user obtains the product. Vendors routinely ship bug fix and reliability updates and won't provide support unless you install it. Hard drives don't meet the RYF guidelines.

@lxo this is important, because people have absolutely reverse engineered this and identified security issues that wouldn't be known if the code was invisible or ignored

@lxo It's intended that the software be updated and so the exception doesn't apply, and so it needs to be free software to meet RYF. It's not, so doesn't. Sorry, I didn't write the rules.

@lxo @wouter if it's fine freedom-wise, why does linux-libre need to remove features that are present in it?

@lxo what? The device provides an interface to update the software included in it, and it is intended that this occur after the user purchases the device. It's the extremely clear and plain reading of the language. The guideline doesn't say "It's fine if the user chooses not to do this".

@lxo or the reviewers were unaware of the update interfaces? The exception doesn't apply to the CPU in any case.