On Wed, 18 Jan 2017 18:11:21 -0800 Julius Werner <[email protected]> wrote:
> I think it's fair to penalize boards for this, but not as hard as for > other components. The machine is still perfectly useable with text > mode or software rendering. I would say this is way less severe than a > non-free EC (which essentially means you can't trust your keyboard), > for example. It should rank somewhere among the low inconveniences, > maybe similar to a non-free WiFi chip. Couldn't one just use a separate USB keyboard to circumvent that? > >> A. Everything free. > >> B. Non-essential component (e.g. GPS sensor) requiring proprietary > >> firmware. C. Network component (e.g. WiFi) requiring proprietary > >> firmware if it can be bypassed (e.g. USB, expansion card). > >> D. Input/output-sniffing component (pointing device, keyboard, > >> display, audio) requiring proprietary firmware if it can be > >> bypassed, or CPU requiring microcode if it can be bypassed (e.g. > >> just using factory ROM code). > >> E. CPU or equivalently privileged processor requiring non-resident > >> proprietary boot firmware. > >> F. Network component requiring proprietary firmware that cannot be > >> bypassed (e.g. no USB ports). > >> G. Input/output-sniffing component requiring proprietary firmware > >> that cannot be bypassed, or CPU requiring microcode that cannot be > >> bypassed. > >> H. CPU or equivalently privileged processor requiring resident > >> proprietary firmware (e.g. Intel ME, Qualcomm TrustZone). > > > > My concern is mainly the number of levels. If we make this too > > much of a smooth gradient type thing people won't really understand > > just how bad G and H really are. > > Okay, sure... colors or naming could make that more clear, or just > squash some of these categories together. I didn't really want to > exemplify the granularity here, just how I think different non-free > components should be weighted against each other to fairly represent > the risk to the user. I like how most boards (with ME & Co.) would just get an 'H' :) > We could also try a system of points that get added together to reach > a certain category (e.g. proprietary microcode is worth 5 malus > points, proprietary WiFi could be 2, and resident proprietary firmware > with full access short-circuits to the lowest category). Personally, I like the category-based approach more, as I assume most people would bother less about how many points their hardware scores, instead of in what "freedom" or "security" category their hardware is classified. I think the category approach pulls people more towards libre-friendly hardware. Btw, great effort and interesting discussion :) Regards, Merlin > > -- > coreboot mailing list: [email protected] > https://www.coreboot.org/mailman/listinfo/coreboot -- Merlin Büge <[email protected]> -- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
