Hi Maxim > +1. I don't see how having blobs helps security at all.
Well the problem I was getting at is that things are not as fixed as they may seem. Quoting wikipedia: >> Decreasing cost of reprogrammable devices had almost eliminated the market >> for mask ROM by the year 2000. Translation: ROM is not RO. It is not a theoretical threat, and just as dangerous as other threats that people put a lot of effort in avoiding [0] I don't see how trusting the manufacturer when buying the product is any different from trusting him down the road. I was talking about malicious third parties. Obviously planting something in difficult to upgrade persistent memory is a lucrative target for attackers - manipulating firmware becomes plain uninteresting in the other case. > The companies that should be the rewarded are the ones that release > firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. > Indeed, we ought to put our money where our mouth is, i.e. back the > companies which are helping the cause of free software/hardware. I don't think they actually produce any silicon, toolchain or firmware themselves. At least I didn't find a link to it. So they are basically using other peoples silicon, toolchain and firmware. Giving them credit for complying with the GPL is not quite right either. (But I don't know who's behind the thinkpenguin and it looks like a great accomplishement). To independently verify the claim that the firmware they are using is indeed fixed, would actually require them to release both schematics and datasheets of their designs. [0] https://www.wired.com/2015/02/nsa-firmware-hacking/