David Craven <da...@craven.ch> writes: >> If the attacker *is* vendor who supplies the proprietary device then they >> would >> not have to reverse engineer it. > > You can always choose not to apply the vendors update. If for example > the company you initially trusted with by purchasing their device gets > bought by another company or you have some other reason to stop > trusting it. CEO changed, their website was hacked or whatever. >
Either ways, as long as it's opaque, either shipped in a (semi) fixed state or loaded at runtime, it's not auditable, so there's nothing too interesting to be discussed in regards of trust or freedom. The later at least doesn't clutter our view (and the Linux git tree) -- blobs have grown from ~10 MiB in Linux 2.6.33 [0] to 158 MiB (du -sh on a checkout of the the linux-firmware git tree [1] (pruned from its .git)) >> A recommended read for anyone interested in the idea of free hardware! >> Thanks for sharing. > > Don't know if you've heard of sifive [0]. If there is a startup that > has the potential to create lasting change in the semiconductor > industry, my money is on them... :) I should be getting one of the > first riscv boards soon! > > [0] https://www.sifive.com/ I had followed some earlier developments but had lost track recently! I'm happy to see that they have released the sources of their microcontroller chip design. Apparently the design (Apache licensed) is described using a tool/language called Chisel, which is Scala based and can generate two flavors of Verilog as well as a C++ version for simulation purposes. Interesting times! Maxim [0] https://www.fsfla.org/ikiwiki/anuncio/2010-03-Linux-2.6.33-libre.en [1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
signature.asc
Description: PGP signature