> There are numerous mitigations for Spectre that won't work on libre
> systems because they require (proprietary) microcode changes which
> neither Trisquel nor I will provide. For obvious reasons of them
> being proprietary.
> I understand that those dedicated to software freedom would not
> install such proprietary microcode on their computers.
I gather that,
* The CPU we buy off-the-shelf does carry a proprietary microcode on it, and
yet it is OK to use it.
* But an updated microcode from the same manufacturer is _not_ OK to use.
What I don't quite get is, which of the following is true?
1) The updated microcode itself is unacceptable per-se. (which would imply
that the original one is somehow more benign than the updated one)
2) Original and updated microcodes are equivalent in their acceptability, but
the very act of uploading a proprietary microcode onto a CPU is an
unacceptable act per-se. (which would imply that acceptability is somehow
related to "having to touch the code" rather than using it)
I'm curious about it because there was a thread in which I was told that a
modem card running proprietary firmware off of onboard ROM would be
acceptable, whereas a variant of the very same modem card running the very
same proprietary firmware from onboard RAM would not, because the second card
needs its firmware (a blob) be uploaded by the OS.
IOW, it is perfectly acceptable to use a proprietary modem (with all the
strings attached) as long as you (the OS, that is) don't have to upload its
firmware yourself. Back then, I couldn't understand the rationale behind this
logic. Now I see that the same goes with CPU microcodes.
The two cases (CPU and modem) are almost identical, and your standing is
identical too. I suspect I must be missing something, so I am geniuinely
curious about the rationale of it.
