On 02/10/2017 08:31 AM, David Craven wrote: > Hi Maxim > >> +1. I don't see how having blobs helps security at all. > > Well the problem I was getting at is that things are not as fixed as > they may seem. > Quoting wikipedia: > >>> Decreasing cost of reprogrammable devices had almost eliminated the market >>> for mask ROM by the year 2000. > > Translation: ROM is not RO. > > It is not a theoretical threat, and just as dangerous as other threats > that people put a lot of effort in avoiding [0] > > I don't see how trusting the manufacturer when buying the product is > any different from trusting him down the road. I was talking about > malicious third parties. Obviously planting something in difficult to > upgrade persistent memory is a lucrative target for attackers - > manipulating firmware becomes plain uninteresting in the other case. > >> The companies that should be the rewarded are the ones that release >> firmware, source code, and tool chain. E.g., Thinkpenguin and the TPE-R1100. > >> Indeed, we ought to put our money where our mouth is, i.e. back the >> companies which are helping the cause of free software/hardware. > > I don't think they actually produce any silicon, toolchain or firmware > themselves. At least I didn't find a link to it. So they are basically > using other peoples silicon, toolchain and firmware. Giving them > credit for complying with the GPL is not quite right either. (But I > don't know who's behind the thinkpenguin and it looks like a great > accomplishement). > > To independently verify the claim that the firmware they are using is > indeed fixed, would actually require them to release both schematics > and datasheets of their designs. > > [0] https://www.wired.com/2015/02/nsa-firmware-hacking/ >
Stallman did an extensive article in 2015 which I think is relevant to this discussion: https://www.gnu.org/philosophy/free-hardware-designs.en.html I don't have the schematics for TPE-R1100, though I think they would send them if I asked. It is based on the AR9331 SoC which is quite open. There was one other large chip on the board... I'll have to check what that is after I get home. -- Christopher Howard, Computer Assistant Alaska Satellite Internet 3239 La Ree Way, Fairbanks, AK 99709 907-451-0088 or 888-396-5623 (toll free) fax: 888-260-3584 mailto:christop...@alaskasi.com http://www.alaskasatelliteinternet.com
