Sitat av
Jonta
- ]Design Shift's response
- Criticizing Less Than Free Hardware
Key points raised by Oliver:
The secure MCU is proprietary to Maxim, just as nearly every integrated circuit (IC) is proprietary to its manufacturer - very few ICs are what anyone would call open.
As detailed in an earlier campaign update, the secure MCU is auditable so long as the auditor enters a NDA with Maxim. Far from ideal, but not impossible-to-audit.
And by Byfield:
However, Joanna Rutkowska, the founder of Qubes OS, has criticized ORWL because it uses a proprietary microcontroller, Maxim Integrated's MAX32550 DeepCover Secure Cortex-M3 to verify firmware before boot and to control the power to the rest of the hardware. She does so with heavy sarcasm, quoting a statement from Design Shift, then supplying her translation. For example, she translates a statement about the microcontroller with "Our proprietary, impossible-to-audit, running nobody-knows-what firmware microcontroller (uC) has full authority over the boot process and execution of any system and apps running on our ORWL computer." Rutkowska goes on to mock Deep Shift's promise to release as much of the code as possible, explaining her tone as disappointment that ORWL is not completely free.
Dancing as Fast as I Can
The trouble with Rutkowska's comments is not that they are idealistic. After all, idealism built free software, and will probably build free hardware, too. At the absolute least, such idealism produces more satisfactory results than automatically settling for lower standards would.
The trouble is that the comments are not realistic. They are not the comments of someone with the responsibility for producing a product, presumably to a deadline, who may need to settle for less than perfection to stay on schedule. More importantly, they are apparently made without an awareness that free-licensed hardware is almost completely unobtainable.
You do have choices, though.
There is the
Talos II, the
HiFive Unleashed, and of course the
Librem 13 / 15.
But you have to, at some point, trust
something. Spectre attacks show that not even the processors are trustworthy, so if you think somebody is after you with the resources of a nation state attacker... as Oliver aptly put it himself, "I think you should stop using computers altogether".
And that was over two years ago, when we didn't even know about these sidechannel-attacks.
Of which, frankly, there are many. TEMPEST-style attacks means you can order software defined radio boards and record your neighbour's keystrokes. Or, with proper antennas, see what's on their monitors.
The world is not perfect and criticism of imperfection is sometimes trivial as well as trite.