Thoughts on the "physically secure" ORWL computer av Joanna Rutkowska - 900 ord, verdt å lese

The secure MCU is proprietary to Maxim, just as nearly every integrated circuit (IC) is proprietary to its manufacturer - very few ICs are what anyone would call open.
As detailed in an earlier campaign update, the secure MCU is auditable so long as the auditor enters a NDA with Maxim. Far from ideal, but not impossible-to-audit.

However, Joanna Rutkowska, the founder of Qubes OS, has criticized ORWL because it uses a proprietary microcontroller, Maxim Integrated's MAX32550 DeepCover Secure Cortex-M3 to verify firmware before boot and to control the power to the rest of the hardware. She does so with heavy sarcasm, quoting a statement from Design Shift, then supplying her translation. For example, she translates a statement about the microcontroller with "Our proprietary, impossible-to-audit, running nobody-knows-what firmware microcontroller (uC) has full authority over the boot process and execution of any system and apps running on our ORWL computer." Rutkowska goes on to mock Deep Shift's promise to release as much of the code as possible, explaining her tone as disappointment that ORWL is not completely free.

Dancing as Fast as I Can
The trouble with Rutkowska's comments is not that they are idealistic. After all, idealism built free software, and will probably build free hardware, too. At the absolute least, such idealism produces more satisfactory results than automatically settling for lower standards would.

The trouble is that the comments are not realistic. They are not the comments of someone with the responsibility for producing a product, presumably to a deadline, who may need to settle for less than perfection to stay on schedule. More importantly, they are apparently made without an awareness that free-licensed hardware is almost completely unobtainable.