I am a great fan of open-source software and have been for over a decade now. Recently I’ve been asking myself a few questions, regarding the state of FOSS and how much of it we truly get to rely on in our everyday lives. Note that this post will be a bit long, and might require a good understanding of hardware and firmware in general (I’m not above average at this chapter myself).
Many of us choose to install and use open software for various activities: Some of us have a FOSS operating system (Linux instead of Windows), others just use free alternatives to commercial software for their work (LibreOffice instead of Microsoft Office), some gamers prefer free games over commercial alternatives (Xonotic instead of Team Fortress), and the list goes on. I’m among those who take comfort in the idea of going full FOSS, which I have since I permanently made the switch to openSUSE Linux. While for me it’s an ideological thing too since I feel that I’m supporting something free that was created by others like me, I also take comfort in knowing that I’m always using trusted software: When the source code and compiled binary are both in a trusted repository that anyone can check, you know it’s far more unlikely that someone would sneak in programs that spy on you or attempt to control your machine… things that Windows 10 or Apple’s OS are notorious for doing.
Recently however, I’ve become more aware of something that doesn’t stand out right away: You can’t truly go full open-source… at least not very easily. While you can install a FOSS operating system like Linux, you’re still using a computer that has a proprietary BIOS coded by the manufacturer. The BIOS is just the tip of the iceberg: Various other components have proprietary firmware which cannot be changed. This is most obvious with video cards, who rely on a binary blob for the video driver to work with… however the issue exists for every component at the end of the day, including motherboard chips and the network card and the hard drive and the monitor on your desk.
To this day this hasn’t been something people had to give much thought to: The firmware is only responsible for providing an API for other drivers to work with, you almost never need to modify and update such a thing, usually it’s easy to forget it even exists to begin with. But with computing power increasing, firmwares are becoming an increasing concern… especially among the surveillance and online censorship scandals society has found itself in during the past year. There will come a day when the BIOS will be capable of secretly sending whole files from your machine to an external server, effectively stealing files off your drive or logging pressed keys (which can reconstruct messages you type or your passwords). Censorship in the name of safety from random dangers has also been forced on us, and there may come a day when network card manufacturers could be required to include content blacklists directly in the firmware of network cards. In the very distant future, video cards may even come with firmware that can detect copyright in images using an external database, effectively blacking out your screen if something forbidden pops up! We need to have an alternative ready before those kinds of disasters can start happening.
Amid such concerns, I’ve grown interested in how much open-source hardware and firmware we have access to right now, to protect ourselves from hidden software or applications being forced on us by devices themselves. I want to imagine a world where every motherboard and video card and hard drive has FOSS alternatives on the market shelves, meaning they come unlocked software wise and anyone can code a firmware for them… including the ability to install and update your own firmware of choice after you take your device home and plug it into your computer. Unfortunately this idea faces at least three major issues I’m aware of:
- Most computer hardware manufacturers create their products with intent for their software to not be modified, making that difficult both by design and by law. It’s easy to see why this happens: The production of motherboards or video cards or LCD monitors is an industrial scale business, which requires large costly factories and employees that must be paid well… it’s not something you can do at home, or that a few people can create a Kickstarter campaign for.
- Updating the firmware on a device is very difficult. I am a casual programmer, and even I wouldn’t have any idea how I could possibly take my webcam or drawing tablet and replace the software embedded into it! Is this even physically possible through the USB cable, granted the firmware is most likely mounted on a read-only chip? Further more, components the computer rely on to run are hard to update while the computer is running, however the computer must run to do the update thus creating a paradox… imagine taking down your chipset to update it for instance, it would be the equivalent of plucking out your RAM while the computer is powered on and processing data!
- Updating the firmware on a device is extremely risky. One little mistake and your device will be bricked, which basically means you’ll have to throw it away and get a new one. This happens because the firmware you’re updating is often also the firmware used to make the device communicate with the computer: If that is erased or corrupted, you have no way to connect the device again in order to get a new firmware installed.
For this ideal world to be possible, a few changes would need to be made. For point 1, we’d need corporations willing to produce FOSS hardware without seeking any control over the software we put on them… I believe there have been attempts in the past, this is definitely not impossible. For points 2 and 3, the device would need to have two different chips and essentially two firmwares: One that handles only connectivity (allows you to read and write to the chip) and said chip which contains the actual firmware (operates the functionality of the device)… this way the device can always be repaired if you brick the firmware, as you’re not affecting the area which writes to the medium where the firmware is stored. The computer itself would have to allow booting into a special mode, which basically shuts down usage of all connected devices (including its own chipset) so that the firmware can be updated safely… in realtime this would almost never be possible as you’d need to suspend access to the CPU / video card / hard drive which would instantly crash the system.
I wish to know to what extent this has been done so far: Are there any open-source motherboards (including the BIOS) and video cards and other components, which are available in shops now or any of us can order online from across the world? If not then I’m wondering if this might ever happen: Could we live to have affordable computers and laptops and smartphones that are fully FOSS, meaning we can put our own firmware into any component without requiring advanced technical knowledge or there being a risk of breaking it?