[Arm-netbook] closed-source BootROM and RYF certification
parobalth at gmail.com
Thu Nov 3 18:55:33 GMT 2016
Thanks a lot for your long and insightful reply.
I am also glad to read that the current prototypes seem to work fine and that
your last update on crowdsupply.com "Observations from Zhuhai" was
On Wed, Nov 02, 2016 at 03:12:31AM +0000, Luke Kenneth Casson Leighton wrote:
> On 11/1/16, Parobalth <parobalth at gmail.com> wrote:
> > My original message went to moderation queue because it exceeded the
> > allowed file size. So I am forwarding my message without the pdf
> > attachment to the list.
> yep. there's a deliberate 40k limit so that people don't try to use
> alain's mail system as a file server!
> > At the forum of NextThing Chip is a thread about Chip and a
> > possible RYF certification. I wrote there that I think that is unlikely
> > to happen and linked to
> > https://www.crowdsupply.com/eoma68/micro-desktop/updates/fsf-ryf-background.
> > Then someone else mentioned that a closed-source BootROM is used for Chip.
> because it's a ROM it's fine. it's not modifiable, it's directly
> readable and thus may be audited. now, if it was Boot *EEPROM* and
> required a secret key to write to it, and that secret key was not
> available, *then* that would be a problem.
> the response about TI, Freescale etc. doing exactly the same thing is
> perfectly correct. BootROMs are normal and are acceptable under RYF
> it's when that bootloader *requires* firmware that is proprietary (or
> requires secret key signing), *that's* when the problems start and RYF
> Certification may not be obtained.
> > I wonder if the mentioned statements are correct and how it relates to
> > the RYF certification of the EOMA68-A20 Libre Tea card.
> looks fine to me... up until the point where you notice that the CHIP
> has an on-board SD-based WIFI module where the firmware source is *NOT
> AVAILABLE*. now, with that in mind, i can predict how this will go.
> the FSF will go something like, "we look at this from the perspective
> of end-users being quotes tempted quotes to install proprietary
> firmware or software. if you ship this hardware with an on-board WIFI
> module where the *ONLY* option is to install proprietary firmware,
> people will be "too tempted" to operate it without WIFI, particularly
> given the extremely low price, here. therefore, sorry, we cannot
> grant you RYF Certification. if you create an SBC without WIFI
> actually on-board, or with WIFI that has full source, come back to
> now i know for a fact that there simply aren't any SD-based WIFI
> modules anywhere in the world for which there is source code
> available.... so they're screwed, unfortunately. they'll need to
> provide a variant which doesn't have on-board SD-based WIFI (at all).
> for the rest of the processor, we know that they've demanded (due to
> community pressure but also due to the fact that they're a USA-based
> Corporation, where Copyright law actually matters) that allwinner
> provide an entirely copyright-legal set of sources as a *binding
> condition* of the purchase of the actual R8 SoCs.
> 3D MALI... can be left out.... (as we learned from EOMA68-A20
> Certification Application)
> CEDRUS.... can be installed... that's fine...
> the risk is that they have allwinner try to pull the wool over
> NextThingCo's eyes on boot0, boot1, and stuffing things like libdram.a
> and libhdmi.a and libnand.a into the kernel source (in direct
> violation of the agreement made at the Managerial level). allwinner's
> engineers *STILL* believe that they have some sort of quotes
> proprietary secret advantage quotes by following the incredibly stupid
> and copyright-illegal practice established over five years ago by
> tom's old manager, such that even when they've been told by their
> managers and by the Vice President, "respect copyright law" they STILL
> can't let go of their mindset, which i've witnessed is heavily
> entrenched at the engineer level.
> arm-netbook mailing list arm-netbook at lists.phcomp.co.uk
> Send large attachments to arm-netbook at files.phcomp.co.uk
More information about the arm-netbook