Comment by StillBored
2 years ago
And frankly that is as it should be. The OS has enough responsibility trying to arbitrate the collection of hardware resources while providing its own set of abstractions (filesystems, processes, etc) to the application layers.
These computers are no longer simple cores with simple devices. If you want that go buy a DOS machine from the 1980's, or a arm7TDMI.
The problem though is that companies invest in all this firmware, and become convinced that DIMM training, signal integrity/phy training, and algorithms which estimate the cooling capacity and thermal mass of the attached heatsink, or any of a hundred other things are somehow competitive advantages and deserve to be locked up behind closed doors rather than opensource. In some cases they are right, but that shouldn't keep them from publishing reference firmware sources and register documentation.
So, really people complaining about proprietary firmware are sorta missing the point. Complain about the lack of documentation to create your own firmware, not that the company thinks they have a competitive advantage in that firmware.
And also admit that what one needs is hardware/firmware abstractions that allow big kernels like linux to communicate with all the little cores in the machine working on specific tasks, be that NVMe for disks, AT command sets for modems, or ACPI for power management.
Not on Rockchip platforms as far as I am aware. The RK3588 is one of their highest performing SoCs, it has 4 Cortex-A76 cores running 2.4GHz thus making it somewhat close to desktop performance, without any of these blobs or locked down bootloaders. And mostly complete documentation[1] is available.
1. https://github.com/FanX-Tek/rk3588-TRM-and-Datasheet/tree/ma...
I believe DDR training and USB have blobs:
https://gitlab.collabora.com/hardware-enablement/rockchip-35...
I wish the rk3588 was blobless, sadly not.
Nice little widgets, crazy faster than a pi4.
What good is open source firmware when the hardware only accepts cryptographically signed proprietary blobs?
Assuming you can verify the signed blob identical to the one you can build yourself, you can verify there's no intentional back doors or unintentional security issues.
Not as good as being able to sign it yourself, but way better than not having the source.
It also prevents an attacker from hacking the hardware in a way that would persist after a full reinstall of the OS.
Yes, I agree. Source code and reproducible builds which can be cryptographically verified to be equivalent to the signed blob would go a long way towards making them trustworthy. Still denies us the freedom to modify them but at least trust could be assured.