Diff for 'AMDLetter'
|
Editor:
BenMinerds
Size:
5103:
Time:
2017-05-27 14:09:11z
Comment:
add proposed document text
|
Editor:
10.0.0.3
Size:
6610:
Time:
2017-06-01 12:22:17z
Comment:
Address AMD, wording mashups, add links, add corporate values
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| To Dr. Lisa Su (President and Chief Executive Officer AMD), Free Software Melbourne is an organization of free software users and advocates. We share the values of the Free Software Foundation, the GNU project and LibrePlanet, and represent the Australian network of free software users and developers. Part of our work involves raising awareness of the benefits of Free and Open Source Software (FOSS) and Open Hardware issues, and it is in that capacity that we make this submission. It has come to our attention via the active GNU/Linux community on Reddit that there is a public proposal (https://www.reddit.com/r/Amd/comments/5ydv7i/petition_to_sticky_a_petition_to_amd_for_psp/) to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their APU’s and we at Free Software Melbourne implore those at AMD to consider the propositions that have been made. To liberate the program code so that users can regain full control of their systems. The restrictions that are currently present are very well known in our community as mentioned on the LibreBoot site (https://libreboot.org/faq/#amd). By AMD taking action to support code transparency for users, the users gain the ability to not only study the firmware but to modify and redistribute the code which can be beneficial for AMD and the community in several ways we will outline: 1. Confidence in the Platform. Even when users don't modify their own firmware, having a consistent and transparent firmware provides an environment of trust. This covers both the use of home computers, on which much data of a sensitive and personal nature is stored and the server machines that provide the online experience that most people use daily. Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system, and by allowing the community to access and audit the code a universal back-door is a much less likely event. The EFF have noted this issue (https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it) and point out that "vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity". By releasing source code AMD could have the most audited and trusted security module in the industry. 2. Privacy In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever growing issue for all users regardless of technical abilities or understanding and the need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware. Users need the freedom to choose what they want running on their system, and the ability to remove code that might contain privacy risks or vulnerabilities that heighten that risk. 3. Competitive Edge The main competition, Intel, has a similar system and despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world. By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers. This could be a useful marketing lever in which AMD turns out on top of Intel in the vital areas of security and privacy. The added benefits of the community and other businesses' ability to add functionality to your products is also a big win for all involved and yet another cometitive edge gained by embracing Open Source. 4. Support from a Growing Community The Free and Open Source Software community is a vibrant and growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy, security and trust. A lot of people are interested in solutions that will respect their privacy and choices while also providing powerful computers. If AMD open up their firmware so that the hardware can be booted and used with a 100% Free Software stack using a project like Libreboot then we will support and recommend your hardware over all others as the single Libre/Free platform that is powerful, affordable and respects the users. According to AMDs own corporate principles "Community Engagement: AMD was founded on the principle of putting people first - our employees, our customers, our shareholders and our neighbors in the communities around the world where we live and work" To give people the ability to control the hardware they purchases is not only in alighnment with AMDs values but it is also an amazing proposition that should be considered for the many benifits outlined above. Yours sincerely, Free Software Melbourne ---- Other ideas: - Intel ME security problem ---- |
|
| Line 3: | Line 33: |
| This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. [[https://libreboot.org/faq.html#amd|Libreboot in regard to AMD PSP]]. | This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. [[https://libreboot.org/faq.html#amd|Libreboot in regard to AMD PSP]]. |
| Line 5: | Line 35: |
| The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be '''focused at AMD and those in the upper levels''' of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand. An excellent example of previous proposals is the [[http://freesoftware.org.au/wiki/CityofCaseyBudget|City of Casey Budget letter]]. This is good starting point for examples of issues and the appropriate language to be used. |
The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be '''focused at AMD and those in the upper levels''' of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand. |
| Line 11: | Line 39: |
A public letter to AMD in regards to liberating firmware. It has come to the attention of Free Software Australia via the GNU/Linux community on Reddit that their a public proposal to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their CPU’s. We at Free Software Australia implore those at AMD to consider the propositions that have been made. To liberate the program code so that the users can regain the control of their systems. The restrictions that are present currently are very well known in our community. https://libreboot.org/faq/#amdpsp In taking actions to support code transparency to the users there are a few key benefits to all parties. The users ability to not only study the software but to modify and redistribute this code can be used in several ways. 1. Confidence in the security and function of the platform. Even if the code is not modified, having a consistent and transparent program base will go a long way to providing an environment of trust. This goes beyond the use of home computers, those of which we should be most protective of due to the personal nature of these machines. This also impacts the servers that provide the online experience that most people use daily. Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system. Less potential for an always on back door is a feature that is very important. The added gain of the community and other businesses ability to add function to your products is also a big win for all involved. 2. Privacy In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever growing issue for all users regardless of technical abilities or understanding. The need for the users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for others to do so will go a long way to building customer satifcation. 3. An additional edge over other vendors The main competition, Intel, has a similar system called Intel Management Engine. Despite many calls to have to program code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect hundreds of millions of computer users the world over. By liberating the code running on PSP and allowing modification, it is possible to mitigate these same potential issues by allowing vulnerable code to studied in advanced patched out before any significant issues arise. This is a great marketing point. It would be difficult for any one to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers by comparison. 4. Support from a growing community The Free software community is a growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy. A lot of people are interested in solutions that will respect their privacy while providing powerful computers. If AMD open up their software to that the hardware can be booted and used with nothing but free software in a project like Libreboot then we will support and recommend your hardware over all others as the only libre/free platform that is both powerful AND affordable. To give people the ability to control the hardware that you manufacture but ultimately the customer purchases is an amazing proposition that should be considered. Ben Milnards Michael Verrenkamp Free Software Australia |
---- |
To Dr. Lisa Su (President and Chief Executive Officer AMD), Free Software Melbourne is an organization of free software users and advocates. We share the values of the Free Software Foundation, the GNU project and LibrePlanet, and represent the Australian network of free software users and developers. Part of our work involves raising awareness of the benefits of Free and Open Source Software (FOSS) and Open Hardware issues, and it is in that capacity that we make this submission. It has come to our attention via the active GNU/Linux community on Reddit that there is a public proposal (https://www.reddit.com/r/Amd/comments/5ydv7i/petition_to_sticky_a_petition_to_amd_for_psp/) to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their APU’s and we at Free Software Melbourne implore those at AMD to consider the propositions that have been made. To liberate the program code so that users can regain full control of their systems. The restrictions that are currently present are very well known in our community as mentioned on the LibreBoot site (https://libreboot.org/faq/#amd). By AMD taking action to support code transparency for users, the users gain the ability to not only study the firmware but to modify and redistribute the code which can be beneficial for AMD and the community in several ways we will outline:
Confidence in the Platform. Even when users don't modify their own firmware, having a consistent and transparent firmware provides an environment of trust. This covers both the use of home computers, on which much data of a sensitive and personal nature is stored and the server machines that provide the online experience that most people use daily. Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system, and by allowing the community to access and audit the code a universal back-door is a much less likely event. The EFF have noted this issue (https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it) and point out that "vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity". By releasing source code AMD could have the most audited and trusted security module in the industry.
Privacy In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever growing issue for all users regardless of technical abilities or understanding and the need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware. Users need the freedom to choose what they want running on their system, and the ability to remove code that might contain privacy risks or vulnerabilities that heighten that risk.
Competitive Edge The main competition, Intel, has a similar system and despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world. By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers. This could be a useful marketing lever in which AMD turns out on top of Intel in the vital areas of security and privacy. The added benefits of the community and other businesses' ability to add functionality to your products is also a big win for all involved and yet another cometitive edge gained by embracing Open Source.
Support from a Growing Community The Free and Open Source Software community is a vibrant and growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy, security and trust. A lot of people are interested in solutions that will respect their privacy and choices while also providing powerful computers. If AMD open up their firmware so that the hardware can be booted and used with a 100% Free Software stack using a project like Libreboot then we will support and recommend your hardware over all others as the single Libre/Free platform that is powerful, affordable and respects the users. According to AMDs own corporate principles "Community Engagement: AMD was founded on the principle of putting people first - our employees, our customers, our shareholders and our neighbors in the communities around the world where we live and work" To give people the ability to control the hardware they purchases is not only in alighnment with AMDs values but it is also an amazing proposition that should be considered for the many benifits outlined above. Yours sincerely, Free Software Melbourne
Other ideas:
- Intel ME security problem
Letter to AMD (American Micro Devices)
This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. Libreboot in regard to AMD PSP.
The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be focused at AMD and those in the upper levels of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand.
We intend to have this closed off by Midnight of Sunday 25th June 2017