Diff for 'AMDLetter'
|
Editor:
BenMinerds
Size:
5103:
Time:
2017-05-27 14:09:11z
Comment:
add proposed document text
|
Editor:
10.0.0.3
Size:
5301:
Time:
2017-06-01 08:52:57z
Comment:
Tidy up grammar
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 11: | Line 11: |
| ---- | |
| Line 15: | Line 14: |
| It has come to the attention of Free Software Australia via the GNU/Linux community on Reddit that their a public proposal to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their CPU’s. | It has come to the attention of Free Software Australia via the GNU/Linux community on Reddit that there is a public proposal to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their APU’s. |
| Line 17: | Line 16: |
| We at Free Software Australia implore those at AMD to consider the propositions that have been made. To liberate the program code so that the users can regain the control of their systems. The restrictions that are present currently are very well known in our community. | We at Free Software Australia implore those at AMD to consider the propositions that have been made. To liberate the program code so that users can regain full control of their systems. The restrictions that are currently present are very well known in our community. |
| Line 19: | Line 18: |
| https://libreboot.org/faq/#amdpsp | https://libreboot.org/faq/#amd |
| Line 21: | Line 20: |
| In taking actions to support code transparency to the users there are a few key benefits to all parties. The users ability to not only study the software but to modify and redistribute this code can be used in several ways. | By AMD taking action to support code transparency to the users, there are a few key benefits to all parties: Users gain the ability to not only study the firmware but to modify and redistribute this code and it can be used in several ways: |
| Line 25: | Line 24: |
| Even if the code is not modified, having a consistent and transparent program base will go a long way to providing an environment of trust. This goes beyond the use of home computers, those of which we should be most protective of due to the personal nature of these machines. This also impacts the servers that provide the online experience that most people use daily. | Even if users don't modify their own firmware, having a consistent and transparent firmware base will provide an environment of trust. This goes beyond the use of home computers, which we should be most protective of due to personal nature of data contained on these machines. This also extends to server machines that provide the online experience that most people use daily. |
| Line 27: | Line 26: |
| Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system. Less potential for an always on back door is a feature that is very important. The added gain of the community and other businesses ability to add function to your products is also a big win for all involved. | Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system. Less potential for a universal back-door is a feature that is very important. The added gain of the community and other businesses' ability to add functionality to your products is also a big win for all involved. |
| Line 33: | Line 32: |
| The need for the users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for others to do so will go a long way to building customer satifcation. | The need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware. |
| Line 35: | Line 34: |
| 3. An additional edge over other vendors | 3. An competitive edge over other vendors |
| Line 37: | Line 36: |
| The main competition, Intel, has a similar system called Intel Management Engine. Despite many calls to have to program code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect hundreds of millions of computer users the world over. | The main competition, Intel, has a similar system called Intel Management Engine. Despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world. |
| Line 39: | Line 38: |
| By liberating the code running on PSP and allowing modification, it is possible to mitigate these same potential issues by allowing vulnerable code to studied in advanced patched out before any significant issues arise. | By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied in advanced and patched by the community before any significant issues arise. |
| Line 41: | Line 40: |
| This is a great marketing point. It would be difficult for any one to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers by comparison. | This is a great marketing point. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers by comparison. |
| Line 45: | Line 44: |
| The Free software community is a growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy. A lot of people are interested in solutions that will respect their privacy while providing powerful computers. | The Free software community is a growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy. A lot of people are interested in solutions that will respect their privacy while providing powerful computers. |
| Line 47: | Line 46: |
| If AMD open up their software to that the hardware can be booted and used with nothing but free software in a project like Libreboot then we will support and recommend your hardware over all others as the only libre/free platform that is both powerful AND affordable. | If AMD open up their firmware so that the hardware can be booted and used with a 100% free software stack via the use of a project like Libreboot then we will support and recommend your hardware over all others as the single libre/free platform that is both powerful AND affordable. |
| Line 56: | Line 55: |
---- Other ideas: - Intel ME security problem |
Letter to AMD (American Micro Devices)
This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. Libreboot in regard to AMD PSP.
The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be focused at AMD and those in the upper levels of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand.
An excellent example of previous proposals is the City of Casey Budget letter. This is good starting point for examples of issues and the appropriate language to be used.
We intend to have this closed off by Midnight of Sunday 25th June 2017
A public letter to AMD in regards to liberating firmware.
It has come to the attention of Free Software Australia via the GNU/Linux community on Reddit that there is a public proposal to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their APU’s.
We at Free Software Australia implore those at AMD to consider the propositions that have been made. To liberate the program code so that users can regain full control of their systems. The restrictions that are currently present are very well known in our community.
https://libreboot.org/faq/#amd
By AMD taking action to support code transparency to the users, there are a few key benefits to all parties: Users gain the ability to not only study the firmware but to modify and redistribute this code and it can be used in several ways:
Confidence in the security and function of the platform.
Even if users don't modify their own firmware, having a consistent and transparent firmware base will provide an environment of trust. This goes beyond the use of home computers, which we should be most protective of due to personal nature of data contained on these machines. This also extends to server machines that provide the online experience that most people use daily.
Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system. Less potential for a universal back-door is a feature that is very important. The added gain of the community and other businesses' ability to add functionality to your products is also a big win for all involved.
Privacy
In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever growing issue for all users regardless of technical abilities or understanding.
The need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware.
An competitive edge over other vendors
The main competition, Intel, has a similar system called Intel Management Engine. Despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world.
By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied in advanced and patched by the community before any significant issues arise.
This is a great marketing point. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers by comparison.
Support from a growing community
The Free software community is a growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy. A lot of people are interested in solutions that will respect their privacy while providing powerful computers.
If AMD open up their firmware so that the hardware can be booted and used with a 100% free software stack via the use of a project like Libreboot then we will support and recommend your hardware over all others as the single libre/free platform that is both powerful AND affordable.
To give people the ability to control the hardware that you manufacture but ultimately the customer purchases is an amazing proposition that should be considered.
Ben Milnards
Michael Verrenkamp
Free Software Australia
Other ideas:
- Intel ME security problem