Diff for 'AMDLetter'
|
Editor:
10.0.0.3
Size:
5301:
Time:
2017-06-01 08:52:57z
Comment:
Tidy up grammar
|
Editor:
10.0.0.3
Size:
7321:
Time:
2017-06-05 15:08:28z
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| Letter to AMD (American Micro Devices) | ardTo Dr. Lisa Su (President and Chief Executive Officer '''AMD''',) |
| Line 3: | Line 3: |
| This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. [[https://libreboot.org/faq.html#amd|Libreboot in regard to AMD PSP]]. | Free Software Melbourne is an organization of free software users and advocates. We share the values of the Free Software Foundation, the GNU project and LibrePlanet and we represent the Australian network of free software users and developers. Part of our work involves raising awareness of the benefits of Free and Open Source Software (FOSS) and Open Hardware issues and it is in that capacity that we make this submission. |
| Line 5: | Line 5: |
| The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be '''focused at AMD and those in the upper levels''' of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand. | It has come to our attention via the active GNU/Linux community on Reddit that there is a public proposal (https://www.reddit.com/r/Amd/comments/5ydv7i/petition_to_sticky_a_petition_to_amd_for_psp/) to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on the APU. We at Free Software Melbourne ask AMD to consider this proposal. |
| Line 7: | Line 7: |
| An excellent example of previous proposals is the [[http://freesoftware.org.au/wiki/CityofCaseyBudget|City of Casey Budget letter]]. This is good starting point for examples of issues and the appropriate language to be used. | Liberating the program code would allow the users to regain full control of their systems. The restrictions that are currently present are very well known to our community, see, for example, AMD hardware mentioned on the LibreBoot site (https://libreboot.org/faq/#amd). |
| Line 9: | Line 9: |
| We intend to have this closed off by Midnight of Sunday 25th June 2017 | If AMD were to take action to support code transparency for users, users would gain the ability to not only study the firmware but to modify and redistribute the code which can only be beneficial for AMD. Among other benefits, there would be:- |
| Line 11: | Line 11: |
| ---- A public letter to AMD in regards to liberating firmware. |
1. Confidence in the Platform. |
| Line 14: | Line 13: |
| It has come to the attention of Free Software Australia via the GNU/Linux community on Reddit that there is a public proposal to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their APU’s. We at Free Software Australia implore those at AMD to consider the propositions that have been made. To liberate the program code so that users can regain full control of their systems. The restrictions that are currently present are very well known in our community. https://libreboot.org/faq/#amd By AMD taking action to support code transparency to the users, there are a few key benefits to all parties: Users gain the ability to not only study the firmware but to modify and redistribute this code and it can be used in several ways: 1. Confidence in the security and function of the platform. Even if users don't modify their own firmware, having a consistent and transparent firmware base will provide an environment of trust. This goes beyond the use of home computers, which we should be most protective of due to personal nature of data contained on these machines. This also extends to server machines that provide the online experience that most people use daily. Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system. Less potential for a universal back-door is a feature that is very important. The added gain of the community and other businesses' ability to add functionality to your products is also a big win for all involved. |
Even when users don't modify their own firmware, having a consistent and transparent firmware provides an environment of trust. This covers both the use of home computers, on which much data of a sensitive and personal nature is stored, and the server machines. Companies and the administrators of the online world could rest easy knowing exactly what is being loaded onto their system. By allowing the community to access and audit the code, a universal back-door is a much less likely event. The EFF have noted this issue (https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it) and point out that "vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity". By releasing source code AMD could have the most audited and trusted security module in the industry. |
| Line 30: | Line 17: |
| In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever growing issue for all users regardless of technical abilities or understanding. | In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever-growing issue for all users regardless of technical ability or understanding and the need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware. Users need the freedom to choose what they want running on their system and to have the ability to remove code that might contain privacy risks or vulnerabilities. |
| Line 32: | Line 19: |
| The need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware. | 3. Competitive Edge |
| Line 34: | Line 21: |
| 3. An competitive edge over other vendors | The main competition, Intel, has a similar system and despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any move in this direction or even publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world. |
| Line 36: | Line 23: |
| The main competition, Intel, has a similar system called Intel Management Engine. Despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world. | By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise. |
| Line 38: | Line 25: |
| By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied in advanced and patched by the community before any significant issues arise. | The main competition, Intel, has a similar non-free system. Despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel has yet to move in this direction or to even publicly acknowledge such requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks and these facts have surfaced in the media recently. If someone manages to crack this embedded system they would sitting on a near universal exploit that will affect potentially billions of computers around the world. By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom-respecting computers. This could be a useful marketing lever in which AMD turns out on top of Intel in the vital areas of security and privacy. The added benefits of the community and other businesses' ability to add functionality to your products is also a big win for all involved and yet another cometitive edge gained by embracing Open Source. |
| Line 40: | Line 27: |
| This is a great marketing point. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers by comparison. | 4. Support from a Growing Community |
| Line 42: | Line 29: |
| 4. Support from a growing community | The Free and Open Source Software community is a vibrant and growing one. With the ever more intimate use of technology in people's lives, more are discovering the big issues in regards to their privacy, security and trust. A lot of people are interested in solutions that will respect their privacy and choices while also providing powerful computers. If AMD were to open up its firmware so that the hardware can be booted and used with a 100% Free Software stack using a project like Libreboot, then we would support and recommend your hardware over all others as the single Libre/Free platform that is powerful, affordable and respects its users. According to AMD's own corporate principle of "Community Engagement: AMD was founded on the principle of putting people first - our employees, our customers, our shareholders and our neighbors in the communities around the world where we live and work" To give people the ability to control the hardware they purchases is not only in alignment with AMD's values but is also an amazing proposition that should be considered for its many benifits. |
| Line 44: | Line 31: |
| The Free software community is a growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy. A lot of people are interested in solutions that will respect their privacy while providing powerful computers. | Yours sincerely, |
| Line 46: | Line 33: |
| If AMD open up their firmware so that the hardware can be booted and used with a 100% free software stack via the use of a project like Libreboot then we will support and recommend your hardware over all others as the single libre/free platform that is both powerful AND affordable. To give people the ability to control the hardware that you manufacture but ultimately the customer purchases is an amazing proposition that should be considered. Ben Milnards Michael Verrenkamp Free Software Australia |
Free Software Melbourne |
| Line 57: | Line 36: |
| Other ideas: | Letter to AMD (American Micro Devices) |
| Line 59: | Line 38: |
| - Intel ME security problem | This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. [[https://libreboot.org/faq.html#amd|Libreboot in regard to AMD PSP]]. The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be '''focused at AMD and those in the upper levels''' of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand. We intend to have this closed off by Midnight of Sunday 25th June 2017 |
ardTo Dr. Lisa Su (President and Chief Executive Officer AMD,)
Free Software Melbourne is an organization of free software users and advocates. We share the values of the Free Software Foundation, the GNU project and LibrePlanet and we represent the Australian network of free software users and developers. Part of our work involves raising awareness of the benefits of Free and Open Source Software (FOSS) and Open Hardware issues and it is in that capacity that we make this submission.
It has come to our attention via the active GNU/Linux community on Reddit that there is a public proposal (https://www.reddit.com/r/Amd/comments/5ydv7i/petition_to_sticky_a_petition_to_amd_for_psp/) to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on the APU. We at Free Software Melbourne ask AMD to consider this proposal.
Liberating the program code would allow the users to regain full control of their systems. The restrictions that are currently present are very well known to our community, see, for example, AMD hardware mentioned on the LibreBoot site (https://libreboot.org/faq/#amd).
If AMD were to take action to support code transparency for users, users would gain the ability to not only study the firmware but to modify and redistribute the code which can only be beneficial for AMD. Among other benefits, there would be:-
Confidence in the Platform.
Even when users don't modify their own firmware, having a consistent and transparent firmware provides an environment of trust. This covers both the use of home computers, on which much data of a sensitive and personal nature is stored, and the server machines. Companies and the administrators of the online world could rest easy knowing exactly what is being loaded onto their system. By allowing the community to access and audit the code, a universal back-door is a much less likely event. The EFF have noted this issue (https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it) and point out that "vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity". By releasing source code AMD could have the most audited and trusted security module in the industry.
Privacy
In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever-growing issue for all users regardless of technical ability or understanding and the need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware. Users need the freedom to choose what they want running on their system and to have the ability to remove code that might contain privacy risks or vulnerabilities.
Competitive Edge
The main competition, Intel, has a similar system and despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any move in this direction or even publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world.
By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise.
The main competition, Intel, has a similar non-free system. Despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel has yet to move in this direction or to even publicly acknowledge such requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks and these facts have surfaced in the media recently. If someone manages to crack this embedded system they would sitting on a near universal exploit that will affect potentially billions of computers around the world. By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom-respecting computers. This could be a useful marketing lever in which AMD turns out on top of Intel in the vital areas of security and privacy. The added benefits of the community and other businesses' ability to add functionality to your products is also a big win for all involved and yet another cometitive edge gained by embracing Open Source.
Support from a Growing Community
The Free and Open Source Software community is a vibrant and growing one. With the ever more intimate use of technology in people's lives, more are discovering the big issues in regards to their privacy, security and trust. A lot of people are interested in solutions that will respect their privacy and choices while also providing powerful computers. If AMD were to open up its firmware so that the hardware can be booted and used with a 100% Free Software stack using a project like Libreboot, then we would support and recommend your hardware over all others as the single Libre/Free platform that is powerful, affordable and respects its users. According to AMD's own corporate principle of "Community Engagement: AMD was founded on the principle of putting people first - our employees, our customers, our shareholders and our neighbors in the communities around the world where we live and work" To give people the ability to control the hardware they purchases is not only in alignment with AMD's values but is also an amazing proposition that should be considered for its many benifits.
Yours sincerely,
Free Software Melbourne
Letter to AMD (American Micro Devices)
This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. Libreboot in regard to AMD PSP.
The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be focused at AMD and those in the upper levels of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand.
We intend to have this closed off by Midnight of Sunday 25th June 2017