Letter to AMD (American Micro Devices)

This will be a group collaboration to produce a letter to be send to AMD in regards to opening up their Platform Security Platform. Libreboot in regard to AMD PSP.

The call went out on Reddit to one of AMD's public relations manager in regards to opening up the PSP to the public to allow auditing of the code that is running at all times regardless of the operating system. This has started a public letter campaign that we are keen to put our weight behind. This must be focused at AMD and those in the upper levels of the business rather than the public as the information contained within is not intended for the general user, despite this there is some important information for the average user if they want a little more insight to the issues at hand.

An excellent example of previous proposals is the City of Casey Budget letter. This is good starting point for examples of issues and the appropriate language to be used.

We intend to have this closed off by Midnight of Sunday 25th June 2017

A public letter to AMD in regards to liberating firmware.

It has come to the attention of Free Software Australia via the GNU/Linux community on Reddit that there is a public proposal to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on their APU’s.

We at Free Software Australia implore those at AMD to consider the propositions that have been made. To liberate the program code so that users can regain full control of their systems. The restrictions that are currently present are very well known in our community.

https://libreboot.org/faq/#amd

By AMD taking action to support code transparency to the users, there are a few key benefits to all parties: Users gain the ability to not only study the firmware but to modify and redistribute this code and it can be used in several ways:

Confidence in the security and function of the platform.

Even if users don't modify their own firmware, having a consistent and transparent firmware base will provide an environment of trust. This goes beyond the use of home computers, which we should be most protective of due to personal nature of data contained on these machines. This also extends to server machines that provide the online experience that most people use daily.

Companies and the administrators of the online world could rest easy in knowing exactly what is being loaded up on their system. Less potential for a universal back-door is a feature that is very important. The added gain of the community and other businesses' ability to add functionality to your products is also a big win for all involved.

Privacy

In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever growing issue for all users regardless of technical abilities or understanding.

The need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware.

An competitive edge over other vendors

The main competition, Intel, has a similar system called Intel Management Engine. Despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any movements or publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world.

By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied in advanced and patched by the community before any significant issues arise.

This is a great marketing point. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom respecting computers by comparison.

Support from a growing community

The Free software community is a growing one. With the ever more intimate use of technology in peoples lives, more are discovering the big issues in regards to their privacy. A lot of people are interested in solutions that will respect their privacy while providing powerful computers.

If AMD open up their firmware so that the hardware can be booted and used with a 100% free software stack via the use of a project like Libreboot then we will support and recommend your hardware over all others as the single libre/free platform that is both powerful AND affordable.

To give people the ability to control the hardware that you manufacture but ultimately the customer purchases is an amazing proposition that should be considered.

Ben Milnards

Michael Verrenkamp

Free Software Australia

Other ideas:

- Intel ME security problem