My original message went to moderation queue because it exceeded the allowed file size. So I am forwarding my message without the pdf attachment to the list.
----- Forwarded message from Parobalth parobalth@gmail.com -----
Date: Sat, 29 Oct 2016 20:13:10 +0200 From: Parobalth parobalth@gmail.com To: arm-netbook@lists.phcomp.co.uk Subject: closed-source BootROM and RYF certification User-Agent: Mutt/1.5.23 (2014-03-12)
At the forum of NextThing Chip is a thread about Chip and a possible RYF certification. I wrote there that I think that is unlikely to happen and linked to https://www.crowdsupply.com/eoma68/micro-desktop/updates/fsf-ryf-background. Then someone else mentioned that a closed-source BootROM is used for Chip. Another guy with username "eaterjolly" wrote about this BootROM: "The same type of SOC is used for the EOMA croud project which is vying for ryf-endorsement quite openly [...]"
You can find the forum thread here: https://bbs.nextthing.co/t/ntc-thoughts-on-ryf-endorsement/4490
Because they use Discourse to power their forum which relies heavily on JavaScript I also attach a Pdf version of the forum post.
I wonder if the mentioned statements are correct and how it relates to the RYF certification of the EOMA68-A20 Libre Tea card.
kind regards Paro
----- End forwarded message -----
On 11/1/16, Parobalth parobalth@gmail.com wrote:
My original message went to moderation queue because it exceeded the allowed file size. So I am forwarding my message without the pdf attachment to the list.
yep. there's a deliberate 40k limit so that people don't try to use alain's mail system as a file server!
At the forum of NextThing Chip is a thread about Chip and a possible RYF certification. I wrote there that I think that is unlikely to happen and linked to https://www.crowdsupply.com/eoma68/micro-desktop/updates/fsf-ryf-background. Then someone else mentioned that a closed-source BootROM is used for Chip.
because it's a ROM it's fine. it's not modifiable, it's directly readable and thus may be audited. now, if it was Boot *EEPROM* and required a secret key to write to it, and that secret key was not available, *then* that would be a problem.
the response about TI, Freescale etc. doing exactly the same thing is perfectly correct. BootROMs are normal and are acceptable under RYF rules.
it's when that bootloader *requires* firmware that is proprietary (or requires secret key signing), *that's* when the problems start and RYF Certification may not be obtained.
I wonder if the mentioned statements are correct and how it relates to the RYF certification of the EOMA68-A20 Libre Tea card.
looks fine to me... up until the point where you notice that the CHIP has an on-board SD-based WIFI module where the firmware source is *NOT AVAILABLE*. now, with that in mind, i can predict how this will go. the FSF will go something like, "we look at this from the perspective of end-users being quotes tempted quotes to install proprietary firmware or software. if you ship this hardware with an on-board WIFI module where the *ONLY* option is to install proprietary firmware, people will be "too tempted" to operate it without WIFI, particularly given the extremely low price, here. therefore, sorry, we cannot grant you RYF Certification. if you create an SBC without WIFI actually on-board, or with WIFI that has full source, come back to us".
now i know for a fact that there simply aren't any SD-based WIFI modules anywhere in the world for which there is source code available.... so they're screwed, unfortunately. they'll need to provide a variant which doesn't have on-board SD-based WIFI (at all).
for the rest of the processor, we know that they've demanded (due to community pressure but also due to the fact that they're a USA-based Corporation, where Copyright law actually matters) that allwinner provide an entirely copyright-legal set of sources as a *binding condition* of the purchase of the actual R8 SoCs.
3D MALI... can be left out.... (as we learned from EOMA68-A20 Certification Application)
CEDRUS.... can be installed... that's fine...
the risk is that they have allwinner try to pull the wool over NextThingCo's eyes on boot0, boot1, and stuffing things like libdram.a and libhdmi.a and libnand.a into the kernel source (in direct violation of the agreement made at the Managerial level). allwinner's engineers *STILL* believe that they have some sort of quotes proprietary secret advantage quotes by following the incredibly stupid and copyright-illegal practice established over five years ago by tom's old manager, such that even when they've been told by their managers and by the Vice President, "respect copyright law" they STILL can't let go of their mindset, which i've witnessed is heavily entrenched at the engineer level.
l.
Thanks a lot for your long and insightful reply. I am also glad to read that the current prototypes seem to work fine and that your last update on crowdsupply.com "Observations from Zhuhai" was rather positive.
kind regards Paro
On Wed, Nov 02, 2016 at 03:12:31AM +0000, Luke Kenneth Casson Leighton wrote:
On 11/1/16, Parobalth parobalth@gmail.com wrote:
My original message went to moderation queue because it exceeded the allowed file size. So I am forwarding my message without the pdf attachment to the list.
yep. there's a deliberate 40k limit so that people don't try to use alain's mail system as a file server!
At the forum of NextThing Chip is a thread about Chip and a possible RYF certification. I wrote there that I think that is unlikely to happen and linked to https://www.crowdsupply.com/eoma68/micro-desktop/updates/fsf-ryf-background. Then someone else mentioned that a closed-source BootROM is used for Chip.
because it's a ROM it's fine. it's not modifiable, it's directly readable and thus may be audited. now, if it was Boot *EEPROM* and required a secret key to write to it, and that secret key was not available, *then* that would be a problem.
the response about TI, Freescale etc. doing exactly the same thing is perfectly correct. BootROMs are normal and are acceptable under RYF rules.
it's when that bootloader *requires* firmware that is proprietary (or requires secret key signing), *that's* when the problems start and RYF Certification may not be obtained.
I wonder if the mentioned statements are correct and how it relates to the RYF certification of the EOMA68-A20 Libre Tea card.
looks fine to me... up until the point where you notice that the CHIP has an on-board SD-based WIFI module where the firmware source is *NOT AVAILABLE*. now, with that in mind, i can predict how this will go. the FSF will go something like, "we look at this from the perspective of end-users being quotes tempted quotes to install proprietary firmware or software. if you ship this hardware with an on-board WIFI module where the *ONLY* option is to install proprietary firmware, people will be "too tempted" to operate it without WIFI, particularly given the extremely low price, here. therefore, sorry, we cannot grant you RYF Certification. if you create an SBC without WIFI actually on-board, or with WIFI that has full source, come back to us".
now i know for a fact that there simply aren't any SD-based WIFI modules anywhere in the world for which there is source code available.... so they're screwed, unfortunately. they'll need to provide a variant which doesn't have on-board SD-based WIFI (at all).
for the rest of the processor, we know that they've demanded (due to community pressure but also due to the fact that they're a USA-based Corporation, where Copyright law actually matters) that allwinner provide an entirely copyright-legal set of sources as a *binding condition* of the purchase of the actual R8 SoCs.
3D MALI... can be left out.... (as we learned from EOMA68-A20 Certification Application)
CEDRUS.... can be installed... that's fine...
the risk is that they have allwinner try to pull the wool over NextThingCo's eyes on boot0, boot1, and stuffing things like libdram.a and libhdmi.a and libnand.a into the kernel source (in direct violation of the agreement made at the Managerial level). allwinner's engineers *STILL* believe that they have some sort of quotes proprietary secret advantage quotes by following the incredibly stupid and copyright-illegal practice established over five years ago by tom's old manager, such that even when they've been told by their managers and by the Vice President, "respect copyright law" they STILL can't let go of their mindset, which i've witnessed is heavily entrenched at the engineer level.
l.
arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netbook@files.phcomp.co.uk
arm-netbook@lists.phcomp.co.uk