How the FSF Runs Using Nothing But Freedom-Respecting BIOS (fsf.org) 54
A senior systems administrator at the Free Software Foundation points out that they're running free software in two data centers and over a hundred virtual machine — each and every one with "a freedom-respecting BIOS."
But the "how" is surprisingly intricate: [E]arlier this week, we replaced "Columbia", the last of any FSF-run machines running a nonfree BIOS....
At FSF, our current standard is ASUS KGPE-D16 motherboards with AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install Libreboot, the easy-to-install, 100% free software replacement for proprietary BIOS/boot programs, or a version of Coreboot that is carefully built to avoid including any nonfree blobs. They are fast enough for our needs, and we expect this to be the case for many more years to come. They are also very affordable systems. We are also working toward supporting Raptor Computer Systems' newer and more powerful Talos II, as well as Blackbird motherboards that use IBM POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit little endian," abbreviated "ppc64el...." The Raptor motherboards come with entirely free firmware — and even have free hardware designs!
However, this type of migration has its challenges. For example, the first thing we needed to address before using these motherboards is that the main operating system we use, Trisquel GNU/Linux, didn't previously run on pp64el. So, earlier this year, we set up a Raptor POWER9 computer running Debian (without using any nonfree parts of Debian repositories) and loaned it to the maintainers of Trisquel for as long as needed. And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9...!
Before I decommissioned Columbia, I ran a dmidecode, which told me that the BIOS program fit within a single megabyte of space. Often, very simplistic firmware becomes more complicated in later models, and that also usually means it has a growing significance for a user's software freedom. Some newer nonfree BIOSes have grown into operating systems in their own right, sometimes with large programs such as a full Web browser.
There is no fully-free BIOS available for x86 Intel and AMD CPUs released after about 2013. The key blocking factor is that those CPUs require certain firmware in the BIOS, like Intel Management Engine. Those CPUs will also refuse to run firmware that hasn't been cryptographically signed by private keys controlled by AMD and Intel, and AMD and Intel will only sign their own nonfree firmware. At the FSF, we refuse to run that nonfree firmware, and we applaud the many people who also avoid it. For those people who do run those Intel or AMD systems, running Coreboot or Osboot is still a step up the Freedom Ladder for the software freedom of your BIOS.
The road to freedom is a long road. We hope our dedication to achieve milestones like these can inspire the free software movement.
But the "how" is surprisingly intricate: [E]arlier this week, we replaced "Columbia", the last of any FSF-run machines running a nonfree BIOS....
At FSF, our current standard is ASUS KGPE-D16 motherboards with AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install Libreboot, the easy-to-install, 100% free software replacement for proprietary BIOS/boot programs, or a version of Coreboot that is carefully built to avoid including any nonfree blobs. They are fast enough for our needs, and we expect this to be the case for many more years to come. They are also very affordable systems. We are also working toward supporting Raptor Computer Systems' newer and more powerful Talos II, as well as Blackbird motherboards that use IBM POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit little endian," abbreviated "ppc64el...." The Raptor motherboards come with entirely free firmware — and even have free hardware designs!
However, this type of migration has its challenges. For example, the first thing we needed to address before using these motherboards is that the main operating system we use, Trisquel GNU/Linux, didn't previously run on pp64el. So, earlier this year, we set up a Raptor POWER9 computer running Debian (without using any nonfree parts of Debian repositories) and loaned it to the maintainers of Trisquel for as long as needed. And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9...!
Before I decommissioned Columbia, I ran a dmidecode, which told me that the BIOS program fit within a single megabyte of space. Often, very simplistic firmware becomes more complicated in later models, and that also usually means it has a growing significance for a user's software freedom. Some newer nonfree BIOSes have grown into operating systems in their own right, sometimes with large programs such as a full Web browser.
There is no fully-free BIOS available for x86 Intel and AMD CPUs released after about 2013. The key blocking factor is that those CPUs require certain firmware in the BIOS, like Intel Management Engine. Those CPUs will also refuse to run firmware that hasn't been cryptographically signed by private keys controlled by AMD and Intel, and AMD and Intel will only sign their own nonfree firmware. At the FSF, we refuse to run that nonfree firmware, and we applaud the many people who also avoid it. For those people who do run those Intel or AMD systems, running Coreboot or Osboot is still a step up the Freedom Ladder for the software freedom of your BIOS.
The road to freedom is a long road. We hope our dedication to achieve milestones like these can inspire the free software movement.
Re:IBM POWER9 CPUs (Score:5, Interesting)
From what I remember, the Power9 CPUs have no proprietary programming or data at all. Everything is fully open and documented.
That's.. Completely from memory, though, so I might well be wrong. lol
Open (Score:5, Informative)
The POWER ISA is as open as a CPU from a commercial company can be.
https://en.wikipedia.org/wiki/... [wikipedia.org]
You can download open source POWER core designs, as well as open sourced firmware.
Re: (Score:2)
Yay! My memory wasn't completely shot :D
Re: (Score:1)
Re: (Score:2)
there is no guarantee the chip does exactly and only what the spec says
also
3500 for the motherboard... and 900 for a _quadcore_ cpu of which i need _two_ ?
what the...
Re: (Score:1)
You can actually get the full source to the BIOS. And there's no backdoor-CPU in the southbridge that gets to look at your network packets first. (That we know of, anyway.)
These days you can't get anything from AMD or intel that doesn't come with a PSP or iME that you can't turn off and they actively work against the idea that you can bring your own BIOS, despite AMD at one time promising to support openboot, then hastily retracting that promise.
IBM aren't especially torch bearers, but they're looking to
Nothing but Respect (Score:5, Interesting)
Re: (Score:1, Offtopic)
GPU's could have used speculative execution for example to share the register with the CPU but how easy would that technology had been to open source? Pure speculation on my part.
Sad state of affairs (Score:4, Insightful)
It's a sad state of affairs when your servers are running a decade old chip on a decade old motherboard, and the chip was crap even back then. When either of those two components die, the only place to get spares is eBay.
Maybe they can replace them with RISC V systems one day.
Re: (Score:3, Informative)
Yeah, but UEFI is crap, too.
Re: (Score:2)
Re: (Score:3)
Seriously, does the BIOS or UEFI interfere with the Free OS once the OS is already up and running?
BIOS doesn't. UEFI can be (and has been) hacked to cause serious problems in the long run.
Re: (Score:1)
The board is crap too.
It has 5 PCIE Slots, you can only use 3 of them at any given time because ASUS cheaped out and only put one northbridge chip.
Re: (Score:1)
It wasn't until 2004 that HURD could even support partitions greater than 2gb. https://news.slashdot.org/stor... [slashdot.org]
Re: (Score:3, Interesting)
Why not tell them that is so sad: to used old hardware, to follow their principles, to endure despite an hostile environment, to try to make an alternative choice available to whom would listen, to have a different point of view.
Yeah, it's so sad when people not follow what everybody else is doing.
Re: (Score:3)
There is very little emphasis on open hardware. Its "FOSS" all day long – software. The FSF tinkers with the issue of hardware as an extension of its software focus, but that is marginal.
Who wants to buy a Talos II system for big bucks and take up half a desk with it? People want laptops and phones.
The underlying problem is that hardware experts are not interested in open hardware to the extent that programmers are interested in open software. If they were, we would have laptop and phone-ready ope
Re: (Score:2)
As I mentioned in another reply, IME type firmware is not a rung on the ladder of free/open systems; its basically a part of the closed hardware. Cut to the chase with open source hardware and the firmware issue becomes moot.
Re: (Score:2)
There are plenty of open designs on opencores.
The problem with hardware designs is it takes a LOT of money to develop. A modern GPU is often emulated with FPGAs, but the FPGA platforms cost 6 figures to 7 figure and only run at a couple of MHz.
If you turn the device into silicon, a
What's with the article source link? (Score:2)
I'm guessing the following is where it was meant to go, not some random youtube video?
https://www.fsf.org/blogs/sysa... [fsf.org]
Re: (Score:2)
Hilarious! Just in case they actually fix this later - here is where the main article link currently goes:
Transvision Vamp - I Want Your Love [youtu.be]
the road to freedom... (Score:1)
"The road to freedom is a long road." ...that doesn't end in freedom when it involves the FSF, it ends with corporate restrictions being replaced with other (FSF) ones. Freedom is when you can do what you want, not do what you are told by yet another corporate actor driven by RMS's silver-spooner values.
Re: the road to freedom... (Score:5, Interesting)
Nah, both are freedom, they're just opposite kinds of freedoms. One is "freedom to", aka positive freedom. The other is "freedom from", aka negative freedom. FSF's kind is mostly positive freedom: to copy, modify, share etc. the code and its modifications. BSD's kind is mostly negative freedom: from requirements, rules, conditions etc. These two kinds aren't a dichotomy, they form a spectrum, with any real world system of freedoms located somewhere between both extremes.
hmm (Score:3)
I hate the current state of affairs with modern CPUs, issues with speculative execution, issues with Management Engine, issues with TPMs. But I real-world workloads to support. I don't have time to maintain and mold my archaic infrastructure. FSF is really playing the long long game here. I applaud them but I cannot follow them.
The problem with freedom is (Score:2)
No one cares. Okay some people care, but freedom is not a sexy argument. It's not a feature. It doesn't make money, it doesn't speed up your system, it doesn't reduce costs (in fact it often comes with the added expense of employing people who care and understand about it rather than relying on cheaper vendor support agreements), and ultimately it doesn't usually factor in to any purchasing decision.
Where the FSF sees IME as a threat, corporate customers see it as a feature they no longer have to pay a prem
Re:The problem with freedom is (Score:5, Insightful)
No one cares. Okay some people care, but freedom is not a sexy argument. It's not a feature.
It is a feature where it means you can do lots of stuff that you cannot do with closed source and hardware depending on it. Like extending its functionality, porting it other hardware or just running it years after its original manufacturer lost interest in it.
It doesn't make money, it doesn't speed up your system, it doesn't reduce costs (in fact it often comes with the added expense of employing people who care and understand about it rather than relying on cheaper vendor support agreements)
There were not so many uses of GPL'ed software, both benign and secretive ones in violation of the license, if everybody agreed to this.
Where the FSF sees IME as a threat, corporate customers see it as a feature they no longer have to pay a premium to motherboard vendors for.
The largest buyers of server main-boards these days are large cloud providers who happen to care enough about how their IMEs are implemented that they have their own customized CPUs and BIOSes and mainboards built.
To me, the problem with freedom is that the ratio of people who ever experienced it decreases with the aging population. People born after 1990 have rarely been given a chance to experience a world where technical stuff you bought was not infested by DRM systems, harvesting data from its buyer, and built to depend on periodic payments to some company.
The same younger people also never were allowed to live a life without permanent tracking/observation. They just never learned what they are missing in comparison to those of the same age some decades ago.
Re:The problem with freedom is (Score:4, Insightful)
You can even pull that into the non-technical world, with helicopter parenting being shockingly prevalent and sometimes even codified into law in the US.
Re: (Score:3, Interesting)
People born after 1990 have rarely been given a chance to experience a world where technical stuff you bought was not infested by DRM systems, harvesting data from its buyer, and built to depend on periodic payments to some company.
Actually, some of the youngins do get it - they're the demographic largely driving the resurgence in sales of vinyl records. I, however, am one of those old dogs who lived through when things weren't all locked down with DRM, HDCP, cryptographic code signing, etc.
The problem with the FSF's approach though, is that they conflate issues that truly matter to the average consumer (such as not being able to roll back your smartphone's OS to an earlier version due to locked bootloaders, and in the case of iOS, n
Re: (Score:2)
It is a feature where it means you can do lots of stuff that you cannot do with closed source and hardware depending on it.
This is such an incredible niche that the only companies actually doing anything here are those developing their own custom hardware. You even point this out later on in your post.
Again there's no market for a general purpose freedom here. Customers who buy products don't want them, and customers who develop their own ... develop their own.
Coreboot has an infinitesimal market share for a reason, and that reason extends way beyond just the IME / PSP that prevent it on the x86 architecture. It also has practi
Re: (Score:2)
It is a feature where it means you can do lots of stuff that you cannot do with closed source and hardware depending on it.
Such as? We have had free and open phone and desktop operating systems for a long time, what is the "stuff" that you can do on them that you can't do on the alternatives? This kind of openness is a means, but to what end?
Before you get to extending these things you need to reach funcational parity. So what's the equivalent? There is a company that announced a RISC-V laptop, so I guess there is that (odds are it's not even going to be remotely comparable in performance to a modern Macbook or Dell XPS though)
Re: (Score:2)
No one cares. Okay some people care, but freedom is not a sexy argument.
until they're dead.
https://www.dailymail.co.uk/ne... [dailymail.co.uk]
Re: (Score:2)
No one cares. Okay some people care, but freedom is not a sexy argument. It's not a feature. It doesn't make money, it doesn't speed up your system, it doesn't reduce costs (in fact it often comes with the added expense of employing people who care and understand about it rather than relying on cheaper vendor support agreements), and ultimately it doesn't usually factor in to any purchasing decision.
Where the FSF sees IME as a threat, corporate customers see it as a feature they no longer have to pay a premium to motherboard vendors for.
IME is an incredible labor savings for maintaining systems.
In the 90s I was a FSE for IBM... I once flew from San Jose, CA to New Orleans, LA just to update 3 machines in a client office.
Re: (Score:2)
No one cares. Okay some people care, but freedom is not a sexy argument. It's not a feature. It doesn't make money, it doesn't speed up your system, it doesn't reduce costs (in fact it often comes with the added expense of employing people who care and understand about it rather than relying on cheaper vendor support agreements), and ultimately it doesn't usually factor in to any purchasing decision.
Where the FSF sees IME as a threat, corporate customers see it as a feature they no longer have to pay a premium to motherboard vendors for.
But you're not understanding the true purpose of parts of the computer can't access, you literally can't see what windows and programs you buy are doing, they can commit white collar crime with impunity because you got no property rights.
Go read the EULA and TOS of steam and windows 10/11 make you want to puke your guts up. But the average person is a moron.
IME is an incredible labor savings for maintaining systems.
In the 90s I was a FSE for IBM... I once flew from San Jose, CA to New Orleans, LA just to update 3 machines in a client office.
Re: (Score:2)
And yet those "morons" as you put it happily get their work done and play the games they want to nonetheless - regardless of what their legal rights are. Occasionally they'll lose access to something they'd purchased a license for, and they'll get over it and play or use something else.
Re: (Score:2)
And yet those "morons" as you put it happily get their work done and play the games they want to nonetheless
You don't grasp we're getting worse products for more money, so yes, you are stupid to buy shit that can be shut down and taken away from you, aka you end up paying more for less, and also being spied on by your windows 10/11 PC is pretty fucking dystopian but I'm sure you don't mind living in a corporate dictatorship, typical of americans.
Re: (Score:2)
I'm not a huge fan of libre-for-the-sake-of-libre when it comes to my job, where functionality, schedules, costs, usability, etc., all matter. But I think at least having something that works as a proof-of-concept is a Good Thing. See also: libre chip designs. Great to know they're there, even if you don't have a billion dollars to set up a libre chip fab to go with it.
Re: (Score:2)
No one cares. Okay some people care, but freedom is not a sexy argument.
The bigger issue for freedom in this context is arguing for freedom for freedom's sake. If you argue about the necessity for particular freedoms but then don't do anything with them then it's pretty clear that you didn't need them in the first place.
For example the rise of Android on smartphones means we have a plethora of hardware with drivers supporting a Free and Open operating system kernel, Google worked with OEMs to make this happen. So now you have the hardware and you have the kernel supported on th
Something is missing (Score:5, Informative)
I've been down this road and still own some of that 2012-era hardware the author mentions.
But I no longer share FSF's philosophy about pure libre firmware because it became obvious (to me) that the newer hardware was locking-out that possibility. Therefore, the closed IME/PSP blobs were functioning as a part of (or extension of) the hardware. Firmware of the sort discussed here is not a rung on the ladder to fully open source / libre systems... it is a property of the closed hardware itself.
What we really need for freedom is Open Hardware. Having powerful, general purpose computers consisting of open silicon would obviate the whole issue over firmware! However, the open/libre community is doing a rotten job of emphasizing hardware, because it has formed its identity around FOSS – Software.
Re:Something is missing (Score:5, Insightful)
Re: (Score:2)
It doesn't need to be top-notch, just good enough to run open software.
I know... It's not as fun as making rockets and saving humanity, but I think it would change the information world up side down, more quickly than acquiring a social media platform.
Re: (Score:2)
FOSS can be developed on most hardware regardless of it's openness by individuals or small groups with little infrastructure needed.
Right and FOSS developers most often do this by investing in proprietary hardware, not because it's all that's available but because it's the best tool for the job.
Unless there's a clear need or consumer demand for such hardware no manufacturer will spend the R&D or tooling expense to even design much less produce the physical stuff.
You won't generate demand for something unless that something offers compelling value. The vast majority of computer users aren't using their choice of hardware and software as a vehicle for expressing their ideology, they are using it as a tool to do a job so open hardware and software simply needs to do that job better than the proprietary incu
Is Trisquel a serious project? (Score:2)
I'm so confused... If Trisquel wanted to be taken seriously, shouldn't they at least have a modicum of information about their project? I literally can't find anything about supported hardware:
https://trisquel.info/en/wiki/... [trisquel.info] is empty. The FAQ has nothing. "Categories of computers" has "personal computer" (https://trisquel.info/en/wiki/personal-computer) which says, "Parts" and lists "X x86 MIPS". Under "Installing Trisquel on a Server" they mention, "almost any x86/x86_64 server", but the download page (h
Re: (Score:2)
From Wikipedia, it's basically just Ubuntu LTS minus the non-free repositories with a 'libre' kernel scrubbed of binary blobs.
Credit where credit is due (Score:3)
Opinion (Score:2)
POWER9 (Score:1)
POWER9 doesn't have a long life ahead of it, can't believe they're wasting time and resources on it.
From a privacy and freedom perspective both AMD and Intel are written off. They'd have more luck working with Apple to make M1 and M2 platforms available for FSF-tolerated Linuxes, even if they don't support all of the specialist hardware (like the secure enclaves and 2D/3D acceleration) by way of blobs.