| From | Ian Kelling, FSF <[email protected]> |
| Subject | Closing in on fully free BIOSes with the FSF tech team |
| Date | July 14, 2022 8:55 AM |
Links have been removed from this email. Learn more in the FAQ.
Links have been removed from this email. Learn more in the FAQ.
*Please consider adding <[email protected]> to your address book, which
will ensure that our messages reach you and not your spam box.*
*Read and share online: <[link removed]>*
Dear Free Software Supporter,
I work on the Free Software Foundation (FSF) tech team. With just
three people, we maintain the software and hardware infrastructure for
GNU and FSF, and virtual machines for several other important free
software projects. We run our own hardware, not relying on any
so-called "cloud" services. And we run free software in all possible
ways. That includes fifteen servers in two data centers and in our
Boston office, over a hundred virtual machines, and ten workstations
and laptops, all running GNU/Linux. Every one of those has a
freedom-respecting BIOS, but that wasn't always the case...
### A move to freedom
The BIOS is a computer's Basic Input/Output System, which initializes
the hardware enough so that it can be passed off to another program
like a boot loader. The FSF turned its free BIOS advocacy into an
official [Free BIOS campaign][1] in 2005. In 2009, a new server was
deployed, dubbed "Columbia," to a data center at the Massachusetts
Institute of Technology (MIT). It had a nonfree BIOS. Why? We are not
certain, but a prior FSF sysadmin was a Coreboot contributor and had
contributed fixes to an extremely similar motherboard. They seemed to
have plans to help get Coreboot ported to Columbia's motherboard and
install it. Unfortunately, that work was never completed. It was *not*
a good idea, nor was it within FSF policy, to deploy it for uses other
than Coreboot development until *after* it had a free BIOS. Shortly
after that, two more servers were deployed, also with nonfree BIOS.
[1]: [link removed]
I joined the FSF in 2017. By that time, the 2009 tech team staff had
moved on from the FSF, and the new tech team already had plans to
decommission those three servers in favor of motherboards that
supported a free BIOS. By 2018, the servers with the nonfree BIOS were
barely in use. The relatively small FSF tech team takes on a lot, and
because we have so much on our plate, plans like these can sometimes
take longer than expected to complete. But finally, earlier this week,
we replaced Columbia, the last of any FSF-run machines running a
nonfree BIOS.
### Ethical issues raised in BIOS
In leading the way to freedom, we consider the ethical boundaries of
free software, and conversations around free BIOS bring up those
boundaries. As we wrote in 2005, for the [launch of our Free BIOS
campaign][2]:
> The ethical issues of free software arise because users obtain
> programs and install them in computers; they don't really apply to
> hidden embedded computers, or the BIOS burned in a ROM, or the
> microcode inside a processor chip, or the firmware that is wired
> into a processor in an I/O device. In aspects that relate to their
> design, those things are software; but as regards copying and
> modification, they may as well be hardware. The BIOS in ROM was,
> indeed, not a problem.
> Since that time, the situation has changed. Today, the BIOS is no
> longer burned in ROM; it is stored in nonvolatile writable memory
> that users can rewrite. Today, the BIOS sits square on the edge of
> the line. It comes prewritten in our computers, and normally we
> never install another. So far, that is just barely enough to excuse
> treating it as hardware. But once in a while the manufacturer
> suggests installing another BIOS, which is available only as an
> executable. This, clearly, is installing a nonfree program--it is
> just as bad as installing Microsoft Windows, or Adobe Photoshop. As
> the unethical practice of installing another BIOS executable becomes
> common, the version delivered inside the computer starts to raise an
> ethical problem issue as well.
> The way to solve the problem is to run a free BIOS.
[2]: [link removed]
Developing a free replacement for a program is the [only good reason
to run that nonfree program][3]. But if you are not developing a free
replacement and none is available, then you are at the subject of the
developer's unjust power over any future changes to the software. When
[considering compromises][4], the free software philosophy advises
judging software (and other things) on "citizen values," that is, a
judgment based on whether or not it respects users' freedom and
community, rather than a judgment based on convenience. Then people
will not be baited by an attractive, convenient feature and fall into
the trap of a proprietary program.
[3]: [link removed]
[4]: [link removed]
### The servers FSF uses
At FSF, our current standard is [ASUS KGPE-D16 motherboards][5] with
AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install
[Libreboot][6], the easy-to-install, 100% free software replacement
for proprietary BIOS/boot programs, or a version of [Coreboot][7] that
is carefully built to avoid including any nonfree blobs. They are fast
enough for our needs, and we expect this to be the case for many more
years to come. They are also very affordable systems. We are also
working toward supporting Raptor Computer Systems' newer and more
powerful [Talos II][8], as well as Blackbird motherboards that use IBM
POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit
little endian," abbreviated "ppc64el." (Note, the "el" instead of "le"
is a reference to the definition of [little endian][9], which is
similar to letters written in reverse order.) The Raptor motherboards
come with entirely free firmware -- and even have free hardware
designs!
However, this type of migration has its challenges. For example, the
first thing we needed to address before using these motherboards is
that the main operating system we use, [Trisquel GNU/Linux][10],
didn't previously run on pp64el. So, earlier this year, we set up a
Raptor POWER9 computer running Debian (without using any nonfree parts
of Debian repositories) and loaned it to the maintainers of Trisquel
for as long as needed. And now, we are proud to say that the upcoming
Trisquel 11 release will support POWER9! So far, all the packages we
use on servers have Trisquel 11 ppc64el packages built and ready to
use. Desktop packages and installation ISOs are still in progress, but
we usually install servers using [debootstrap][12], so we've already
started installing Trisquel 11.
[5]: [link removed]
[6]: [link removed]
[7]: [link removed]
[8]: [link removed]
[9]: [link removed]
[10]: [link removed]
[11]: [link removed]
### How BIOSes have changed since 2009
Before I decommissioned Columbia, I ran a [dmidecode][12], which told
me that the BIOS program fit within *a single* megabyte of space.
Often, very simplistic firmware becomes more complicated in later
models, and that also usually means it has a growing significance for
a user's software freedom. Some newer nonfree BIOSes have grown into
operating systems in their own right, sometimes with large programs
such as a full Web browser.
[12]: [link removed]
There is no fully-free BIOS available for x86 Intel and AMD CPUs
released after about 2013. The key blocking factor is that those CPUs
require certain firmware in the BIOS, like [Intel Management
Engine][13]. Those CPUs will also refuse to run firmware that hasn't
been cryptographically signed by private keys controlled by AMD and
Intel, and AMD and Intel will only sign their own nonfree firmware. At
the FSF, we refuse to run that nonfree firmware, and we applaud the
many people who also avoid it. For those people who do run those Intel
or AMD systems, running Coreboot or [Osboot][14] is still a step up
the [Freedom Ladder][15] for the software freedom of your BIOS.
[13]: [link removed]
[14]: [link removed]
[15]: [link removed]
The road to freedom is a long road. We hope our dedication to achieve
milestones like these can inspire the free software movement. Our work
is enabled by the support of individual donors and associate
members. In these final days of our spring fundraiser, you can [help
us stretch even further than we thought possible][16] so that we may
have an even greater impact.
[16]: [link removed]
[*Any* financial contribution][19] you can spare counts towards our
spring fundraiser, and helps us passionately advocate free software!
Your support helps our tech team make steady, important progress
toward full software freedom. As long as we can operate in full
freedom, we can advocate for it, and help others do the same. For only
$10 a month ($5 if you are a student), you can [join us][22] as an FSF
associate member. New members are critical to the cause, and form a
solid foundation for the free software movement.
In the meantime, spreading the word is just as important: please take
a moment to [publicly bring attention][17] to the need for free
software! Use the hashtag \#UserFreedom, and share this message with
others to [build even more support these last few days][18].
[19]: [link removed]
[22]: [link removed]
[17]: [link removed]
[18]: [link removed]
### Your contribution matters
The FSF tech team, of course, is proud to be moving to a freer system,
and we realize that we cannot make it possible without your
support. From purchasing the necessary hardware to maintaining
everyday operations, financial contributions help us go the full-mile
to freedom. Whether they be in the form of your time, by developing or
documenting a free program or by helping spread the word, or with your
donation (of which there are [many ways to donate][23]), I want to
thank you again for your commitment, and your contributions to
software freedom.
[23]: [link removed]
In freedom,
Ian Kelling
Senior Systems Administrator
--
* Follow us on Mastodon at <[link removed]>, GNU social at
<[link removed]>, PeerTube at <[link removed]>, and on Twitter at @fsf.
* Read about why we use Twitter, but only with caveats at <[link removed]>.
* Subscribe to our RSS feeds at <[link removed]>.
* Join us as an associate member at <[link removed]>.
* Read our Privacy Policy at <[link removed]>.
Sent from the Free Software Foundation,
51 Franklin St, Fifth Floor
Boston, Massachusetts 02110-1335
United States
You can unsubscribe from this mailing list by visiting
[link removed].
To stop all email from the Free Software Foundation, including Defective by Design,
and the Free Software Supporter newsletter, visit
[link removed].
will ensure that our messages reach you and not your spam box.*
*Read and share online: <[link removed]>*
Dear Free Software Supporter,
I work on the Free Software Foundation (FSF) tech team. With just
three people, we maintain the software and hardware infrastructure for
GNU and FSF, and virtual machines for several other important free
software projects. We run our own hardware, not relying on any
so-called "cloud" services. And we run free software in all possible
ways. That includes fifteen servers in two data centers and in our
Boston office, over a hundred virtual machines, and ten workstations
and laptops, all running GNU/Linux. Every one of those has a
freedom-respecting BIOS, but that wasn't always the case...
### A move to freedom
The BIOS is a computer's Basic Input/Output System, which initializes
the hardware enough so that it can be passed off to another program
like a boot loader. The FSF turned its free BIOS advocacy into an
official [Free BIOS campaign][1] in 2005. In 2009, a new server was
deployed, dubbed "Columbia," to a data center at the Massachusetts
Institute of Technology (MIT). It had a nonfree BIOS. Why? We are not
certain, but a prior FSF sysadmin was a Coreboot contributor and had
contributed fixes to an extremely similar motherboard. They seemed to
have plans to help get Coreboot ported to Columbia's motherboard and
install it. Unfortunately, that work was never completed. It was *not*
a good idea, nor was it within FSF policy, to deploy it for uses other
than Coreboot development until *after* it had a free BIOS. Shortly
after that, two more servers were deployed, also with nonfree BIOS.
[1]: [link removed]
I joined the FSF in 2017. By that time, the 2009 tech team staff had
moved on from the FSF, and the new tech team already had plans to
decommission those three servers in favor of motherboards that
supported a free BIOS. By 2018, the servers with the nonfree BIOS were
barely in use. The relatively small FSF tech team takes on a lot, and
because we have so much on our plate, plans like these can sometimes
take longer than expected to complete. But finally, earlier this week,
we replaced Columbia, the last of any FSF-run machines running a
nonfree BIOS.
### Ethical issues raised in BIOS
In leading the way to freedom, we consider the ethical boundaries of
free software, and conversations around free BIOS bring up those
boundaries. As we wrote in 2005, for the [launch of our Free BIOS
campaign][2]:
> The ethical issues of free software arise because users obtain
> programs and install them in computers; they don't really apply to
> hidden embedded computers, or the BIOS burned in a ROM, or the
> microcode inside a processor chip, or the firmware that is wired
> into a processor in an I/O device. In aspects that relate to their
> design, those things are software; but as regards copying and
> modification, they may as well be hardware. The BIOS in ROM was,
> indeed, not a problem.
> Since that time, the situation has changed. Today, the BIOS is no
> longer burned in ROM; it is stored in nonvolatile writable memory
> that users can rewrite. Today, the BIOS sits square on the edge of
> the line. It comes prewritten in our computers, and normally we
> never install another. So far, that is just barely enough to excuse
> treating it as hardware. But once in a while the manufacturer
> suggests installing another BIOS, which is available only as an
> executable. This, clearly, is installing a nonfree program--it is
> just as bad as installing Microsoft Windows, or Adobe Photoshop. As
> the unethical practice of installing another BIOS executable becomes
> common, the version delivered inside the computer starts to raise an
> ethical problem issue as well.
> The way to solve the problem is to run a free BIOS.
[2]: [link removed]
Developing a free replacement for a program is the [only good reason
to run that nonfree program][3]. But if you are not developing a free
replacement and none is available, then you are at the subject of the
developer's unjust power over any future changes to the software. When
[considering compromises][4], the free software philosophy advises
judging software (and other things) on "citizen values," that is, a
judgment based on whether or not it respects users' freedom and
community, rather than a judgment based on convenience. Then people
will not be baited by an attractive, convenient feature and fall into
the trap of a proprietary program.
[3]: [link removed]
[4]: [link removed]
### The servers FSF uses
At FSF, our current standard is [ASUS KGPE-D16 motherboards][5] with
AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install
[Libreboot][6], the easy-to-install, 100% free software replacement
for proprietary BIOS/boot programs, or a version of [Coreboot][7] that
is carefully built to avoid including any nonfree blobs. They are fast
enough for our needs, and we expect this to be the case for many more
years to come. They are also very affordable systems. We are also
working toward supporting Raptor Computer Systems' newer and more
powerful [Talos II][8], as well as Blackbird motherboards that use IBM
POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit
little endian," abbreviated "ppc64el." (Note, the "el" instead of "le"
is a reference to the definition of [little endian][9], which is
similar to letters written in reverse order.) The Raptor motherboards
come with entirely free firmware -- and even have free hardware
designs!
However, this type of migration has its challenges. For example, the
first thing we needed to address before using these motherboards is
that the main operating system we use, [Trisquel GNU/Linux][10],
didn't previously run on pp64el. So, earlier this year, we set up a
Raptor POWER9 computer running Debian (without using any nonfree parts
of Debian repositories) and loaned it to the maintainers of Trisquel
for as long as needed. And now, we are proud to say that the upcoming
Trisquel 11 release will support POWER9! So far, all the packages we
use on servers have Trisquel 11 ppc64el packages built and ready to
use. Desktop packages and installation ISOs are still in progress, but
we usually install servers using [debootstrap][12], so we've already
started installing Trisquel 11.
[5]: [link removed]
[6]: [link removed]
[7]: [link removed]
[8]: [link removed]
[9]: [link removed]
[10]: [link removed]
[11]: [link removed]
### How BIOSes have changed since 2009
Before I decommissioned Columbia, I ran a [dmidecode][12], which told
me that the BIOS program fit within *a single* megabyte of space.
Often, very simplistic firmware becomes more complicated in later
models, and that also usually means it has a growing significance for
a user's software freedom. Some newer nonfree BIOSes have grown into
operating systems in their own right, sometimes with large programs
such as a full Web browser.
[12]: [link removed]
There is no fully-free BIOS available for x86 Intel and AMD CPUs
released after about 2013. The key blocking factor is that those CPUs
require certain firmware in the BIOS, like [Intel Management
Engine][13]. Those CPUs will also refuse to run firmware that hasn't
been cryptographically signed by private keys controlled by AMD and
Intel, and AMD and Intel will only sign their own nonfree firmware. At
the FSF, we refuse to run that nonfree firmware, and we applaud the
many people who also avoid it. For those people who do run those Intel
or AMD systems, running Coreboot or [Osboot][14] is still a step up
the [Freedom Ladder][15] for the software freedom of your BIOS.
[13]: [link removed]
[14]: [link removed]
[15]: [link removed]
The road to freedom is a long road. We hope our dedication to achieve
milestones like these can inspire the free software movement. Our work
is enabled by the support of individual donors and associate
members. In these final days of our spring fundraiser, you can [help
us stretch even further than we thought possible][16] so that we may
have an even greater impact.
[16]: [link removed]
[*Any* financial contribution][19] you can spare counts towards our
spring fundraiser, and helps us passionately advocate free software!
Your support helps our tech team make steady, important progress
toward full software freedom. As long as we can operate in full
freedom, we can advocate for it, and help others do the same. For only
$10 a month ($5 if you are a student), you can [join us][22] as an FSF
associate member. New members are critical to the cause, and form a
solid foundation for the free software movement.
In the meantime, spreading the word is just as important: please take
a moment to [publicly bring attention][17] to the need for free
software! Use the hashtag \#UserFreedom, and share this message with
others to [build even more support these last few days][18].
[19]: [link removed]
[22]: [link removed]
[17]: [link removed]
[18]: [link removed]
### Your contribution matters
The FSF tech team, of course, is proud to be moving to a freer system,
and we realize that we cannot make it possible without your
support. From purchasing the necessary hardware to maintaining
everyday operations, financial contributions help us go the full-mile
to freedom. Whether they be in the form of your time, by developing or
documenting a free program or by helping spread the word, or with your
donation (of which there are [many ways to donate][23]), I want to
thank you again for your commitment, and your contributions to
software freedom.
[23]: [link removed]
In freedom,
Ian Kelling
Senior Systems Administrator
--
* Follow us on Mastodon at <[link removed]>, GNU social at
<[link removed]>, PeerTube at <[link removed]>, and on Twitter at @fsf.
* Read about why we use Twitter, but only with caveats at <[link removed]>.
* Subscribe to our RSS feeds at <[link removed]>.
* Join us as an associate member at <[link removed]>.
* Read our Privacy Policy at <[link removed]>.
Sent from the Free Software Foundation,
51 Franklin St, Fifth Floor
Boston, Massachusetts 02110-1335
United States
You can unsubscribe from this mailing list by visiting
[link removed].
To stop all email from the Free Software Foundation, including Defective by Design,
and the Free Software Supporter newsletter, visit
[link removed].
Message Analysis
- Sender: Free Software Foundation
- Political Party: n/a
- Country: United States
- State/Locality: n/a
- Office: n/a
-
Email Providers:
- CiviCRM