Free Software Foundation
 

Please consider adding [email protected] to your address book, which will ensure that our messages reach you and not your spam box.

Read and share online: https://www.fsf.org/blogs/sysadmin/closing-in-on-fully-free-bioses-with-the-fsf-tech-team

Dear Free Software Supporter,

I work on the Free Software Foundation (FSF) tech team. With just three people, we maintain the software and hardware infrastructure for GNU and FSF, and virtual machines for several other important free software projects. We run our own hardware, not relying on any so-called "cloud" services. And we run free software in all possible ways. That includes fifteen servers in two data centers and in our Boston office, over a hundred virtual machines, and ten workstations and laptops, all running GNU/Linux. Every one of those has a freedom-respecting BIOS, but that wasn't always the case...

A move to freedom

The BIOS is a computer's Basic Input/Output System, which initializes the hardware enough so that it can be passed off to another program like a boot loader. The FSF turned its free BIOS advocacy into an official Free BIOS campaign in 2005. In 2009, a new server was deployed, dubbed "Columbia," to a data center at the Massachusetts Institute of Technology (MIT). It had a nonfree BIOS. Why? We are not certain, but a prior FSF sysadmin was a Coreboot contributor and had contributed fixes to an extremely similar motherboard. They seemed to have plans to help get Coreboot ported to Columbia's motherboard and install it. Unfortunately, that work was never completed. It was not a good idea, nor was it within FSF policy, to deploy it for uses other than Coreboot development until after it had a free BIOS. Shortly after that, two more servers were deployed, also with nonfree BIOS.

Licensing logo and screenshot of IRC

I joined the FSF in 2017. By that time, the 2009 tech team staff had moved on from the FSF, and the new tech team already had plans to decommission those three servers in favor of motherboards that supported a free BIOS. By 2018, the servers with the nonfree BIOS were barely in use. The relatively small FSF tech team takes on a lot, and because we have so much on our plate, plans like these can sometimes take longer than expected to complete. But finally, earlier this week, we replaced Columbia, the last of any FSF-run machines running a nonfree BIOS.

Ethical issues raised in BIOS

In leading the way to freedom, we consider the ethical boundaries of free software, and conversations around free BIOS bring up those boundaries. As we wrote in 2005, for the launch of our Free BIOS campaign:

The ethical issues of free software arise because users obtain programs and install them in computers; they don't really apply to hidden embedded computers, or the BIOS burned in a ROM, or the microcode inside a processor chip, or the firmware that is wired into a processor in an I/O device. In aspects that relate to their design, those things are software; but as regards copying and modification, they may as well be hardware. The BIOS in ROM was, indeed, not a problem.

Since that time, the situation has changed. Today, the BIOS is no longer burned in ROM; it is stored in nonvolatile writable memory that users can rewrite. Today, the BIOS sits square on the edge of the line. It comes prewritten in our computers, and normally we never install another. So far, that is just barely enough to excuse treating it as hardware. But once in a while the manufacturer suggests installing another BIOS, which is available only as an executable. This, clearly, is installing a nonfree program--it is just as bad as installing Microsoft Windows, or Adobe Photoshop. As the unethical practice of installing another BIOS executable becomes common, the version delivered inside the computer starts to raise an ethical problem issue as well.

The way to solve the problem is to run a free BIOS.

Developing a free replacement for a program is the only good reason to run that nonfree program. But if you are not developing a free replacement and none is available, then you are at the subject of the developer's unjust power over any future changes to the software. When considering compromises, the free software philosophy advises judging software (and other things) on "citizen values," that is, a judgment based on whether or not it respects users' freedom and community, rather than a judgment based on convenience. Then people will not be baited by an attractive, convenient feature and fall into the trap of a proprietary program.

The servers FSF uses

At FSF, our current standard is ASUS KGPE-D16 motherboards with AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install Libreboot, the easy-to-install, 100% free software replacement for proprietary BIOS/boot programs, or a version of Coreboot that is carefully built to avoid including any nonfree blobs. They are fast enough for our needs, and we expect this to be the case for many more years to come. They are also very affordable systems. We are also working toward supporting Raptor Computer Systems' newer and more powerful Talos II, as well as Blackbird motherboards that use IBM POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit little endian," abbreviated "ppc64el." (Note, the "el" instead of "le" is a reference to the definition of little endian, which is similar to letters written in reverse order.) The Raptor motherboards come with entirely free firmware -- and even have free hardware designs!

However, this type of migration has its challenges. For example, the first thing we needed to address before using these motherboards is that the main operating system we use, Trisquel GNU/Linux, didn't previously run on pp64el. So, earlier this year, we set up a Raptor POWER9 computer running Debian (without using any nonfree parts of Debian repositories) and loaned it to the maintainers of Trisquel for as long as needed. And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9! So far, all the packages we use on servers have Trisquel 11 ppc64el packages built and ready to use. Desktop packages and installation ISOs are still in progress, but we usually install servers using debootstrap, so we've already started installing Trisquel 11.

How BIOSes have changed since 2009

Before I decommissioned Columbia, I ran a dmidecode, which told me that the BIOS program fit within a single megabyte of space. Often, very simplistic firmware becomes more complicated in later models, and that also usually means it has a growing significance for a user's software freedom. Some newer nonfree BIOSes have grown into operating systems in their own right, sometimes with large programs such as a full Web browser.

There is no fully-free BIOS available for x86 Intel and AMD CPUs released after about 2013. The key blocking factor is that those CPUs require certain firmware in the BIOS, like Intel Management Engine. Those CPUs will also refuse to run firmware that hasn't been cryptographically signed by private keys controlled by AMD and Intel, and AMD and Intel will only sign their own nonfree firmware. At the FSF, we refuse to run that nonfree firmware, and we applaud the many people who also avoid it. For those people who do run those Intel or AMD systems, running Coreboot or Osboot is still a step up the Freedom Ladder for the software freedom of your BIOS.

The road to freedom is a long road. We hope our dedication to achieve milestones like these can inspire the free software movement. Our work is enabled by the support of individual donors and associate members. In these final days of our spring fundraiser, you can help us stretch even further than we thought possible so that we may have an even greater impact.

Any financial contribution you can spare counts towards our spring fundraiser, and helps us passionately advocate free software! Your support helps our tech team make steady, important progress toward full software freedom. As long as we can operate in full freedom, we can advocate for it, and help others do the same. For only $10 a month ($5 if you are a student), you can join us as an FSF associate member. New members are critical to the cause, and form a solid foundation for the free software movement.

In the meantime, spreading the word is just as important: please take a moment to publicly bring attention to the need for free software! Use the hashtag #UserFreedom, and share this message with others to build even more support these last few days.

Your contribution matters

The FSF tech team, of course, is proud to be moving to a freer system, and we realize that we cannot make it possible without your support. From purchasing the necessary hardware to maintaining everyday operations, financial contributions help us go the full-mile to freedom. Whether they be in the form of your time, by developing or documenting a free program or by helping spread the word, or with your donation (of which there are many ways to donate), I want to thank you again for your commitment, and your contributions to software freedom.

In freedom,

Ian Kelling
Senior Systems Administrator

Image Copyright © 2022 Free Software Foundation, Inc., licensed under Creative Commons Attribution 4.0 International license.