Proprietary firmware
Proprietary firmware is any
Distribution
Proprietary firmware (and especially the microcode) is much more difficult to avoid than
Many open-source operating systems reluctantly choose to include proprietary firmware files in their distributions simply to make their device drivers work,[2] because manufacturers try to save money by removing flash memory or EEPROM from their devices, requiring the operating system to upload the firmware each time the device is used.[3] However, in order to do so, the operating system still has to have distribution rights for this proprietary microcode.[3]
Security concerns
Proprietary firmware poses a significant security risk to the user because of the direct memory access (DMA) architecture of modern computers and the potential for DMA attacks.[citation needed] Theo de Raadt of OpenBSD suggests that wireless firmware are kept proprietary because of poor design quality and firmware defects.[4][5] Mark Shuttleworth of Ubuntu suggests that "it's reasonable to assume that all firmware is a cesspool of insecurity courtesy of incompetence of the worst degree from manufacturers, and competence of the highest degree from a very wide range of such agencies".[6]
The security and reliability risks posed by proprietary microcode may be lower than those posed by
Alternatives
Another potential solution is going with open-source hardware, which goes a step further by also providing schematics for replicating the hardware itself.
Examples
See also
References
- ^ Jeremy Andrews (2005-03-08). "Feature: OpenBSD's "Out of the Box" Wireless Support". KernelTrap. Archived from the original on 2005-03-09.
- ^ a b Jeremy Andrews (2006-05-02). "Interview: Theo de Raadt". KernelTrap. Archived from the original on 2006-06-03.
- ^ a b Jeremy Andrews (2004-11-02). "Feature: OpenBSD Works To Open Wireless Chipsets". KernelTrap. Archived from the original on 2006-06-20.
- ^ Theo de Raadt (2016-12-03). "Page 13: The hardware: 802.11 wireless networking (more detail)". Open Documentation for Hardware. OpenCON 2006, 2–3 December 2006. Courtyard Venice Airport, Venice/Tessera, Italy.
- ^ Constantine A. Murenin (2006-12-10). "Почему так важно иметь документацию по программированию железа". Linux.org.ru (in Russian).
- ^ a b Mark Shuttleworth (2014-03-17). "ACPI, firmware and your security".
- ^ "Drunk drivers granted access to breathalyser source code". 2005-11-03. Archived from the original on 2008-09-30.