this post was submitted on 14 Oct 2023
351 points (97.3% liked)

Technology

59201 readers
4009 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L4s@lemmy.world
L3s@fry.gs
L4s@fry.gs
enu@lemmy.world
351
Petition for Open BIOS/UEFI: Advancing User Control and Ethical Computing Forward (chng.it)
submitted 1 year ago by OrwellianPenguin@lemm.ee to c/technology@lemmy.world
38 comments fedilink hide all child comments
 

Hello everyone,

In the wake of the recent Right to Repair Act (SB 244) enacted in California on October 10, 2023, the discourse around consumer rights and sustainable technological practices has intensified. A critical facet of this discourse is the BIOS/UEFI (Basic Input/Output System/Unified Extensible Firmware Interface), the fundamental firmware that initializes the hardware during the boot process of our computing devices.

Currently, BIOS/UEFI is largely under proprietary control, posing substantial barriers to our ability to repair, upgrade, and exercise full control over our own devices. This proprietary dominance not only stifles technological innovation and user freedom but also raises serious security concerns. The lack of transparency and verifiability inherent in closed-source firmware like Intel's Management Engine (IME) and AMD's Platform Security Processor (PSP) presents potential security vulnerabilities.

I am launching a petition on Change.org to advocate for Free and Open Source BIOS/UEFI. This initiative transcends personal control over our devices. It symbolizes a stride towards reducing electronic waste, promoting sustainability, and nurturing a culture where technology serves as a medium for empowerment rather than suppression.

The necessity for freedom in hardware firmware is clear. Open BIOS/UEFI furnishes a foundational level of control and understanding, dismantling barriers that keep users distanced from the core operations of their devices, and fostering a more inclusive and participatory technological ecosystem.

We are at a pivotal moment. The momentum nurtured by the Right to Repair movement invites us to extend the principles of openness and user empowerment to the foundational firmware of our devices. Our proactive stance today significantly influences our digital autonomy tomorrow.

The global advocacy for digital rights is reaching a crucial point, with a growing community rallying for more control, transparency, and accountability in the technology we use daily. The shift towards a more open and user-centric technological landscape is not just a fleeting trend, but a substantial movement that echoes the broader societal values of autonomy, privacy, and democratic engagement.

This petition endeavors to rally tech industry stakeholders and governmental bodies to advocate for the liberation of BIOS/UEFI from proprietary control. With open BIOS/UEFI, we inch closer to a technological landscape that aligns with democratic values, ensuring that technology serves the collective, not just a privileged few.

I invite you to sign the petition, disseminate it within your networks, and vocalize your support for a more open, sustainable, and democratically-aligned computing environment.

Together, through a shared vision and collective action, we can usher meaningful change in the technological domain.

Thank you for your support.

all 39 comments
sorted by: hot top controversial new old
[–] segfault@lemmy.world 44 points 1 year ago (2 children)

Currently, BIOS/UEFI is largely under proprietary control

This is incorrect.

The UEFI Forum makes specifications freely available at no cost at https://uefi.org/specifications, and membership is free which would then allow you to redistribute and otherwise use the specs. There are many "open specifications" that require either a one-time purchase of a single specification or a subscription for continued access to a set of specifications, that you of course then cannot share. (PCI-SIG requires a company subscription at $4000 a year to access PCIe related specs.)

edk2, the reference implementation used on everything with UEFI, is open source (BSD-2-Clause-Patent) and available on GitHub: https://github.com/tianocore/edk2.

The problem is not that it's under proprietary control, it's that every fucking company forks edk2 into proprietary products because the license allows it (because Intel required it).

  • Most ODMs/IBVs/OEMs are not willing to make their garbage "value-add" components available, let alone source code for them.
  • Many companies are not willing or unable to make available any required datasheets or provide source code for Platform Initialization (such as NDAs for 3rd party components).
  • Intel has not only gone back on its word about making more the FSP open source (FSP also uses edk2), they are trying to take control even more by shoving increasingly more shit into the FSP.
[–] OrwellianPenguin@lemm.ee 17 points 1 year ago (1 children)

While I appreciate that some components are open-source, the goal here is broader—ensuring BIOS/UEFI is not just open-source but entirely free and open in an ethical sense. This aims for complete transparency, verifiability, and user freedom, beyond what current licenses like BSD-2-Clause-Patent allow. The proprietary forks and lack of transparency you mentioned actually reinforce the need for a fully free BIOS/UEFI. Your points are well taken but highlight that there's still work to be done to achieve full user freedom.

[–] pastermil@sh.itjust.works 17 points 1 year ago

You basically just proved OP's point that most our firmware is closed and it's a problem.

Wit that said, the nuance you mentioned is good to have, especially that we're talking about legal stuff here.

[–] possiblylinux127@lemmy.zip 22 points 1 year ago (2 children)

I'm down but its unlikely to change anything. I bought a system76 labtop because I knew it wouldn't do anything silly.

[–] OrwellianPenguin@lemm.ee 15 points 1 year ago (2 children)

System76 is a great choice for a laptop! It might seem like a small step, but collectively, these actions can make a difference and encourage better practices in the tech industry.

[–] MisterD@lemmy.ca 4 points 1 year ago

What's your opinion on framework computers

https://frame.work/ca/en

[–] possiblylinux127@lemmy.zip 2 points 1 year ago

I do thing it was a bit over priced but that's a small price to pay I suppose

[–] ryannathans@aussie.zone 1 points 1 year ago (1 children)

Define silly? I don't think they deactivate Intel ME or AMD PSP

[–] ahoneybun@lemmy.world 2 points 1 year ago (1 children)

On 13th Gen the Intel ME is disabled and 12th Gen are being updated to disable it as well. The AMD PSP is a different thing since there isn't coreboot for AMD systems.

[–] ryannathans@aussie.zone 1 points 1 year ago

Very pog but is Intel not gonna patch this?

[–] dansity@lemmy.dbzer0.com 14 points 1 year ago* (last edited 1 year ago) (1 children)

So what is the issue with this project https://libreboot.org/ ? maybe instead demanding change, supporting alternatives is a better option

[–] OrwellianPenguin@lemm.ee 14 points 1 year ago* (last edited 1 year ago)

So what is the issue with this project https://libreboot.org/ ? maybe instead demanding change, supporting alternatives is a better option

Libreboot is a great project, but its strict commitment to minimal blobs can limit compatibility. While the broader open BIOS/UEFI discussion often aims for a balance between freedom and compatibility, my advocacy is focused on pushing for a fully free and open BIOS to empower users to the greatest extent possible.

Edit: In fact, Leah Rowe, the creator of Libreboot, just signed the petition.

[–] Discover5164@lemm.ee 11 points 1 year ago

signed, thank you!

[–] nossaquesapao@lemmy.eco.br 8 points 1 year ago (1 children)

I don't want to sound non supportive, but just out of curiosity: why not put the effort into smartphone bootloaders, which are a high bottleneck of locking users and preventing right to repair?

I mean, while uefi isn't so tranaparent, we can at least install our os of choice, something usually not possible in phones.

[–] OrwellianPenguin@lemm.ee 5 points 1 year ago

A victory in making BIOS/UEFI open and free could set a precedent that influences other realms of hardware and software, including the smartphone bootloaders you mentioned. It's a step towards a more comprehensive shift in how we approach user freedom across devices.

[–] joshuawmurray@lemmy.world 2 points 1 year ago

Signed!

[–] TWeaK@lemm.ee 2 points 1 year ago (4 children)

Hah! As if. Low level things like that is reserved for the best state-sponsored malware. We can't be opening that up and letting users (gasp!) protect themselves.

It would also undermine the OS security stuff, in the same way that Nintendo Switches were hacked through the bootloader when they first came out. Just have the BIOS tell the OS everything's ok. So it really, really is a non-starter, as far as the industry is concerned.

[–] OrwellianPenguin@lemm.ee 8 points 1 year ago (1 children)

With a free and open framework and the right security measures, we can address these issues over time and build a unified BIOS that empowers users while maintaining security standards. This initiative aims to create a more transparent and user-controlled tech ecosystem, recognizing that security through obscurity is not the solution.

[–] TWeaK@lemm.ee 2 points 1 year ago (1 children)

Yeah I understand the benefits - and even want them - but I really don't see it happening. You mentioned the Intel ME, that was introduced right around the time the NSA started their PRISM program. Between commercial and intelligence interests I don't think this idea will take off. If anything, state actors have been actively preventing open hardware from being developed and sold commercially.

[–] OrwellianPenguin@lemm.ee 3 points 1 year ago

Challenges from corporate and state players are real, but that's all the more reason to push for change. Sure, it's a tall order given the interests you've mentioned, but if we don't speak up, who will? Advocacy starts somewhere, and it's initiatives like this petition that can at least get the ball rolling.

[–] cmnybo@discuss.tchncs.de 5 points 1 year ago

I want to be able to compile the BIOS and sign it with my own key.

[–] SharkAttak@kbin.social 3 points 1 year ago

On one hand, I fear this could to people trying to have DDR5 speeds on DDR4, but on the other would make easier to spot and fix moronic features like the auto-update on some recent ASUS(?) motherboards.

[–] OrwellianPenguin@lemm.ee 1 points 1 year ago* (last edited 1 year ago)

[Duplicate comment]

[–] ryannathans@aussie.zone 1 points 1 year ago (1 children)

Wish there was an alternative to change.. they force a subscription to their shit every time you sign

[–] OrwellianPenguin@lemm.ee 4 points 1 year ago (1 children)

Wish there was an alternative to change… they force a subscription to their shit every time you sign

Right now, it's the best tool we have for large-scale impact. I apologize for any inconvenience you might experience due to their subscription model.

[–] Iamdanno@lemmy.world 5 points 1 year ago (1 children)

Is there any actual evidence that a change.irg petition gets anything changed?

[–] OrwellianPenguin@lemm.ee 2 points 1 year ago* (last edited 1 year ago)

The front page of Change.org showcases various successful campaigns.