Free Software Melbourne is an organization of free software users and advocates. We share the values of the Free Software Foundation, the GNU project and LibrePlanet <http://freesoftware.org.au/wiki/LibrePlanet> and we represent the Australian network of free software users and developers. Part of our work involves raising awareness of the benefits of Free and Open Source Software (FOSS) and Open Hardware issues and it is in that capacity that we make this submission.
It has come to our attention via the active GNU/Linux community on Reddit that there is a public proposal ( https://www.reddit.com/r/Amd/comments/5ydv7i/petition_to_sticky_a_petition_to_amd_for_psp/) to liberate the firmware for the AMD processor and the Platform Security Processor (PSP) on the APU. We at Free Software Melbourne ask AMD to consider this proposal. Liberating the program code would allow the users to regain full control of their systems. The restrictions that are currently present are very well known to our community, see, for example, AMD hardware mentioned on the LibreBoot <http://freesoftware.org.au/wiki/LibreBoot> site ( https://libreboot.org/faq/#amd). If AMD were to take action to support code transparency for users, users would gain the ability to not only study the firmware but to modify and redistribute the code which can only be beneficial for AMD. Among other benefits, there would be:- 1. Confidence in the Platform. Even when users don't modify their own firmware, having a consistent and transparent firmware provides an environment of trust. This covers both the use of home computers, on which much data of a sensitive and personal nature is stored, and the server machines. Companies and the administrators of the online world could rest easy knowing exactly what is being loaded onto their system. By allowing the community to access and audit the code, a universal back-door is a much less likely event. The EFF have noted this issue ( https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it) and point out that "vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity". By releasing source code AMD could have the most audited and trusted security module in the industry. 2. Privacy In the last few years there has been more concern in regards to computers being used to spy on their users. Privacy is an ever-growing issue for all users regardless of technical ability or understanding and the need for users to control their own hardware is greater than it has ever been. While not all users will need to inspect the code base personally, having the ability for anyone to do so will go a long way to building customer satisfaction and trust in the hardware. Users need the freedom to choose what they want running on their system and to have the ability to remove code that might contain privacy risks or vulnerabilities. 3. Competitive Edge The main competition, Intel, has a similar system and despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel have yet to make any move in this direction or even publicly acknowledge these requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks, which have surfaced in the media quite recently. As such, if someone manages to crack this embedded system they are sitting on a near universal exploit that will affect potentially billions of computers around the world. By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these same potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise. The main competition, Intel, has a similar non-free system. Despite many calls to have firmware code of this system liberated so that it can be inspected and verified, Intel has yet to move in this direction or to even publicly acknowledge such requests. With the system locked down in obscurity, users cannot defend themselves against any potentially malicious attacks and these facts have surfaced in the media recently. If someone manages to crack this embedded system they would sitting on a near universal exploit that will affect potentially billions of computers around the world. By liberating the code running on PSP and allowing modifications to execute, it is possible to mitigate these potential issues by allowing vulnerable code to be studied and patched by the community before significant issues arise. It would be difficult for anyone to trust Intel based machines if the AMD ones are openly marketed to the public as being freedom-respecting computers. This could be a useful marketing lever in which AMD turns out on top of Intel in the vital areas of security and privacy. The added benefits of the community and other businesses' ability to add functionality to your products is also a big win for all involved and yet another competitive edge gained by embracing Open Source. 4. Support from a Growing Community The Free and Open Source Software community is a vibrant and growing one. With the ever more intimate use of technology in people's lives, more are discovering the big issues in regards to their privacy, security and trust. A lot of people are interested in solutions that will respect their privacy and choices while also providing powerful computers. If AMD were to open up its firmware so that the hardware can be booted and used with a 100% Free Software stack using a project like Libreboot, then we would support and recommend your hardware over all others as the single Libre/Free platform that is powerful, affordable and respects its users. According to AMD's own corporate principle of "Community Engagement: AMD was founded on the principle of putting people first - our employees, our customers, our shareholders and our neighbors in the communities around the world where we live and work" To give people the ability to control the hardware they purchases is not only in alignment with AMD's values but is also an amazing proposition that should be considered for its many benefits. Yours sincerely, Free Software Melbourne This letter will be available online here: http://freesoftware.org.au/blog/open-letter-to-amd/ _______________________________________________ Free-software-melb mailing list [email protected] https://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
