Freedom Issue #3189
[iucode-tool] Made for manipulating proprietary microcode bundles
0%
Description
There are currently zero microcode bundles which are libre AFAIK hence this program is only made for proprietary software.
I don't know whether it would be helpful for reverse-engineering but at a quick glance it just appears to be made to help facilitate OS distros distribute microcode more easily.
History
Updated by nona about 2 years ago
Without being familiar with this software, the initial question is whether it adheres to the 4 freedoms. Whether the (free) software is intended to interact with non-free software is another question.
Updated by gap about 2 years ago
Free software which is only useful when used with nonfree software is useless in the free world, with the exception of free software used for reverse-egnineering, and such software is therefore removed from the Parabola repos.
There is already precedent for this:
- Lutris is free in itself but is blacklisted as it is mainly ("mainly" being a much weaker criterion than "only") useful for launching proprietary video games
- radare2 is free in itself but is mainly useful for reverse-engineering proprietary software, and as such it is not blacklisted
Updated by GNUtoo about 2 years ago
- Assignee set to GNUtoo
If I recall well, at some point people found ways to load unsigned microcode updates on somewhat recent Intel CPUs, but I didn't look into it because the devices using such processors weren't good candidate for the RYF certification (they required a lot of work to replace the nonfree Management Engine OS).
While iucode-tool can uses the kernel driver to load an intel CPU microcode update, it also has options disable checks and more importantly as far as I understand it doesn't download any microcode updates or microcode. I'm unsure if it's usable as-is with the research about loading your own microcode updates though.
The iucode-tool tool also has a --scan-system option to print some hexadecimal number that seems to identify the microcode version. I'm unsure if we can deduce things with that, but if we do, it might be interesting to keep it because we can probably link the microcode version to the CPU erratas.
For instance some Thinkpad X60 had an annoying bug where the CPU temperature sensor would report incorrect reading after going out of suspend-to-ram.
More generally speaking, Parabola probably has a lot of code to interact with nonfree software in some form or another. For instance linux-libre has driver to talk with peripherals running nonfree software. We also have packages to access content of iphones for instance.
In all these cases Parabola isn't pushing users to get iphones or computers that run nonfree BIOS or that have peripherals with builtin nonfree software. And it also doesn't ship nonfree software.
What is not OK is rather things like:- Shipping software that downloads and install nonfree software
- Shipping nonfree software
- Having instructions for users to download nonfree software.
And all these cases are already covered by the FSDG (Free System Distribution Guidelines).
Updated by gap about 2 years ago
Thank you for explaining that iucode-tool is useful in the free world, for example using the --scan-system option you mentioned for reverse-engineering.
The question now is whether keeping functionality around which will not work is worth it.
One example of this is iucode-tool's ability to load blobs, which won't work because Linux-libre has this functionality removed.
This also raises another issue: Parabola protects the user by default as much as possible from proprietary software, so should this not entail removing the loading functionality from iucode-tool, at least until libre microcode bundles become available, because someone could be coerced to install a nonfree kernel which could load microcode bundles?
Is this purely the responsibility of the user, or should Parabola help by removing the loading functionality from iucode-tool too?
Updated by gap about 2 years ago
For instance linux-libre has driver to talk with peripherals running nonfree software. We also have packages to access content of iphones for instance.
This situation is different.
In that case, a 100% libre system is merely talking to someone else, and it's not like we can or should force other people to only use a 100% libre system, let alone refuse to talk to them if their systems are not 100% libre.
In this case, a 100% libre system is being used to run a free program which is only useful with nonfree code, to manipulate that nonfree code, thus the program should only be kept if it's useful for reverse-engineering purposes.
Updated by bill-auger about 2 years ago
for completeness, i will add that this is a more general concern,
which has been discussed many times before
https://wiki.parabola.nu/Degrees_of_Non-Free_Software_Tolerance
1. should parabola prevent users from installing non-free
software?
the answer is "no" - to do so would be to prevent freedom #0:
"use the software for any purpose" - "any purpose" includes "to
compile or install non-free software" - even if the answer was
"yes", it is not possible to prevent
however the important distinction WRT the FSDG, is that parabola
must not suggest, steer towards, or facilitate, finding or
installing non-free software
2. should parabola exclude programs which only purpose is to
interact with non-free software or proprietary network services?
no specific examples need be given - the your-freedom-emu
blacklist is exemplary
strictly speaking, the answer is "no", as long as there is no
recommendation or assistance to acquire any non-free software -
for network services, that is never the case; because the
end-user never "acquires" the other software - for games, it is
often the case, that a program launcher will suggest downloading
something non-free - those are blacklisted, and often patched
to remove the recommendation and/or the downloader
the main reason why the answer must be "no", is that no such
libre software can exist, with it's "only purpose" to interact
with non-free software or proprietary network services - the
only way for such a program to exist, would be if it contained
some undocumented secrets; in which case it would not be libre -
if it is indeed libre, someone could write a libre replacement
example, for whatever previously was the non-free "other"
software
WRT the FSDG, the question reduces to: "does that program
constitute a recommendation or assistance, merely because no
libre examples of the other cooperating software yet exists?" -
i believe that the FSF's opinion on that question is "no" - if
the primary tool is libre, then the possibility always exists
for a libre replacement of the cooperating software - it is not
reasonable for the libre status of some program, to be
contingent on what some unrelated third-party does, or may do
in the future
the only way to prevent the primary libre software from allowing
use with other non-free software, would be to prevent it from
cooperating with any other software - the effect of that, is
to to discourage any libre replacement from ever being written
WRT the your-freedom-emu blacklist, i dont believe that it
should exist - there has been an active "home-brew" retro gaming
community for most of those classic game systems; and libre games
do exist for those emulators