Freedom Issue #3562
mkinitcpio microcode support
0%
Description
mkinitcpio default preset and scripts add support for the proprietary microcode images, which are blacklisted by Parabola. We've to patch a [libre] version.
History
Updated by bill-auger 4 months ago
can you show exactly what your referring to? - "support" alone is not a problem - we can support non-free software - many packages do (eg: QEMU supports booting non-free OS images) - we just can not provide anything non-free, or to suggest using any, or to give instructions
another way to look at it, if your-freedom is installed, it is not possible to install the microcode package - people are free to install the microcode package; but your-freedom would need to be uninstalled - but if your-freedom is not installed, then that is no longer a parabola system - it becomes an unsupported franken-system - if some program suggests it, we only need to remove the suggestion
in short, we should not try to prevent people from running non-free software, if they know what they are doing - Freedom #0 says so - we just can not suggest doing so or to instruct how to accomplish it
Updated by Megver83 4 months ago
It contains scripts and presets which use the installed microcode:
https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/blob/master/kernel-install/40-microcode.install?ref_type=heads
And the default mkinitcpio preset suggest it:
https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/blob/master/mkinitcpio.d/hook.preset?ref_type=heads
If these are not real issues (if the microcode packages are not installed, nothing will happen, plus linux-libre deblobbed them), then we can safely close this issue.
Updated by bill-auger 4 months ago
strictly speaking, i think those two examples are acceptable - nothing actually
suggests installing the microcode, and it does not assist downloading or
installing it - it simply detects it and runs it if found - pureos's kernel
will do the same with non-free kernel modules, and that is acceptable
(apparently - i never could get a straight answer from the FSF about that)
but again, the microcode can not be found on a standard parabola system;
because it is not possible to install the microcode package without modifying
the system in a way that parabola explicitly says not to do - i do know that
many people want to run parabola but with the microcodes installed - i see that
as not much different than most pureos users who have purism's non-free kernel
modules installed; except that there is a very good security argument for using
up-to-date microcodes - it is actually quite bad advice to tell people not to
install them IMHO - i would rather not mention it either way - just let people
do what they want, if they know what they are doing
we could ask on the FSDG mailing list; but its been pretty much useless for a
long time - the FSF hired a new licensing officer just this month after not
having one for years - so maybe the FSDG work-group can get back on track now
as another matter of precedent, there is only one part of the FSDG that says we
need to remove something simply because it is capable of running non-free
software - that is the web browser DRM mechanism - but IMHO the only reason
that is a good recommendation is because if it is not disabled at compile time,
the browser will prompt like "you must install this DRM to watch this movie",
which is a strong suggestion
Updated by bill-auger 4 months ago
i made some patches for mkinitcpio this month to fix ARM; but one of the fixes
i found does not require any changes to mkinitcpio - as of now, we only
re-package mkinitcpio for nonsystemd; so i was hesitant to actually implement
the changes - i would rather propose them to arch so we dont need to
re-package it for systemd - if there is another reason to patch mkinitcpio for
systemd too, we could actually keep that script, but turn it into a warning
if [[ -f "${dir}/${microcode}" ]]; then - if (( KERNEL_INSTALL_VERBOSE )); then - printf '+ (mkinitcpio) Found microcode image %s\n' "$microcode" - fi + echo "WARNING: non-free microcode were detected on your computer!" + echo " Did you install them intentionally?" + echo " If not, ask us how to remove them."
or if the FSDG workgroup thinks we should remove it:
if [[ -f "${dir}/${microcode}" ]]; then - if (( KERNEL_INSTALL_VERBOSE )); then - printf '+ (mkinitcpio) Found microcode image %s\n' "$microcode" - fi + echo "WARNING: non-free microcode were detected on your computer!" + echo " This script prevents them from loading. + echo " Did you install them intentionally?" + echo " If not, ask us how to remove them." - install -m 0644 "${dir}/${microcode}" "${KERNEL_INSTALL_STAGING_AREA}/microcode-${microcode}" || { + # install -m 0644 "${dir}/${microcode}" "${KERNEL_INSTALL_STAGING_AREA}/microcode-${microcode}" || {
still some clever monkeys could figure out how to find "this script" and tweak it;
but still we are not suggesting it - it is suggesting to remove it