Any modern computer with an x86 processor, whether it’s Intel or AMD, is a lost cause for software freedom and privacy. We harp on this a lot, but it’s worth repeating that it’s nearly impossible to get free, open-source firmware to run on them thanks to the Intel Management Engine (IME) and the AMD Platform Security Processor (PSP). Without libre firmware there’s no way to trust anything else, even if your operating system is completely open-source.
The IME or PSP have access to memory, storage, and the network stack even if the computer is shut down, and even after the computer boots they run at such a low level that the operating system can’t be aware of what they’re really doing. Luckily, there’s a dark horse in the race in the personal computing world that gives us some hope that one day there will be an x86 competitor that allows their users to have a free firmware that they can trust. ARM processors, which have been steadily increasing their user share for years but are seeing a surge of interest since the recent announcement by Apple, are poised to take over the personal computing world and hopefully allow us some relevant, modern options for those concerned with freedom and privacy. But in the real world of ARM processors the road ahead will decidedly long, windy, and forked.
Even ignoring tedious nitpicks that the distinction between RISC vs CISC is more blurred now than it was “back in the day”, RISC machines like ARM have a natural leg up on the x86 CISC machines built by Intel and AMD. These RISC machines use fewer instructions and perform with much more thermal efficiency than their x86 competitors. They can often be passively cooled, avoiding need to be actively cooled, unlike many AMD/Intel machines that often have noisy or bulky fans. But for me, the most interesting advantage is the ability to run ARM machines without the proprietary firmware present with x86 chips.
ARM is an Architecture Licensed to Many Manufacturers
ARM doesn’t make any chips themselves like the x86 manufacturers like Intel do. Rather, they maintain and license their architecture to other companies who in turn build processors that use the ARM instruction set. There is an almost uncountable number of companies making ARM processors: Broadcom, Qualcomm, Rockchip, Atmel, STMicroelectronics, and Texas Instruments, to name a few. And don’t forget Apple, who have been making ARM-based phones and tablets for years and who are about to transition their entire line of products to this superior architecture.
The diversity in manufacturers both is a blessing and a curse when it comes to privacy-respecting options for firmware and software. With so many manufacturers, ARM chips are in almost everything and are so common that there is an easily-accessible wealth of knowledge about how to build software for them (even though desktop computing applications are just a little bit behind).
Applications for the platform are varied as well, from microcontrollers to routers to smartphones and a handful of PCs. However, as anyone with an Android phone may have experienced when trying to unlock their bootloader, there is no uniform way that ARM processors are booted and there’s no uniform or even standardized boot software for ARM-based chips. Some use uboot or coreboot, some need to use some binary blobs, and still others have proprietary firmware that is not open source or able to be modified in any way and even prohibits modifying other software on the device.
Companies using ARM devices are free to open up their devices to be as free as possible like Pine64 does with their phones, tablets, and computers, but others (including cell phone service providers like AT&T or Verizon) can use the freedom afforded to them by the ARM platform to make sure their customers have almost no access to the software running on that hardware. Finding ARM platforms that are open is a challenge if the original manufacturer or supplier didn’t make it a priority, but there are some other options available.
Finding Your Way to ARM and Libre Firmware
One of the more favorable of those options is the Rockchip RK3288, which uses an ARM Cortex-A17 processor and can be found in a number of different Chromebooks. Libreboot, a free and open-source firmware available for a small set of computers, is available for these chips as well which means that (as long as you can get the right graphics driver installed) you can run 100% free software on this computer. Of course, the chipset is around six years old so while it is a fair bit newer than other computers running libreboot (like installing libreboot on my personal laptop which is of the 2008 vintage), it’s still not the most modern processor out there.
For something a little newer, a great example of the openness possible with ARM is from Pine64, which produces several laptops, phones, and a tablet all based on ARM chips. Their PineBook Pro, for example, uses the upgraded Rockchip RK3399 which has two Cortex-A72 cores and four Cortex-A53 cores, which allows it to split various tasks among themselves in order to make the best use of each of these chips, and of course it uses a libre bootloader as well. The offerings from Rockchip aren’t the only options, either; the Free Software Foundation has a list of other systems-on-a-chip that have varying degrees of software freedom.
Popular Choices for Open Bootloaders on ARM
While the open, diverse nature of ARM means that anyone anywhere can code a firmware/bootloader/BIOS for their specific platform of choice, it’s not necessary to reinvent the wheel. There are a few options already out there that are popular choices.
The most free of these is the oft-mentioned libreboot, which uses 100% free and open-source software and never uses any binary blobs. It is available for a handful of ARM-based laptops from the early 2010s (as well as some other older x86-based boards as well). Libreboot itself is a fork of coreboot, a bootloader that is largely free but occasionally uses proprietary binary “blobs” of non-free software in order to get certain hardware up and running that might not otherwise have a non-proprietary way of booting.
Besides these two main bootloaders there is also Das U-boot, or simply uboot, another free bootloader available for various platforms including ARM. Many specialty bootloaders exist as well, such as RedBoot which is built specifically for Red Hat implementations, and BareBox which is used largely in embedded devices. Of course, like the many flavors of Linux, there are an astounding number of other bootloaders available with various features and levels of freedom.
You Should Value Your Privacy and Security
With so many variables, hopefully the coming ARM revolution will include free options for those of us who value security and freedom from the ground up. While Apple almost certainly will not use a free or open-source bootloader as the firmware for their laptops, they’re not actually driving this movement. There’s sea change happening right now throughout the computing world in favor of ARM processors over their more inefficient and insecure x86 competitors and if Apple is any indication this may eventually spill over into the rest of the PC world as well.
The current state of PCs doesn’t really allow us to “vote with one’s wallet” since there are almost no options in the landscape for security or privacy. But your privacy and security have value. With the diversity of manufacturers of ARM devices, I am hopeful that the a growing number of companies will to listen our needs and finally offer modern, powerful, and competitive computers built from the ground up with hardware, firmware, and software choices that begin with privacy and security in mind.
No comments:
Post a Comment