Debian opens a door for non-free firmware

Well, OK, I Guess

© Photo by Kostiantyn Li on Unsplash

© Photo by Kostiantyn Li on Unsplash

Article from Issue 268/2023
Author(s):

The topic of non-free firmware has caused some turbulence within the Debian project, but now the community has a new direction.

Firmware is the link between software and hardware. Hardware vendors are often very secretive about their technology, and part of that secrecy is carefully guarding their source code. Consequently, firmware usually means blobs, that is, binary large objects. No source code is available.

Unfortunately, closed-source, proprietary firmware contradicts everything Debian stands for. Binaries without the source code are also a problem from the admin's point of view because the hidden code might hide vulnerabilities that the user is not able to fix. Many users don't like the fact that firmware cannot be patched as easily as source code when a security problem occurs. Without the manufacturer, who has to provide the security updates, you can't do anything. And the distributor will want to thoroughly test the new firmware version before it goes to the user, which slows down the process of fixing problems.

In general, proprietary firmware does not score well on the popularity scale with Linux users. However, users are in a quandary. Either you swallow the bitter medicine and live with closed-source packages, or else you do without the hardware and other proprietary components that depend on them. Virtually no one who uses Linux in a professional setting can afford to operate without proprietary firmware. When I used to install Debian, I (and probably many others) directly enabled the contrib (contributed) and unfree packages – initially, out of curiosity or ignorance, and then later knowing that I wouldn't have much fun with the hardware if I installed it without some proprietary drivers.

Idealism Meets Realism

The Debian Popularity Contest is a software package that evaluates the packages installed on the system and transmits the results to Debian. Participation is regulated by an opt-in procedure. When it comes to proprietary firmware, the numbers from the Debian Popularity Contest [1] are quite revealing.

The Debian Popularity Contest returns fairly clear results: Firmware is quite important. In the ranking by installation count (Figure 1), packages such as linux-firmware-free (ranked 237) or firmware-misc-nonfree (ranked 1,882) score significantly higher than well-known applications such as samba (ranked 2,411) or mariadb-server (ranked 2,838).

Figure 1: The Debian Popularity Contest (sorted by installations) shows that reality has moved on.

Hardly any system can operate sensibly today without additional firmware, especially when it comes to laptops. The fact that iconic free tools such as MariaDB and Samba appear after the unloved closed-source firmware on the popularity list suggests that a clear majority of users want a fully functional computer and do not draw a stark line in the sand when it comes to proprietary firmware.

Debian newcomers or inexperienced users are often reluctant to manually deploy firmware, and even experienced users might find themselves in a situation like I did from time to time: Halfway through the installation, I realized that, without the closed-source packages, I wouldn't have a network at all. So I went to the nearest computer to plug in a USB stick and download the non-free packages. Hoping to have fetched all the DEBs I needed, I put my storage medium back into the notebook and started a new installation attempt. What might feel a little time consuming to the Linux old hand is, in all likelihood, a merciless showstopper for newcomers.

Democratic Decision

The Debian community recently embarked on a decision process to consider whether to allow the Debian installer to install proprietary firmware. Of course, users can always install the binary blobs manually, but the process of finding and installing drivers for proprietary hardware can be disruptive and time consuming. As is often the case with the very deliberative and collectivist oriented Debian community, this debate played out over several months, culminating in a vote.

One complication of this proposal is that the Debian Social Contract (the document on which Debian was founded) states that "Debian will remain 100% free." There was some question about whether including proprietary drivers was a violation of the social contract, and, if so, what to do about it. Some suggested amending the contract. Others felt an amendment wasn't necessary, because these binary blobs aren't really part of Debain – they are just software that the Debian installer goes out and fetches at installation time. Another question was whether the Debian project should support two installers (one that only handles free components and another installer that can also include binary blobs) or whether to maintain a single installer that integrates binary blob capabilities.

Voting closed on October 1, 2022, and the Debian community officially decided to offer non-free firmware through a single installer and to amend the social contract slightly to make the contract consistent with this change. Steve McIntyre, one of the leaders of the Debian project, published the voting results and info on his blog [2].

The Debian Social Contract will be amended as follows:

"The Debian official media may include firmware that is otherwise not part of the Debian system to enable use of Debian with hardware that requires such firmware."

This decision to officially ship firmware is not surprising to my mind – on the contrary, I think this step is long overdue. What is probably the best-known Debian competitor, Ubuntu, has always come with proprietary firmware packages, which is one of the reasons why Ubuntu is considered particularly beginner-friendly. Other Linux variants do not make such a fuss about firmware and do not regard the inclusion of closed-source packages as sacrilege. But keep in mind that, in many cases, companies or foundations pull the strings in the background to manage these other distributions, whereas the community-driven Debian requires a formal and public decision process.

Conclusions

A number of hardliners were absolutely against the inclusion of non-free firmware, but the majority of the community seems to welcome the project's decision. On Reddit, for example, some members voiced opinions close to my heart (Figure 2).

Figure 2: It's not just on Reddit that many agree: Debian's move to non-free firmware is long overdue. © Reddit.com

Debian has long been considered an extremely robust and reliable distribution – perhaps precisely because much of it seems set in stone and the project has moved very little, if at all, over the decades. I have hardly come across a Linux admin who does not swear by Debian. Many have success stories at hand, typically from a system that had "Woody" or "Sarge" installed eons ago, has since gone through the umpteenth distribution upgrade, and is still running smoothly.

If Debian tweaks the social contract, will the idea or ideals of open source software suffer? I don't think so. Users will still enjoy full control – after all, the installer will ask if you want to set up the firmware. Nobody is forcing you to use the blobs, but you are free to do so.

Infos

  1. Debian Popularity Contest: https://popcon.debian.org
  2. Steve McIntyre's blog: https://blog.einval.com

The Author

Thomas Reuß is a passionate Linux admin who is hugely interested in security. He is currently working as a consultant in the SAP environment.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News