Shuttleworth Calls for Declarative Firmware
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Ubuntu founder Mark Shuttleworth has called for an end to the dominance of the ACPI power management and device configuration interface used for firmware configuration in many PCs. In a recent blog post, Shuttleworth points out that low-quality, closed source firmware as a major threat to system security.
"If you read the catalog of spy tools and digital weaponry provided to us by Edward Snowden, you'll see that firmware on your device is the NSA's best friend. Your biggest mistake might be to assume that the NSA is the only institution abusing this position of trust--in fact, it's reasonable to assume that all firmware is a cesspool of insecurity, courtesy of incompetence of the worst degree from manufacturers, and competence of the highest degree from a very wide range of such agencies."
Shuttleworth goes on to call the ACPI system a "trojan horse of monumental proportions," adding portentously, "I've been to Troy; there is not much left."
According to Shuttleworth, blobs of commercial, closed-source code in the firmware just opens the door for sophisticated intruders, whether they are government spies or conventional criminals. His solution:
Firmware should be open source, so the code can be checked and verified, and innovative new features should be submitted through an upstream, peer-reviewed process such as the Linux kernel development process.
Firmware should be declarative, meaning that it describes "hardware linkages and dependencies" and doesn't include executable code.
Mark Shuttleworth is artful enough to sense that the furor over the NSA spying scandal means the world might be especially receptive right now to a pitch about the benefits of free software. Beyond the public relations, however, is an interesting development for Shuttleworth's own beloved Ubuntu project. The Free Sofware Foundation still lists Ubuntu as a "nonfree GNU/Linux distribution," noting that "...the version of Linux, the kernel, included in Ubuntu contains firmware blobs."
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
More than 43 Million Lines of Code in Linux Kernel 7.2
Using the cloc utility, Michael Larabel of Phoronix discovered that Linux kernel 7.2 has over 43 million lines of code.
-
Kubuntu Focus Goes Ultra
The Kubuntu Focus team has upped the performance ante of its M2 and Zr laptops with the latest, greatest CPUs from Intel.
-
Linux Gamers May Soon See Less Mouse Lag in KDE Plasma
Gamers using KDE’s Plasma desktop have been suffering from a slight input delay in mouse movement that could lead to getting fragged.
-
Three Lines of Code Improve Linux Storage Performance
A developer changed three lines of code, giving Linux storage performance a 5% bump.
-
AUR Hit Again with Malicious Packages
Once again the Arch User Repository is plagued by a high volume of malicious packages.
-
Alpine Linux 3.24 Features Fresh Desktops and a Newer Kernel
If you're a fan of Alpine Linux, it's time to upgrade because the latest version has been released with KDE Plasma 6.6, Gnome 50, and Linux kernel 6.18 LTS.
-
EU Open Source Strategy Plays Key Role in Tech Sovereignty Package
Comprehensive measures adopted by the European Commission aim to reduce dependency on non-EU countries.
-
Linux Foundation Report Indicates AI Driving Tech Hiring
Within growing security and skills gaps, AI has been found to be a positive driving force behind tech hiring trends in Europe.
-
United Nations Open Source Portal Goes Live
A new open source portal seeks to coordinate and scale open source efforts across the United Nations system.
-
KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
