Criticizing Less Than Free Hardware

Off the Beat: Bruce Byfield's Blog

Sep 29, 2016 GMT
Bruce Byfield

With a boost from crowdfunding, efforts at free hardware are becoming a reality. Inevitably, though, most of these efforts are criticized as not being free enough, usually because of proprietary firmware. I sympathize with the criticism (and, in fact, I have been frequently offered it myself), but, the more I learn about the realities of manufacturing and of the semiconductor industry, the more I am becoming convinced that it is criticism with neither knowledge or responsibility.

A case in point centers on ORWL, a physically secure computer being developed by Design Shift  that, as I write, is winding down an already successful crowdfunding campaign. ORWl includes an encrypted hard drives, and includes an option to use Qubes OS, a Debian-based distribution designed for easy to use high level security.

However, what distinguishes ORWL is its emphasis on physical security. The computer comes with a physical security key and a metal mesh that encases the interior. If the security key is too far from the computer, then the computer shuts down. If the mesh is tampered with, the memory may be wiped.

In the fundraising campaign, Design Shift has promised to release its own code, and, so far, there is nothing to indicate that it will not. It is even using coreboot so that its own firmware is free-licensed.

However, Joanna Rutkowska, the founder of Qubes OS, has criticized ORWL because it uses a proprietary microcontroller, Maxim Integrated's MAX32550 DeepCover Secure Cortex-M3 to verify firmware before boot and to control the power to the rest of the hardware. She does so with heavy sarcasm, quoting a statement from Design Shift, then supplying her translation. For example, she translates a statement about the microcontroller with "Our proprietary, impossible-to-audit, running nobody-knows-what firmware microcontroller (uC) has full authority over the boot process and execution of any system and apps running on our ORWL computer." Rutkowska goes on to mock Deep Shift's promise to release as much of the code as possible, explaining her tone as disappointment that ORWL is not completely free.

Dancing as Fast as I Can
The trouble with Rutkowska's comments is not that they are idealistic. After all, idealism built free software, and will probably build free hardware, too. At the absolute least, such idealism produces more satisfactory results than automatically settling for lower standards would.

The trouble is that the comments are not realistic. They are not the comments of someone with the responsibility for producing a product, presumably to a deadline, who may need to settle for less than perfection to stay on schedule. More importantly, they are apparently made without an awareness that free-licensed hardware is almost completely unobtainable. It is not produced regularly, and, because of the small number of units involved, many manufacturers are uninterested in custom free-licensed work. This is a problem that has dogged the efforts of Vivaldi, Jolla, Ubuntu, and many other efforts at free hardware. With the best will in the world, a compromise is often needed if there is to be product at all.

Moreover, after talking with Daniel Nelson of Design Shift and reading the updates on the crowdfunding campaign, I can only conclude that the ORWL design team is either skilled in deception, or, far more likely, share all of Rutkowska's idealism. In the choice of operating systems and bootup, as well as the promise to release as much of Design Shift's code as possible, the ORWL team shows every sign of trying to be as open as possible.

Even where compromise is necessary, ORWL's designers have attempted as much openness as possible. For example, further details about the microcontroller is available upon the signing of a Non-Disclosure Agreement with Maxim, although Nelson does suggest that what is revealed with the agreement might fall short of complete specifications. Nelson also mentions that for another twenty thousand dollars, Design Shift might be able to get additional information that would help to audit the micro-controller. Another possibility might be to have a custom microcontroller built.

Admittedly, exactly what code will be released and the license it will use is still undecided. However, at this point, it appears that not only is ORWL intended to be as free-licensed as possible, but that Design Shift is pushing to increase the freedom as much as possible. The company is perfectly aware that the current situation is not ideal, but is doing its best to improve things. By contrast, following the logic of Rutkowska and like-minded people would mean that ORWL would be scrapped altogether.

Had the Raspberry Pi held out for perfection, its entire sub-culture of do-it-yourself hobbyists would never have existed. In the same way, ORWL's release may help in its own small way to create a market for free-licensed hardware. And who knows? Maybe the second version will be more free than the first.

The point is, criticizing is easy when you are on the sidelines. Observers can and should criticize those who completely abandon all effort to live up to the standards of free-licenses, but the restrictions are undeniable. While the shortcomings should be noted, they are not a reason for condemning a less than perfect product before it even comes to market.

comments powered by Disqus