Re: [Tails-dev] A suggestion regarding the kernel that Tails…

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: nixuser
CC: tails-dev
Sujet: Re: [Tails-dev] A suggestion regarding the kernel that Tails uses
Hi,

nixuser@??? wrote (05 May 2015 16:40:43 GMT) :
> Apparently Tails uses the version of Linux that contains proprietary
> binary blobs.


Technically, for the curious: we use Debian's Linux kernel (that is
fully free), and install binary firmware from non-free on top of that.
Of course the end-result is the same as what you state.

> Tails developers must have thought that getting Tails to boot up on
> as many kinds of hardware as possible is important.


That's correct.

> And Tails is a distribution that claims it focueses on security and
> privacy, not on hardware compatilibity.


That Tails focuses on security+privacy at the expense of usability
(which hardware compatibility is a part of) is a common belief, but
it's not correct. See the "2.1.4 Portability", "2.1.5 Target user" and
"2.1.7 Summary" sections on our specification and design document:
https://tails.boum.org/contribute/design/

The thing is, if Tails doesn't work out-of-the-box on the computer(s)
they have available, most potential users will simply use something
else, that will 1. just work ("thanks" to the inclusion of binary
firmware); and 2. be less safe in the vast majority of
real-world cases.

Also, you'll want to take into account that most hardware that doesn't
require proprietary firmware to be injected into it at runtime is
simply embedding such proprietary firmware, often in a read-only
manner. Not only this arguably doesn't provide much more security than
injecting proprietary firmware at runtime, and it prevents hardware
vendors from fixing (potentially security-relevant) bugs in the
firmware once it's been shipped to users.

> So I would suggest that Tails developers would do one of the
> following:


Thanks for proposing several ways out! :)

> 1. Get rid of the kernel that contains binary blobs and replace it
>    with a one that doesn't contain them.


I can't imagine how this can happen without a huge popular backlash
from users for whom Tails suddenly stops working correctly.

> 2. Make it clear that Tails indeed isn't completely made up of free
>    software on your website.


Yes, I agree we should definitely do that. I hope that I've provided
enough background information above so that our doc writers can make
something nice happen. BitingBird, I bet you'll be on it and start by
filing a ticket?

Note that some past brainstorming about this topic has brought other
solutions:

3. Ask the user before loading non-free firmware. It's probably quite
doable to do so for most kinds of hardware, except graphics
adapters and CPU (those need their firmware to be loaded very early
in the boot process). There's probably a nice user story to be
found about it, possibly at first boot time -- I have a few ideas,
but all of them have drawbacks in a way or another.
Anyone interested in looking into this problem, please file
a research ticket on Redmine and ask me to create a blueprint where
it can be worked on.

Cheers,
--
intrigeri