Which firmware in common laptops

Albert Dengg albert at fsfe.org
Mon Mar 2 14:30:18 UTC 2015

On Mon, Mar 02, 2015 at 02:26:02PM +0100, Paul van der Vlis wrote:
> Op 02-03-15 om 12:05 schreef Albert Dengg:
> > hi,
> > On Mon, Mar 02, 2015 at 11:24:39AM +0100, Simon Josefsson wrote:
> >> Paul van der Vlis <paul-kzJ6NpsJWJiWrUy98/Atqw at public.gmane.org> writes:
> > ...
> >>> What do I forget?
> > well depending on what counts:
> > 
> > * (web) camera
> I did mention a webcam.
> > * in most case the touchpad i think
> I did mention that.a
sorry i overlooked it...
> > * the display itself most likly conatins firmware
> Hmm... Correct!
> > in shourt:
> > most "high level" hardware parts (e.g. entities normally considered
> > as on funktional item) conatin firmware of sorts, and unfortunatly
> > most of it is non-free (and in some cases it might not be possible
> > to replace them, as some pieces of hardware are probably not
> > designed with uprading firmware in mind).
> I am most interested in the devices what have replaceable firmware.
> Because somebody could do bad things with it, like they did with the
> firmware of harddisks.
> It would be nice if it would be possible to make a list of all parts of
> the hardware what have upgradeable firmware. Not sure that's possible...
personnaly i would also seperate "upgradeable" into two katagories:
* doable at runtime (either dynamic loading from userspace or by
  beeing able to write to it while the system is running)
* upradable by using an external programmer or replacing the storage

the first group poses the most imidieate problem for the user, as it
is (relativly) easy for an attacker as soon as he has temporary
controll over the computer. the latter is of course also intressting
for people willing to invest time into developing truely free
The security problem in closed, non changeable firmware is of course
also there, however i regard it in the same class as malicious
hardware design by itself, see for example clipper chip).

as for the list:
it would also be helpfull to list every component that has been
considered, but deemed not to contain firmware relevant for the
list, as this makes it possible to judge hardware not directly
listed whithout having to assume that everything that is not listed
is harmless (which is a problem, as systems change all the time).

thx for bringing up the subject.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20150302/4f0b0b12/attachment.sig>

More information about the Discussion mailing list