How the FSF Runs Using Nothing But Freedom-Respecting BIOS - Slashdot

Posted by EditorDavid

on Saturday July 16, 2022 @10:34AM from the Basic-Input-Output-System dept.

A senior systems administrator at the Free Software Foundation points out that they're running free software in two data centers and over a hundred virtual machine — each and every one with "a freedom-respecting BIOS."

But the "how" is surprisingly intricate:

[E]arlier this week, we replaced "Columbia", the last of any FSF-run machines running a nonfree BIOS....

At FSF, our current standard is ASUS KGPE-D16 motherboards with AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install Libreboot, the easy-to-install, 100% free software replacement for proprietary BIOS/boot programs, or a version of Coreboot that is carefully built to avoid including any nonfree blobs. They are fast enough for our needs, and we expect this to be the case for many more years to come. They are also very affordable systems. We are also working toward supporting Raptor Computer Systems' newer and more powerful Talos II, as well as Blackbird motherboards that use IBM POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit little endian," abbreviated "ppc64el...." The Raptor motherboards come with entirely free firmware — and even have free hardware designs!

However, this type of migration has its challenges. For example, the first thing we needed to address before using these motherboards is that the main operating system we use, Trisquel GNU/Linux, didn't previously run on pp64el. So, earlier this year, we set up a Raptor POWER9 computer running Debian (without using any nonfree parts of Debian repositories) and loaned it to the maintainers of Trisquel for as long as needed. And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9...!

Before I decommissioned Columbia, I ran a dmidecode, which told me that the BIOS program fit within a single megabyte of space. Often, very simplistic firmware becomes more complicated in later models, and that also usually means it has a growing significance for a user's software freedom. Some newer nonfree BIOSes have grown into operating systems in their own right, sometimes with large programs such as a full Web browser.

There is no fully-free BIOS available for x86 Intel and AMD CPUs released after about 2013. The key blocking factor is that those CPUs require certain firmware in the BIOS, like Intel Management Engine. Those CPUs will also refuse to run firmware that hasn't been cryptographically signed by private keys controlled by AMD and Intel, and AMD and Intel will only sign their own nonfree firmware. At the FSF, we refuse to run that nonfree firmware, and we applaud the many people who also avoid it. For those people who do run those Intel or AMD systems, running Coreboot or Osboot is still a step up the Freedom Ladder for the software freedom of your BIOS.

The road to freedom is a long road. We hope our dedication to achieve milestones like these can inspire the free software movement.