I can’t remember where I read this but I saw somewhere that open firmware is forbidden in things like cellular modems because it might be abused to disrupt communications. I think that’s bullshite, though.
In theory, yes, you could make a mess, and any firmware is supposed to be certified to allow the device to be used.
In practice, this has been a convenient excuse to keep a whole chip with a separate OS in every smartphone, and it is very difficult to isolate from the rest of the system (see Graphene OS efforts).
I say all firmware should be opensource. Whether you’re allowed to change them or not is a separate question… for now.
In additional to the other comment, I think there’s also a traditional fear of corruption in open source. If the code is public then malicious parties are free to read and take advantage of holes in the security. Secondly it would be possible to contribute code with secret functionality that goes unnoticed. These are fairly easily debunked but seem to remain in people’s heads.
Ugh I hate these arguments about giving bad actors easier access. Bad actors are going to figure out flaws and security holes whether it’s open source or not. Security through obfuscation is a temporary measure and having more eyes on the source means more chances for good actors to find flaws and publicize them for fixes.
I can’t remember where I read this but I saw somewhere that open firmware is forbidden in things like cellular modems because it might be abused to disrupt communications. I think that’s bullshite, though.
In theory, yes, you could make a mess, and any firmware is supposed to be certified to allow the device to be used.
In practice, this has been a convenient excuse to keep a whole chip with a separate OS in every smartphone, and it is very difficult to isolate from the rest of the system (see Graphene OS efforts).
I say all firmware should be opensource. Whether you’re allowed to change them or not is a separate question… for now.
How would open source software be used to disrupt communications? What am I not understanding here?
In additional to the other comment, I think there’s also a traditional fear of corruption in open source. If the code is public then malicious parties are free to read and take advantage of holes in the security. Secondly it would be possible to contribute code with secret functionality that goes unnoticed. These are fairly easily debunked but seem to remain in people’s heads.
Ugh I hate these arguments about giving bad actors easier access. Bad actors are going to figure out flaws and security holes whether it’s open source or not. Security through obfuscation is a temporary measure and having more eyes on the source means more chances for good actors to find flaws and publicize them for fixes.