[HN Gopher] Open Source Firmware Conference
___________________________________________________________________
Open Source Firmware Conference
Author : pabs3
Score : 193 points
Date : 2023-10-22 04:21 UTC (1 days ago)
(HTM) web link (www.osfc.io)
(TXT) w3m dump (www.osfc.io)
| sargegood wrote:
| What's the point of this link? The conference has come and gone.
| Is there a way to view videos of talks or something?
| kqr2 wrote:
| Most likely the talks will be available soon via their archive:
|
| https://www.osfc.io/archive/2022/
|
| You can also view past talks.
|
| It also spreads awareness so people can attend the conference
| next year.
| snvzz wrote:
| Odd not to see opensbi there.
| bobse wrote:
| They all use proprietary conference hardware in the venue, right?
| Open source projector? Microphones? Audio systems?
| hutzlibu wrote:
| They probably also did not drive there with their open source
| cars. What exactly is your point?
| pierat wrote:
| It's a purity war that 'perfect' is the only thing that
| matters. The comment also has strong vibes of 'Mister Gotcha'
| from The Nib.
|
| https://thenib.com/mister-gotcha/
| atoav wrote:
| What is your point? Do you like to imply being involved with
| open source is hypocritical unless you are using it 100% of
| your life?
|
| That tells me more about _you_ than it does about them. You
| must walk through your life extremely carefully not to do
| things that are inconsistent with each other.
|
| If you rent a venue a lot of the tech needed for a conference
| is already going to be there -- and for such a conference they
| will not have a ton of choices. Secondly open hardware is not
| very established in the conference hardware space. The reason
| for that are multiple, but one has to do with the fact that
| most of the gear requires extremely specialized build chains or
| equipment and you'd have to compete with decades of R&D and
| optimized manufacturing processes.
|
| Your open source SM58 is going to be more expensive and less
| reliable unless you invest decades into it. To get out an okay
| microphone. Can you tell me why anybody should in your opinion
| be doing that in their spare time?
| necovek wrote:
| While I agree it's unavoidable to use non-open hardware,
| someone out there _should_ be investing in an open SM58: that
| is the only way for smaller shops to compete with the likes
| of Shure. Building together and ensuring no-paperweight-if-
| you-go-out-of-business will reassure some of your potential
| customers and speed up your development.
| atoav wrote:
| I am not against your idea. In the end the hardest parts
| are going to be automating the winding of the coil and
| creating/fixing the membrane.
|
| So maybe there is someone out there who enjoys going
| through a ton of prototypes to get something reliable out.
|
| But the issue I think this is going to have is how
| reproducable that is going to be for your followers. I
| think in open source there is a spectrum: one the one side
| you have things like most software or simple standard-parts
| open hardware projects. On the other side you have things
| like an open source marble statue, where you still need to
| bring all the knowledge of how to make the marble statue --
| draw a circle, draw the rest of the owl and all that.
|
| A microphone with complex coil winding and gluing a micron-
| thin membrane to a coil is going to be somewhere inbetween.
|
| What exists btw. are condensor mics, but there you need to
| buy the membrane-assembly yourself.
| Brian_K_White wrote:
| I think I must have been 3 or 4 years old when I fully got the
| concept that even 3 out of 10 is better than 0 out of 10, and
| worth doing. Then maybe somewhat later but still not recently
| when I got the similar concept that even if you need all 10
| components of a system before you get the payoff, you still
| have to build up the individual bricks one at a time if you
| ever even want a chance at maybe getting all 10.
|
| Even in a security context where on one hand it's true that the
| tiniest pinhole is all it takes, it's also true that there is
| no such thing a no pinholes, and yes, 80% coverage, even 10%
| coverage, is better than 0% coverage.
|
| It's a goal and an ideal not an absolute.
| squarefoot wrote:
| Priorities. You start with open chips and firmware, _then_ when
| you have them you push for their adoption in currently closed
| devices.
| _factor wrote:
| We may end up with a simple open source implementation
| surrounded by a number of paid upgrades.
| _joel wrote:
| Is that such a bad thing?
| worthless-trash wrote:
| I think thats what he was .. proposing. Its a step up
| from nothing with opensource firmware.
| necovek wrote:
| For a long time, GUADEC, Gnome User and Developer Conference,
| was supported for video recording by Collabora and other
| smaller free software companies which did the heavy lifting in
| Gstreamer too (a/v framework that's the base for GNOME apps).
| My apologies if I am misrepresenting who did what, maybe it was
| Igalia or another company: this was 15-20 years ago.
|
| How much of the actual video recording equipment was coming
| with free firmware -- probably none -- does not change the fact
| that these are people improving the situation rather than just
| accepting that the hardware you buy is at the mercy of the
| original vendor.
| BolexNOLA wrote:
| I work in video/audio production so a lot of my work ends up
| venn diagramming with events. Especially media
| projection/delivery at events. Sound systems, projectors, etc.
|
| When you organize a conference on a location, you are using
| what they have on site or at best your laptop is hooked in. You
| have way too much to worry about to bring all your own hardware
| and to build out the entire media infrastructure conference in
| a hotel or convention space or wherever you are holding the
| event. That's assuming you're even allowed to access the areas
| in systems that would allow you to implement your own!
|
| That is an unbelievably laborious task that is unreasonable to
| put on basically any group. At best weeks of work/installs on
| top of all the other massive logistic issues you're handling.
| If they have a Windows terminal for you to show your
| presentation, you're not going to rebuild everything from the
| ground up just so you can show some static images on open
| source software/machines. It's just not reasonable.
| spease wrote:
| Bold of you to assume they didn't just skip the need for
| firmware entirely and go with analog audio and an overhead
| projector with transparent slides.
| trinsic2 wrote:
| This looks more like a boot security event[0] rather than open
| firmware. Does anyone know of any other events that actually talk
| about open firmware implementations?
|
| [0]: https://www.osfc.io/archive/2022/
| bcantrill wrote:
| OSFC is not just boot security at all! For an example of past
| talks that do not hit on boot security at all, see (e.g.) [0]
| and [1].
|
| [0] https://www.osfc.io/2021/talks/on-hubris-and-humility-
| develo...
|
| [1] https://www.osfc.io/2022/talks/i-have-come-to-bury-the-
| bios-...
| trinsic2 wrote:
| I'm sorry, this looks more about securing the boot for
| embedded devices and not really related to user control of
| firmware and preventing closed source code that takes away
| freedom/spy's on the user. The program of day one is below:
|
| Main Room OSFC 2022 Opening Event
|
| Christian Walter , Philipp Deppenwiese Open firmware on your
| infrastructure, not only for hyperscalers.
|
| Erwan Velu Talk details: Open firmware on your
| infrastructure, not only for hyperscalers. Introduction to
| VBE - Verified Boot for Embedded
|
| Simon Glass Talk details: Introduction to VBE - Verified Boot
| for Embedded Tillitis Key - A USB security key inspired by
| measured boot and DICE
|
| Fredrik Stromberg , Sasko Simonovski , Michael 'MC' Cardell
| Widerkrantz The "Thing" Around Your System Firmware
|
| Christian Walter , Subrata Banik Talk details: The "Thing"
| Around Your System Firmware Protecting TPM Commands from
| Active Interposers
|
| Jordan Hand Talk details: Protecting TPM Commands from Active
| Interposers FirmwareBleed: The industry failures to adopt SMM
| mitigations introduced years ago
|
| Alex Matrosov , Philipp Deppenwiese Talk details:
| FirmwareBleed: The industry failures to adopt SMM mitigations
| introduced years ago I have come to bury the BIOS, not to
| open it: The need for holistic systems
|
| Bryan Cantrill Talk details: I have come to bury the BIOS,
| not to open it: The need for holistic systems Linux as a UEFI
| bootloader and kexecing windows
|
| Trammell Hudson Talk details: Linux as a UEFI bootloader and
| kexecing windows How Min Platform led to Max coreboot; a case
| study
|
| ronald g. minnich Talk details: How Min Platform led to Max
| coreboot; a case study
| bcantrill wrote:
| I'm not sure what exactly you're after, but much of
| firmware's responsibility _is_ system initialization -- to
| be interested in open source firmware but be disinterested
| in booting is to not understand firmware 's role in a
| system. And certainly there is nothing at OSFC about
| "preventing" closed firmware -- the only way to do that is
| to not purchase devices that have compute elements in them.
| (Good luck!)
|
| And finally, if there's something different you would like
| to see at OSFC, submit a talk for OSFC 2024!
| trinsic2 wrote:
| My understanding of open firmware is making sure that the
| booting process is accessible to the user. Securing the
| boot process from intruders is secondary to that. It
| appears that these talks are more about securing the boot
| process, rather than talking about how to make the boot
| process more accessible.
|
| Secondly, these events looks like their geared toward the
| private sector, rather than enthusiasts. Why would I want
| to invest my time in contributing to a problem that is
| already made worse by commercial endeavors that seem to
| want to take control away from the user?
| pgeorgi wrote:
| The OSFC is a direct outgrowth of the coreboot
| hackathons/conferences between 2014-2017, opening up to
| wider open source firmware topics. All the fun "how to
| open things up" subjects* have been talked to death in
| that community, so the conferences are now about
| questions like "how to improve on the state of the art in
| firmware?"
|
| * https://ecc2017.com/schedule-location has the list of
| 2017 with gems like: DDR3 on Sandy Bridge, reversing
| Mediatek MT8173, reversing x86 microcode.
|
| 2016, with video links: https://www.coreboot.org/Coreboot
| _conference_San_Francisco_2...
|
| 2014-2015 don't have video, I think.
| trinsic2 wrote:
| No disrespect intended, and you probably have good
| motives. I looked at those links and it still seems like
| the focus is on boot security, focused around ChromeOS.
| Regardless of whether or not the issue of "opening things
| up" has been talked to death in the coreboot/hackathon
| community (which sounds like a tactic to marginalize the
| enthusiast community), This is a critical topic right now
| for me, and i'm sure many others. Not everything is about
| providing security for embedded devices. I know this is
| an important topic for the commercial sector, but this
| push toward more security in the boot process seems more
| about locking people out of customizing their systems
| instead of providing security. IMHO, that is a terrible
| path to take if it becomes a standard for all computing,
| which many things seem to be heading in that direction.
| kfreds wrote:
| > This is a critical topic right now for me
|
| The people and projects surrounding the OSFC has been
| working tirelessly for many years on changing things for
| the better. I can personally attest to the fact that the
| people involved are incredibly passionate about open
| source firmware.
|
| Making firmware open source benefits vendors AND users.
| It serves commercial interests AND software freedom.
| trinsic2 wrote:
| I'm noticing keywords like "tirelessly" "open source
| firmware" being used over and over without actually
| saying anything. Lots of generic terms, instead of being
| specific about what you mean.
|
| I don't mean to nitpick, but people that actually care
| about the future of technology and want to make things
| better usually talk in specific terms rather than
| throwing out unspecific terminology.
| bcantrill wrote:
| "Tirelessly" is apt in this case. Please educate yourself
| about this community in general, and this conference in
| particular -- which I believe to be one of the best in
| tech: technically interesting, grounded in reality,
| relevant problems, terrific hallway track, supportive
| community, reasonable price!
| pgeorgi wrote:
| I've been dealing with silicon vendors (Intel, AMD, some
| ARM implementers, a couple of other folks) on the subject
| of open source firmware (as in: GPLv2) for 15 years (as
| in: tirelessly). I've been arguing against locked boot
| processes behind the scenes and in public (e.g.
| https://patrick.georgi.family/2015/02/17/intel-boot-
| guard/). I held talks at coreboot conferences, even
| though I despise the spotlight.
|
| That said: 15 years of activity is a lot of work to
| unpack in "specific terms", so "unspecified terminology"
| that still provides a rough overview it is.
| pgeorgi wrote:
| No disrespect intended, but somehow you seem to expect
| others to solve your problems.
|
| If you want to see talks about that "critical topic right
| now for" you, or even work done in that area, the surest
| way to get that is to put in the effort yourself.
|
| Maybe the shout-out on this platform encourages somebody
| (e.g. you?) to present on the subject next year - that
| would be a win in my book.
| wmf wrote:
| Open source firmware is mostly funded by hyperscalers;
| the consumer side (Purism/System76/Dasharo) is a small
| sideshow in comparison (for now). Ultimately open source
| firmware _is_ less locked-down than proprietary firmware
| and the way to encourage more openness in the future is
| to buy open source firmware now. Is there any specific
| feature you want?
| kfreds wrote:
| The OSFC is a great event with a friendly community. I highly
| recommend it to anyone interested in open source firmware.
|
| I'm beyond impressed with the hard work and passion of its
| participants. Many of them have worked tirelessly for years on
| advancing the state of open source firmware in the industry. Some
| of them have been at it for decades.
|
| Everyone I've spoken with at the event clearly recognize how
| critical open source firmware is to ensuring platform
| reliability, resiliency and user control.
| distract8901 wrote:
| Open source firmware for _what_ though?
|
| I'm gonna assume this is PC firmware based on the list of
| players, but I haven't been able to find any conclusive
| information on the website.
|
| Super annoying when groups like this use an _extremely_ generic
| term for something very specific and just assume the entire world
| knows what they mean.
| kfreds wrote:
| > Open source firmware for what though?
|
| The conference's scope is open source firmware in general, as
| implied by its name.
|
| > I'm gonna assume this is PC firmware based on the list of
| players, but I haven't been able to find any conclusive
| information on the website.
|
| The landing page lists ARM as one of the sponsors. The same
| page also features a list of projects that are represented at
| the conference. Quotes from their landing pages follow:
|
| - coreboot is ... on modern computers and _embedded systems_.
|
| - Trusted Firmware provides a reference implementation of
| secure software for _Armv8-A, Armv9-A and Armv8-M_.
|
| - The OpenBMC project is a Linux Foundation project whose goal
| is to produce a customizable, open-source firmware stack for
| _Baseboard Management Controllers_ (BMCs).
|
| - "oreboot for ARM", "oreboot for _RISC-V_ HiFive Unleashed "
|
| - Welcome to TianoCore, the community supporting an open source
| implementation of the Unified Extensible Firmware Interface
| (UEFI).
|
| - u-bmc is a Linux OS dist ... tailor made for _baseboard
| management controllers_.
|
| - U-Boot mentions on their landing page too many architectures
| and vendors to list here, but here's a few: _ARC, M68K, MIPS,
| Xtensa_.
| dromtrund wrote:
| Odd not to see Zephyr mentioned at all, it's got way more
| activity than most (all?) of the projects listed, and many of
| the sponsors are actively involved.
| awsation wrote:
| Noticed a workshop about that during the last day. Would be
| great if the conference material gets posted for reference,
| slides, recordings, anyone know if that's the case ?
___________________________________________________________________
(page generated 2023-10-23 09:01 UTC)