The OSFC is a great event with a friendly community. I highly recommend it to anyone interested in open source firmware.
I'm beyond impressed with the hard work and passion of its participants. Many of them have worked tirelessly for years on advancing the state of open source firmware in the industry. Some of them have been at it for decades.
Everyone I've spoken with at the event clearly recognize how critical open source firmware is to ensuring platform reliability, resiliency and user control.
The conference's scope is open source firmware in general, as implied by its name.
> I'm gonna assume this is PC firmware based on the list of players, but I haven't been able to find any conclusive information on the website.
The landing page lists ARM as one of the sponsors. The same page also features a list of projects that are represented at the conference. Quotes from their landing pages follow:
- coreboot is ... on modern computers and embedded systems.
- Trusted Firmware provides a reference implementation of secure software for Armv8-A, Armv9-A and Armv8-M.
- The OpenBMC project is a Linux Foundation project whose goal is to produce a customizable, open-source firmware stack for Baseboard Management Controllers (BMCs).
- "oreboot for ARM", "oreboot for RISC-V HiFive Unleashed"
- Welcome to TianoCore, the community supporting an open source implementation of the Unified Extensible Firmware Interface (UEFI).
- u-bmc is a Linux OS dist ... tailor made for baseboard management controllers.
- U-Boot mentions on their landing page too many architectures and vendors to list here, but here's a few: ARC, M68K, MIPS, Xtensa.
Odd not to see Zephyr mentioned at all, it's got way more activity than most (all?) of the projects listed, and many of the sponsors are actively involved.
Noticed a workshop about that during the last day. Would be great if the conference material gets posted for reference, slides, recordings, anyone know if that's the case ?
This looks more like a boot security event[0] rather than open firmware. Does anyone know of any other events that actually talk about open firmware implementations?
I'm sorry, this looks more about securing the boot for embedded devices and not really related to user control of firmware and preventing closed source code that takes away freedom/spy's on the user. The program of day one is below:
Main Room
OSFC 2022 Opening Event
Christian Walter , Philipp Deppenwiese
Open firmware on your infrastructure, not only for hyperscalers.
Erwan Velu
Talk details: Open firmware on your infrastructure, not only for hyperscalers.
Introduction to VBE - Verified Boot for Embedded
Simon Glass
Talk details: Introduction to VBE - Verified Boot for Embedded
Tillitis Key - A USB security key inspired by measured boot and DICE
Fredrik Stromberg , Sasko Simonovski , Michael 'MC' Cardell Widerkrantz
The “Thing” Around Your System Firmware
Christian Walter , Subrata Banik
Talk details: The “Thing” Around Your System Firmware
Protecting TPM Commands from Active Interposers
Jordan Hand
Talk details: Protecting TPM Commands from Active Interposers
FirmwareBleed: The industry failures to adopt SMM mitigations introduced years ago
Alex Matrosov , Philipp Deppenwiese
Talk details: FirmwareBleed: The industry failures to adopt SMM mitigations introduced years ago
I have come to bury the BIOS, not to open it: The need for holistic systems
Bryan Cantrill
Talk details: I have come to bury the BIOS, not to open it: The need for holistic systems
Linux as a UEFI bootloader and kexecing windows
Trammell Hudson
Talk details: Linux as a UEFI bootloader and kexecing windows
How Min Platform led to Max coreboot; a case study
ronald g. minnich
Talk details: How Min Platform led to Max coreboot; a case study
I'm not sure what exactly you're after, but much of firmware's responsibility is system initialization -- to be interested in open source firmware but be disinterested in booting is to not understand firmware's role in a system. And certainly there is nothing at OSFC about "preventing" closed firmware -- the only way to do that is to not purchase devices that have compute elements in them. (Good luck!)
And finally, if there's something different you would like to see at OSFC, submit a talk for OSFC 2024!
My understanding of open firmware is making sure that the booting process is accessible to the user. Securing the boot process from intruders is secondary to that. It appears that these talks are more about securing the boot process, rather than talking about how to make the boot process more accessible.
Secondly, these events looks like their geared toward the private sector, rather than enthusiasts. Why would I want to invest my time in contributing to a problem that is already made worse by commercial endeavors that seem to want to take control away from the user?
The OSFC is a direct outgrowth of the coreboot hackathons/conferences between 2014-2017, opening up to wider open source firmware topics. All the fun "how to open things up" subjects* have been talked to death in that community, so the conferences are now about questions like "how to improve on the state of the art in firmware?"
* https://ecc2017.com/schedule-location has the list of 2017 with gems like: DDR3 on Sandy Bridge, reversing Mediatek MT8173, reversing x86 microcode.
No disrespect intended, and you probably have good motives. I looked at those links and it still seems like the focus is on boot security, focused around ChromeOS. Regardless of whether or not the issue of "opening things up" has been talked to death in the coreboot/hackathon community (which sounds like a tactic to marginalize the enthusiast community), This is a critical topic right now for me, and i'm sure many others. Not everything is about providing security for embedded devices. I know this is an important topic for the commercial sector, but this push toward more security in the boot process seems more about locking people out of customizing their systems instead of providing security. IMHO, that is a terrible path to take if it becomes a standard for all computing, which many things seem to be heading in that direction.
No disrespect intended, but somehow you seem to expect others to solve your problems.
If you want to see talks about that "critical topic right now for" you, or even work done in that area, the surest way to get that is to put in the effort yourself.
Maybe the shout-out on this platform encourages somebody (e.g. you?) to present on the subject next year - that would be a win in my book.
The people and projects surrounding the OSFC has been working tirelessly for many years on changing things for the better. I can personally attest to the fact that the people involved are incredibly passionate about open source firmware.
Making firmware open source benefits vendors AND users. It serves commercial interests AND software freedom.
I'm noticing keywords like "tirelessly" "open source firmware" being used over and over without actually saying anything. Lots of generic terms, instead of being specific about what you mean.
I don't mean to nitpick, but people that actually care about the future of technology and want to make things better usually talk in specific terms rather than throwing out unspecific terminology.
"Tirelessly" is apt in this case. Please educate yourself about this community in general, and this conference in particular -- which I believe to be one of the best in tech: technically interesting, grounded in reality, relevant problems, terrific hallway track, supportive community, reasonable price!
I've been dealing with silicon vendors (Intel, AMD, some ARM implementers, a couple of other folks) on the subject of open source firmware (as in: GPLv2) for 15 years (as in: tirelessly). I've been arguing against locked boot processes behind the scenes and in public (e.g. https://patrick.georgi.family/2015/02/17/intel-boot-guard/). I held talks at coreboot conferences, even though I despise the spotlight.
That said: 15 years of activity is a lot of work to unpack in "specific terms", so "unspecified terminology" that still provides a rough overview it is.
> That said: 15 years of activity is a lot of work to unpack in "specific terms", so "unspecified terminology" that still provides a rough overview it is.
How about list of open firmware(preferably consumer grade, big corps can get it anyway) that you helped or developed?
And if it is so good, why more and more hardware needs closed firmware?
The relevant firmware project to answer here is coreboot: My contributions range from technical contributions (see git log, ~3.5% of commits are mine, as poor a benchmark as that is) to support in our forums to documentation to behind-the-scenes work that keeps the community together or pushes back against even more blobs.
As for "why more and more hardware needs closed firmware": In 2005, which PC started from open source firmware, outside select data center deployments?
Go watch Ron talks at this conference and Open Compute project. He and others have done an amazing to make sure its possible in the first place to use open fireware. And you know what, its not just 'technical' it has to do with politics and community.
If you want something 'specific' then I would point you to the Open Compute Project that has now basically mandated that certified servers allow consumers to install alternative fireware. That required a lot of effort and lobbying.
At the same time creating a community of users and vendors that enable new platforms before they are even released. Go look at the coreboot git to see this work.
The lobbying of the community has lead to AMD next generation boot firmware, OpenSil to be open source. Again, this didn't come out of no-where.
Open source firmware is mostly funded by hyperscalers; the consumer side (Purism/System76/Dasharo) is a small sideshow in comparison (for now). Ultimately open source firmware is less locked-down than proprietary firmware and the way to encourage more openness in the future is to buy open source firmware now. Is there any specific feature you want?
I think I must have been 3 or 4 years old when I fully got the concept that even 3 out of 10 is better than 0 out of 10, and worth doing. Then maybe somewhat later but still not recently when I got the similar concept that even if you need all 10 components of a system before you get the payoff, you still have to build up the individual bricks one at a time if you ever even want a chance at maybe getting all 10.
Even in a security context where on one hand it's true that the tiniest pinhole is all it takes, it's also true that there is no such thing a no pinholes, and yes, 80% coverage, even 10% coverage, is better than 0% coverage.
I work in video/audio production so a lot of my work ends up venn diagramming with events. Especially media projection/delivery at events. Sound systems, projectors, etc.
When you organize a conference on a location, you are using what they have on site or at best your laptop is hooked in. You have way too much to worry about to bring all your own hardware and to build out the entire media infrastructure conference in a hotel or convention space or wherever you are holding the event. That’s assuming you’re even allowed to access the areas in systems that would allow you to implement your own!
That is an unbelievably laborious task that is unreasonable to put on basically any group. At best weeks of work/installs on top of all the other massive logistic issues you’re handling. If they have a Windows terminal for you to show your presentation, you’re not going to rebuild everything from the ground up just so you can show some static images on open source software/machines. It’s just not reasonable.
What is your point? Do you like to imply being involved with open source is hypocritical unless you are using it 100% of your life?
That tells me more about you than it does about them. You must walk through your life extremely carefully not to do things that are inconsistent with each other.
If you rent a venue a lot of the tech needed for a conference is already going to be there — and for such a conference they will not have a ton of choices. Secondly open hardware is not very established in the conference hardware space. The reason for that are multiple, but one has to do with the fact that most of the gear requires extremely specialized build chains or equipment and you'd have to compete with decades of R&D and optimized manufacturing processes.
Your open source SM58 is going to be more expensive and less reliable unless you invest decades into it. To get out an okay microphone. Can you tell me why anybody should in your opinion be doing that in their spare time?
While I agree it's unavoidable to use non-open hardware, someone out there should be investing in an open SM58: that is the only way for smaller shops to compete with the likes of Shure. Building together and ensuring no-paperweight-if-you-go-out-of-business will reassure some of your potential customers and speed up your development.
I am not against your idea. In the end the hardest parts are going to be automating the winding of the coil and creating/fixing the membrane.
So maybe there is someone out there who enjoys going through a ton of prototypes to get something reliable out.
But the issue I think this is going to have is how reproducable that is going to be for your followers. I think in open source there is a spectrum: one the one side you have things like most software or simple standard-parts open hardware projects. On the other side you have things like an open source marble statue, where you still need to bring all the knowledge of how to make the marble statue — draw a circle, draw the rest of the owl and all that.
A microphone with complex coil winding and gluing a micron-thin membrane to a coil is going to be somewhere inbetween.
What exists btw. are condensor mics, but there you need to buy the membrane-assembly yourself.
For a long time, GUADEC, Gnome User and Developer Conference, was supported for video recording by Collabora and other smaller free software companies which did the heavy lifting in Gstreamer too (a/v framework that's the base for GNOME apps). My apologies if I am misrepresenting who did what, maybe it was Igalia or another company: this was 15-20 years ago.
How much of the actual video recording equipment was coming with free firmware — probably none — does not change the fact that these are people improving the situation rather than just accepting that the hardware you buy is at the mercy of the original vendor.
I'm beyond impressed with the hard work and passion of its participants. Many of them have worked tirelessly for years on advancing the state of open source firmware in the industry. Some of them have been at it for decades.
Everyone I've spoken with at the event clearly recognize how critical open source firmware is to ensuring platform reliability, resiliency and user control.