04-12-2020, 09:48 AM
How puritanical do you want to get? If you look hard enough there's always something that's not open. A bit of web searching will give you the details about various interpretations of open hardware, but the general idea it that it should make available everything you need to buy the commodity materials and build it yourself. It doesn't necessarily require that the commodity bits are 'open' though - the arduino is generally considered pretty open, but the FTDI and AVR chips on it are anything but, and you'll probably have a hard time proving whether the ones you bought are genuine or fake, or what they're doing internally.
Anything with legal radio transmitters in will almost certainly be partly closed. Pretty much every country on the planet has regulatory requirements around radio transmission, and the regulators generally don't like the idea of anyone altering transmission characteristics, so they tend to require that end users don't get to mess with any software that's built in to radio devices. Not long back the FCC were seriously considering forcing wifi device manufacturers to lock the bootloaders to prevent things like openwrt being possible. Another problem is that the radio communications standards are usually full of patented stuff and trade secrets with multiple layers of licensing and non-disclosure terms. Then there's the problem of manufacturers who won't even talk to you unless you're ordering in the tens of thousands of parts. Most of them seem not to care about open source.
The radio parts are probably what the reddit post was talking about - closed radio modules with closed firmware. For the rest of the PinePhone we have schematics and source, but not gerbers or design files for the PCB, or solid models for any parts but the back cover. People have grumbled about GPL-violating stuff from Allwinner, but that's not being used. Instead the reverse engineered open code from Sunxi is used in both the uboot bootloader and the linux kernel. The only blob used so far as I'm aware is the firmware for the BT/WiFi device which is pretty much inevitable for the reasons above.
Secure hardware is another matter. We know we can't trust the radio modules, so we communicate with them over connections with limited capabilities (no memory access!) and have some control over their power supply via hardware switches. The reddit user is correct about lack of verified boot as I pointed out before, and lack of a TPM or similar. Note that several TPMs have subsequently been found not to be trustworthy because of bugs.
Is the PinePhone fully open? No, although I don't think it's been claimed to be. It's not quite as open as the Openmoko GTA01 or GTA02, or Goldendelico's GTA04, but it's not far off. Openmoko were using a near-obsolete radio chipset from Texas Instruments, and that still had closed firmware and an NDA that meant they couldn't release that bit of the schematic. The Atheros WiFi module had its closed firmware on a ROM which made the FSF happy, but meant we couldn't update it when the inevitable bugs were found. IIRC the GTA04 used a modem module similar to the Quectel on the PinePhone.
Is it more or less secure than hardware from Google? Depends on your threat model, and who you trust. Google have verified boot, but they've also got a tightly integrated radio solution from Qualcom that may well have direct access to memory, and we really don't know what's in the part with the TPM functionality. On some of the Chromebooks the equivalent sits on the CPU's JTAG lines IIRC.
[url=https://linux-sunxi.org/A64][/url]
Anything with legal radio transmitters in will almost certainly be partly closed. Pretty much every country on the planet has regulatory requirements around radio transmission, and the regulators generally don't like the idea of anyone altering transmission characteristics, so they tend to require that end users don't get to mess with any software that's built in to radio devices. Not long back the FCC were seriously considering forcing wifi device manufacturers to lock the bootloaders to prevent things like openwrt being possible. Another problem is that the radio communications standards are usually full of patented stuff and trade secrets with multiple layers of licensing and non-disclosure terms. Then there's the problem of manufacturers who won't even talk to you unless you're ordering in the tens of thousands of parts. Most of them seem not to care about open source.
The radio parts are probably what the reddit post was talking about - closed radio modules with closed firmware. For the rest of the PinePhone we have schematics and source, but not gerbers or design files for the PCB, or solid models for any parts but the back cover. People have grumbled about GPL-violating stuff from Allwinner, but that's not being used. Instead the reverse engineered open code from Sunxi is used in both the uboot bootloader and the linux kernel. The only blob used so far as I'm aware is the firmware for the BT/WiFi device which is pretty much inevitable for the reasons above.
Secure hardware is another matter. We know we can't trust the radio modules, so we communicate with them over connections with limited capabilities (no memory access!) and have some control over their power supply via hardware switches. The reddit user is correct about lack of verified boot as I pointed out before, and lack of a TPM or similar. Note that several TPMs have subsequently been found not to be trustworthy because of bugs.
Is the PinePhone fully open? No, although I don't think it's been claimed to be. It's not quite as open as the Openmoko GTA01 or GTA02, or Goldendelico's GTA04, but it's not far off. Openmoko were using a near-obsolete radio chipset from Texas Instruments, and that still had closed firmware and an NDA that meant they couldn't release that bit of the schematic. The Atheros WiFi module had its closed firmware on a ROM which made the FSF happy, but meant we couldn't update it when the inevitable bugs were found. IIRC the GTA04 used a modem module similar to the Quectel on the PinePhone.
Is it more or less secure than hardware from Google? Depends on your threat model, and who you trust. Google have verified boot, but they've also got a tightly integrated radio solution from Qualcom that may well have direct access to memory, and we really don't know what's in the part with the TPM functionality. On some of the Chromebooks the equivalent sits on the CPU's JTAG lines IIRC.
[url=https://linux-sunxi.org/A64][/url]