09-13-2019, 03:20 PM
(This post was last modified: 09-13-2019, 03:37 PM by Der Geist der Maschine.
Edit Reason: Added another point about adaptability.
)
Open source is a prerequisite for trust. Some people want to trust their device.
Having the boot rom's documented source code available is the first level of trust. From time to time people add new features and implicitly go over the source code. This process builds more trust over time.
The problem is the hardware. You can never really trust it. Undocumented controllers or, as z4v4l pointed out, the controller firmware in general, or the hardware circuitry programmed by (even open source) firmware.
Another point: open source let's you adapt source code to your needs. Here and there I need to do this because upstream is not reacting to bug reports and provided patches. This is also true for the boot firmware. In the case of Rockchip, it's a design mistake to provide boot-rom and not boot-spi flash.
PS: When it comes to trusting software, one should also be aware of Ken Thompson's Turing Award lecture Reflections on Trusting Trust https://www.archive.ece.cmu.edu/~ganger/...ompson.pdf
Having the boot rom's documented source code available is the first level of trust. From time to time people add new features and implicitly go over the source code. This process builds more trust over time.
The problem is the hardware. You can never really trust it. Undocumented controllers or, as z4v4l pointed out, the controller firmware in general, or the hardware circuitry programmed by (even open source) firmware.
Another point: open source let's you adapt source code to your needs. Here and there I need to do this because upstream is not reacting to bug reports and provided patches. This is also true for the boot firmware. In the case of Rockchip, it's a design mistake to provide boot-rom and not boot-spi flash.
PS: When it comes to trusting software, one should also be aware of Ken Thompson's Turing Award lecture Reflections on Trusting Trust https://www.archive.ece.cmu.edu/~ganger/...ompson.pdf