-
Notifications
You must be signed in to change notification settings - Fork 412
LVFS Community Meeting 2022 01 28
To be held at 1700 GMT on Friday 28th January 2022.
It is insanity to throw a perfectly working machine into landfill just because it’s considered EOL by the original hardware vendor and no longer receiving security updates. If we can help provide alternate firmware, these machines provide inexpensive access for education and employment for those otherwise unable to afford devices.
- Richard to give 5 minute introduction on the problem space (no slides)
- Open discussion, but please raise your hand if you want to speak! If it's the first time you've spoken in the meeting, please give a 10 second introduction: Really just name, and the reason you're here.
Lets try BigBlueButton first, if that fails we’ll move to Zoom or Google Meet instead. I’ll update this wiki page if BBB is unusable and we’re using something else. The joining URL is https://meet.gnome.org/ric-8f2-vdl-upe with access code 204454
I’m not intending this to be terribly formal, so they’ll be no chairman, secretary, motions and all that stuff; It’s designed to be fun.
We are using Chatham House Rule: This means you can discuss in public all the things that we talked about in the meeting, but you can’t mention about who said it or even hint at the employer they work for. If you join the meeting, then you agreed to this; the meeting is also not recorded for this reason. If you’re unsure what this means, ask Richard for advice before you post stuff to social media.
Also, a reminder. As we’re using the GNOME BigBlueButton instance, the GNOME Code of Conduct is in effect. This means you have to be friendly, empathetic, respectful, considerate, patient and generous. Also please try to be concise!
- https://gitlab.com/fwupd/lvfs-website/-/merge_requests/1207
- https://github.com/fwupd/fwupd/pull/4216
- https://lists.linuxfoundation.org/mailman/listinfo/lvfs-general
(Many thanks to Ian Oliver for help with the notes, feel free to expand or add – it’s a wiki after-all...)
A few dozen people, the points discussed:
- The legality and ethics of installing new firmware onto EOL devices, eg: putting coreboot on a Lenovo laptop/Chromebook/router etc. Who becomes responsible if something goes wrong, warranties, DMCA and take-down notices, who supports this etc?
- How to redistribute microcode and ACMs? The latter having a much more restrictive license.
- Maybe we could update the ME firmware as well? Or neuter if with MECleaner if no update was available and critical security weaknesses were present.
- The LVFS' work to provide trust through a transparency log of firmware updates
- One participant posted a link to this video: https://www.youtube.com/watch?v=wCI6YYLdJm4 on UEFI
- Coreboot and uboot, tow-boot (for Arm)
- Supply-chain security briefly discussed
- TPM firmware and attestation