Leandro Cunha <leandrocunha016@gmail.com> writes: > Hi, > > On Mon, Apr 18, 2022 at 9:28 PM Steve McIntyre <steve@einval.com> wrote: >> >> TL;DR: firmware support in Debian sucks, and we need to change this. See the >> "My preference, and rationale" Section below. >> >> In my opinion, the way we deal with (non-free) firmware in Debian is a mess, >> and this is hurting many of our users daily. For a long time we've been >> pretending that supporting and including (non-free) firmware on Debian systems >> is not necessary. We don't want to have to provide (non-free) firmware to our >> users, and in an ideal world we wouldn't need to. However, it's very clearly no >> longer a sensible path when trying to support lots of common current hardware. >> >> Background - why has (non-free) firmware become an issue? >> ========================================================= >> >> Firmware is the low-level software that's designed to make hardware devices >> work. Firmware is tightly coupled to the hardware, exposing its features, >> providing higher-level functionality and interfaces for other software to use. >> For a variety of reasons, it's typically not Free Software. >> >> For Debian's purposes, we typically separate firmware from software by >> considering where the code executes (does it run on a separate processor? Is it >> visible to the host OS?) but it can be difficult to define a single reliable >> dividing line here. Consider the Intel/AMD CPU microcode packages, or the >> U-Boot firmware packages as examples. >> >> In times past, all necessary firmware would normally be included directly in >> devices / expansion cards by their vendors. Over time, however, it has become >> more and more attractive (and therefore more common) for device manufacturers >> to not include complete firmware on all devices. Instead, some devices just >> embed a very simple set of firmware that allows for upload of a more complete >> firmware "blob" into memory. Device drivers are then expected to provide that >> blob during device initialisation. > > I'm from the group that defends Debian current position on this and I > like to install only what the machine needs to work and I use free > firmware on my machine for the wireless network card for example. I > don't see it as a mess, but it's organized by separating what's free > from what's not. The question of identifying what firmware my machine > needs, this for me is easy and it was just a question I had to learn > in the beginning many years ago. It is a problem for some and not for > all. There is the unofficial installer that solves this problem by > installing only what the user's machine needs without the user doing > it himself. I understand the urge to insist upon absolute DFSG purity in the media we produce, but when it comes to wanting to avoid every last shred of data that we could not regenerate ourselves, I think we crossed that line some time ago. I'm thinking of shim-signed, which is included in our official media. Despite being free software in source form, it is signed by Microsoft, and can only be expected to work with that signature ... which we cannot create. On most (all?) hardware one is able to avoid UEFI secure-boot, so won't need to use shim-signed, but I'd imagine that some hardware insists on secure-boot, or the opt-outs are somehow broken and so is not usable without shim-signed. This seems rather similar to the situation with non-free-firmware, which many people can avoid the need for it, but without it some people find our software useless on the hardware they have. Is the presence of shim-signed on the install media enough to make people feel somehow contaminated? If not, is the problem having other blobs of data on the media that we also cannot generate, or is it the licensing of that data, or something else? Does it make any difference that the data in question will not be read into memory, or copied onto the target system, unless one opts-in to using it? Anyway, thanks to Steve for starting the discussion. Cheers, Phil. P.S. I think that having some (often unused) data on the media that allows people to install our software when they'd otherwise fail is more important than absolute purity in this case. I do not think there is an increased risk of non-free contamination here. If it ensures that fewer people abandon Debian out of frustration with the install then I'd suggest that it will actually result in less non-free software being used overall, as will having the option to enable only non-free-firmware without also enabling non-free. Oh, and I've been a DD for over 25 years, have been a contributor to the installer for quite a lot of that, so I'd hope that at some point during that time I must have succeeded in doing the add-firmware dance, if only for testing, but wouldn't dream of relying on that as my real install method, or recommending it to a newbie. Frankly, it makes me wince every time I have to respond with a confusing answer to the "What do I need to install Debian?" question, so hopefully we can do better in future. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature