Closing in on fully free BIOSes with the FSF tech team
Editorial note: This article was updated on August 8, 2022 to correct some historical details.
I work on the Free Software Foundation (FSF) tech team. With just three people, we maintain the software and hardware infrastructure for GNU and FSF, and virtual machines for several other important free software projects. We run our own hardware, not relying on any so-called "cloud" services. And we run free software in all possible ways. That includes fifteen servers in two data centers and in our Boston office, over a hundred virtual machines, and ten workstations and laptops, all running GNU/Linux. Every one of those has a freedom-respecting BIOS, but that wasn't always the case...
A move to freedom
The BIOS is a computer's Basic Input/Output System, which initializes the hardware enough so that it can be passed off to another program like a bootloader. The FSF turned its free BIOS advocacy into an official Free BIOS campaign in 2005. Now, for some history of the BIOS used in FSF-run computers: When FSF was started in 1985, some computers had free BIOS programs. In commodity computers which were becoming popular, the BIOS program was unchangeable by the user, burned into chip at the factory. As we talk about later in this article, that didn't impinge on user's software freedom.
Later, user-replaceable nonfree BIOS became standard in widely available computers, which did take away user's freedom. While technically the FSF could have stayed with machines that had either nonprogrammable BIOS or even older ones with free programmable BIOS, the various escalating costs and limitations of using and maintaining them were deemed too high, such that they would have severely undermined the rest of the FSF's work for free software. It was a rare sacrifice FSF made in order to carry out its operations.
I joined the FSF in 2017. By 2018, the last FSF-run nonfree BIOS were in a few servers which we had mostly stopped using. The relatively small FSF tech team takes on a lot, and because we have so much on our plate, plans like these can sometimes take longer than expected to complete. But finally, earlier this week, we replaced Columbia, the last of any FSF-run machines running a nonfree BIOS. That server had been deployed to an MIT data center in 2009. We are continuing our hard work to make sure that there continue to be options for servers with free BIOS, for the FSF and everyone else to use.
Ethical issues raised in BIOS
In leading the way to freedom, we consider the ethical boundaries of free software, and conversations around free BIOS bring up those boundaries. As we wrote in 2005, for the launch of our Free BIOS campaign:
The ethical issues of free software arise because users obtain programs and install them in computers; they don't really apply to hidden embedded computers, or the BIOS burned in a ROM, or the microcode inside a processor chip, or the firmware that is wired into a processor in an I/O device. In aspects that relate to their design, those things are software; but as regards copying and modification, they may as well be hardware. The BIOS in ROM was, indeed, not a problem.
Since that time, the situation has changed. Today, the BIOS is no longer burned in ROM; it is stored in nonvolatile writable memory that users can rewrite. Today, the BIOS sits square on the edge of the line. It comes prewritten in our computers, and normally we never install another. So far, that is just barely enough to excuse treating it as hardware. But once in a while the manufacturer suggests installing another BIOS, which is available only as an executable. This, clearly, is installing a nonfree program--it is just as bad as installing Microsoft Windows, or Adobe Photoshop. As the unethical practice of installing another BIOS executable becomes common, the version delivered inside the computer starts to raise an ethical problem issue as well.
The way to solve the problem is to run a free BIOS.
Developing a free replacement for a program is the only good reason to run that nonfree program. But if you are not developing a free replacement and none is available, then you are at the subject of the developer's unjust power over any future changes to the software. When considering compromises, the free software philosophy advises judging software (and other things) on "citizen values," that is, a judgment based on whether or not it respects users' freedom and community, rather than a judgment based on convenience. Then people will not be baited by an attractive, convenient feature and fall into the trap of a proprietary program.
The servers FSF uses
At FSF, our current standard is ASUS KGPE-D16 motherboards with AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install Libreboot, the easy-to-install, 100% free software replacement for proprietary BIOS/boot programs, or a version of Coreboot that is carefully built to avoid including any nonfree blobs. They are fast enough for our needs, and we expect this to be the case for many more years to come. They are also very affordable systems. We are also working toward supporting Raptor Computer Systems' newer and more powerful Talos II, as well as Blackbird motherboards that use IBM POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit little endian," abbreviated "ppc64el." (Note, the "el" instead of "le" is a reference to the definition of little endian, which is similar to letters written in reverse order.) The Raptor motherboards come with entirely free firmware -- and even have free hardware designs!
However, this type of migration has its challenges. For example, the first thing we needed to address before using these motherboards is that the main operating system we use, Trisquel GNU/Linux, didn't previously run on pp64el. So, earlier this year, we set up a Raptor POWER9 computer running Debian (without using any nonfree parts of Debian repositories) and loaned it to the maintainers of Trisquel for as long as needed. And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9! So far, all the packages we use on servers have Trisquel 11 ppc64el packages built and ready to use. Desktop packages and installation ISOs are still in progress, but we usually install servers using debootstrap, so we've already started installing Trisquel 11.
How BIOSes have changed since 2009
Before I decommissioned Columbia, I ran a dmidecode, which told me that the BIOS program fit within a single megabyte of space. Often, very simplistic firmware becomes more complicated in later models, and that also usually means it has a growing significance for a user's software freedom. Some newer nonfree BIOSes have grown into operating systems in their own right, sometimes with large programs such as a full Web browser.
There is no fully-free BIOS available for x86 Intel and AMD CPUs released after about 2013. The key blocking factor is that those CPUs require certain firmware in the BIOS, like Intel Management Engine. Those CPUs will also refuse to run firmware that hasn't been cryptographically signed by private keys controlled by AMD and Intel, and AMD and Intel will only sign their own nonfree firmware. At the FSF, we refuse to run that nonfree firmware, and we applaud the many people who also avoid it. For those people who do run those Intel or AMD systems, running Coreboot or Osboot is still a step up the Freedom Ladder for the software freedom of your BIOS.
The road to freedom is a long road. We hope our dedication to achieve milestones like these can inspire the free software movement. Our work is enabled by the support of individual donors and associate members. In these final days of our spring fundraiser, you can help us stretch even further than we thought possible so that we may have an even greater impact.
Your contribution matters
The FSF tech team, of course, is proud to be moving to a freer system, and we realize that we cannot make it possible without your support. From purchasing the necessary hardware to maintaining everyday operations, financial contributions help us go the full-mile to freedom. Whether they be in the form of your time, by developing or documenting a free program or by helping spread the word, or with your donation (of which there are many ways to donate), I want to thank you again for your commitment, and your contributions to software freedom.
Image Copyright © 2022 Free Software Foundation, Inc., licensed under Creative Commons Attribution 4.0 International license.