Is hardware the black hole of computing ?

Part I : a descent into the abyss

Lukas
Lukas
Sep 6, 2018 · 11 min read
An illustration of a black hole, used as a metaphor for today’s hardware, alongside dazzling points of lights, which can be associated to free and open source software. (© Alain r, CC BY-SA 2.5)


Introduction

Let’s face it, amid revelations of hardware-level vulnerabilities such as Meltdown and Spectre, deploying software in today’s world looks a lot like shooting stars next to a black hole: very entertaining and deeply unsustainable. Why? Because computer hardware is sick. The layer on top of which every information system on earth is built is flawed, perhaps beyond salvation. Are we doomed? No, some glimpses of hope can be seen on the horizon: it may even be a good time to wage a fight to take the power back at the most fundamental level, and to start building a truly open information ecosystem, from top to bottom. Shall we ?


There is more than what meets the eye. (The earth is adapted from © Hawk-Eye, CC BY-SA 3.0; The Tux mascot was made by © Larry Ewing and GIMP; the rest is in Public Domain)

Could you please draw me a computer?

A computing device is usually made from three distinct elements:

  1. The firmware: it is a read-only file-system which acts as an intermediary between the hardware and the software layer. It is often located on the motherboard itself. It can be modified under certain conditions, but not as easily as the software, hence the suffix “firm”. Computer parts such as solid state drives (SSDs) are also equipped with firmwares. Examples: The Unified Extensible Firmware Interface (UEFI); the Basic Input/Output System (BIOS), which the UEFI supersedes.
  2. The software: it is the operating system that ultimately manages the hardware and allocates resources to other software, so they can work properly. The software part of a computer can be modified and reprogrammed easily, hence the term “soft”. Example: Linux; Windows; macOS.
The (U)EFI in the stack. In this article, we conflate the firmware and the (U)EFI. This schema is more prevalent among the x86 computer architecture than in the ARM ecosystem which is more fragmented and diverse. (Public Domain)
Not a smart watch, just good ol’ plain hardware.(Public Domain)

Fairytales in software Wonderland

In an ideal situation, when you buy a computer or a smartphone, it would run a free operating system with complete and transparent control over the hardware. It would be complete in the sense that no hardware components could escape the authority of the operating system; it would be transparent in the sense that the operating system could explore processes and devices attached to it, down to the firmware level. For the software to be able to truly control the hardware and the firmware, those elements would need to be open too, in order to be scrutinized and eventually trusted.

This ghost is going to hit you with its stick for the foreseeable future. (Public Domain)

Spoiler alert: what you buy is not what you get

In today’s world, the situation is grim, at the exact opposite of the ideal scenario just described: hardware has gone wild. Computing devices have grown into full-blown deceiving machines, and are ridden with silicon-level bugs as illustrated by the ongoing Meltdown and Spectre fiascoes. Is that really surprising?

Rings of death

A traditional operating system has several protection rings, with various levels of privilege. The kernel’s code or processes are being executed in Ring 0, the most privileged ring of all. User applications, such as internet browsers and word processors, run in Ring 3, and are the least privileged. Device drivers, such as your graphic card driver, require a deeper access to the hardware, and therefore are located in-between, in Ring 2 and Ring 1.

As many rings as you want. (© Hertzsprung at English Wikipedia, GFDL, CC-BY-SA-3.0)

Going down the rabbit hole

You have probably guessed it by now, but the so-called lurking and closed operating systems that were mentioned before are running below the Ring 0 and even -1, with higher privileges than the kernel and the hypervisor. We have already named one of these operating system or kernel: it is the Unified Extensible Firmware Interface (UEFI). What does it do? It is responsible for initializing and checking the hardware at boot-time so it can be used by your surface-level operating system. Among other things, the UEFI runs at Ring -2, has network capabilities and can run full blown applications, including the legacy BIOS, the EFI version of GNU GRand Unified Bootloader (GRUB), and of course malware that will persist across operating system re-installation, while remaining invisible to every antivirus software available on the market. Some of its code is hardware-dependent and varies from one machine to another and some of it isn’t, but almost everything is closed-source, with notable exceptions that we will cover in the second part of this article. Although we have found the first operating system: there is 1½ kernels to go.

A computer inside your computer

Let’s go back in time. In the early nineties, Andrew Tannenbaum — Linus Torvalds’ former computer science professor — had an argument over operating system design with his former pupil. Professor Tannenbaum was advocating for microkernel design, while Linus was defending a monolithic design. Linus remained unconvinced and continued the development of Linux — then only 1 year old — and it later became the most popular monolithic operating system in the world. However, has Tannenbaum and his microkernel-based approach really lost the battle? Without the unsolicited help of Intel, it would certainly have been the case…

Your typical intel-based x86 computer illustrated, or as many rings as you don’t want. In an ideal world, the kernel would be running at with the highest privileges, actually owning the hardware. But it appears that we are not living in the best possible world. In red, at the center of the platform, at the hearth of your computer, you will stumble across closed-source code.
Meet Rocky Raccoon, MINIX’s mascot, lurking in your Intel computer since 2008. (MINIX, CC BY-SA 4.0)
The IT industry-wide problem illustrated. Privileges given to any layer of the platform stack are inversely proportional to the layer’s openness. Hardware is as closed as it is privileged. As a result, any hardware bug has trickle-down effects, and therefore will affect the entire ecosystem, for years to come… Humanity is building a stronghold on top of moving sands.

How did we get here?

Until now, we have described some of the problems that exist in hardware today, and we have focused our attention on the x86 architecture. But what put us in this situation? Let’s list a few of the usual suspects:

  • The technical debt associated to the backward-compatible x86 architecture, which dates from the late 70s
  • The almost irreducible difficulty associated with designing and shipping your own silicon, and the cost associated with it
  • The suspected overall mediocre quality of the software code written by hardware manufactures and Original Equipment Manufacturers (OEM)
  • The lack of technical documentation available (and when available, its legal protections) which make it unnecessarily difficult to study or modify any of the code below the surface-level operating system
  • The ongoing miniaturization process, which allows more components to be embedded in a platform without the user’s knowledge
  • The weak customer demand for an open computing platform
  • The difficulty of patching exploit-ridden firmware
A personal view on computer hardware aptly illustrated. (Public Domain)

Hardware : the root of the problem

During the last decade, large amounts of software code has been freed or released under open source licenses. What was once the exception is becoming the rule. Although much remains to be done at the software-level, it is critical to direct some of our efforts to free the hardware, including the firmware, so we can be assured that the foundations on top of which we build software infrastructures are trustworthy enough to sustain increasingly critical workloads. Any open society which relies on information systems to function requires open computing.

Linagora Engineering

We are Open Source Engineers, Hacking Awesome Stuff

Thanks to Raphaël Ouazana

Lukas

Written by

Lukas

Just another free software zealot @linagora

Linagora Engineering

We are Open Source Engineers, Hacking Awesome Stuff

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade