1. 25

  2. 16

    Whereas most OS’ include proprietary, closed source drivers, OpenBSD does not, by default. Closed source drivers can’t be audited, thus forming an unknown attack vector. It might be bug-ridden, vulnerable, unfree licensed, etcetera. Of course, for your convenience, if you would like to go down the rabbit hole, there is fw_update.

    That sounds a bit confused.

    Many devices are just dead bricks of silicon without firmware (a small embedded OS) than runs on the device. So unless you run the firmware, you have bought a brick.

    fw_update(1) installs the hardware vendor’s non-free firmware (running on the device) to make the device operate so that drivers (running in the kernel, and always free in OpenBSD’s case) can use the device.

    1. 11

      And to add on to this, fw_update is only needed in cases where OpenBSD is unable to include the firmware in the base install because redistribution is prohibited. Other (including closed source) firmware can already be found in a clean install in /etc/firmware.

      1. 1

        What does redistribution mean in this case? What makes downloading it in an arbitrary tarball from ftp.openbsd.org not okay, but downloading it in an arbitrary tarball from firmware.openbsd.org okay?

        1. 2

          In some cases redistribution is ok. The line is really more about stuff on the ftp server is free (to modify, etc.) and the firmware stuff is not. There’s also only one firmware server. It’s not mirrored. So for some of the files that are in a bit of a grey area, mirrors aren’t exposed to any risk.

          1. 1

            There are firmware mirrors (round robin dns) but indeed they’re separate from the ftp mirrors.

      2. 4

        I think the distinction is between drivers and firmware? OpenBSD does not ship driver blobs (which run on the main CPU), but does allow you to update firmwares (which run on the device).

        1. 2

          fw_update does not update drivers. The author’s comments implied they believed it does.