Re: Meltdown / Spectre

[Mark H Weaver]

Marius Bakke <address@hidden> writes:

> Katherine Cox-Buday <address@hidden> writes:
>
>> Chris Marusich <address@hidden> writes:
>>
>>> Leo Famulari <address@hidden> writes:
>>
>>> I wonder: how easy will it be to install those firmware/microcode
>>> updates if you are using GuixSD? In particular, I'm curious about the
>>> case of the Lenovo x200 with libreboot, since that's what I use
>>> personally.
>>
>> I am also interested -- more from a philisophical perspective -- how
>> GuixSD and GNU squares with these kinds of security updates.
>
> In my opinion, CPU microcode falls under "non-functional data", as
> expressly permitted by the GNU FSDG.

I strongly disagree.  CPU microcode is absolutely functional data.
It determines how the CPU functions.

> It is not required for the processor to function, it is merely *a
> posteriori* data that the CPU can use to fix erratic behaviour.

Microcode *is* required for the processor to function.  Upgrading it is
optional, because the CPU contains a copy of the microcode in its ROM,
but that doesn't change the fact that the microcode is required.

By the same argument that you presented here, any proprietary software
(e.g. a BIOS) would be considered optional and therefore non-functional
data as long as an older copy of that software is included in the
hardware of the machine.

       Mark