Is TURRIS applying for RYF certification?


#1

3 Questions:

One, does the TURRIS MOX and/or Omina have any proprietary blobs, firmware, etc,
Basically is it free software?

Two, is its hardware, libre?
Are you trying to get RYF certification from gnu/fsf?


#2

Both have proprietary blobs for 5GHz wifi card. If you pull that one out then it should contaion only non-proprietary software. In MOX there is one additional thing, there is a secure firmware that locks our crypto keys in CPU. This firmware is open-source but without our key nobody can build new version. It is only way how we can ensure security of private keys generated on device.

Hardware it self id not libre. Both CPU and switch chip do not have public datasheets and we don’t have right to releasing them. Unfortunately this is tradeoff between powerfull feature full device and libre hardware.
That also answers your third question.


#3

Thanks for you answer. :slight_smile:


#4

Is there any more detail available on the crypto in the CPU? Will loading custom firmware still be possible?


#5

You should be able to use any Linux distribution with new enough kernel and supported architecture. You can also load your own u-boot.

If you are asking me if there is possibility to load custom firmware to crypto coprocessor then answer is no. Allowing that would give anyone tool to read keys stored in CPU. There is a key that is used to identify genuine Mox board to our systems. Allowing anyone to read it would compromise data collection system. That is reason why you can’t load custom firmware there.


#6

Thanks for the answer.

I was unaware of the crypto module having it’s own firmware. This was not clear from your original post that it is a subsystem used specifically to identify devices to your systems.