Dasharo Certification Program and privacy-respecting implementation

[pietrushnic]

The problem you're addressing (if any)

One of Dasharo values is privacy-respecting implementation. It may sound like big words, but in this issue I would like to explore and discus it and narrow down what it means practically for open-source firmware distribution.

Describe the solution you'd like

• Minimization of data collection: The firmware should only collect the minimum necessary data for its proper functioning, and avoid collecting or storing any unnecessary personal or sensitive information. Sometimes collecting information may be necessary (e.g. bug reports, hardware compatibility list) and in community interest, but we should always make it anonymous and by default opt-in. In some cases contributors may decide to choose attribution regarding provided that and we would like to give users liberty of doing that.
• Minimal TCB and "sane configuration by default" (OpenBSD) to mitigate potential privacy leaks by reducing the attack surface and implementing reasonable default settings in a computing system.
  • Removing or disabling unnecessary features, services, or components that could introduce vulnerabilities or be exploited by attackers. Some users may decide those by default (e.g. DTS mass initial depolyment) - in such cases we should consider providing such mechanism with note that it lower security and may lead to leaks.
  • Modularization and isolation (enclaves, vms etc.) for sensitive operations.
• Transparency: For devices covered by Dasharo Community Support code and design should be open-source, allowing users and developers to understand how the firmware works and assess its privacy and security implications. This transparency helps identify and fix potential vulnerabilities or privacy issues. For Dasharo Support Package design may be agreed directly with customers, but code is open. In Dasharo Enterprise Package both design and code may be closed, but with respect to the license.
• User control: The firmware should provide users with control over their devices, including the ability to deactivate or disable components that could pose privacy risks (such as Intel ME or AMD PSP). This control enables users to protect their privacy by limiting the potential for unauthorized access or surveillance. Of course the limit of user control is current state of technology. Dasharo should always provide most recent methods. Dasharo Team should lobby and advocate for opt-in mechanism and limiting impact of all binary blobs in firmware as well as in toolchain.
• Fimware updates: Privacy-respecting firmware should address new security vulnerabilities or privacy concerns, ensuring that users have access to the latest, state-of-the-art protections.