The issues are systemic because they exist at the foundational level of computing, affecting all users who rely on proprietary BIOS/UEFI systems. These aren’t isolated cases, they’re widespread vulnerabilities, as documented by experts in the field. Below are recent revelations highlighting the gravity of these vulnerabilities:

AMI AptioV: Vulnerability allowing command injection via local network misuse: https://www.cisa.gov/news-events/bulletins/sb23-261#:~:text=Windows Themes Remote Code Execution,version of the respective

Dell Client BIOS: Time-of-check Time-of-use (TOCTOU) vulnerability: https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability#:~:text=Article Number%3A 000212817 DSA,Article Properties Rate This Article

Intel BIOS Firmware: Vulnerabilities potentially allowing privilege escalation, information disclosure, or denial of service: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html#:~:text=Potential security vulnerabilities in the,37343

Major BIOS Vulnerabilities: 23 vulnerabilities impacting various vendors including Intel and Lenovo​: https://www.tomshardware.com/news/enterprise-oem-vunerabilities#:~:text=23 Major BIOS Vulnerabilities Discovered%2C,2027%2C 14nm by 2030

Intel’s New BIOS Vulnerabilities: 16 vulnerabilities allowing Denial of Service and Escalation of Privilege​: https://www.tomshardware.com/news/intel-lists-16-new-bios-vunerabilities#:~:text=,Service and Escalation of Privilege

The front page of Change.org showcases various successful campaigns.

You don’t need to be an expert in firmware development to recognize the systemic issues at play here. Understanding the problem doesn’t require a deep technical background.

Wish there was an alternative to change… they force a subscription to their shit every time you sign

Right now, it’s the best tool we have for large-scale impact. I apologize for any inconvenience you might experience due to their subscription model.

This whole “project” is the very definition of a solution in search of a problem.

You’re more than welcome to flash whatever bin you want to put together. No one is stopping you. If you want these companies proprietary apis you’re kidding yourself.

The goal isn’t merely to flash custom binaries; it’s about creating a computing environment where that sort of freedom is a given, not an exception reserved for those in the know.

A victory in making BIOS/UEFI open and free could set a precedent that influences other realms of hardware and software, including the smartphone bootloaders you mentioned. It’s a step towards a more comprehensive shift in how we approach user freedom across devices.

Challenges from corporate and state players are real, but that’s all the more reason to push for change. Sure, it’s a tall order given the interests you’ve mentioned, but if we don’t speak up, who will? Advocacy starts somewhere, and it’s initiatives like this petition that can at least get the ball rolling.

While I appreciate that some components are open-source, the goal here is broader—ensuring BIOS/UEFI is not just open-source but entirely free and open in an ethical sense. This aims for complete transparency, verifiability, and user freedom, beyond what current licenses like BSD-2-Clause-Patent allow. The proprietary forks and lack of transparency you mentioned actually reinforce the need for a fully free BIOS/UEFI. Your points are well taken but highlight that there’s still work to be done to achieve full user freedom.

So what is the issue with this project https://libreboot.org/ ? maybe instead demanding change, supporting alternatives is a better option

Libreboot is a great project, but its strict commitment to minimal blobs can limit compatibility. While the broader open BIOS/UEFI discussion often aims for a balance between freedom and compatibility, my advocacy is focused on pushing for a fully free and open BIOS to empower users to the greatest extent possible.

Edit: In fact, Leah Rowe, the creator of Libreboot, just signed the petition.

[Duplicate comment]

With a free and open framework and the right security measures, we can address these issues over time and build a unified BIOS that empowers users while maintaining security standards. This initiative aims to create a more transparent and user-controlled tech ecosystem, recognizing that security through obscurity is not the solution.

GlaBIOS does all you need.

While GlaBIOS is a positive initiative, the goal of open and user-controlled BIOS/UEFI requires a broader ecosystem of solutions. It’s about offering multiple choices for users who value transparency and control over their hardware.

System76 is a great choice for a laptop! It might seem like a small step, but collectively, these actions can make a difference and encourage better practices in the tech industry.

Exactly, manufacturers do play a big role in hardware configurations, and customization is often needed. Affordability is a big factor for most customers, and open devices can be expensive. Intel ME being proprietary is still a concern, even when disabled. Your support for making open BIOS/UEFI accessible to a wider audience is important. It’s about giving everyone the choice to control their devices.

Libreboot is available for some devices, but this petition aims to make free BIOS accessible to a wider range of people. Your support can help make this happen! 👍