Not optimal, but not controversial. These features are necessary to mainstream Linux-based laptops (especially),

AMD, better hope it's leak proof and not a huge security vulnerability to be exploited.

No, I can see why it would be controversial. We're long past the point where it should be obvious that signed firmware doesn't stop any determined hacker from infiltrating a system. There's numerous examples where this is the case, my favorite being the recent Switch hack presentation from 3C. The only thing it stops is the legitimate clients from exercising control over repairs, including fixing hardware configuration bugs that occur far too often to bother listing.

In the past, if there were a sub-optimal or even buggy ACPI table for a piece of hardware, you could "simply" substitute out the problematic entries for good ones. Course, the opposite can be true as well. You can royally screw up a system by naively altering ACPI values. OpenBSD, for an example, has its own ACPI tables that aren't provided by Intel (and it's known to cause problems on some systems - I have an old laptop that immediately shuts down after OpenBSD's kernel boot due to a bad ACPI table, but works fine with Linux). But the point is, it's impossible to fix anything without legal access to the configuration settings, which this system effectively locks away from the supposed owners of the hardware for no good reason other than to enforce OEM secrecy over things that probably shouldn't be secret to begin with.

The controversy isn't that it's 'necessary to mainstream Linux-based laptops'. The controversy is that the locked down signing is not necessary at all to have a functional system. It's an unnecessary external limitation of control, especially since the push is towards having more open and auditable hardware, firmware, and software stacks so people can at least be aware of any risks they're taking, if they can't be easily fixed. Let's face it, sometimes there's no feasible repairs possible, only remediation/mitigation/isolation, yet better the devil you know...

Edit to add: While signed firmware and executables outside of the end user's control won't stop a determined attacker, code signing in general (with user consent and control) may stop lesser skilled or determined hackers, therefore it shouldn't be totally discarded as a security layer. What makes it actually useful is the ability to revoke and reissue signatures in the event of compromise. AMD having the sole signing authority to do this means this isn't about security (because you can't depend on AMD to properly revoke and reissue keys into the indefinite future) but about usurping user control.

Lots of binary blobs and other crap.

I hate this!

bridgman Why????

Michael

Typo

"for thosei nterested" should probably be "for those interested"

Oooooo the poster child for Open Source drivers turns out to be a capitalist after all? Who saw that coming?

Another closed-source crap?
Fuck you AMD!
Linus should seriously start rejecting all this garbage!

I fully agree!

But Microsoft is a platinum Linux Foundation sponsor these days. Money corrupts everything

They merged the Trojan's Horse with 6.1 kernel.

AMD is simply providing exactly what the OEM's want. A way to differentiate themselves without having to rely on a custom SKU just for them. No different than what many of the NVidia OEM's were doing with the reference designs. Unlike Intel, AMD doesn't have the capacity to create and fab several hundred perturbations of their reference Zen's, so they simply will let the OEM's control the feature set.