This definition would generally bar you from using phone modems, Wifi cards, and GPUs. With some exceptions, their CPUs have nothing to run without external help, so they are forced to load and run arbitrary code to even be operational.
Replacing a memory chip would not do anything because those aren't used.
The artificial constraint is either that the code (firmware) is closed, or both closed and signed.
Otherwise, I like the criterion a lot. It's a decent distinction between what's "software" and "hardware".
Another blurry line is devices that come with a memory chip where their program code is loaded, but they later need to have a patch loaded by the OS each time (like Intel microcode). Yet another uncertainty depends on how we define root access. If we take it to mean "I have the last word", then Intel/AMD and some ARM CPUs don't qualify, as they have deep, manufacturer-signed-only modes.
> This definition would generally bar you from using phone modems, Wifi cards, and GPUs. With some exceptions, their CPUs have nothing to run without external help, so they are forced to load and run arbitrary code to even be operational.
Although I personally don't always consider this to be a hard reason not to use hardware, yes, I am indeed quite grumpy about the fact that most of my systems contain parts that I don't control. As to practical fallout, it varies by impact and options; since AFAIK I can't buy a modem that doesn't use binary blobs, I just factor it into my threat model with mitigations where reasonable (thankfully, not all phones expose all of main memory to the modem) and move on, but where there are reasonable options (yes, that's weasel-worded; I haven't yet switched to POWER because I don't want to pay 10x for my machines) I use them, for instance when I buy a phone I filter by whether it has an unlockable bootloader.
> The artificial constraint is either that the code (firmware) is closed, or both closed and signed.
> This definition would generally bar you from using phone modems
Back in the days when I used phone modems (USR Courier and Sportster) I actually flashed a cool custom firmware developed by an enthusiast hacker and there seemed to be no measures deployed to stop me from doing so.
IIRC at least USR Courier had Intel 80186 which was a full-fledged x86 CPU making the modem a real computer indeed.
Replacing a memory chip would not do anything because those aren't used.
The artificial constraint is either that the code (firmware) is closed, or both closed and signed.
Otherwise, I like the criterion a lot. It's a decent distinction between what's "software" and "hardware".
Another blurry line is devices that come with a memory chip where their program code is loaded, but they later need to have a patch loaded by the OS each time (like Intel microcode). Yet another uncertainty depends on how we define root access. If we take it to mean "I have the last word", then Intel/AMD and some ARM CPUs don't qualify, as they have deep, manufacturer-signed-only modes.