
Introducing Project Mu - ductionist
https://blogs.windows.com/buildingapps/2018/12/19/%e2%80%afintroducing-project-mu/
======
AceJohnny2
What is "Firmware as a Service" ?

In my mind, firmware is the low-level software that's embedded in a device,
and is both hard to change and unlikely to need to change, because it provides
utility foundational to using your hardware. How do you turn that into a
service?

Edit: apparently I can't read because it was right in there: _" Firmware as a
Service optimizes UEFI and other system firmware for timely quality patches
that keep firmware up to date and enables efficient development of post-launch
features."_ So basically, take the limitations I mentioned and get rid of
them.

~~~
geofft
"As a service" in this context means the mental model / delivery pipeline is
more like subscribing to a service than purchasing individual software. I'm
sure this makes more sense to Microsoft folks; open-source folks are more
likely to call it "continuous deployment" or "living at HEAD" or something.
They compare it to Windows-as-a-service, the idea that you run the current
version of Windows, not the version you paid for and future updates involve
change control and procurement and other bureaucracy.

Firmware does change and often has security vulnerabilities, so you do need to
be keeping it up to date the way you keep your OS up to date. Among other
things, it includes processor microcode / errata fixes like some of the
Spectre, Meltdown, etc. mitigations. It would be nice if we lived in a world
where this doesn't need to change, but it does, and thankfully it is firmware
and not hardware.

~~~
ddispaltro
I hate to admit that I just realized the hard -> firm -> soft ware analogy.

~~~
teddyh
_Hardware met Software on the road to Changtse. Software said: “You are yin
and I am yang. If we travel together we will become famous and earn vast
amounts of money.” And so they set forth together, thinking to conquer the
world._

 _Presently they met Firmware, who was dressed in tattered rags and hobbled
along propped on a thorny stick. Firmware said to them: “The Tao lies beyond
yin and yang. It is silent and still as a pool of water._

 _It does not seek fame, therefore nobody knows its presence. It does not seek
fortune, for it is complete within itself. It exists beyond space and time.”_

 _Hardware and Software, ashamed, returned to their homes._

— _The Tao of Programming_ , Geoffrey James, 1987

~~~
disqard
That made my morning! Thank you for sharing.

------
pretendgeneer
Not to be too anti-microsoft. But this seems like they're bringing the EUFI
into windows, therefor allowing them in the future to make it harder than it
already is(or eventually impossible) to actually get into the EUFI to install
a competing OS.

I admit I'm decently "tin-foil hat" about microsoft, but every new laptop I've
bought over the last 10 years have been progressively harder to get into
UEFI/BIOS to remove windows and install a new OS.

~~~
amiga-workbench
Ubuntu runs on Windows now, why would you ever need to leave ;)

~~~
solarengineer
Embrace, extend, extinguish.

I am one of those wary of Microsoft. The current CEO was around during the
Halloween Diaries. Even if he is well meaning, he is just an employee who can
be replaced any day at the whim of large shareholders like Ballmer and Gates
who consider Linux to be a virus.

~~~
nindalf
> Embrace, extend, extinguish.

It's disappointing that literally anything that Microsoft does has this same
comment right on top. Does it add anything to the discussion? We've all seen
this comment at least a thousand times in the last 15 years. You haven't even
taken the trouble to chalk out a plausible path for embracing and extending.
Forget that, you haven't mentioned _who_ they're embracing and extinguishing.
At this point it's just repeating a tired meme for the sake of karma.

Not calling you out in particular, but here are other tired HN memes that can
be reliably milked for karma

* If you're not paying, you're not the consumer, you're the product.

* It can be difficult to explain to something to someone when their job depends on not understanding it

* Joel Spolsky's article on rewrites

~~~
solarengineer
The various responses to my "embrace, extend, extinguish" got me thinking
about why I continue to be apprehensive about Microsoft. Perhaps it is because
of my experiences with Microsoft and their dirty ways. They have a history of
screwing the user over.

A bit of a rant/recall follows: I had lost content to a doublespace bug and
was asked to pay for drive space via an MS DOS upgrade to 6.22, I have seen
how Microsoft encouraged piracy in schools and colleges in India, how they
have used FUD to suppress open source education and adoption efforts in the
government and education spaces. I also recollect all the dirty stuff around
Frontpage "extensions", IE extensions + IE's excessively forgiving tendencies
to HTML violations and incorrectness, how MS took spyglass software and did
bad things with it. Later, the Haloween Documents showed how MS said one thing
in public and plotted another thing in private. They were Gurus of scheming
behaviour. Then there was the Microsoft Windows tax, where you had to pay the
Windows license fee even if you planned to run Linux on your computer. I also
had to struggle with the MS Java, J++ rubbish. Microsoft used to do such bad
things so deliberately. I also recall bad things around UEFI, around making it
difficult for Linux distros to dual boot on laptops (which got resolved
later).

Recollecting all of the above doesn't make it easy for me just to accept that
with some code releases and PR announcements, MS would have turned over a new
leaf.

People behave as they are measured. Satya Nadella is changing the public image
of Microsoft, and even walking the talk. I learned just now on Wikipedia that
he tripled MS stock, and that anonymous polls within MS have called him the
best CEO of a US company. I am not an MS employee, so I won't know if he has
managed to change the internal cultural tendency of being insincere and
vicious (see above for examples).

I'm just apprehensive that at the end of the day, he is just an employee.
Employees can get fired anytime, overruled anytime.

Perhaps I am being unfair to MS and Satya Nadella, and to all those MS
employees who are giving their best. To them all - I apologise for my ill
will.

~~~
pjmlp
Except many seem to praise Google for doing similar stuff, but hey "Do no
evil", so they are on the clear.

~~~
pizzazzaro
Uhm, google removed that "dont be evil" motto from anywhere and everywhere in
their website.

------
molticrystal
In the "Introducing Project Mu" blog post it says "The Microsoft Devices Team
is excited to announce Project Mu, the open-source release of the Unified
Extensible Firmware Interface (UEFI) core leveraged by Microsoft products
including both Surface and the latest releases of Hyper-V."

And I saw in one of the tickets for Virtualbox [1] that:

 _You go VM-entry, execute guest, VM-exit. Cooperatively. Unfortunately MS
launches Hyper-V at boot time as a service and keeps a hold of the VT-x,
regardless of use or not_

and

 _This is a problem with Hyper-V being too aggressive and not releasing VT-x
once it 's got a hold of it. VMWare and VirtualBox for example can not only
coexist, but they can run concurrently. Not so with Hyper-V._

So does that mean that we can finally have virtualbox/vmware when hyper-v is
enabled but not in use, or do they have to open up more in order to get this
fixed?

I am afraid that may be the case as the only thing I saw in my first quick
glance was VTd(directed io) code[2] and in a quick glance in other
repositories I saw VMCALL but I haven't found VMXON yet, so maybe it is a step
in the right direction.

[1]
[https://www.virtualbox.org/ticket/16801](https://www.virtualbox.org/ticket/16801)

[2]
[https://github.com/Microsoft/mu_silicon_intel_tiano/tree/rel...](https://github.com/Microsoft/mu_silicon_intel_tiano/tree/release/201808/IntelSiliconPkg/Feature/VTd)

~~~
floatboth
No, Mu has nothing to do with this, Mu is a fork of EDK2 with a nice GUI and
continuous update whatever stuff. This is firmware. Hyper-V uses firmware to
boot an OS, but that's all _inside_ the VM.

More to the point though, MS recently made a public Hyper-V API thingy.
Windows Hypervisor Platform I think it's called. It's similar to how KVM,
bhyve (vmm.ko) and Apple's Hypervisor.framework (its kernel counterpart
actually) work. Now you can use Hyper-V itself + any third party frontends
that use that API. E.g. the Android emulator is going to switch to this.

VirtualBox/VMWare should leverage these APIs but they don't because they're
way too invested in their custom kernel modules already.

~~~
mormegil
Isn't the new Hyper-V support in VBox 6.0 using that?
[https://www.virtualbox.org/manual/ch10.html#hyperv-
support](https://www.virtualbox.org/manual/ch10.html#hyperv-support)

~~~
floatboth
Ooh. Nice. I didn't notice that.

I wonder why they're expecting "performance degradation" though…

------
jclay
Wow, I'm excited to dig into this.

Crazy to imagine that you could buy a _Microsoft_ Surface, strip Windows and
replace with Debian and have a fully open source device.

This raises my odds that they open source the Windows Kernel from ~2% to 4%.

~~~
colemickens
Er, people have been running Linux on Surfaces for years. With decent UX for a
while as well, as I understand it.

~~~
david-cako
see Stallman’s take on modern computers and phones; virtually impossible to
distance yourself from proprietary firmware and BIOS

~~~
nikofeyn
i just don't understand how his take is at all relevant in modern times. i am
sure he uses microwaves, refrigerators, homes, vehicles, etc. on a daily if
not hourly basis that have non-free software and firmware. what does he or
anyone even do with open source, free firmware?

~~~
nostalgiac
> As for microwave ovens and other appliances, if updating software is not a
> normal part of use of the device, then it is not a computer. In that case, I
> think the user need not take cognizance of whether the device contains a
> processor and software, or is built some other way. However, if it has an
> "update firmware" button, that means installing different software is a
> normal part of use, so it is a computer.

[https://stallman.org/stallman-computing.html](https://stallman.org/stallman-
computing.html)

~~~
SmellyGeekBoy
That... Doesn't make sense. What if the "button" (probably a jumper or
connector on the motherboard) isn't normally accessible to the end user, like
a lot of embedded devices? If it has a CPU, ROM, RAM and runs code it's a
computer!

------
ntoll
Riiight... as the author of the Mu editor (a volunteer led code editor aimed
at beginner Python programmers and educators --
[https://codewith.mu/](https://codewith.mu/)), this was rather a surprising
turn up for the books this morning.

I guess "just Google for Mu" won't work any more. Beginner coders are just
gonna love "Firmware as a service". ;-)

~~~
miduil
I also thought this was going to be something about Mu editor.

Reminds all over the GVFS story again:

[https://github.com/Microsoft/VFSForGit/issues/7](https://github.com/Microsoft/VFSForGit/issues/7)

~~~
miduil
Ok, maybe not exactly "all over".

1\. GVFS name is trivial, but less trivial than just "Mu"

2\. Mu Project vs. Mu Editor makes it still distinguishable

3\. GVFS (now gio?) exists for ages, Mu Editor and Project Mu are two fairly
new projects.

I guess I'm just still upset about how people at Microsoft picked the name
back then and how little they initially considered changing their name.

------
WalterBright
I wish developers of remote firmware updates would demand a physical write-
enable switch. I get tired of the risk of remote installation of malware.

------
xvilka
Microsoft could have contributed to coreboot instead if they claim to be so
opensource-friendly. Or wrote firmware in safer language like Rust. Tradional
UEFI code is a total mess, from programming practices view and from
security/safety point of view too. For a long time they stuck with Python 2
only for their tooling, C89 compatibility, non-standard types, etc.

P.S. Note, that most of the UEFI is not open source - so called PI code
(Platform Initialization), which performs real platform booting is closed
source in almost any board. Coreboot is targeting this stage too.

~~~
bravo22
PI code on x86 is provided by Intel. You can't ever open source it.

Coreboot, like other offerings, sets up the basic stack and jumps to Intel
provided blob, which then jumps to the provided hook in Coreboot when a
particular part of initialization is done. DDR controller, microcode patching
are all done at start-up via this mechanism.

~~~
bradfa
Intel claim one reason that you just have to trust their binary blob PI/FSP to
do these kinds of things is because at each stepping release of a given CPU
there are different early boot errata and microcode abilities until microcode
is loaded from flash. It's a bit of a stretch, but the insulation can be
thought of as useful in the right light.

------
akerro
>Firmware as a Service

You may be a victim of firmware counterfeiting, please make sure you paid your
subscription fee before we let you change your boot options.

------
csense
Suppose I want to get into hacking UEFI firmware. Does this mean I can buy
some Microsoft device, download the C++ code for the firmware, make some
changes if I want to, compile it, and load it onto the device?

If so, that's really cool.

~~~
bayindirh
If you're flashing via the UEFI interface itself (which can have a very fancy
terminal), the firmware might need to be signed. I bet Microsoft will not
share the signing keys.

~~~
Avery3R
Production surface devices have intel bootguard enabled and the public key
fused into the pch. You'd have to bypass it somehow.

~~~
cyphar
That is only used to check firmware signatures, not UEFI binary signatures.
You should be able to add keys to DB and KEK at your leisure. Also Microsoft
has a paid program to sign UEFI binaries (that's why you can boot most Linux
distributions on secure boot hardware).

------
Nelkins
Main code repository here:
[https://github.com/Microsoft/mu_basecore](https://github.com/Microsoft/mu_basecore)

------
locacorten
A whole bunch of links don't work or have empty pages:

Code Development Overview
[https://microsoft.github.io/mu/CodeDevelopment/overview/](https://microsoft.github.io/mu/CodeDevelopment/overview/)

Code requirements:
[https://microsoft.github.io/DeveloperDocs/code_requirements](https://microsoft.github.io/DeveloperDocs/code_requirements)

Has someone been able to build the code and reflash their surface? I'm trying
to understand whether the code posted online is complete.

------
Boulth
This is really nice! I wish there were hardware manufacturers interested in
shipping PCs/laptops with Mu.

~~~
andrewstuart2
Isn't that a bit like posting a job description right now asking for 3 years
of experience with project Mu and 10 years of Kubernetes experience? ;-P

~~~
Boulth
When Google announced Open Handset Alliance (Android) in 2007 it already had
30 members or so.

------
tristor
Project Mu[1] is already a taken name. It's not in the same field, so not a
trademark violation, but for those of us who fall into both categories I will
never mentally think of this product when I hear Project Mu, because there's
so much history behind the original.

[1]: [https://www.project-mu.co.jp/en/index.html](https://www.project-
mu.co.jp/en/index.html)

------
King-Aaron
Do they just not check to see if their names are already established brands?

I don't think Microsoft is in the performance braking market.

[https://www.project-mu.co.jp/en/index.html](https://www.project-
mu.co.jp/en/index.html)

~~~
Lizzo
As well as the Mu Python Editor...

and Mu Online, an MMO... Yeah they didn't research this _at all_.

It's not exactly a unique name...

------
Dunedan
Great. So we have now another meaning for FaaS (Functions as a Service vs.
Firmware as a Service). I was slightly confused while reading that article
until I noticed that they're talking about Firmware as a Service (whatever
that even means).

------
philliphaydon
I wonder if MS will eventually opensource Windows as they see declining
revenue and focus more on the store aspect.

Seems like MS has been seeing alot of benefits to open sourcing their stuff
they are beginning to release more and more.

------
askvictor
Unfortunate name collision with the excellent mu editor for python. I wish
people would Google the name of the product they're launching before launching
it.

~~~
mihaifm
There is also Mu Online, a popular MMO. I honestly thought this was gaming
news.

------
Santosh83
Yes but will OEMs adopt this instead of bundling their own, and often
buggy/crappy UEFI code and interface?

~~~
executesorder66
I never understood the incentive of OEMs going with some proprietary crap
instead of using coreboot or something like that.

~~~
ndnxhs
Hardware is about 10 years behind the rest of the software world and hasn't
discovered the benefit of open source yet. I have talked to some firmware devs
and the idea of open source is totally alien to them.

------
ehnto
Project Mu is also a brand of brake pad. I always appreciated the name.

------
samirm
Finally! Now we just need to get 3rd party manufacturers on board.

------
sneakernets
Opening up easier ways to modify firmware? Yeah, I just can't see how that
will ever be abused...

Ransomware/cryptominer worm writers are probably salivating over this news.

~~~
viraptor
This is not providing anything that wasn't possible before. You could both
create your own uefi software and potentially load custom firmware if the
device didn't lock it down with signature checks.

------
dvfjsdhgfv
Mu is one of the few Python code editors that is actually great when teaching
kids "normal" (i.e. non-visual) programming:
[https://codewith.mu/](https://codewith.mu/). It has several modes that make
it easy to e.g. start developing for the micro:bit or create PyGame games.
It's not nice if a big company takes over a name already used by an open
project - whether by ignorance or negligence.

------
GutenYe
I am a bit lost here. Is the UEFI boot same concept as Linux UEFI boot? How
will it elvove and help Linux in the future?

------
nonamenoslogan
Will the team be renamed the "Justified Ancients?"

------
mailslot
Great. Windows updates will now be able to brick the hardware.

~~~
jrs95
This is something that has been used for Surface products for a long time and
it hasn't been an issue as far as I know.

~~~
AlphaSite
This is because surface ironically has quite a small testing surface. All
hardware from all PC manufacturers is much harder to validate.

------
gcb0
[https://github.com/Microsoft/mu_basecore](https://github.com/Microsoft/mu_basecore)

> Copyright (c) 2016-2018, Microsoft Corporation

yet most of the files have

> Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved. >
> Copyright (c) 2017, AMD Incorporated. All rights reserved. > THE PROGRAM IS
> DISTRIBUTED UNDER THE BSD LICENSE

~~~
lwf
Yes, and the full set is listed in
[https://github.com/Microsoft/mu_basecore/blob/0d16728c1b41e2...](https://github.com/Microsoft/mu_basecore/blob/0d16728c1b41e25e55476358f6dcf4d8fed45f8d/License.txt#L1).

------
zozbot123
From the boot options screenshot, I can't find any trace of the _one_ thing I
look for in UEFI implementations - ability to _easily_ unlock the secure boot
state and boot some arbitrary OS. This seemingly fails to meet even the lowest
bar for a good-enough UEFI implementation.

~~~
voltagex_
You can load your own keys:
[https://github.com/Microsoft/mu_basecore/tree/release/201808...](https://github.com/Microsoft/mu_basecore/tree/release/201808/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe)

------
stonejolt
With that stream of open source projects from Microsoft, a Linux based
Windows11 should be released any minute now

------
throwaway12iii
Reminds me of Mu, [https://codewith.mu/](https://codewith.mu/)

Mu is an editor for python. I thought Microsoft were going to start sponsoring
Mu. Doh.

------
conanthe
They just keep pushing their spyware.

------
zwaps
Firmsware as a service???

~~~
hnbroseph
do you have any particular thoughts on that?

~~~
baroffoos
What does firmware as a service even mean.

~~~
airstrike
I for one am still waiting for Service as a Service

