[tenebrisalietum]

I would bet such intervention results in it no longer being allowed to use GPL-style open source code that lets you rebuild/customize firmware, and no longer being allowed/able to use firmware not signed by the manufacturer.

[toyg]

We already have that for most hardware in practice, don't we ? The direction of travel in the embedded industry seems fairly clear: you have totally-open ecosystems strictly for hobbyists (arduino, raspberry pi, etc), and totally-closed products for the masses (standard brands). Anything inbetween is tolerated but unsupported.

Clearer legislation would obviously not kill the hobbyist ecosystem, and possibly improve the branded one. Even if the price of such legislation were to be the loss of grey areas where hacked/unsupported branded products live, it might well be worth paying to cash in the gains. Obviously the devil would be in the details of such legislation, so it's all pure speculation anyway.

[repelsteeltje]

Do you mean vendors would try to subvert/work around such legislation?

[tenebrisalietum]

No. This concrete example illustrates my intended meaning:

Asus has a couple of Wi-Fi access point/switch/router combos with their own Tomato derived firmware named AsusWRT. It's nice. Because it's GPL, the source is required to be available, and a project for a derivative firmware named Merlin exists. Merlin provides additional features. One can choose to flash this firmware if desired.

If these devices must only accept signed firmware then the above becomes practically impossible and you cannot control the software running on your own device.

[repelsteeltje]

Ah. So essentially, malicious compliance with the open source requirement, using DRM/tpm. Probably under the gise of SECURITAHH...

Yeah, I can see that. Might be remediated using legislation as well - mandate free access to third parties. The point being that (open) software development can continue maintenance beyond vendor support for the hardware.

But yeah, that would still need some story - and clever thoughts - about authenticity and trustworthiness of the firmware and how to technically enforce them.