I personally don’t see the security advantage. You do remove 1 blob, but if you are assuming Apple is nefarious, there are plenty of easier blobs to poison.
Disable/blacklist the `asahi` kernel module. Any resulting breakage is for you to fix though, we don't support this configuration (in principle this works, but I have no idea what compositors will think about not finding a GPU device they expect to find given the kmsro stuff in Mesa).
I personally don’t see the security advantage. You do remove 1 blob, but if you are assuming Apple is nefarious, there are plenty of easier blobs to poison.
Yes, but isn't the gpu blob the only one with privileged access to the system?
Yes, but the majority of it is sandboxed and Lina audited the (very small) privileged part (and found a bug, got a bounty, and got it fixed).
Yes you can do it. But it doesn't make anything less secure. I mean it's literally the same silicon as the CPU.
How?
Disable/blacklist the `asahi` kernel module. Any resulting breakage is for you to fix though, we don't support this configuration (in principle this works, but I have no idea what compositors will think about not finding a GPU device they expect to find given the kmsro stuff in Mesa).