On 09/08/2017 07:18 PM, Alessandro Selli wrote:
On Fri, 8 Sep 2017 at 00:22:40 -0400
"taii...@gmx.com" <taii...@gmx.com> wrote:
On 09/07/2017 02:18 PM, Rick Moen wrote:
Quoting taii...@gmx.com (taii...@gmx.com):
I also find a bit questionable your going around attempting to tarnish
the reputation of someone with a real name, while concealing your own.
Criticism isn't allowed?
This is of course nothing like what I said.
I dislike when people deal with speculation instead of proven facts
when judging technical merits.
Then, _address what you perceive as speculation_.
I apologize - I should have done that in the first place instead of
resorting to name calling.
Mr. Selli has said:
*That IBM's POWER CPU's have a hardware level backdoor and have had
backdoors in the past whilst providing no real evidence to support that
those claims,
I did provide with the evidence:
https://lists.dyne.org/lurker/message/20170907.084234.3d39055c.en.html
That .pdf you linked is for IBM's x86 products, which they stopped
making 7 years ago.
Irregardless that is a BMC not a backdoor - a BMC is a standard server
feature and on POWER9 the code is entirely open source and you can run
whatever you please on the BMC chip as there isn't hardware code signing
enforcement like with Intel ME/AMD PSP.
Why do you write easy to disprove falseness? Don't you have a minimum
of self-respect?
Ah the pot calling the kettle black.
he bolstered that argument by stating that IBM's work with
the US military is suspect and thus concludes guilt by association.
No, I just pointed out that the fact that IBM does indeed put hardware
and software remote-control devices inside it's chips is an established
and documented truth.
Again a BMC isn't a backdoor
IBM sells POWER chips to both the the US Military and the Chinese
Military, doing that is largely as to why they are still in business -
as the worlds third maker of high performance computing hardware one
simply can't and shouldn't ignore the worlds two largest consumers.
IBM has done a variety of bad things, but that doesn't mean OpenPOWER
isn't a really good one.
* That the presence of a BMC chip on POWER means it has a backdoor
BMC chips are a common server feature required for remotely
administering a computer without headache, this one is owner controlled
(no hw code signing enforcement) and has full source code available to
the public after POWER9 is released.
Again, this is a faith-based assumption as only IBM knows what's
inside their proprietary hardware. Anyone who's had experiences on
their AS400 and RS600 platforms knows how darned proprietary their
hardware is. You're free to believe they changed and they now value the
commoner's freedom more than the interests of the governments they
serve, of course. You are *not* free to write falsity and disparage
people who hold different opinions, though.
I would say buying TALOS where am IBM backdoor is simply fringe
speculation is much better than a purism where it is an absolute fact.
*That TALOS is proprietary closed source hardware - which isn't true -
as not being that is the entire point of it.
I repeatedly asked you if there is anyone who has their chips'
blueprints, which is a prime condition to be able to call their hardware
anything other than proprietary. You always turned a deaf ear to these
requests.
Uhh no I didn't, as I have stated (and as you would know had you read
the TALOS2 website) the POWER9 datasheets and HDL's are currently under
embargo and will be released to the general public when the hardware is
- the makers of TALOS 2 have them as they are a member of the OpenPOWER
foundation.
After the release of POWER9 the board and BMC firmware sources will be
provided,
Ok, so nothing available *now* from IBM is openhardware. For a
strange reason this is acceptable from IBM/Talos, while it's a disgrace
when Purism does the same thing. Go figure.
Again, the public will get the spec sheets and HDL's when the hardware
is released - why do you consider this equivalent to purism? they will
never be able to get intel to release anything, their hardware has been
out for many years and they still don't even have a blobbed coreboot.
and both the CPU/board and the BMC are owner controlled due to
the absence of hardware enforced code signing.
...that you know of, as the available hardware is proprietary and
closed-source.
No it isn't, which you would know if you read the TALOS2 website.
Full documentation and HDL's will be available for all components
All right, good. I'll believe what I will see.
besides the onboard broadcom nics which currently require a firmware
blob
I wonder why you felt entitled at railing against Purism for having
considered equipping their laptops with Nvidia GPUs while it's perfectly
OK that TALOS uses a NIC from one of the most opensource unfriendly vendors.
A network interface isn't a critical component like a graphics device
is, it doesn't control what you see so the device will still be FSF
certified.
The blobs on the broadcom NIC's can and will be replaced with open
source firmware as they have no hardware code signing - unlike nvidia's
graphics devices.
as there are no open source non-intel gigabit NIC's
Is not having Intel hardware more important than having opensource
components inside a TALOS workstation?
Yes it is.
- but the FSF
says that this minor detail doesn't prevent it from receiving RYF
certification as they are behind the POWER-IOMMU and as such are not
capable of doing anything malicious.
Good.
* That the reason he/purism hasn't made owner controlled hardware is
because it is "too expensive"
I don't remember writing anything like this. Quote, please?
https://lists.dyne.org/lurker/message/20170906.103659.075c1022.en.html
"Me - I take it you work for purism....raptor has made a legitimately
owner controlled computer - whats stopping you?"
"You - The steep price."
This was also why I assumed you worked for purism.
Purism's "Librem" 15" laptop is $2,000
False, again:
https://puri.sm/shop/librem-15/
$1,599.00, now running a rebate to $1,449.00
Compare with this:
https://secure.raptorcs.com/content/TL2WK2/purchase.html
Talos™ II Secure Workstation $4,750.00
That is the prebuilt cost, not the board/cpu cost.
You could assemble one for $2.5K which is quite reasonable.
- in comparison one can have a
TALOS-2 DIY build for $2.6K
Do you realize your "errors" are regularly one-sided, they always play
in favour of TALOS and to the detriment of Purism? How do you expect to
be trusted as a neutral source of information, given that you also never
provide pointers to third-party documentation to back your claims?
What claims?
You're really comparing apples to oranges: Purism sells finished
laptops, TALOS sells rack servers and workstations or components/DIY
kits. Be back with your comparisons when TALOS will produce laptops.
TALOS isn't a company it is a product, and this isn't about laptops or
servers this is about freedom hardware of which both companies claim to
be in the market of - thus I compare them.
I do however imagine that POWER laptops will be produced soon, perhaps
during POWER10 era as it will have even lower power consumption that
POWER9 - of which you can get a CPU that has a 90W TDP.
* That the HAP mode "disabled" ME and makes a purism laptop somehow
equivalent to TALOS when it comes to privacy and security.
Again, please quote where I wrote such a thing. I challenged the idea
that TALOS products are safe products as privacy and security are
concerned just because they are made out of IBM parts, and I challenged
the idea they are free from hardware and software that is designed to
remotely access the hardware and the OS.
Again an open source BMC chip with full documentation is not a backdoor
and not at all equivalent to ME/PSP
ME_Cleaner even with HAP mode doesn't disable ME - a black box
supervisor processor is still mandatory for the x86 boot process and is
capable of a variety of dirty tricks so even if one can verify that it
is actually off (difficult...by using an electron microscope perhaps?)
You just put a protocol analyzer on the chip pins as you operate it.
What chip pins? the ME core is entirely integrated in the CPU package.
there are various things that it could have done before powering off.
ME cleaner is nerfing/cleaning, nothing more.
There are various things that IMM/RSA could do at boot time and at
poweroff, too. Why I am to believe it does nothing or that it only does
benign operations? Because IBM states so?
POWER doesn't have IMM/RSA (that is for IBM's very old x86 hardware), it
has POWER-BMC which is significantly different and open source.
I am wary of TALOS not because I know their hardware is bugged, but
because I cannot understand how can it be that:
1) a never heard before manufacturer runs a crowdfunding effort to
produce a 3,700$ POWER8 workstation;
You haven't heard of them but many others have
Raptor is a major coreboot contractor and has been in the free hardware
community for many years - they have produced libre firmware for many
motherboards and a variety of useful hardware for the embedded devices
community..
2) the crowdfunding fails miserably:
https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation
14% funded
3) shortly after they manage to fund:
*) a $4,750 POWER9 Workstation;
*) a $5,100 POWER9 Rack Mount Development Platform;
*) a $3,950 POWER9 Desktop Development System.
If they had the money, why run a crowdfunding?
They didn't have corporate backers before, now they do.
Why invest so much money to deliver three very costly systems that
were turned down by the public so little time before?
It wasn't "turned down by the public", many people contributed to the
crowdfunding campaign despite it being poorly promoted and having no
business interest at the time.
I smell something fishy here.
Getting corporate backing isn't fishy, IBM wanted to support a POWER
workstation project via the OpenPOWER foundation.
* That we should contribute and trust a company that is attempting the
sisyphean task of truly disabling ME.
Again, you're putting words in my mouth that I never spoke. Do you
know what this shows of *you*, not me?
You advertise purism's products time and again and attest that they
respect your privacy and security which they don't, thus I assume that
you desire people to support them.
Google has many times attempted to get intel to provide a method to
disable ME and remove it from the boot process for their in house
computers and the coreboot laptops they sell, they have not been
successful - thus if a billion dollar company can't pull it off a small
upstart certainly can't.
I cannot find references, will you please let me read those you have?
https://libreboot.org/faq.html
There have also been many discussions on the coreboot mailinglist about
this.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
