On Wed, Jan 1, 2020 at 4:12 PM Chris Laprise <tas...@posteo.net> wrote:
> On 1/1/20 1:36 PM, Thierry Laurion wrote: > > > > > > Le mercredi 1 janvier 2020 13:32:00 UTC-5, Chris Laprise a écrit : > > > > On 1/1/20 5:43 AM, Lorenzo Lamas wrote: > > > Hello Thierry, > > > > > > Thanks for all that you are doing for the community. Do you see a > > > possibility of a Qubes Certified Laptop with an AMD CPU? > > > Intel is affected a lot more than AMD by the sidechannel > > vulnerabilities > > > in the last years. The Privacy Beast has a 3rd gen Intel CPU, > Intel > > > stopped providing uCode updates for 1st gen in 2019, so this year > is > > > probably the last year they will support 3rd gen. More CPU > > > vulnerabilities will most certainly be discovered in the coming > > years, > > > so there is a need for an AMD based certified laptop, or at least > a > > > newer generation Intel based laptop, even though that may mean > we're > > > stuck with PSP or ME. > > > > As much as I like the Insurgo/Purism/System76 offerings, this issue > has > > weighed on me to reconsider. > > > > The massive amount of side-channel vulnerabilities have shown Intel's > > engineering is reckless, and it gets worse. They're still pushing > > fraudulent compiler code – detecting and de-optimizing AMD – almost a > > decade after it was reported in the press. And they outright refuse > to > > pay government fines relating to their misconduct – which also > included > > threatening PC vendors with retaliation if they sell "too many" AMD > > units. > > > > Historically, when a behemoth like Intel goes renegade its because > they > > know their products are superior and the public will accept the > > situation as a trade-off. But the only thing that's "superior" about > > Intel is their attitude and their ill-gotten revenue. > > > > The biggest problem I see is peoples' willingness to go along with > what > > is becoming a tradition of anti-competition. Whatever logical > fallacies > > are put forward to make it seem palatable with CPUs will also > undermine > > user motivations in other areas. > > > > Completely agreeing. This is why this > > < > https://github.com/QubesOS/qubes-issues/issues/4318#issuecomment-549986749> > > > needs collaboration to have real solutions in the future. > > The relative ease of using another x86 brand with better implementation > and ethics such as AMD makes it a clear choice in the meantime, while > the much more difficult and lengthy task of adopting open hardware is > pursued. > > People can wait 18-36 months for a Qubes port to POWER architecture... > That is 18-36 months of being subject to maximum side-channel (and > probably other) risks and signalling a tacit acceptance of Intel's > engineering. And at the end of that period, we still won't have laptops. > > Only holding out for the perfect appears to be the enemy of good in this > case; it is the wrong mindset for adding alternatives. Under these > circumstances, there should be absolutely no hint that a robust x86 > alternative is somehow passe... but that appears to be the message > coming from vendors. > I am not aware of any AMD model to recommend on my end which would have the good mix of QubesOS well supported components to fit requirements and warned compatibility issues. If you have such model in mind to recommend, be part of the solution and let us know. Meanwhile, models that fitted the bill for workstation/server got dropped by coreboot by lack of interest from the community (KGPE-D16 <https://github.com/osresearch/heads/issues/134#issuecomment-368922440>). It might be brought back under grant work (TBD), but AFAIK, there is not such trust altogether from the community torward AMD, not really more trust torward their PSP (ME equivalent) and not so much known right now from attempts reversing <https://github.com/PSPReverse/PSPTool> it. So what model would you suggest in the meantime for which firmware can be replaced by Open Source Firmware? > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > -- Thierry Laurion -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAzJznyUYV78UYTAT%2Bxru%3DZuwNJOqZH4y9d%3De04iUXoy%3DGyEVA%40mail.gmail.com.
