Re: [coreboot] Coreboot Purism BIOS is free? open?
On Sun, 2017-12-24 at 01:30 -0500, Youness Alaoui wrote: > I think people buying a TALOS 2 and people buying a Librem are two > very distinct types of people. I very much doubt that someone has > ever had to decide between buying a Librem and a TALOS. I think this is correct as well. > > > > > A good summary is that we want to "bring > > > > > blob-free to the hardware that people want", rather than > > > > > "bring > > > > > blob-free hardware to the people who want it". > > This is great; and I may quote you on that :) > > Yeah, Todd, you can quote me. I also really liked that when I thought > of it :p Funny, it also helps define the different approaches succinctly. > And thanks for answering Nico's questions and correcting my > statements. I didn't even know an i.mx8 librem 13/15 had already been > thought of, that's pretty cool if it's in the plans! It is early yet, but on the Librem 5 hardware side (not coreboot related), it has been discussed as the follow-on to phone mobo design. Todd. signature.asc Description: This is a digitally signed message part -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Meh, Intel ME is necessary for x86 platform initalization. Without ME the PC does not start at all. Anyway, the ME is used to provide third parties control and "security" over the user's system by cutting out the middleman (board firmware). Due to technical reasons they added all this functionality in a single place, because it would be silly to have 3 different hardware backdoors when you can just have one doing 3 different things. On consumer PCs it provides DRM, and on office PCs it provides limited (but quite useful) remote management, plus more (it can execute a customer's dedicated java applications on its own integrated JVM, for example). For example I've seen some Dell PCs that had integrated some kind of third party anti-theft functionality inside their UEFI firmware, where you would license a third party software and then connect your PC's UEFI firmware to their servers or something, so when it is stolen it can still be tracked whenever it connects to the internet again. Don't know if this feature is using the Intel ME, but it is an example of feature the OEM might want to add to their products. Intel themselves also added random stuff to the ME (like advanced fan speed control), just because they had a relatively powerful processor in there, so why not add more features to it. see here https://en.wikipedia.org/wiki/Intel_Management_Engine#Modules Does the industry ask for this? Maybe. What is sure is that Intel thinks that this backdoor thingy offers features their customers want or might find interesting to add features to their products. These features should be the ones sought after by end users. And "Customers" in this case is companies designing PCs and embedded systems with Intel products. Not people, end users. End users buy motherboards or PCs from Intel's customers. Note that ARM provides TrustZone, which is something like Intel ME, but is a generic feature, the OEM can do whatever it wants with it, even disable and not use it at all. AMD mindlessly followed Intel's footsteps by integrating ARM cores running the TrustZone feature, and calling this Platform Security Processor. So it's not just Intel that thinks his customers might want more control over the products they sell to the end user. Maybe they are all misguided. Maybe not. Remember, it does not matter what is actually real, but what company managers think is real. There is many people that still thinks that "secret" is "safe", and that does not understand that software will have bugs, that it's only a matter of time before it becomes vulnerable. For example, HDCP (HDMI cable antipiracy feature) is still in use even if it was (and is) regularly busted by 30$ devices. Not even for pirating, usually it is busted because it is causing compatibility issues in devices. The people in charge of government agencies in the US know better, at least. They asked for a ME feature to disable it in the hardware with High Assurance Platform certification. And due to Intel being cheap, this switch is available in all MEs after version 11, Intel didn't make a custom ME only for the US government. Currently it requires using external tools to edit the setting on the motherboard's flash chip (or being an OEM), same as the older method of nuking modules manually. I hope I helped you understand the most likely reasons why ME exists. -Alberto On 12/24/2017 08:46 PM, eche...@free.fr wrote: > By the way you said : "ODMs/OEMs are the real customers of Intel/AMD" and > "Intel/AMD serve them law" (which law???) > I have a scoop : a friend of mine happened to work in the marketing > department of a (very large) OEM, and speaking about ME he told me that Intel > OBLIGED them to adopt and integrate the ME! (in the beging the OEM guys were > reluctant..) > Of course this is only "street whispering" (and I will not force you to buy > this..) but, but, as we say in Romanian "there is no smoke without fire..." > ;-) > Just my 2 satoshis.. >Florentin > > - Mail d'origine ----- > De: eche...@free.fr > À: coreboot@coreboot.org > Envoyé: Sun, 24 Dec 2017 20:31:53 +0100 (CET) > Objet: Re : Re: [coreboot] Coreboot Purism BIOS is free? open? > > No you didn't answer my question Peter, sorry!.. > I am NOT questioning the "legitimacy" of ME/PSP (be it from a purely > corporate/financial point of view..). (By the way I have no "legitimacy" > myself to put this question of "legitimacy" to begin with..) > I simply don't understand (and this is why I pollute the coreboot ML with > this blah-blah..) why ALL (I insist on capital letters _ALL_) the systems > (consumer/office even .. industrial..) have to have this kind of .. > "technology" activated ALL the time (at least from the Intel/AMD
Re: [coreboot] Coreboot Purism BIOS is free? open?
As a businessman what do you answer when in commercial meeting with Intel they tell you: "Okaye man, you got the HAP bit and obviously your users are happy with that.. Your products are great and are selling like no tomorrow and no user ever come back complaining that the ME "isn't completely disabled". Aren't they?.. So why are you pissing us again with your unreasonable requests about the ME? You know very well that this question is not negotiable for us. What about giving you a price break for the next batch of Intel components you want to buy and be done with that?.." - Mail d'origine - De: Todd Weaver <t...@puri.sm> À: taii...@gmx.com, Youness Alaoui <kakar...@kakaroto.homelinux.net>, Timothy Pearson <tpear...@raptorengineering.com> Cc: Dame Más <damemasporfa...@gmail.com>, coreboot <coreboot@coreboot.org> Envoyé: Sun, 24 Dec 2017 21:42:43 +0100 (CET) Objet: Re: [coreboot] Coreboot Purism BIOS is free? open? On Sat, 2017-12-23 at 23:32 -0500, taii...@gmx.com wrote: > You will never have that type of leverage, if google can't pull it > off then no one can. There are a lot of assumptions you are making. First off, having leverage doesn't only mean with Intel, it also means with competitors or alternatives; we are fighting for user freedom and ethical computing. Having leverage is better than no leverage. Second, I'm not convinced Google's goals were exactly that, so saying "If Google can't pull it off then no one can." is a defeatist attitude. You may as well say "nobody has done it, so nobody can." There are a lot of avenues to take, and giving up before attempting is of no interest to me. > Even the NSA only got HAP, not a CPU without ME all together and the > US government probably spends hundreds of millions with intel every > year. Sure, but that may have been what they asked for. Projecting the NSA's request to be what you would have asked for is a huge assumption. "Which makes an 'ass' out of 'u' and 'mption'." :) > x86-64 will always have ME/PSP and it simply can't be disabled, It can be disabled, but I suppose you are meaning that it can be re- enabled again via software update; but we have plans (and will be releasing) the ability to measure the ME region (via TPM) to flag any re-enablement attempts. Disable ME, measure it is tampered with, notify tampering (via coreboot+TPM+Heads). NOTE: This is not "removal" which is the process of never initializing the ME, which is the end goal for user freedom. This term is how we distinguish between the progress being made, as we clearly posted previously. > pretending otherwise is doing a disservice to many who look to the > big shots for advice and pipe dreams like that being spread to the > masses are the main reason I dislike purism so much. Our approach is to grow, gain leverage, and influence positive change. Everything we do is about creating ethical computing; and we will continue to do so. You are more than welcome to dislike our path or approach, even though it sounds like we share the same end-goal. > People will think "well gee why buy an actually-libre-right-now TALOS > 2 when I can simply wait a few years when the eggheads have cracked > ME and I can keep getting cheap soul-less computers" as tim said the > discovery of HAP etc probably set back libre computing a decade. This is projecting an individual opinion onto others, our users are not buying Librem laptops over Talos 2, they're drastically different products, prices, and capabilities. Todd. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Sat, 2017-12-23 at 23:32 -0500, taii...@gmx.com wrote: > You will never have that type of leverage, if google can't pull it > off then no one can. There are a lot of assumptions you are making. First off, having leverage doesn't only mean with Intel, it also means with competitors or alternatives; we are fighting for user freedom and ethical computing. Having leverage is better than no leverage. Second, I'm not convinced Google's goals were exactly that, so saying "If Google can't pull it off then no one can." is a defeatist attitude. You may as well say "nobody has done it, so nobody can." There are a lot of avenues to take, and giving up before attempting is of no interest to me. > Even the NSA only got HAP, not a CPU without ME all together and the > US government probably spends hundreds of millions with intel every > year. Sure, but that may have been what they asked for. Projecting the NSA's request to be what you would have asked for is a huge assumption. "Which makes an 'ass' out of 'u' and 'mption'." :) > x86-64 will always have ME/PSP and it simply can't be disabled, It can be disabled, but I suppose you are meaning that it can be re- enabled again via software update; but we have plans (and will be releasing) the ability to measure the ME region (via TPM) to flag any re-enablement attempts. Disable ME, measure it is tampered with, notify tampering (via coreboot+TPM+Heads). NOTE: This is not "removal" which is the process of never initializing the ME, which is the end goal for user freedom. This term is how we distinguish between the progress being made, as we clearly posted previously. > pretending otherwise is doing a disservice to many who look to the > big shots for advice and pipe dreams like that being spread to the > masses are the main reason I dislike purism so much. Our approach is to grow, gain leverage, and influence positive change. Everything we do is about creating ethical computing; and we will continue to do so. You are more than welcome to dislike our path or approach, even though it sounds like we share the same end-goal. > People will think "well gee why buy an actually-libre-right-now TALOS > 2 when I can simply wait a few years when the eggheads have cracked > ME and I can keep getting cheap soul-less computers" as tim said the > discovery of HAP etc probably set back libre computing a decade. This is projecting an individual opinion onto others, our users are not buying Librem laptops over Talos 2, they're drastically different products, prices, and capabilities. Todd. signature.asc Description: This is a digitally signed message part -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
eche...@free.fr wrote: > No you didn't answer my question Peter, sorry!.. Sorry - I misunderstood. > I simply don't understand (and this is why I pollute the coreboot > ML with this blah-blah..) why ALL (I insist on capital letters > _ALL_) the systems (consumer/office even .. industrial..) have to > have this kind of .. "technology" activated ALL the time (at least > from the Intel/AMD point of view)?? Only they know, and neither have a reason to publicize it. I guess it is simply because it's much more complex to have two products which are almost the same, than to have just one. > (And for the fact that consumer devices outnumber > office/industrial/governmental devices, I will belive you when I > see REAL statistics, sorry!..) I'm really sorry if it seemed like I was stating a fact - I was merely guessing! //Peter -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
By the way you said : "ODMs/OEMs are the real customers of Intel/AMD" and "Intel/AMD serve them law" (which law???) I have a scoop : a friend of mine happened to work in the marketing department of a (very large) OEM, and speaking about ME he told me that Intel OBLIGED them to adopt and integrate the ME! (in the beging the OEM guys were reluctant..) Of course this is only "street whispering" (and I will not force you to buy this..) but, but, as we say in Romanian "there is no smoke without fire..." ;-) Just my 2 satoshis.. Florentin - Mail d'origine - De: eche...@free.fr À: coreboot@coreboot.org Envoyé: Sun, 24 Dec 2017 20:31:53 +0100 (CET) Objet: Re : Re: [coreboot] Coreboot Purism BIOS is free? open? No you didn't answer my question Peter, sorry!.. I am NOT questioning the "legitimacy" of ME/PSP (be it from a purely corporate/financial point of view..). (By the way I have no "legitimacy" myself to put this question of "legitimacy" to begin with..) I simply don't understand (and this is why I pollute the coreboot ML with this blah-blah..) why ALL (I insist on capital letters _ALL_) the systems (consumer/office even .. industrial..) have to have this kind of .. "technology" activated ALL the time (at least from the Intel/AMD point of view)?? For me this is simply irrational!.. Period!.. (And for the fact that consumer devices outnumber office/industrial/governmental devices, I will belive you when I see REAL statistics, sorry!..) Florentin - Mail d'origine - De: Peter Stuge <pe...@stuge.se> À: coreboot@coreboot.org Envoyé: Sun, 24 Dec 2017 18:29:48 +0100 (CET) Objet: Re: [coreboot] Coreboot Purism BIOS is free? open? eche...@free.fr wrote: > (can we anymore speak about "owner"?..) We can and we must, if we want to own anything at all. Don't get tricked into merely consuming services and products; take ownership and shape your reality. eche...@free.fr wrote: > But what has Netflix (or Sony, or the entertainment industry in > general...) to LEGALLY gain by strongarming Intel/AMD to keep > ME/PSP activated on all x86 platforms (not only consumer ones!..)? Philipp Stanner wrote: > I don't get it, too. ME has nothing to do with what you can do > with your machine and what it can perform. > > Even if 90% of users use their machine for multimedia purposes... Follow the money. What drives Intel sales? We can't know. Who are the strongest partners officially? That would be Microsoft (with Windows) and ODMs/OEMs. Intel serves them, by law. I guess that consumer devices significantly outnumber office devices. That's where the content industry comes into play. MSFT wants UEFI Secure Boot, so that OEMs are not required to deliver security. Content industry wants PAVP, so that hardware owners can not legally access unecrypted versions of the content. ME is Intel's answer to both those requirements and a few more, as described pretty clearly in the PSTR[1] book. And the DMCA and EUCD legal foundations align (un?)surprisingly well with the technical implementation details. //Peter [1] http://www.apress.com/9781430265719 -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
No you didn't answer my question Peter, sorry!.. I am NOT questioning the "legitimacy" of ME/PSP (be it from a purely corporate/financial point of view..). (By the way I have no "legitimacy" myself to put this question of "legitimacy" to begin with..) I simply don't understand (and this is why I pollute the coreboot ML with this blah-blah..) why ALL (I insist on capital letters _ALL_) the systems (consumer/office even .. industrial..) have to have this kind of .. "technology" activated ALL the time (at least from the Intel/AMD point of view)?? For me this is simply irrational!.. Period!.. (And for the fact that consumer devices outnumber office/industrial/governmental devices, I will belive you when I see REAL statistics, sorry!..) Florentin - Mail d'origine - De: Peter Stuge <pe...@stuge.se> À: coreboot@coreboot.org Envoyé: Sun, 24 Dec 2017 18:29:48 +0100 (CET) Objet: Re: [coreboot] Coreboot Purism BIOS is free? open? eche...@free.fr wrote: > (can we anymore speak about "owner"?..) We can and we must, if we want to own anything at all. Don't get tricked into merely consuming services and products; take ownership and shape your reality. eche...@free.fr wrote: > But what has Netflix (or Sony, or the entertainment industry in > general...) to LEGALLY gain by strongarming Intel/AMD to keep > ME/PSP activated on all x86 platforms (not only consumer ones!..)? Philipp Stanner wrote: > I don't get it, too. ME has nothing to do with what you can do > with your machine and what it can perform. > > Even if 90% of users use their machine for multimedia purposes... Follow the money. What drives Intel sales? We can't know. Who are the strongest partners officially? That would be Microsoft (with Windows) and ODMs/OEMs. Intel serves them, by law. I guess that consumer devices significantly outnumber office devices. That's where the content industry comes into play. MSFT wants UEFI Secure Boot, so that OEMs are not required to deliver security. Content industry wants PAVP, so that hardware owners can not legally access unecrypted versions of the content. ME is Intel's answer to both those requirements and a few more, as described pretty clearly in the PSTR[1] book. And the DMCA and EUCD legal foundations align (un?)surprisingly well with the technical implementation details. //Peter [1] http://www.apress.com/9781430265719 -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
eche...@free.fr wrote: > (can we anymore speak about "owner"?..) We can and we must, if we want to own anything at all. Don't get tricked into merely consuming services and products; take ownership and shape your reality. eche...@free.fr wrote: > But what has Netflix (or Sony, or the entertainment industry in > general...) to LEGALLY gain by strongarming Intel/AMD to keep > ME/PSP activated on all x86 platforms (not only consumer ones!..)? Philipp Stanner wrote: > I don't get it, too. ME has nothing to do with what you can do > with your machine and what it can perform. > > Even if 90% of users use their machine for multimedia purposes... Follow the money. What drives Intel sales? We can't know. Who are the strongest partners officially? That would be Microsoft (with Windows) and ODMs/OEMs. Intel serves them, by law. I guess that consumer devices significantly outnumber office devices. That's where the content industry comes into play. MSFT wants UEFI Secure Boot, so that OEMs are not required to deliver security. Content industry wants PAVP, so that hardware owners can not legally access unecrypted versions of the content. ME is Intel's answer to both those requirements and a few more, as described pretty clearly in the PSTR[1] book. And the DMCA and EUCD legal foundations align (un?)surprisingly well with the technical implementation details. //Peter [1] http://www.apress.com/9781430265719 -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
I don't get it, too. ME has nothing to do with what you can do with your machine and what it can perform. Even if 90% of users use their machine for multimedia purposes... Am 24. Dezember 2017 14:02:41 MEZ schrieb eche...@free.fr: >Yes Peter >But what has Netflix (or Sony, or the entertainment industry in >general...) to LEGALLY gain by strongarming Intel/AMD to keep ME/PSP >activated on all x86 platforms (not only consumer ones!..)? >(I can see other motivations.. but I keep the hypothesis that the >entertainment industry has only morally acceptable principles in >dealing with the cpu manufacturers..) >No matter if the "user" (can we anymore speak about "owner"?..) intends >to "watch Netflix in high resolution" or not al all? >Excuse me but I insist : REALLY for >50% of the PC users nowadays the >primary usage of their PC is to whatch Netflix (or play (legally..) >acquired games)?.. I'm waiting for the stats.. > Florentin > > >- Mail d'origine - >De: Peter Stuge <pe...@stuge.se> >À: coreboot@coreboot.org >Envoyé: Sun, 24 Dec 2017 00:00:03 +0100 (CET) >Objet: Re: [coreboot] Coreboot Purism BIOS is free? open? > >Ivan Ivanov wrote: >> Could it be the requirement of US Government - for all the consumer >> CPU to have backdoors ? > >I guess that the private sector is a much stronger force... > > >Nico Huber wrote: >> watch Netflix in high resolution > > >//Peter > >-- >coreboot mailing list: coreboot@coreboot.org >https://mail.coreboot.org/mailman/listinfo/coreboot > > >-- >coreboot mailing list: coreboot@coreboot.org >https://mail.coreboot.org/mailman/listinfo/coreboot -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Yes Peter But what has Netflix (or Sony, or the entertainment industry in general...) to LEGALLY gain by strongarming Intel/AMD to keep ME/PSP activated on all x86 platforms (not only consumer ones!..)? (I can see other motivations.. but I keep the hypothesis that the entertainment industry has only morally acceptable principles in dealing with the cpu manufacturers..) No matter if the "user" (can we anymore speak about "owner"?..) intends to "watch Netflix in high resolution" or not al all? Excuse me but I insist : REALLY for >50% of the PC users nowadays the primary usage of their PC is to whatch Netflix (or play (legally..) acquired games)?.. I'm waiting for the stats.. Florentin - Mail d'origine - De: Peter Stuge <pe...@stuge.se> À: coreboot@coreboot.org Envoyé: Sun, 24 Dec 2017 00:00:03 +0100 (CET) Objet: Re: [coreboot] Coreboot Purism BIOS is free? open? Ivan Ivanov wrote: > Could it be the requirement of US Government - for all the consumer > CPU to have backdoors ? I guess that the private sector is a much stronger force... Nico Huber wrote: > watch Netflix in high resolution //Peter -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Sat, Dec 23, 2017 at 11:32 PM, taii...@gmx.comwrote: > On 12/23/2017 07:16 PM, Todd Weaver wrote: > >> Intel did not mislead, we told them, and continue to, that we _want_ an >> ME-less design (which is their term for what we asked for). And as we >> grow our leverage will grow, and our influence will grow. This is a >> long-term strategy and is playing out as planned. >> >> They will not adjust based on small quantities, but quantity = >> leverage, and our influence changes as volumes grow. (e.g. $ = >> influence) > > You will never have that type of leverage, if google can't pull it off then > no one can. Yeah, I agree with you on that, I don't think any leverage could make Intel budge on that at this point. > > Even the NSA only got HAP, not a CPU without ME all together and the US > government probably spends hundreds of millions with intel every year. > > x86-64 will always have ME/PSP and it simply can't be disabled, pretending > otherwise is doing a disservice to many who look to the big shots for advice > and pipe dreams like that being spread to the masses are the main reason I > dislike purism so much. You know of the ROM Bypass stuff, right? The first byte of the flash contains a JMP instruction into the ROMB partition in the flash (that's why the IFD magic number is at offset 0x10, not 0x0), so if you put the right flag in the flash to enable ROM Bypass, then you could get full unsigned/unchecked code (since the code in the ROM is what checks signatures). Now, that actually doesn't work because it's a feature that is disabled on production chips, only pre-production chips allow the ROM Bypass feature. What if someone finds a way to enable that feature on a production chip ? What if you can make your CPU think it's in preproduction mode thanks to some microcode update for example ? Then you can get fully user controlled ME from the very first instruction. I'm not saying it's possible or that it will be possible, but I'm saying that it's not a "pipe dream" like you seem to think. Even better, forget HAP, forget ROM Bypass, how about using the exploit that PT announced at BlackHat to get your own unsigned code to execute on the ME. You get full user control of the ME that way, and while we know that the HAP bit happens at the end of the BUP module's task, it's possible the exploit happens at the start (it does happen when it tries to read a config file, so it could be early in the BUP). The entire code from the first instruction all the way to the time the exploit runs, could be reverse engineered, so even if you don't control what happens there, you could at least have the source for it and audit it to make sure it's not doing anything you wouldn't want it to do, then have your exploit run and execute your own user controlled ME firmware. It's not an as perfect solution as being able to do a ROM Bypass and control everything from the very first JMP, but it's something doable today, it's not even a "maybe", so again, it's not a pipe dream. > > People will think "well gee why buy an actually-libre-right-now TALOS 2 when > I can simply wait a few years when the eggheads have cracked ME and I can > keep getting cheap soul-less computers" as tim said the discovery of HAP etc > probably set back libre computing a decade. > > I hope you are buying a TALOS 2. I think people buying a TALOS 2 and people buying a Librem are two very distinct types of people. I very much doubt that someone has ever had to decide between buying a Librem and a TALOS. No one in need of a computer and in need of a open hardware machine will decide to "wait a few years" either.. when you need a new PC, you buy a new PC. If you want a TALOS, then you buy a TALOS, if you don't want it, or you want a laptop, or if you don't have the budget for it, then you look elsewhere, you're not going to just read some article and decide to wait years without a computer in the hope that what you actually want might be released by then. > > > > A good summary is that we want to "bring > > > > blob-free to the hardware that people want", rather than "bring > > > > blob-free hardware to the people who want it". > This is great; and I may quote you on that :) Yeah, Todd, you can quote me. I also really liked that when I thought of it :p And thanks for answering Nico's questions and correcting my statements. I didn't even know an i.mx8 librem 13/15 had already been thought of, that's pretty cool if it's in the plans! -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 12/23/2017 07:16 PM, Todd Weaver wrote: Intel did not mislead, we told them, and continue to, that we _want_ an ME-less design (which is their term for what we asked for). And as we grow our leverage will grow, and our influence will grow. This is a long-term strategy and is playing out as planned. They will not adjust based on small quantities, but quantity = leverage, and our influence changes as volumes grow. (e.g. $ = influence) You will never have that type of leverage, if google can't pull it off then no one can. Even the NSA only got HAP, not a CPU without ME all together and the US government probably spends hundreds of millions with intel every year. x86-64 will always have ME/PSP and it simply can't be disabled, pretending otherwise is doing a disservice to many who look to the big shots for advice and pipe dreams like that being spread to the masses are the main reason I dislike purism so much. People will think "well gee why buy an actually-libre-right-now TALOS 2 when I can simply wait a few years when the eggheads have cracked ME and I can keep getting cheap soul-less computers" as tim said the discovery of HAP etc probably set back libre computing a decade. I hope you are buying a TALOS 2. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 12/23/2017 04:08 PM, Ivan Ivanov wrote: Sadly the ARM processor also have the ME-like backdoor (called "TrustZone). And even MIPS is going this road soon (check out the "MIPS OmniShield" news). Could it be the requirement of US Government - for all the consumer CPU to have backdoors ? My last hopes are on POWER 9 and RISC V now ; meanwhile sticking to the AMD pre-PSP tech I believe that "the No Such Agency did it" is too easy - I doubt they would be able to keep something that big under wraps for long considering how incompetent they are when it comes to security. My bets are on some type of private actor who wants industrial espionage on steroids - blackmailing or bribing key people who work for intel/amd to make it seem like ME/PSP is a good idea. Imagine all the money you could make with that kind of access! -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
> Intel did not mislead, we told them, and continue to, that we _want_ an > ME-less design (which is their term for what we asked for). This is Mission Impossible. The reasons are Technical (bringing up the platform) and Political => Sales and Marketing domination/implications. > And as we grow our leverage will grow, and our influence will grow. This > is a long-term strategy and is playing out as planned. Actually, it is vice versa. ME gets more and more complicated, as time progresses. Understandable why. If INTEL solves Cannon Lake woes with 10nm technology (INTEL struggles for 20 months with yields), ME will be even more complex to support EUV lithography and its outcomes. > Not binary-blob free. It was always known this will be a large > investment of both time and money. But coreboot ported to hardware > within a few months is an accurate assessment of what I heard, and that > turned out to be much longer, not in technical nature, but finding the > right people/developers to do it properly. Now all our (x86) products > are running coreboot, and will continue to. As well as FSP. It gets more complicated, although it gets more structured. There are three parts of the FSP blob now: FSP-S, FSP-M and FSP-P. Silicon init, MRC and early platform init. And this to disassemble is quite possible, but then the disassembled code will be all magic addresses and magic data (except MRC, at least for LPDDR3). Something like: uint32 read (uint32 * addr), void write (uint32 * addr, uint32 data), where on some magic addr 0xFF87429C magic data are stored: 0x0030CF46, and nobody really knows what address points to (the feature), and what the data mean (since there are fields, usually from 5 fields +)?! And there are gazillion of such registers there, undocumented, which are outlined in C-Specs, NOT all of them??? The only proper way how to solve this problem is to force INTEL to publicly release C-Specs for each and every CORE and ATOM families, which is equivalent to force NSA to release their deepest secrets to the public. Good Luck with all of these efforts! Zoran Stojsavljevic On Sun, Dec 24, 2017 at 1:16 AM, Todd Weaverwrote: > On Fri, 2017-12-22 at 22:06 -0500, Youness Alaoui wrote: >> On Tue, Dec 19, 2017 at 3:54 PM, Timothy Pearson >> wrote: >> > >> > Thank you for the detailed explanation. I guess this is an area in >> > which experience matters; it is absolutely unacceptable (and not >> > unexpected) that Intel misled your CEO, but this is sadly not an >> > uncommon tactic in the industry. > > Intel has not misled anything. We knew the ME/FSP/vBIOS were the issues > (from my first questions to this coreboot mailing list and the replies > from the community), but there was no perfect alternative, so we chose > Intel to get hardware (more) people wanted and work and invest toward > liberating it. > > I can say, without much doubt, that if we chose any other platform we > would have struggled in volume and not advanced any faster or farther > than we have already. > > To liberate hardware, there are three larger paths: > 1) use existing liberated hardware (gets older and older) > 2) design using freed chips (low performance) > 3) use products people want that are not yet fully liberated, invest in > liberating. > > For laptops: > #1 is already being done by many > #2 is also being done > #3 is the path we are doing for laptops. > > For a phone: > #1 doesn't exist > #2 is the path we are doing > #3 others are trying > > We can then cross-polinate our investment efforts into the phone > motherboard into a laptop with #2. > > I have a published business vision page here: > https://puri.sm/about/business-model-and-vision/ > > >> > One item I would like to call out though is the following: >> > >> > > if old or non-x86 architectures were so appealing, you would have >> > > seen that become the norm rather than the exception) > > This statement is accurate. The volume of sales would be significantly > less if we tried non-x86. And then our growth would be smaller; and our > investment toward freeing future hardware would not happen; and then > there would be no advancement toward convenient ethical products, which > is our goal. > >> > Trying to switch architectures may be hard, but it is only >> > going to get harder day after day as people continue to cling to >> > false hope that the x86 platform may ever be brought under their >> > control. > > It's pretty simple. With leverage we can change businesses. This is not > a short-term game, but a long-term... grow-gain leverage-influence > change-repeat. And this is what we are doing at Purism, and will > continue. We are not griping about the state of affairs, we have a plan > to change the future, and are executing on it. > > >> > I wonder, though, if given this information if possibly Raptor and >> > Purism might have some common business ground here? Purism has >> > experience with laptop mechanicals and
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Fri, 2017-12-22 at 22:06 -0500, Youness Alaoui wrote: > On Tue, Dec 19, 2017 at 3:54 PM, Timothy Pearson >wrote: > > > > Thank you for the detailed explanation. I guess this is an area in > > which experience matters; it is absolutely unacceptable (and not > > unexpected) that Intel misled your CEO, but this is sadly not an > > uncommon tactic in the industry. Intel has not misled anything. We knew the ME/FSP/vBIOS were the issues (from my first questions to this coreboot mailing list and the replies from the community), but there was no perfect alternative, so we chose Intel to get hardware (more) people wanted and work and invest toward liberating it. I can say, without much doubt, that if we chose any other platform we would have struggled in volume and not advanced any faster or farther than we have already. To liberate hardware, there are three larger paths: 1) use existing liberated hardware (gets older and older) 2) design using freed chips (low performance) 3) use products people want that are not yet fully liberated, invest in liberating. For laptops: #1 is already being done by many #2 is also being done #3 is the path we are doing for laptops. For a phone: #1 doesn't exist #2 is the path we are doing #3 others are trying We can then cross-polinate our investment efforts into the phone motherboard into a laptop with #2. I have a published business vision page here: https://puri.sm/about/business-model-and-vision/ > > One item I would like to call out though is the following: > > > > > if old or non-x86 architectures were so appealing, you would have > > > seen that become the norm rather than the exception) This statement is accurate. The volume of sales would be significantly less if we tried non-x86. And then our growth would be smaller; and our investment toward freeing future hardware would not happen; and then there would be no advancement toward convenient ethical products, which is our goal. > > Trying to switch architectures may be hard, but it is only > > going to get harder day after day as people continue to cling to > > false hope that the x86 platform may ever be brought under their > > control. It's pretty simple. With leverage we can change businesses. This is not a short-term game, but a long-term... grow-gain leverage-influence change-repeat. And this is what we are doing at Purism, and will continue. We are not griping about the state of affairs, we have a plan to change the future, and are executing on it. > > I wonder, though, if given this information if possibly Raptor and > > Purism might have some common business ground here? Purism has > > experience with laptop mechanicals and related concerns, and we > > have experience with truly blob-free, powerful hardware -- > > combining those two could yield an interesting machine... Ping me off list to discuss. We are always looking for aligned- partnerships or collaboration. > > > The main question I have, and this is an honest question, is why > > > Purism chose to use the x86 platform as a base for libre > > > hardware, when it has been known for some time that said hardware > > > could never be made fully blob-free? See above, I think I laid out and answered this clearly. It's not just technical, there is a strong business model behind our approach. > > > There were (and are) other good ways to make a system that could > > > be fully blob-free, for instance ARM, and given the engineering > > > effort that is said to have been put into the Purism machines I > > > wonder what we could have had if said effort had been put into an > > > aarch64 system instead of an x86 system? Sure, that would sell a small fraction of the quantity, and fail to impact the future of computing in a way we model out. > > > > The second reason is that Todd (CEO) was in talks with Intel > > > > and was unfortunately lead to believe that they were open to > > > > release an ME-less design CPU for his needs, it ended up not > > > > being the case. Intel did not mislead, we told them, and continue to, that we _want_ an ME-less design (which is their term for what we asked for). And as we grow our leverage will grow, and our influence will grow. This is a long-term strategy and is playing out as planned. They will not adjust based on small quantities, but quantity = leverage, and our influence changes as volumes grow. (e.g. $ = influence) > > > > Todd thought that it would be possible to get a binary blob > > > > free coreboot/CPU with a few months of work. Not binary-blob free. It was always known this will be a large investment of both time and money. But coreboot ported to hardware within a few months is an accurate assessment of what I heard, and that turned out to be much longer, not in technical nature, but finding the right people/developers to do it properly. Now all our (x86) products are running coreboot, and will continue to. > > > > A good summary is that we want to "bring > >
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Sat, 2017-12-23 at 11:39 +0100, Nico Huber wrote: > If you get the i.MX8 for it (and it turns out to be as good > documented), all you have to do is to ask for a board with the most > powerful version that physically fits a Librem 13 [1]. Then you can > offer trustworthy hardware vs. performance and let your customers > chose. "all you have to do" is simplifying the "all we have to do" a little. But let me confirm our top-level plans as it relates... The Librem 5 is the catalyst for us to produce a motherboard that fits into the Librem 13/15 ... etc. So that part is spot-on. We will then offer: Librem 13 i7 Librem 13 i.mx8 Librem 15 i7 Librem 15 i.mx8 etc. This will probably be able to happen in 2019. The "all we have to do" is (not even limited to) design, prototype, test, modify, tool, fund, fabricate, productize, develop, inventory, quality control, ship, publish, and support. > There are ofc alternatives to i.MX. Most use a graphics core where > free drivers are a problem. Though, a proprietary driver in the OS is > far less troublesome than blobs in your firmware (or the ME). I am not convinced this is the consensus. For one critical test that this would fail: PureOS being listed as an FSF endorsed distribution = no proprietary drivers in the OS (plus a lot of other things, but that is the only relevant part to the comparison). So our approach I believe is still the best approach. Start with hardware people want, work to free it (NOTE: This is how GNU started in OS freedom, and I believe that was the best approach there as well). Since we have to invest in i.mx8 for the phone, then we can cross- polinate that investment into a lesser expensive, lesser performance, RYF compatible laptop board that fits into our existing cases. > Once you buy a reasonable quantity of an SoC, you can ask if they can > make the next generation with RISC-V instead of ARM. Unlikely to get > that soon, but way more likely than Intel changing their silicon for > you. Moving to RISC-V is on the "we will evaluate and would love to do it." roadmap, and we will continue to follow the progress there to produce a device that is RISC-V when it crosses the threshold of "stable available product". Part of that determination is based on the talented coreboot community, talking to Ron about this at the last coreboot conference helped guage the tests for "when" this will be able to be put into a product. > > Nico > > [1] I'm convinced that this is easily doable. "easily doable" see above. Todd. signature.asc Description: This is a digitally signed message part -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Ivan Ivanov wrote: > Could it be the requirement of US Government - for all the consumer > CPU to have backdoors ? I guess that the private sector is a much stronger force... Nico Huber wrote: > watch Netflix in high resolution //Peter -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 23.12.2017 22:08, Ivan Ivanov wrote: > Sadly the ARM processor also have the ME-like backdoor (called "TrustZone). Some have. Some not. Some have it and it's owner-controllable. It's not about the ISA and some optional architectural feature, it's about the chip you buy. > And even MIPS is going this road soon (check out the "MIPS OmniShield" news). > > Could it be the requirement of US Government - for all the consumer > CPU to have backdoors ? > My last hopes are on POWER 9 and RISC V now ; meanwhile sticking to > the AMD pre-PSP tech Forget it. RISC-V already has SMM like tech in the architecture. But that doesn't matter as long as you can buy chip's that are owner con- trollable. Such features make it harder to keep everything secure but they don't force the silicon vendor to lock you out (as long as you don't ask to be able to watch Netflix in high resolution or something like that). Nico -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Sadly the ARM processor also have the ME-like backdoor (called "TrustZone). And even MIPS is going this road soon (check out the "MIPS OmniShield" news). Could it be the requirement of US Government - for all the consumer CPU to have backdoors ? My last hopes are on POWER 9 and RISC V now ; meanwhile sticking to the AMD pre-PSP tech Best regards, Ivan Ivanov 2017-12-23 15:08 GMT+03:00 Alberto Bursi: > > > On 12/23/2017 11:54 AM, Nico Huber wrote: >> On 23.12.2017 11:39, Nico Huber wrote: >>> [1] I'm convinced that this is easily doable. At least compared to the >>> effort you already put in liberating the unliberatable. If the i.MX8 >>> turns out to be as controllable and well documented as the i.MX6, >>> you'd be catapulted towards the end of your freedom roadmap. >>> >> Now that I've looked at your roadmap again, there's a flaw at the >> beginning: AUIU, at least Acer, Dell, HP and Lenovo sell products >> that are on par with yours (Chromebooks). Actually you're basing >> your firmware on their investments into it. So it seems unfair to >> list them there. Some even sell ARM devices that are far ahead (in >> terms of freedom and owner-controllability; not in your roadmap >> because that has a very weird order). >> >> Nico >> > > Meh, chromebooks aren't exactly powerful systems anyway. Also I don't > know other ARM devices that are more free than ARM chromebooks (again > not really powerful systems). > > -Alberto > -- > coreboot mailing list: coreboot@coreboot.org > https://mail.coreboot.org/mailman/listinfo/coreboot -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 12/23/2017 11:54 AM, Nico Huber wrote: > On 23.12.2017 11:39, Nico Huber wrote: >> [1] I'm convinced that this is easily doable. At least compared to the >> effort you already put in liberating the unliberatable. If the i.MX8 >> turns out to be as controllable and well documented as the i.MX6, >> you'd be catapulted towards the end of your freedom roadmap. >> > Now that I've looked at your roadmap again, there's a flaw at the > beginning: AUIU, at least Acer, Dell, HP and Lenovo sell products > that are on par with yours (Chromebooks). Actually you're basing > your firmware on their investments into it. So it seems unfair to > list them there. Some even sell ARM devices that are far ahead (in > terms of freedom and owner-controllability; not in your roadmap > because that has a very weird order). > > Nico > Meh, chromebooks aren't exactly powerful systems anyway. Also I don't know other ARM devices that are more free than ARM chromebooks (again not really powerful systems). -Alberto -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 23.12.2017 11:39, Nico Huber wrote: > [1] I'm convinced that this is easily doable. At least compared to the > effort you already put in liberating the unliberatable. If the i.MX8 > turns out to be as controllable and well documented as the i.MX6, > you'd be catapulted towards the end of your freedom roadmap. > Now that I've looked at your roadmap again, there's a flaw at the beginning: AUIU, at least Acer, Dell, HP and Lenovo sell products that are on par with yours (Chromebooks). Actually you're basing your firmware on their investments into it. So it seems unfair to list them there. Some even sell ARM devices that are far ahead (in terms of freedom and owner-controllability; not in your roadmap because that has a very weird order). Nico -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Hey Youness, hey Todd, On 23.12.2017 04:06, Youness Alaoui wrote: > I think there is a plan to move librems to non-x86 architecture > eventually (considering that RYF is our long term plan, there is no > choice in moving out of x86 eventually), that would be great. > I think the efforts on the > risc-v front are the most promising and I think that's where the true > competition to x86 will be, but to be honest, I don't really follow, > understand or know much of anything that happens in the hardware space > since I'm a software guy at heart (i.e: all I know is that x86, ARM, > PPC and Risc-V use different instruction sets). RISC-V is just a different ISA. Ok, it's free, but as it's BSD licen- sed, silicon vendors can build around it whatever they want. Delivering an owner-controllable platform is not in the scope of an ISA anyway. So RISC-V can't magically change the game by definition. > I hear a lot about PPC > (with Talos for example), but I don't think PPC is as open as Risc-v > (ISA or something). All I know about PPC really is that it was fun to > reverse engineer during my PS3 days :) > Anyways, as far as I know, for risc-v, it's not there yet, so we're > waiting for that to be ready for the masses before moving to it. I > have absolutely no idea if it's "close" or if it's really a long term > plan for risc-v to be able to compete with x86 in terms of > performance/power usage/features/etc... It doesn't matter how close somebody else is. If I understand Purism correctly, the idea is not to jump into a market of owner-controllable devices once it exists, but to pioneer that market. The only thing that matters is what you buy *today*. The choice of i.MX for the Librem 5 is a move into the right direction. i.MX6 was the best thing you can get for mobile devices, IMHO (controllable and publicly documented). If you get the i.MX8 for it (and it turns out to be as good documented), all you have to do is to ask for a board with the most powerful version that physically fits a Librem 13 [1]. Then you can offer trustworthy hardware vs. performance and let your customers chose. There are ofc alternatives to i.MX. Most use a graphics core where free drivers are a problem. Though, a proprietary driver in the OS is far less troublesome than blobs in your firmware (or the ME). And you might find something that is already available and delivers higher performance than the announced i.MX8 versions. Once you buy a reasonable quantity of an SoC, you can ask if they can make the next generation with RISC-V instead of ARM. Unlikely to get that soon, but way more likely than Intel changing their silicon for you. Nico [1] I'm convinced that this is easily doable. At least compared to the effort you already put in liberating the unliberatable. If the i.MX8 turns out to be as controllable and well documented as the i.MX6, you'd be catapulted towards the end of your freedom roadmap. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Sat, Dec 23, 2017 at 12:28 AM, Zoran Stojsavljevicwrote: > Hello Youness, > > With all due respect, you write too long emails, trying to defend > Purism. Lot of yours argument I do not buy. > Some of them I do. > I know I write too long emails, a long time ago I stopped trying to make them shorter, because I always fail. Some like to read them, some won't read them, and that's ok. I wasn't trying to defend Purism though, I was answering Taiidan's questions. Maybe he'll accept the answers, maybe he'll disagree with my answer, or maybe he won't bother to read the long email either. > But, hey, this is what you/Purism have/has to offer, and this is a > sort of fair deal. We all know what you are offering, > in regards to x86, so let it be. Some people will buy Taiidan's facts, > some yours, and some will stay in between. > Yes, there is a lot of choices for a lot of needs and the person making the decision is the user, they decide what they want, so they can't be wrong. I remember when Purism was even suggesting GluGlub on the website as an alternative (a "non-competitor"). I think that was taken down after some political conflict between Leah and us, i'm not entirely sure though. Have a nice weekend, happy christmas (if you care) and happy new year! -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Hello Youness, With all due respect, you write too long emails, trying to defend Purism. Lot of yours argument I do not buy. Some of them I do. But, hey, this is what you/Purism have/has to offer, and this is a sort of fair deal. We all know what you are offering, in regards to x86, so let it be. Some people will buy Taiidan's facts, some yours, and some will stay in between. What stays as puzzle is the Purism charge for the Coreboot with incorporated FSP, maximum stripped ME, with HAP mechanism set, so minimum (sort of speak) ME stays inactive in user space (no applications running). At the end of the day, this is the customers' choice. How well they are educated, and what side of the story they do prefer, for which monies. These days they have several choices, I see at least three/four: [1] Classical UEFI laptops/notebooks; [2] [1] with HAP set, so invalidate/inactivate ME in user space (example: DELL); [3] Purism prepared laptops/notebooks; [4] [1], then swap by themselves UEFI with Coreboot + FSP + stripped ME (HAP set)! So, battle goes on, in sales and marketing space (what is the best solution out of above presented). But this is the fact of Life, last few hundred years (advertisement and marketing)! ;-) As Russians use to say (Russian proverb): Kazdij kulik svoe boloto hvalit! Zoran On Sat, Dec 23, 2017 at 5:36 AM, Youness Alaouiwrote: > On Tue, Dec 19, 2017 at 8:04 PM, taii...@gmx.com wrote: >> On 12/18/2017 01:59 PM, Youness Alaoui wrote: >> >>> As for Taiidan's response, I think Matt's response to it is pretty >>> good already, and I'm tired of seeing Taiidan jumping at the chance to >>> talk against Purism every chance he gets >> >> I simply want people to have all the facts before they spend thousands on a >> computer - as I have stated before you guys really need to change your >> marketing as it is confusing a lot of people. > > First of all, I feel like this email is genuinely curious/humble > rather than hateful as I've had the impression in the past, so thank > you for that. That's why I decided to answer you, as I've previously > preferred not to. This response will probably be long though, so if > anyone reading here decides to TL;DR, that's perfectly fine by me. > The facts are there for people and I don't think that there is > anything wrong with the marketing. Some people might be confused but I > think that's unavoidable, no matter what we do or how we say things or > which things are put on the front, there will always be people who > will be confused. > >> >> I of course would be more than happy to assist with this task, please >> remember *people are still going to purchase your products if your marketing >> is entirely up front and honest* - will you loose a few sales? of course, >> but it is better to do that then have unhappy customers. > > That's your issue here, you think that the marketing is not honest, > but it is. It's not about losing sales or anything like that. You'd be > surprised to know just how many "unhappy customers" there are compared > to how many customers are actually happy about their devices. Other > than a couple of people (like you or Nico) who have stated that they'd > be unhappy with such a device, I haven't heard of anyone complaining. > I think that you are simply projecting your own needs or wants to a > much larger proportion of our customers. Would some people prefer a > 100% open machine, yes, can they buy such a machine from somewhere > else, yes, did they misunderstand what the librem actually was when > they bought it, probably not. > >> >> I humbly request: >> Remove "Libre" from the product names, > > Now this is ridiculous (sorry) for multiple reasons. First of all, it > would be a nightmare to suddenly change a brand's name just to satisfy > one non-customer, and secondly, it makes no sense, the fact that the > device is called a Librem doesn't mean that it's open source hardware! > What's next, you will ask LibreOffice from refusing to install on any > hardware if they detect binary blobs on it ? Or that they remove > support for non libre document formats? Would you say that libreboot > should not be installed on laptops for which the schematics are not > open source ? etc.. > The laptops are the "Librem series" they are not "The Libre hardware > series", and you need to differentiate between the two. The brand name > is not meant to trap customers either. > >> Remove "every chip hand selected to respect privacy" (Intel chips do not do >> this), > > This one, I kind of agree with you on it. I understand where it comes > from, it's about the peripherals, USB chip, webcam chip, the wifi > chip, the fact that the ethernet chip (on the previous models with > ethernet) was added instead of using the intel integrated one, etc... > So, yes, every chip is indeed hand selected to optimize the privacy > and security when an alternative is available, it is not however a > guarantee that
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Tue, Dec 19, 2017 at 8:04 PM, taii...@gmx.comwrote: > On 12/18/2017 01:59 PM, Youness Alaoui wrote: > >> As for Taiidan's response, I think Matt's response to it is pretty >> good already, and I'm tired of seeing Taiidan jumping at the chance to >> talk against Purism every chance he gets > > I simply want people to have all the facts before they spend thousands on a > computer - as I have stated before you guys really need to change your > marketing as it is confusing a lot of people. First of all, I feel like this email is genuinely curious/humble rather than hateful as I've had the impression in the past, so thank you for that. That's why I decided to answer you, as I've previously preferred not to. This response will probably be long though, so if anyone reading here decides to TL;DR, that's perfectly fine by me. The facts are there for people and I don't think that there is anything wrong with the marketing. Some people might be confused but I think that's unavoidable, no matter what we do or how we say things or which things are put on the front, there will always be people who will be confused. > > I of course would be more than happy to assist with this task, please > remember *people are still going to purchase your products if your marketing > is entirely up front and honest* - will you loose a few sales? of course, > but it is better to do that then have unhappy customers. That's your issue here, you think that the marketing is not honest, but it is. It's not about losing sales or anything like that. You'd be surprised to know just how many "unhappy customers" there are compared to how many customers are actually happy about their devices. Other than a couple of people (like you or Nico) who have stated that they'd be unhappy with such a device, I haven't heard of anyone complaining. I think that you are simply projecting your own needs or wants to a much larger proportion of our customers. Would some people prefer a 100% open machine, yes, can they buy such a machine from somewhere else, yes, did they misunderstand what the librem actually was when they bought it, probably not. > > I humbly request: > Remove "Libre" from the product names, Now this is ridiculous (sorry) for multiple reasons. First of all, it would be a nightmare to suddenly change a brand's name just to satisfy one non-customer, and secondly, it makes no sense, the fact that the device is called a Librem doesn't mean that it's open source hardware! What's next, you will ask LibreOffice from refusing to install on any hardware if they detect binary blobs on it ? Or that they remove support for non libre document formats? Would you say that libreboot should not be installed on laptops for which the schematics are not open source ? etc.. The laptops are the "Librem series" they are not "The Libre hardware series", and you need to differentiate between the two. The brand name is not meant to trap customers either. > Remove "every chip hand selected to respect privacy" (Intel chips do not do > this), This one, I kind of agree with you on it. I understand where it comes from, it's about the peripherals, USB chip, webcam chip, the wifi chip, the fact that the ethernet chip (on the previous models with ethernet) was added instead of using the intel integrated one, etc... So, yes, every chip is indeed hand selected to optimize the privacy and security when an alternative is available, it is not however a guarantee that the CPU itself is privacy-respecting. The sentence is there to basically say "we are not a white-label reseller", but I do agree with you that it can be (easily) interpreted to mean that the intel CPU is privacy-respecting when it is not necessarily true. > Clearly mention and define the difference between a coreboot device with FSP > and one without in the product description How and where? There is nothing clearer than the fact that coreboot comes with binary blobs. We have written countless blog posts about it, I regularly post progress updates, we have discussed which binary blobs are present and what they do, we have a link somewhere to point to the https://www.coreboot.org/Binary_situation page, it's even actually mentioned that "we have yet to free the Intel FSP" in the Roadmap page, this is not something that is hidden from customers by any stretch of the imagination, and your statement makes it sound like we're hiding this on purpose from the customers. Would you also suggest to any manufacturer that sells laptops with Ubuntu on them to specify that "Ubuntu is not really free software because it has binary firmwares in it" ? No, because the important part is that you're running Ubuntu, it doesn't matter that it has a binary firmware file in it somewhere... this is the same thing, it ships with coreboot, yeay, it has an open source BIOS, yeay, coreboot is still better than the proprietary BIOS even if the memory/silicon init is done via a binary blob from Intel. I will however agree
Re: [coreboot] Coreboot Purism BIOS is free? open?
I think there is a plan to move librems to non-x86 architecture eventually (considering that RYF is our long term plan, there is no choice in moving out of x86 eventually), I think the efforts on the risc-v front are the most promising and I think that's where the true competition to x86 will be, but to be honest, I don't really follow, understand or know much of anything that happens in the hardware space since I'm a software guy at heart (i.e: all I know is that x86, ARM, PPC and Risc-V use different instruction sets). I hear a lot about PPC (with Talos for example), but I don't think PPC is as open as Risc-v (ISA or something). All I know about PPC really is that it was fun to reverse engineer during my PS3 days :) Anyways, as far as I know, for risc-v, it's not there yet, so we're waiting for that to be ready for the masses before moving to it. I have absolutely no idea if it's "close" or if it's really a long term plan for risc-v to be able to compete with x86 in terms of performance/power usage/features/etc... Note: this is not an official statement, I never really bothered to ask in details about such things, I simply write code and yell at it for not working... As for the collaboration, again, I have no idea about any of the business/manufacturing logistics, but if you think there's something there that can be done, I suggest you contact Todd (I added him in CC) and you could discuss things, he'll know what to answer you! Thanks! On Tue, Dec 19, 2017 at 3:54 PM, Timothy Pearsonwrote: > > Thank you for the detailed explanation. I guess this is an area in > which experience matters; it is absolutely unacceptable (and not > unexpected) that Intel misled your CEO, but this is sadly not an > uncommon tactic in the industry. > > One item I would like to call out though is the following: > >> if old or non-x86 architectures were so appealing, you would have seen that >> become the norm rather than the exception) > > No one is denying that the easiest course of action for everyone would > have been for Intel or AMD to release owner-controllable CPUs. That > being said, individuals and organizations needing privacy and owner > control are /not/ their target market, nor are those entities Intel (or > AMD)'s secondary (or even tertiary) market. Both Intel and AMD rely on > their lock-in and close association with Windows and related software to > provide cheap, but wholly locked down, CPUs *by design*. You could look > at it as the hardware vendor simply providing a leased tool on which to > run the leased software -- in such a market, cost trumps everything, > owner control is looked at as "enabling piracy", and as a result x86 is > not an appropriate platform for anyone needing control or privacy. > > In this environment, one must make a choice between convenience (x86) > and owner control. As you mentioned, the only middle ground is > relegated to ancient computers, and that is not where we place any hope > at all. Trying to switch architectures may be hard, but it is only > going to get harder day after day as people continue to cling to false > hope that the x86 platform may ever be brought under their control. The > simple fact is, the purchaser of an x86 machine is not Intel or AMD's > customer, nor are the ODMs. Their primary customers, in an odd sort of > way, are actually the software vendors that require x86 for their > existing applications, and they are the ones that will call the shots on > features or antifeatures in the x86 walled garden. > > I wonder, though, if given this information if possibly Raptor and > Purism might have some common business ground here? Purism has > experience with laptop mechanicals and related concerns, and we have > experience with truly blob-free, powerful hardware -- combining those > two could yield an interesting machine... > > On 12/19/2017 02:41 PM, Youness Alaoui wrote: >> On Tue, Dec 19, 2017 at 2:07 PM, Timothy Pearson >> wrote: >> On 12/19/2017 11:51 AM, Dame Más wrote: > I finished the University and I have free time to do things. And this > seems like an interesting project to which I dedicate many hours. > > The truth is that I read a lot these days. The work you do kakaroto is > impressive. > In general Purism is doing something big, and I spoke ahead of time. > > I saw that in the directory > coreboot/3rdparty/blobs/mainboard/purism/ > there is no content, it is right? > > Thanks >> >> The main question I have, and this is an honest question, is why Purism >> chose to use the x86 platform as a base for libre hardware, when it has >> been known for some time that said hardware could never be made fully >> blob-free? >> >> There were (and are) other good ways to make a system that could be >> fully blob-free, for instance ARM, and given the engineering effort that >> is said to have been put into the Purism machines I wonder
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 12/18/2017 01:59 PM, Youness Alaoui wrote: As for Taiidan's response, I think Matt's response to it is pretty good already, and I'm tired of seeing Taiidan jumping at the chance to talk against Purism every chance he gets I simply want people to have all the facts before they spend thousands on a computer - as I have stated before you guys really need to change your marketing as it is confusing a lot of people. I of course would be more than happy to assist with this task, please remember *people are still going to purchase your products if your marketing is entirely up front and honest* - will you loose a few sales? of course, but it is better to do that then have unhappy customers. I humbly request: Remove "Libre" from the product names, Remove "every chip hand selected to respect privacy" (Intel chips do not do this), Clearly mention and define the difference between a coreboot device with FSP and one without in the product description Please stop the requests for the FSF to bend the RYF rules so your devices can be RYF certified. Remove the "Road to RYF" page - as it is entirely impossible for a modern intel device to be RYF certified. I have never met a layman who didn't think that "coreboot" means entirely open source hardware initiation (as it used to mean that before FSP) and I have conversed with a variety of people who have bought or are considering buying a purism or ORWL computer - they are always surprised and unhappy when I explain. * You seem to think that the purism laptops are selling at a premium because it comes with coreboot? They are, which isn't an issue (I know how much even a FSP coreboot board port costs) if someone insists on brand new hardware. * You said "they are charging for a whitebox re-brand.", that's actually a completely false statement, the motherboard is our own and it is designed to avoid having any firmware-based hardware so a binary-blob-free linux distribution can run on it. It is not a whitebox re-brand. If it was a whitebox re-brand, then yeah, we'd be selling for a lot lower price considering we'd be able to also take advantage of the economies of scale. As I recall at least the earlier laptops were in fact reference designs complete with OEM provided windows licenses. The blobs on a modern laptop are all peripheral related such as wi-fi and touchpad, if you have in fact spent money on a custom board fab I do not understand what made it worth it. * You are encouraging the purchase of lenovo machines, but as far as I know, lenovo is not actively working on reverse enginering the FSP. Also, the only reason that Lenovo can have a libreboot running on it is because the community did the port, not because the company itself is working towards freeing it or investing anything to provide more freedom to users. Yes obviously, but people who purchase used machines are not supporting lenovo. Reverse engineering FSP but always providing brand new hardware is a contradiction, it would take years and cost hundreds of thousands for every intel hardware revision. I do not understand how you will be able to afford this and again plead for the efforts to be re-directed to a high performance ARM laptop with for example an AppliedMicro CPU that could be owner controlled - currently all ARM laptops are very slow. So yeah, sure, you could say "don't pay a 30$ premium for coreboot, buy a lenovo and do the port yourself" (assuming you know how to do the port, or you buy one that is already ported) , but you might as well say "don't pay a 30$ premium for coreboot, buy a lenovo, do the port yourself, then reverse engineer the FSP yourself while you're at it" and it would be more accurate. And that's of course ignoring the question of the harware kill switches, the fact that you can't compare a 200$ refurbished laptop from 6 years ago with a higher priced laptop from today The Lenovo G505S is from three years ago and it uses the FT3 platform, I still would like to know as to why you guys didn't use that as it was brand new when you first started selling laptops - it was just as fast and open source firmware could be easily made for it as it has no hardware code signing enforcement or ME/PSP... It isn't as if a x86-64 board that isn't absolutely brand new is useless, I can play modern games on my KGPE-D16 without any issue with a 2013 CPU (not 2008) * We worked on disabling the ME on the purism laptops. Yes, the lion's share of the work was done by others (Corna for me_cleaner and Positive Technologies for the HAP bit), but not only did it require a significant amount of work from our side as well, to test, validate and package the ME disablement work (see above blog post link), but we are the first manufacturer to offer it standard and without us doing it, it could be argued whether or not this differentiation would have convinced System76 and Dell to also pursue offering machines with the ME disabled. So, encouraging those who are
Re: [coreboot] Coreboot Purism BIOS is free? open?
THANKS KAKAROTO!! I alredy have fun! If my head does not explode and my laptop does not explode, I'll write you soon hahahaha 2017-12-19 21:54 GMT+01:00 Timothy Pearson: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Thank you for the detailed explanation. I guess this is an area in > which experience matters; it is absolutely unacceptable (and not > unexpected) that Intel misled your CEO, but this is sadly not an > uncommon tactic in the industry. > > One item I would like to call out though is the following: > > > if old or non-x86 architectures were so appealing, you would have seen > that become the norm rather than the exception) > > No one is denying that the easiest course of action for everyone would > have been for Intel or AMD to release owner-controllable CPUs. That > being said, individuals and organizations needing privacy and owner > control are /not/ their target market, nor are those entities Intel (or > AMD)'s secondary (or even tertiary) market. Both Intel and AMD rely on > their lock-in and close association with Windows and related software to > provide cheap, but wholly locked down, CPUs *by design*. You could look > at it as the hardware vendor simply providing a leased tool on which to > run the leased software -- in such a market, cost trumps everything, > owner control is looked at as "enabling piracy", and as a result x86 is > not an appropriate platform for anyone needing control or privacy. > > In this environment, one must make a choice between convenience (x86) > and owner control. As you mentioned, the only middle ground is > relegated to ancient computers, and that is not where we place any hope > at all. Trying to switch architectures may be hard, but it is only > going to get harder day after day as people continue to cling to false > hope that the x86 platform may ever be brought under their control. The > simple fact is, the purchaser of an x86 machine is not Intel or AMD's > customer, nor are the ODMs. Their primary customers, in an odd sort of > way, are actually the software vendors that require x86 for their > existing applications, and they are the ones that will call the shots on > features or antifeatures in the x86 walled garden. > > I wonder, though, if given this information if possibly Raptor and > Purism might have some common business ground here? Purism has > experience with laptop mechanicals and related concerns, and we have > experience with truly blob-free, powerful hardware -- combining those > two could yield an interesting machine... > > On 12/19/2017 02:41 PM, Youness Alaoui wrote: > > On Tue, Dec 19, 2017 at 2:07 PM, Timothy Pearson > > wrote: > > On 12/19/2017 11:51 AM, Dame Más wrote: > I finished the University and I have free time to do things. And this > seems like an interesting project to which I dedicate many hours. > > The truth is that I read a lot these days. The work you do kakaroto is > impressive. > In general Purism is doing something big, and I spoke ahead of time. > > I saw that in the directory > coreboot/3rdparty/blobs/mainboard/purism/ > there is no content, it is right? > > Thanks > > > > The main question I have, and this is an honest question, is why Purism > > chose to use the x86 platform as a base for libre hardware, when it has > > been known for some time that said hardware could never be made fully > > blob-free? > > > > There were (and are) other good ways to make a system that could be > > fully blob-free, for instance ARM, and given the engineering effort that > > is said to have been put into the Purism machines I wonder what we could > > have had if said effort had been put into an aarch64 system instead of > > an x86 system? > > > >> That's a very good question and you're not the first one to ask it. > > > >> I think it's a combination of quite a few things. First, the fact that > >> I don't think there were any realistically powerfuly/competing > >> ARM/PPC/risc systems available at the time (or if there were, the > >> price would have been too high to make it a "security focused laptop > >> for everyone"). The purpose of Purism is not to satisfy a niche > >> market, but rather to be something everyone will want whether or not > >> they care about the security like we do, but which would still provide > >> them with that security that they need. I think even now, you can't > >> have an ARM device that could compete with an i7 in terms of > >> performance. > > > >> The second reason is that Todd (CEO) was in talks with Intel and was > >> unfortunately lead to believe that they were open to release an > >> ME-less design CPU for his needs, it ended up not being the case. > > > >> The last reason is because I think that through this discussion > >> (https://mail.coreboot.org/pipermail/coreboot/2014-August/078511.html) > >> Todd thought that it would be possible to get a
Re: [coreboot] Coreboot Purism BIOS is free? open?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you for the detailed explanation. I guess this is an area in which experience matters; it is absolutely unacceptable (and not unexpected) that Intel misled your CEO, but this is sadly not an uncommon tactic in the industry. One item I would like to call out though is the following: > if old or non-x86 architectures were so appealing, you would have seen that > become the norm rather than the exception) No one is denying that the easiest course of action for everyone would have been for Intel or AMD to release owner-controllable CPUs. That being said, individuals and organizations needing privacy and owner control are /not/ their target market, nor are those entities Intel (or AMD)'s secondary (or even tertiary) market. Both Intel and AMD rely on their lock-in and close association with Windows and related software to provide cheap, but wholly locked down, CPUs *by design*. You could look at it as the hardware vendor simply providing a leased tool on which to run the leased software -- in such a market, cost trumps everything, owner control is looked at as "enabling piracy", and as a result x86 is not an appropriate platform for anyone needing control or privacy. In this environment, one must make a choice between convenience (x86) and owner control. As you mentioned, the only middle ground is relegated to ancient computers, and that is not where we place any hope at all. Trying to switch architectures may be hard, but it is only going to get harder day after day as people continue to cling to false hope that the x86 platform may ever be brought under their control. The simple fact is, the purchaser of an x86 machine is not Intel or AMD's customer, nor are the ODMs. Their primary customers, in an odd sort of way, are actually the software vendors that require x86 for their existing applications, and they are the ones that will call the shots on features or antifeatures in the x86 walled garden. I wonder, though, if given this information if possibly Raptor and Purism might have some common business ground here? Purism has experience with laptop mechanicals and related concerns, and we have experience with truly blob-free, powerful hardware -- combining those two could yield an interesting machine... On 12/19/2017 02:41 PM, Youness Alaoui wrote: > On Tue, Dec 19, 2017 at 2:07 PM, Timothy Pearson >wrote: > On 12/19/2017 11:51 AM, Dame Más wrote: I finished the University and I have free time to do things. And this seems like an interesting project to which I dedicate many hours. The truth is that I read a lot these days. The work you do kakaroto is impressive. In general Purism is doing something big, and I spoke ahead of time. I saw that in the directory coreboot/3rdparty/blobs/mainboard/purism/ there is no content, it is right? Thanks > > The main question I have, and this is an honest question, is why Purism > chose to use the x86 platform as a base for libre hardware, when it has > been known for some time that said hardware could never be made fully > blob-free? > > There were (and are) other good ways to make a system that could be > fully blob-free, for instance ARM, and given the engineering effort that > is said to have been put into the Purism machines I wonder what we could > have had if said effort had been put into an aarch64 system instead of > an x86 system? > >> That's a very good question and you're not the first one to ask it. > >> I think it's a combination of quite a few things. First, the fact that >> I don't think there were any realistically powerfuly/competing >> ARM/PPC/risc systems available at the time (or if there were, the >> price would have been too high to make it a "security focused laptop >> for everyone"). The purpose of Purism is not to satisfy a niche >> market, but rather to be something everyone will want whether or not >> they care about the security like we do, but which would still provide >> them with that security that they need. I think even now, you can't >> have an ARM device that could compete with an i7 in terms of >> performance. > >> The second reason is that Todd (CEO) was in talks with Intel and was >> unfortunately lead to believe that they were open to release an >> ME-less design CPU for his needs, it ended up not being the case. > >> The last reason is because I think that through this discussion >> (https://mail.coreboot.org/pipermail/coreboot/2014-August/078511.html) >> Todd thought that it would be possible to get a binary blob free >> coreboot/CPU with a few months of work. He didn't realize that it was >> a much harder thing to achieve because the FSP takes a lot of time to >> reverse engineer (remember, he thought he would have an ME-less CPU >> from Intel), but from what I read in one of his answers, he had >> already decided on x86 by the time he wrote that mail to the mailing
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Tue, Dec 19, 2017 at 2:07 PM, Timothy Pearsonwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 12/19/2017 11:51 AM, Dame Más wrote: >> I finished the University and I have free time to do things. And this >> seems like an interesting project to which I dedicate many hours. >> >> The truth is that I read a lot these days. The work you do kakaroto is >> impressive. >> In general Purism is doing something big, and I spoke ahead of time. >> >> I saw that in the directory >> coreboot/3rdparty/blobs/mainboard/purism/ >> there is no content, it is right? >> >> Thanks > > The main question I have, and this is an honest question, is why Purism > chose to use the x86 platform as a base for libre hardware, when it has > been known for some time that said hardware could never be made fully > blob-free? > > There were (and are) other good ways to make a system that could be > fully blob-free, for instance ARM, and given the engineering effort that > is said to have been put into the Purism machines I wonder what we could > have had if said effort had been put into an aarch64 system instead of > an x86 system? That's a very good question and you're not the first one to ask it. I think it's a combination of quite a few things. First, the fact that I don't think there were any realistically powerfuly/competing ARM/PPC/risc systems available at the time (or if there were, the price would have been too high to make it a "security focused laptop for everyone"). The purpose of Purism is not to satisfy a niche market, but rather to be something everyone will want whether or not they care about the security like we do, but which would still provide them with that security that they need. I think even now, you can't have an ARM device that could compete with an i7 in terms of performance. The second reason is that Todd (CEO) was in talks with Intel and was unfortunately lead to believe that they were open to release an ME-less design CPU for his needs, it ended up not being the case. The last reason is because I think that through this discussion (https://mail.coreboot.org/pipermail/coreboot/2014-August/078511.html) Todd thought that it would be possible to get a binary blob free coreboot/CPU with a few months of work. He didn't realize that it was a much harder thing to achieve because the FSP takes a lot of time to reverse engineer (remember, he thought he would have an ME-less CPU from Intel), but from what I read in one of his answers, he had already decided on x86 by the time he wrote that mail to the mailing list, so I'm not sure if it really answers your question. I think those that provide non-x86 (or pre-2008 x86) machines are already there to fill the blob-free need, and it's not healthy to just compete with them. A good summary is that we want to "bring blob-free to the hardware that people want", rather than "bring blob-free hardware to the people who want it". Finally, I'll paste you one of my explanations from an email I sent here last May, which kind of summarizes it all (from https://mail.coreboot.org/pipermail/coreboot/2017-May/084166.html) "[...], You ask why Purism doesn't just create laptops using FX2 or ARM or whatever... Well, because that's not what most people want, out there. If you want a RYF laptop using old or underpowered hardware or non-x86 architectures, that's a problem that has already been solved, there are various resellers of such devices. The idea here is not to "Use what we can find to make RYF" but rather "Bring RYF to the hardware that people want". What I believe Purism is trying to do is to create a modern laptop for *everyone* with the extra value of security and privacy, and in the process make FLOSS appealing to mainstream instead of letting it be confined in a niche. I think everyone will be better off with tools to protect their privacy/security without asking them to throw the baby with the bathwater by requiring them to use hardware that does not interest them (otherwise, if old or non-x86 architectures were so appealing, you would have seen that become the norm rather than the exception)." I hope that fully answers your question. Thanks! Youness. > > - -- > Timothy Pearson > Raptor Engineering > +1 (415) 727-8645 (direct line) > +1 (512) 690-0200 (switchboard) > https://www.raptorengineering.com > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJaOWOAAAoJEK+E3vEXDOFbBZEH/1loBwNG4m2ZrqmQ0qXRrYYy > 9i+bMDTA/a85sPMWm870rJ2qG79Wy9s1w6P/qXIf3iFACDWWt5DpB6/NP6t8hjUp > R9848GoBH2oCt0gO2Ydbt2ThGCP96q2JQoz2sz5Qo/CWXeBccTHZogA7CRc/u/zO > Uj6qSTUUEoxt7Ul0AAoaT0UIYvJJoDjatKX61Rv96hA6RtDGib7nWZ+UwiuD3+wS > iiYO+lkZzrhAprrLIH8Y58IMQ8RlQYRIguWQhmD5+A6I933Xyv81QTwonaDKATBC > fwi3psMjmem4vg1pfJdBOowzMwx9ZItjjuvhPVkNfgpUP1gkZb+OQbFjounucaY= > =iQzP > -END PGP SIGNATURE- -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/19/2017 11:51 AM, Dame Más wrote: > I finished the University and I have free time to do things. And this > seems like an interesting project to which I dedicate many hours. > > The truth is that I read a lot these days. The work you do kakaroto is > impressive. > In general Purism is doing something big, and I spoke ahead of time. > > I saw that in the directory > coreboot/3rdparty/blobs/mainboard/purism/ > there is no content, it is right? > > Thanks The main question I have, and this is an honest question, is why Purism chose to use the x86 platform as a base for libre hardware, when it has been known for some time that said hardware could never be made fully blob-free? There were (and are) other good ways to make a system that could be fully blob-free, for instance ARM, and given the engineering effort that is said to have been put into the Purism machines I wonder what we could have had if said effort had been put into an aarch64 system instead of an x86 system? - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJaOWOAAAoJEK+E3vEXDOFbBZEH/1loBwNG4m2ZrqmQ0qXRrYYy 9i+bMDTA/a85sPMWm870rJ2qG79Wy9s1w6P/qXIf3iFACDWWt5DpB6/NP6t8hjUp R9848GoBH2oCt0gO2Ydbt2ThGCP96q2JQoz2sz5Qo/CWXeBccTHZogA7CRc/u/zO Uj6qSTUUEoxt7Ul0AAoaT0UIYvJJoDjatKX61Rv96hA6RtDGib7nWZ+UwiuD3+wS iiYO+lkZzrhAprrLIH8Y58IMQ8RlQYRIguWQhmD5+A6I933Xyv81QTwonaDKATBC fwi3psMjmem4vg1pfJdBOowzMwx9ZItjjuvhPVkNfgpUP1gkZb+OQbFjounucaY= =iQzP -END PGP SIGNATURE- -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
I finished the University and I have free time to do things. And this seems like an interesting project to which I dedicate many hours. The truth is that I read a lot these days. The work you do kakaroto is impressive. In general Purism is doing something big, and I spoke ahead of time. I saw that in the directory coreboot/3rdparty/blobs/mainboard/purism/ there is no content, it is right? Thanks 2017-12-19 14:41 GMT+01:00 Nico Huber: > Hi, > > On 18.12.2017 10:07, Dame Más wrote: > >> Hello, >> I understand. >> I want implement Coreboot for current 7th and 8th generation Intel >> computers. >> > > coreboot already works on 7th gen Intel (Kaby Lake). Not sure what 8th > gen generally refers to. Kaby Lake Refresh might work as well, and > Cannon Lake is worked on. No sign of Coffee Lake support, afaics. > > Though, all these newer Intel chips are only supported with coreboot's > open-source infrastructure around a proprietary core, namely Intel FSP > (firmware support package). You still have much more control over the > boot process this way. But compared to a fully open-source coreboot > it's much harder to support a new motherboard (after my first FSP port, > I'd calculate at least 4 times the effort). And you have to trust > Intel, ofc. > > And if the Pursism BIOS was opensource, I could work with it as a base. >> However >> I can not find the source code to work with him. >> > > Purism used a most proprietary UEFI/BIOS on their first devices. They > ship now (some?) devices with coreboot. But that's as described above, > build around the proprietary FSP. So there is nothing to learn from > their code (as of yet). > > I like GNU/Linux and the opensource because among all we do it better, but >> if the code is not liberated, I can not speak well of Purism. >> > > They are working on it. Ask Youness if you can help him to reverse > engineer FSP. > > I hope this answers your question. Sorry for all the noise here on the > ML. Threads about "liberated" devices often get hijacked (especially if > they are about Purism) to advocate some BS or lament about the ME > (which is actually unrelated to coreboot). > > Nico > -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Hi, On 18.12.2017 10:07, Dame Más wrote: Hello, I understand. I want implement Coreboot for current 7th and 8th generation Intel computers. coreboot already works on 7th gen Intel (Kaby Lake). Not sure what 8th gen generally refers to. Kaby Lake Refresh might work as well, and Cannon Lake is worked on. No sign of Coffee Lake support, afaics. Though, all these newer Intel chips are only supported with coreboot's open-source infrastructure around a proprietary core, namely Intel FSP (firmware support package). You still have much more control over the boot process this way. But compared to a fully open-source coreboot it's much harder to support a new motherboard (after my first FSP port, I'd calculate at least 4 times the effort). And you have to trust Intel, ofc. And if the Pursism BIOS was opensource, I could work with it as a base. However I can not find the source code to work with him. Purism used a most proprietary UEFI/BIOS on their first devices. They ship now (some?) devices with coreboot. But that's as described above, build around the proprietary FSP. So there is nothing to learn from their code (as of yet). I like GNU/Linux and the opensource because among all we do it better, but if the code is not liberated, I can not speak well of Purism. They are working on it. Ask Youness if you can help him to reverse engineer FSP. I hope this answers your question. Sorry for all the noise here on the ML. Threads about "liberated" devices often get hijacked (especially if they are about Purism) to advocate some BS or lament about the ME (which is actually unrelated to coreboot). Nico -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Hi Dame, The coreboot on Purism machines is indeed open and available, and it is all merged into upstream coreboot, so there is no specific repository for it other than the coreboot repository (the code is in src/mainboard/purism/ subdirectory). Here is the build script we use to build coreboot for our machines, from scratch : https://forums.puri.sm/t/building-coreboot-from-source-official-script/1264 I haven't updated the build script in a while, so it's actually building from here : https://code.puri.sm/kakaroto/coreboot.git but those commits were merged upstream and the upstream coreboot repository is all you need now. Note that to disable the ME, we need to use the '-S -e MFS' option to me_cleaner (the script also uses my own repository for me_cleaner, but my patches to me_cleaner were also merged upstream, so you can just use the upstream repository for me_cleaner. See my pull request here : https://github.com/corna/me_cleaner/pull/70) . You can read more about the efforts to disable the ME and the need for the -e option by reading my blog post here : https://puri.sm/posts/deep-dive-into-intel-me-disablement/ You said you want to implement coreboot for some 7th and 8th generation Intel computers. Then you'd probably also be interested in the blog posts I wrote about the porting experience. You can find all my posts on the right sidebar of our coreboot timeline page here : https://puri.sm/coreboot/timeline/ If you still have any questions, feel free to ask. As for Taiidan's response, I think Matt's response to it is pretty good already, and I'm tired of seeing Taiidan jumping at the chance to talk against Purism every chance he gets, but I won't rant about that today, I will only add this to the discussion : * The original question was on whether our coreboot port was available or not because the OP wanted to know how we disable the ME, you completely missed the question and decided to give advice on what device to buy instead... * You seem to think that the purism laptops are selling at a premium because it comes with coreboot? I'm pretty sure that the Cost/MSRP margin is the same or lower than from other laptop manufacturers, the "premium" you'd pay is because of the low volume of machines we are making, Dell/Lenovo can of course sell for lower prices because they get economy of scale, which we don't. It's not because we are increasing our revenue and using coreboot as an excuse to do it. * You said "they are charging for a whitebox re-brand.", that's actually a completely false statement, the motherboard is our own and it is designed to avoid having any firmware-based hardware so a binary-blob-free linux distribution can run on it. It is not a whitebox re-brand. If it was a whitebox re-brand, then yeah, we'd be selling for a lot lower price considering we'd be able to also take advantage of the economies of scale. * You are encouraging the purchase of lenovo machines, but as far as I know, lenovo is not actively working on reverse enginering the FSP. Also, the only reason that Lenovo can have a libreboot running on it is because the community did the port, not because the company itself is working towards freeing it or investing anything to provide more freedom to users. So yeah, sure, you could say "don't pay a 30$ premium for coreboot, buy a lenovo and do the port yourself" (assuming you know how to do the port, or you buy one that is already ported) , but you might as well say "don't pay a 30$ premium for coreboot, buy a lenovo, do the port yourself, then reverse engineer the FSP yourself while you're at it" and it would be more accurate. And that's of course ignoring the question of the harware kill switches, the fact that you can't compare a 200$ refurbished laptop from 6 years ago with a higher priced laptop from today, or that lenovo won't answer you if you ask tech support questions on coreboot or linux, etc... * We worked on disabling the ME on the purism laptops. Yes, the lion's share of the work was done by others (Corna for me_cleaner and Positive Technologies for the HAP bit), but not only did it require a significant amount of work from our side as well, to test, validate and package the ME disablement work (see above blog post link), but we are the first manufacturer to offer it standard and without us doing it, it could be argued whether or not this differentiation would have convinced System76 and Dell to also pursue offering machines with the ME disabled. So, encouraging those who are trying to pioneer the work might actually help the entire community. Do you think it might convince Intel to offer ME-less designs if they see half the manufacturers starting to ship unofficially-disabled ME machines ? Maybe, maybe not, but at least someone is trying to move things along instead of only complaining about the status of things. I could go on, but I think that's enough. Hopefully, this helps clarify the situation. Thanks, Youness. On Mon, Dec 18, 2017 at 4:07 AM, Dame Más
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Mon, December 18, 2017 5:01 am, Matt DeVillier wrote: > On Sun, Dec 17, 2017 at 6:58 PM, taii...@gmx.comwrote: > > >> On 12/17/2017 05:06 PM, Dame Más wrote: >> >> >> Hi, >> >>> The Coreboot BIOS of Purism 13 is open? >>> >>> >> No it isn't, while they do use coreboot the silicon init process is >> entirely blobbed. >> >> Technical merits - is it better than an off the shelf dell laptop? Of >> course, but not better enough to justify even a $30 premium let alone >> the thousands they are charging for a whitebox re-brand. It removes the >> brander (ex: dell) from the firmware trust equation but intel still >> remains and so does ME. >> > > That's a pretty absurd exaggeration. Purism laptops certainly sell at a > premium relative to a Dell (eg) with similar CPU/RAM/SSD, but they don't > sell anywhere near the same volume, so their costs are higher. They also > feature hardware kill switches for wifi/BT and mic/webcam, ship with a > blob-free Debian-based distro, and use coreboot with a disable/neutered > ME. Whether or not you consider those qualities, and supporting a > startup working towards increasing owner control on modern hardware, to > justify the price premium is certainly a valid point of discussion. Purism admits they aren't fully free on https://puri.sm/learn/freedom-roadmap/. One can debate whether they are ever going to be able to accomplish their end goal while supporting proprietary systems like Intel ME/AMD PSP with purchases of their new CPUs etc. They are competing for some of the same market segment of people who don't want to get owned by the Intel ME vulnerability of the week, but can't compete with 100% user controlled options for those who require a fully open platform. Overall, I think they are a net positive. It's doubtful Dell would have started offering ME cleaned laptops without Purism's commercial lead. It would be nice if the dollars ended up going to reward hardware manufacturers working to open the platform instead of closing it, though. My personal purchases will be. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
Hello, I understand. I want implement Coreboot for current 7th and 8th generation Intel computers. And if the Pursism BIOS was opensource, I could work with it as a base. However I can not find the source code to work with him. I like GNU/Linux and the opensource because among all we do it better, but if the code is not liberated, I can not speak well of Purism. 2017-12-18 6:01 GMT+01:00 Matt DeVillier: > On Sun, Dec 17, 2017 at 6:58 PM, taii...@gmx.com wrote: > >> On 12/17/2017 05:06 PM, Dame Más wrote: >> >> Hi, >>> The Coreboot BIOS of Purism 13 is open? >>> >> No it isn't, while they do use coreboot the silicon init process is >> entirely blobbed. >> >> Technical merits - is it better than an off the shelf dell laptop? Of >> course, but not better enough to justify even a $30 premium let alone the >> thousands they are charging for a whitebox re-brand. >> It removes the brander (ex: dell) from the firmware trust equation but >> intel still remains and so does ME. >> > > That's a pretty absurd exaggeration. Purism laptops certainly sell at a > premium relative to a Dell (eg) with similar CPU/RAM/SSD, but they don't > sell anywhere near the same volume, so their costs are higher. They also > feature hardware kill switches for wifi/BT and mic/webcam, ship with a > blob-free Debian-based distro, and use coreboot with a disable/neutered > ME. Whether or not you consider those qualities, and supporting a startup > working towards increasing owner control on modern hardware, to justify the > price premium is certainly a valid point of discussion. > > >> >> If I was you I would purchase a different coreboot compatible laptop then >> compile and install coreboot while running me_cleaner yourself - this will >> provide a better result for a lot less money as these following laptops >> feature open source silicon init and in the case of the intel models are >> pre-skylake so more of ME can be "cleaned". > > >> One of these laptops is $200 max for one in good condition, vs thousands >> for a Purism 13 - with the cash you save you can also buy a KCMA-D8 gaming >> computer for libre gaming in a VM or otherwise. > > > "better" certainly depends on how one ranks the various qualities of a > given device. If owner-controller trumps all other considerations, > then certainly there are "better" options, but you're not going to find > anything for $200 that is anywhere close in terms of weight, battery life, > screen quality, or using a modern SoC -- that's the tradeoff, and again > something that's worth discussion, but framing it in the context of paying > "thousands" for a Purism device vs $200 for something of equal/better > capability is dishonest and does a disservice to the entire community IMO. > -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On Sun, Dec 17, 2017 at 6:58 PM, taii...@gmx.comwrote: > On 12/17/2017 05:06 PM, Dame Más wrote: > > Hi, >> The Coreboot BIOS of Purism 13 is open? >> > No it isn't, while they do use coreboot the silicon init process is > entirely blobbed. > > Technical merits - is it better than an off the shelf dell laptop? Of > course, but not better enough to justify even a $30 premium let alone the > thousands they are charging for a whitebox re-brand. > It removes the brander (ex: dell) from the firmware trust equation but > intel still remains and so does ME. > That's a pretty absurd exaggeration. Purism laptops certainly sell at a premium relative to a Dell (eg) with similar CPU/RAM/SSD, but they don't sell anywhere near the same volume, so their costs are higher. They also feature hardware kill switches for wifi/BT and mic/webcam, ship with a blob-free Debian-based distro, and use coreboot with a disable/neutered ME. Whether or not you consider those qualities, and supporting a startup working towards increasing owner control on modern hardware, to justify the price premium is certainly a valid point of discussion. > > If I was you I would purchase a different coreboot compatible laptop then > compile and install coreboot while running me_cleaner yourself - this will > provide a better result for a lot less money as these following laptops > feature open source silicon init and in the case of the intel models are > pre-skylake so more of ME can be "cleaned". > One of these laptops is $200 max for one in good condition, vs thousands > for a Purism 13 - with the cash you save you can also buy a KCMA-D8 gaming > computer for libre gaming in a VM or otherwise. "better" certainly depends on how one ranks the various qualities of a given device. If owner-controller trumps all other considerations, then certainly there are "better" options, but you're not going to find anything for $200 that is anywhere close in terms of weight, battery life, screen quality, or using a modern SoC -- that's the tradeoff, and again something that's worth discussion, but framing it in the context of paying "thousands" for a Purism device vs $200 for something of equal/better capability is dishonest and does a disservice to the entire community IMO. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 12/17/2017 09:01 PM, szbn...@gmail.com wrote: hi there! :) Hi :D sooo my understanding says that libreboot is a deblobbed coreboot, Yes -plus the different politics. you say that those machines you mentioned above are 100% owner cotrolled, however i only know lenovo t400 is good for libreboot from that list. is this about a misinterpretation of your words, or what? Yeah it is :[ I included the T420/X230 as they have a few features the G505S lacks that he might need - while they are still more free than a purism they have ME so they aren't owner controlled. I wouldn't consider the T400 owner controlled either although it is closer than the T420 etc, while it boots without an ME kernel I still dislike the present of ME and the non-free EC controller (someone is working on a free software replacement for the G505S EC) All of these below devices have libre firmware besides the G505S which currently requires a blob for video and power management, but it is still owner controlled due to the absence of hardware code signing enforcement. Owner controlled devices: Laptops: Lenovo G505S - average laptop performance Novena - ARM - slow :[ Workstations/Servers: KCMA-D8 - medium KGPE-D16 - high-medium Ultra High Performance Servers/Workstations: TALOS 2 (POWER9) - uber fast and a much better price than intel/amd's new high end server stuff. TYAN Palmetto (POWER 8) - fast IBM Firestone (POWER 8) - very fast POWER 9 is true computing excellence - owner controlled from top to bottom and performance significantly better than x86-64. my best image about this is that coreboot is owner controlled but not deblobbed, however the possibility is fully opened - is this right? if yes, then what parts are not deblobbed and how serious they can be? so what could i win/lose by letting go the idea of aiming a libreboot machine and choose a coreboot machine instead? (that i dont know when i will have enough money for that purpose) Some coreboot boards are owner controlled some aren't, and there are varying amounts of blobs. If one builds for instance the KCMA-D8 with coreboot you have the same result as libre-boot as it doesn't need firmware-blobs to run unless you use a 43xx CPU which needs a microcode update for security reasons. You can get a Lenovo G505S for $200, or you can build a KCMA-D8 libre gaming PC for $500-1000 an another question is that ive read about the background of the whole hacking game maybe here maybe elsewhere but most likely from mixed origins... :D so my understanding says that there is a bunch of encryption keys that are unremovable (except by intel) maybe based on something like in that case (complete overwrite of everything included on the ic that contains the intel me) there is something else that will miss the original keys. (id appreciate a cleaner vision about this part, for better understanding, but its not the main question) so this encryption key is only validating something like headers or entrance points to the parts of the intel me but not the contents/body of them. the best that core-/libreboot can achieve is to override the body parts and we can say then the whole became whitebox and well known, or there is a next level after the achieved access to entirely remove it? ME brings up the main CPU on a modern intel platform, no ME no computer. The ME core validates the ME kernel and on newer systems parts of the ME software, ME cleaner removes the parts that aren't validated. It is de-facto impossible to remove/disable ME for a variety of reasons and any effort to do so is wasted and better spent on archs's that can have owner controlled devices such as POWER and ARM. i dont even know how flashing going on in practise nor in theory, just trying to figure out things around... does it work like total copy/write access with the chance of wrecking things around on the other hand, or its controlling/limiting its own access, and then one should come over it somehow? where me_cleaner works 100% replacing could be achieved, just none implemented core-/libreboot yet for the other machines in th range of a specific range of intel me version? I am not really sure what you mean due to the language barrier. so many thanks for any kinda help and all the bests for everyone around here! Yeah feel free to ask any questions :] -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
hi there! :) im just learning these, ive got no personal experience just some knowledge about stuffs around these areas, so i can be wrong. first ive found a pic about an intel folk who talks about the intel me and its evilness so ive started to dig deeper, then ive found RMS's homepage, who wrote about libreboot (iirc), continued the learning there and arrived here... sooo my understanding says that libreboot is a deblobbed coreboot, and you say that those machines you mentioned above are 100% owner cotrolled, however i only know lenovo t400 is good for libreboot from that list. is this about a misinterpretation of your words, or what? my best image about this is that coreboot is owner controlled but not deblobbed, however the possibility is fully opened - is this right? if yes, then what parts are not deblobbed and how serious they can be? so what could i win/lose by letting go the idea of aiming a libreboot machine and choose a coreboot machine instead? (that i dont know when i will have enough money for that purpose) an another question is that ive read about the background of the whole hacking game maybe here maybe elsewhere but most likely from mixed origins... :D so my understanding says that there is a bunch of encryption keys that are unremovable (except by intel) maybe based on something like in that case (complete overwrite of everything included on the ic that contains the intel me) there is something else that will miss the original keys. (id appreciate a cleaner vision about this part, for better understanding, but its not the main question) so this encryption key is only validating something like headers or entrance points to the parts of the intel me but not the contents/body of them. the best that core-/libreboot can achieve is to override the body parts and we can say then the whole became whitebox and well known, or there is a next level after the achieved access to entirely remove it? i dont even know how flashing going on in practise nor in theory, just trying to figure out things around... does it work like total copy/write access with the chance of wrecking things around on the other hand, or its controlling/limiting its own access, and then one should come over it somehow? where me_cleaner works 100% replacing could be achieved, just none implemented core-/libreboot yet for the other machines in th range of a specific range of intel me version? and as these are the most mystical parts in my understanding i cant thanks enough if you or anyone around can make these clean for me! however i hope that one day ill be able to join you under this bright flag of freedom and give more help than spreading the verb around :) so many thanks for any kinda help and all the bests for everyone around here! -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] Coreboot Purism BIOS is free? open?
On 12/17/2017 05:06 PM, Dame Más wrote: Hi, The Coreboot BIOS of Purism 13 is open? No it isn't, while they do use coreboot the silicon init process is entirely blobbed. Technical merits - is it better than an off the shelf dell laptop? Of course, but not better enough to justify even a $30 premium let alone the thousands they are charging for a whitebox re-brand. It removes the brander (ex: dell) from the firmware trust equation but intel still remains and so does ME. If I was you I would purchase a different coreboot compatible laptop then compile and install coreboot while running me_cleaner yourself - this will provide a better result for a lot less money as these following laptops feature open source silicon init and in the case of the intel models are pre-skylake so more of ME can be "cleaned". One of these laptops is $200 max for one in good condition, vs thousands for a Purism 13 - with the cash you save you can also buy a KCMA-D8 gaming computer for libre gaming in a VM or otherwise. My laptop recs: Lenovo G505S (best choice) - no ME/PSP + open source silicon init Lenovo T420 (performance) - ME cleanable + open source silicon init - Can play new games via an ExpressCard EGPU Lenovo X230 (mobility) - ME cleanable + open source silicon init The T420 supports the better ivy bridge CPU's via coreboot, installing coreboot also removes the silly thinkpad wi-fi whitelist. If you get the X230 you may wish to install the better x220 keyboard mod. I still don't understand as to why purism didn't simply use the AMD FT3 like the G505S, when they released their first laptop it was brand new and very fast...now it is not as fast as skylake but still more than good enough to be useful and definitely better than "free someday in the future" wintel. I don't include the novena on this list due to it not having an IOMMU, although it does have open source firmware. My desktop rec: KCMA-D8 (entirely libre, no ME/PSP, can play the latest games at high settings in a VM with a 4386 CPU and a VM attached graphics card) Where can I download the source code to understand how it is disabled intel ME? Thank you They use a software called me_cleaner (not made by them) to "clean" the ME blob, it is available in the coreboot tree and the v4.6 tarball and can be ran on almost any laptop that doesn't have the boot guard anti-feature[1] no matter if it supports coreboot or not. It is impossible to disable ME/PSP[2], Intel/AMD intentionally made them integral to the boot process they even bring up the main CPU - even google was not able to convince them to open source ME and/or and provide a method to truly disable it. On purisms laptops the ME kernel is still running and it still inits the main CPU pre-BIOS, if it was disabled one could not only remove the full ME blob from the firmware but also physically disconnect the ME core - neither of which one can do on any modern intel platform. There are many companies that sell legitimately owner controlled hardware so it can be done just not with brand new x86-64 - let us hope purism uses the proceeds from their not-really-libre laptops to produce something worthwhile. [1] An anti-feature is something that negatively benefits you, in this case "boot guard" takes away the ability to modify your firmware making a modern intel platform controlled 100% by intel and 0% by you vs an intel system from 10 years ago that was 100% you, an IBM POWER 9 system (ex: TALOS 2) which is 100% owner controlled by you or an AMD system pre-PSP (around pre-2013) which is 100% you. [2] AMD has PSP on their new stuff which is equivilant to ME and just as terrible -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
[coreboot] Coreboot Purism BIOS is free? open?
Hi, The Coreboot BIOS of Purism 13 is open? Where can I download the source code to understand how it is disabled intel ME? Thank you -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot