Slashdot Mirror
Domain: libreboot.org
Stories and comments across the archive that link to libreboot.org.
Comments · 77
-
looks exactly the same size as EOMA68!
i'm the creator and guardian of the EOMA68 standard, and someone just brought the intel compute card to my attention on the mailing list. the intel compute card is *exactly* the same size as EOMA68, which in turn is based on legacy PCMCIA casework and connector re-use: credit-card-sized at: 54 x 86 x 5mm. fortunately, from the BBC video, if you check 30 seconds in the connector is completely different (otherwise intel would have a Certification Mark infringment case on their hands): it looks like it's Mini-PCIe which, if that's true, would be a very sensible choice as it contains USB2, one PCIe lane, some GPIO and power.
i do wonder if my discussions with intel over the past couple of years, as well as the crowd-funding campaign which i'm here in taiwan presently to fulfil, have spurred them to go "i know! let's make our own computer card standard just like that guy did because he said "NO" when it came to having hardware-level spying capability in the BIOS through the Intel Management Engine, with the resultant *complete* meltdown from a security perspective as outlined here https://libreboot.org/faq/#int... "
i'll be watching this with interest, because standards, i've learned, live and die by whether the designers have enough foresight to design it with upgradeability in mind, as well as have the balls to say NO when it comes to "adding options" that are not backwards-compatible.
-
Will it have a trustzone (AMD PSP) processor?
I wonder if it will have AMD's equivalent to Intel AMT, the Platform Security Processor. If so, it may be a no-go for some people.
-
Re:You are missing the potential benefit:
"no longer trust x86" is likely a terse way of saying "there are no new x86-family chips that we can trust". Both Intel and AMD have some system management features that amount to a giant security back door.
-
Re:You are missing the potential benefit:
"no longer trust x86" is likely a terse way of saying "there are no new x86-family chips that we can trust". Both Intel and AMD have some system management features that amount to a giant security back door.
-
100% libre laptop, please
I find it puzzling that not a single vendor goes to market a laptop with a fully free as in freedom software stack, including the initializing program or BIOS.
Programmable components apart from the CPU, say hard drive controllers or 4G modems, should be isolated with an IOMMU.
The last laptops that don't tread on your freedom are from 2008: https://libreboot.org/docs/hcl...Is this problem too hard for corporations with billions of R&D money at their disposal?
Are they forbidden to develop hardware that doesn't subjugate the user's freedom by 3 letter agencies?
Or, is it simply that most people do not care? -
Re:If it is, buy AMD
Just make sure the AMD is from 2012 or earlier.
-
Re:So is this a manufactured clickbait story?
-
Re: Yes
That was true for ME versions up to 6.0, but for newer intel hardware, you can't boot a system without ME involvement anymore. Quoting https://libreboot.org/faq/#int...
ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ingition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
-
Re:So is this a manufactured clickbait story?
Not only "trust us," but also "oh, by the way, you have no choice because we've made implementing your own open-source firmware impossible".
-
Re:Nefarious Headline for Practical Feature
All Intel processors made in the last 10 years have it: https://libreboot.org/faq/#int... All AMD processors made in the last 3 years have it: https://libreboot.org/faq/#amd I am not sure about ARMs, but they also have something called "security engine", and I can find very little info about them on the internet.
-
Re:Nefarious Headline for Practical Feature
All Intel processors made in the last 10 years have it: https://libreboot.org/faq/#int... All AMD processors made in the last 3 years have it: https://libreboot.org/faq/#amd I am not sure about ARMs, but they also have something called "security engine", and I can find very little info about them on the internet.
-
Re:Just as well
The ARM has nothing to do with game consoles. The PS4 and the Xbox One don't even use the ARM for their secure boot/DRM, they use something else (the PS4 uses the SAMU which is an LM32 derivative core inside the GPU portion, and I think the Xbox One uses more custom stuff). Read this libreboot page; the ARM is required to boot any modern AMD chip. Or this if you want a reference from AMD from last year. The PSP is very much alive and well and required to boot modern AMD chips.
-
Re:Just as well
You are fscked up the same way by AMD: https://libreboot.org/faq/#amd
-
Where did I put that rant again?
We even had an article about just this thing earlier this year, too.
-
Old news
https://libreboot.org/faq/#int...
https://libreboot.org/faq/#amd
Both Intel and AMD had this for years - read above links
-
Old news
https://libreboot.org/faq/#int...
https://libreboot.org/faq/#amd
Both Intel and AMD had this for years - read above links
-
Problem for coreboot
That's a major problem for projects like libreboot/coreboot
https://libreboot.org/faq/#int...
https://libreboot.org/faq/#amd -
Problem for coreboot
That's a major problem for projects like libreboot/coreboot
https://libreboot.org/faq/#int...
https://libreboot.org/faq/#amd -
Re:Can it boot without a blob yet?
libreboot has a FAQ and the outlook isn't good for any modern Intel/AMD system if you're as paranoid as RMS.
-
Re:CoreBoot
Coreboot does not remove ME. You may want to investigate the Libreboot project or buy a pre-flashed system from The Ministry of Freedom.
-
Re:The copy writes itself
AMD calls their version of the IME the "Platform Security Processor (PSP)".
One of the side effects is that open source BIOS projects are effectively dead for desktops. -
Phones, Computers, etc.
This is the greatest thing to happen to the libre firmware movement.
Maybe now, people will be more wary of the ever more complex, proprietary software being run without their knowledge by the low-level systems in their devices. Go read about the Intel Management Engine and the associated Active Management Technology for starters! It will make your skin crawl...
The governments of the world are making a lot of futile noise about the dangers of encryption, but only to distract from the fact that the real backdoors have already been designed and are becoming widely deployed.
CAPTCHA: alarmist
-
The backdoors are already in place
Transceivers are often hooked directly into sensors such as microphones, and run very complex proprietary firmware that is given undue privileged access to the rest of the system's resources.
Furthermore, for nearly 15 years, Intel as been quietly introducing an entire, higher-priority computing system within your consumer laptops and desktops and probably now your tablets and smartphones: This is known as the Intel Management Engine, specifically the Intel Active Management Technology. If your computer's Intel sticker lists "vPro", then you've probably got it!
It's frightening stuff.
These systems involve their own little processors, memory, storage, network interfaces, and proprietary operating systems; as long as the machine is plugged into a power source and wired network—even if the user thinks that it's switched "off"—that little computer within "your" computer can be contacted and used to access the rest of the machine, including your storage drives (hard disks, SSDs, etc.), RAM, main CPU, GPU, etc. It has higher priority than "your" system, can take control of the display and keyboard/mouse/touchpad input so that Intel's AMT can provide VNC access from the moment the main system's boot process begins. It can do all of this while your system is running, including reading your private encryption keys from your RAM or twiddling bits on your hard disk.
Any attempt to remove or alter the proprietary software and hardware that composes the AMT can be made to and likely will be made to brick your system or make it otherwise unusable.
-
HTTPS scanning
./ has neglected an even bigger elephant in the room: most modern AV products insert their own HTTPS certificate into the OS you're running for your "safety" and "protection".
In short they scan the traffic which wasn't meant to be scanned by third parties, thus AV vendors circumvent the vary basis of encryption.
Welcome to a brave new world. Then your PC hasn't really belonged to you since 2008 or something but no one cares anyway: http://libreboot.org/faq/#inte...
I wonder if there's anything left to buy nowadays which is yours truly and which doesn't spy on you or have a dozen of backdoors for NSA/CIA/M5/etc.
-
Re:Maybe they found a backdoor
FYI: In theory, all newer Intel chips have Backdoors:
-
Re:Why does the CPU need this?
It's called Intel Management Engine (ME)
The management engine provides remote access capabilities, independently from the running operating system. It has full access to your RAM, and it has full networking support. It also handles the TPM module, AMT (Active Management Technology), Boot Guard and various DRM mechanisms. The ME also performs some basic hardware initialization and power management, on recent systems.
http://libreboot.org/faq/#inte...
MCP by any other name...
-
Re:Why does the CPU need this?
It's called Intel Management Engine (ME)
The management engine provides remote access capabilities, independently from the running operating system. It has full access to your RAM, and it has full networking support. It also handles the TPM module, AMT (Active Management Technology), Boot Guard and various DRM mechanisms. The ME also performs some basic hardware initialization and power management, on recent systems.
