Announcement

Collapse
No announcement yet.

Coreboot 4.11 Brings Many Intel Improvements, New Support For Supermicro / Lenovo Boards

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • madscientist159
    replied
    Originally posted by michaelb1 View Post
    AMD PSP got added much later than Intel ME: I was able to find some 2014-2015 and even 2016 AMD CPUs without this backdoor. It really depends on the architecture: early 16h Jaguar and older - no PSP; while the late 16h Puma and 17h Picasso (Ryzen) - with PSP
    Fair enough. I tend to overlook those parts as uninteresting because the core architecture is so old; those are definitely not workstation/server grade parts, they're basically desktop only with extremely poor performance compared to modern desktop parts. Essentially it wasn't worth the investment for AMD to add the PSP vs. just fabbing those old cores as-is, which should say something about how AMD positioned them on the market (low end / cheap).

    And yes, at this point I consider the Opterons uninteresting except for historical reasons. The world has moved on; x86 has dead ended for secure applications and great alternatives have sprung up to fill the gap. Retrocomputing is great for preserving history, less so for real world work.

    Leave a comment:


  • michaelb1
    replied
    Originally posted by madscientist159 View Post
    Think again. With the ME/PSP you still have that low level backdoor access, and the FSP for Intel (AGESA for AMD) is as good a place as any to put a key extraction routine.

    Don't like it? Don't use Intel or AMD systems. coreboot doesn't (and can't) give you the security level you listed above on any x86 platform post 2013 or so.
    AMD PSP got added much later than Intel ME: I was able to find some 2014-2015 and even 2016 AMD CPUs without this backdoor. It really depends on the architecture: early 16h Jaguar and older - no PSP; while the late 16h Puma and 17h Picasso (Ryzen) - with PSP
    Last edited by michaelb1; 11-21-2019, 10:22 AM.

    Leave a comment:


  • michaelb1
    replied
    Originally posted by Espionage724 View Post
    On a related note, some relatively decent AMD motherboards/platforms are losing Coreboot support: https://review.coreboot.org/c/coreboot/+/36961

    This particularly affects the ASUS KGPE-D16 board (afaik the highest-performing AMD-based Coreboot-compatible motherboard, or maybe the only one without PSP?), and it's slightly lesser variant, the KCMA-D8 (I used this motherboard for some months with Coreboot).
    Actually almost all the coreboot-supported AMD motherboards don't have a PSP, with the exception of PC Engines APU2 and maybe a few expensive developer boards.

    Leave a comment:


  • pgeorgi
    replied
    Originally posted by fl1pm View Post
    Indeed, what is up with that? As far as I know this is their top performing fully open board, and nothing on the horizon to come even close.
    We didn't decide to drop boards, we're dropping old code paths for which there is a better alternative, to improve code quality. That plan gave plenty of heads up. Nobody bothered to update a bunch of chipset drivers to work according to the new way and so they're becoming non-functional, creating a ripple effect: dropping the old stuff requires dropping the chipset that rely on it requires dropping the boards that are based on these chipsets.

    Should we keep around two of everything (which makes development harder) to keep boards in the tree that apparently nobody wants to maintain?

    The code is still out there in the 4.11 release, tag and branch. Bring it back to current standards and it's welcome on the master branch again.

    Originally posted by fl1pm View Post
    Shouldn't it be a priority, if nothing else then at least from a PR perspective, to continue to support it?
    Maybe, but nobody stepped up to support it.
    Last edited by pgeorgi; 11-21-2019, 05:50 PM.

    Leave a comment:


  • madscientist159
    replied
    Originally posted by danmcgrew View Post
    2) Seems as though the switch to RISC-V can't be made soon enough.
    Why RISC-V? POWER is an open ISA with actual useable desktop / server class silicon on the market now. Or, if you really want that RISC-V performance experience, you can always load one of the POWER soft cores on an FPGA instead...

    Leave a comment:


  • danmcgrew
    replied
    Originally posted by madscientist159 View Post

    Think again. With the ME/PSP you still have that low level backdoor access, and the FSP for Intel (AGESA for AMD) is as good a place as any to put a key extraction routine.

    Don't like it? Don't use Intel or AMD systems. coreboot doesn't (and can't) give you the security level you listed above on any x86 platform post 2013 or so.
    Common knowledge indicates that the four greatest threats to your security and privacy are, from the VERY highest AND EGREGIOUSLY THE WORST, to the nowhere-near-as-bad-a-threat--

    1) Facebook;
    2) Google;
    3) Microsoft;
    4) NSA.

    1) All these VERY bad actors are delighted and ecstatic that some--no; make that a huge number of--people think that the CIA is the enemy...which, of course, totally diverts attention away from them.

    2) Seems as though the switch to RISC-V can't be made soon enough.

    3) Got some really sensitive, secret information to send? Try sending it in a plain envelope with a plain stamp. Drop it in the mail.
    You will absolutely know when the NSA and / or CIA starts steaming open envelopes sent via the USPS; you'll have plenty of warning.

    Leave a comment:


  • fl1pm
    replied
    Indeed, what is up with that? As far as I know this is their top performing fully open board, and nothing on the horizon to come even close. Shouldn't it be a priority, if nothing else then at least from a PR perspective, to continue to support it?

    (Disclaimer: I may be biased as I am typing it on the KGPE-D16)

    Leave a comment:


  • Espionage724
    replied
    On a related note, some relatively decent AMD motherboards/platforms are losing Coreboot support: https://review.coreboot.org/c/coreboot/+/36961

    This particularly affects the ASUS KGPE-D16 board (afaik the highest-performing AMD-based Coreboot-compatible motherboard, or maybe the only one without PSP?), and it's slightly lesser variant, the KCMA-D8 (I used this motherboard for some months with Coreboot).

    Leave a comment:


  • madscientist159
    replied
    Originally posted by hax0r View Post
    Feels good to be free of CIA surveillance and data mining companies and having BIOS/UEFI-less Thinkpad booting straight to GRUB that sits embedded into the flash chip with btrfs goodies precompiled like booting off encrypted partition-less btrfs disk.
    Think again. With the ME/PSP you still have that low level backdoor access, and the FSP for Intel (AGESA for AMD) is as good a place as any to put a key extraction routine.

    Don't like it? Don't use Intel or AMD systems. coreboot doesn't (and can't) give you the security level you listed above on any x86 platform post 2013 or so.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    I wonder whether this means I'll be able to flash Libreboot to my R60e down the line. It would make this laptop somewhat more useful, even though it's basically of no value due to crappy specs.

    Leave a comment:

Working...
X