Announcement

Collapse
No announcement yet.

Not All Of The IBM POWER10 Firmware Is Currently Open-Source

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    What is a use case where Power still makes sense? In their day they they used to make a processor that x86_64 just couldn't touch for raw muscle. But the world has changed a lot , far more money gets poured into x86_64 design than Power and the software for x86_64 gets far more love. Does any one deploy any thing new on it these days or is it around just to maintain legacy software that no one wants to port? Even if your an x86_64 hater wouldn't ARM make more sense these days? Not looking to start a flame war, just curious.

    Comment


    • #22
      Originally posted by phoron View Post
      The difference is that loadable firmware can be changed. So it is software and not hardware.
      wrong. it can be changed without soldering iron, so it's strictly better than hardware which requires soldering iron. that's all. there's no semantic difference between "load this blob from disk and send it to this hardware port" and "write value a into port x and value b into port y", both are just required hardware initialization procedures.
      Originally posted by phoron View Post
      Not adding suspicious firmware to that suspicious hardware is something you can avoid and something that I want to avoid.
      lol. if that hardware is really suspicious, surely they didn't allow you to work them around by using your own firmware and will do all evil stuff from hardware.
      some people from gnu have stupid beliefs that firmware loaded from kernel is worse than firmware loaded from soldered-in rom chip(that's what most of "firmwareless" devices do). it's total bullshit, you are controlling your kernel and you can do no worse than hardware rom. you even have possibility to reverse-engineer it and write your own free replacement, and it will not need soldering iron
      Last edited by pal666; 10 September 2021, 01:56 PM.

      Comment


      • #23
        Originally posted by MadeUpName View Post
        What is a use case where Power still makes sense? In their day they they used to make a processor that x86_64 just couldn't touch for raw muscle. But the world has changed a lot , far more money gets poured into x86_64 design than Power and the software for x86_64 gets far more love. Does any one deploy any thing new on it these days or is it around just to maintain legacy software that no one wants to port? Even if your an x86_64 hater wouldn't ARM make more sense these days? Not looking to start a flame war, just curious.
        You're confusing POWER and PowerPC. Totally different.

        The PowerPC that apple used and developed in conjunction with IBM and Motorola is a striped-down version of POWER mixed with sawdust and pond water. POWER has been around a lot longer and has been completely separate the whole time. PowerPC supposed to be cheap and simple enough to put into consumer desktops, but now only finds itself in SoCs for WiFi routers.

        POWER on the other hand is a dominant force at the high end and runs the overwhelming majority of the top supercomputers on earth. It's made for large-scale, high-throughput performance. POWER9 came out years ago with PCIe 4.0 long before either AMD or Intel and supported considerably more RAM and CPU power than was available from top-end Intel Xeons. Now POWER10 is out with PCIe 5.0 and the ability to support many TBs of RAM and lots of interconnected processors.

        Unfortunately, while it was possible for Raptor to build a simplified POWER9 system with 1-2 CPUs and 100% open firmware, the open source part isn't possible with POWER10.

        Comment


        • #24
          Originally posted by pal666 View Post
          wrong. it can be changed without soldering iron, so it's strictly better than hardware which requires soldering iron. that's all. there's no semantic difference between "load this blob from disk and send it to this hardware port" and "write value a into port x and value b into port y", both are just required hardware initialization procedures.
          lol. if that hardware is really suspicious, surely they didn't allow you to work them around by using your own firmware and will do all evil stuff from hardware.
          some people from gnu have stupid beliefs that firmware loaded from kernel is worse than firmware loaded from soldered-in rom chip(that's what most of "firmwareless" devices do). it's total bullshit, you are controlling your kernel and you can do no worse than hardware rom. you even have possibility to reverse-engineer it and write your own free replacement, and it will not need soldering iron
          I usually understand the open firmware ideal as follow -

          If some people/companies plant backdoor in hardware, their product will be screwed if such backdoor is ever discovered. So in order to save themselves from their own backdoor, they have to either manufacture their own backdoor-free variant product, or not plant backdoor at all.

          In the age of flashable firmware, planting backdoor to consumers and keeping self-use devices backdoor-free is a lot easier. So planting backdoors for corporate greed or government secret agency is a lot more likely to happen and become widespread behaviour. If backdoor is found and publicised, it is easy to dismiss it as accidental bugs, create a updated version of firmware with new backdoor for people to install, and end the complaints.

          Therefore, open firmware movement is a exhausting try to combat such situation. One can see the Raptor workstations are promoting themselves for *security*.

          Also, in the age of "signed firmware", we are now blocked from writing reverse-engineered free replacement firmware.

          Comment


          • #25
            Originally posted by billyswong View Post

            I usually understand the open firmware ideal as follow -

            If some people/companies plant backdoor in hardware, their product will be screwed if such backdoor is ever discovered. So in order to save themselves from their own backdoor, they have to either manufacture their own backdoor-free variant product, or not plant backdoor at all.

            In the age of flashable firmware, planting backdoor to consumers and keeping self-use devices backdoor-free is a lot easier. So planting backdoors for corporate greed or government secret agency is a lot more likely to happen and become widespread behaviour. If backdoor is found and publicised, it is easy to dismiss it as accidental bugs, create a updated version of firmware with new backdoor for people to install, and end the complaints.

            Therefore, open firmware movement is a exhausting try to combat such situation. One can see the Raptor workstations are promoting themselves for *security*.

            Also, in the age of "signed firmware", we are now blocked from writing reverse-engineered free replacement firmware.
            I don't think the ability to remove the backdoor later if it's discovered is something any manufacturer cares about. Intel still catches bad attention when any kind of flaw is discovered* and it erodes trust in their product. After Spectre, Intel will be known for a long time for making buggy chips, and those security flaws weren't even intentional.

            Everyone knows about the intel management engine and what it can do. They also know about SGX. A lot of it is marketed as features by intel because their customers (eg hollywood/netflix) want to use them for DRM and Intel needs to convince those customers. A true backdoor would be catastrophic, so many times they advertise anything close to a backdoor as a feature first (the ME's Active Management Technology is a backdoor advertised to businesses' IT departments).

            At the same time, there are legitimate security mistakes that need to be patched.

            There are huge number of free software people not installing microcode patches for Spectre because they thing that will somehow make them more free. This is stupid. There is several hundred times more microcode built into the CPU than is in the patch and nobody really has any choice whether there is a backdoor either way. That's the decision they made when they bought an intel chip. And every time they continue to use it. The only thing they can do about it is install the patch and eliminate the one security flaw we actually know about, and can demonstrate exists with proof-of-concept code.

            Layered on top of this, the RYF rules (from the FSF) are stupid. Purism has the same blob as the POWER10 RAM in their Librem phones, for the same reason. Their SoC uses the same Synopsys DDR4 phy IP and thus the same blob. As far as RYF/FSF are concerned, this is 100% ok. Why? because purism sealed the blob away so that the user can't touch it. Not only are purism themselves the manufacturer (here the manufacturer isn't evil) but this actively hurts user freedom.

            Nobody can inspect the blob to see if there really is a backdoor. Nobody can document what it does. Nobody can ever develop an open-source replacement because Purism physically made it irreplaceable.

            Contrast this with Raptor. For a little while they shipped a blob on their Ethernet controller, the only one in the system if you opted-out of the SAS controller. In the meantime, they successfully developed and open-source replacement. They now ship that to customers and EVERYONE can install it because Raptor didn't lock that firmware blob down.

            For all the talk Purism have about "future improvement in freedom" (they use replaceable wifi and cellular modules "in case a more free alternative becomes available") they blocked this RAM blob from being replaceable because then it would have to be loaded by the bootloader (where as firmware on the replaceable modules is on the module itself).

            *Groups like Positive Technologies and Mark Ermolov (@_markel___) spend a lot of time reverse-engineering (and breaking) the ME. Numerous security researchers have discovered Spectre Flaws in SGX.

            Comment

            Working...
            X