Announcement

Collapse
No announcement yet.

Not All Of The IBM POWER10 Firmware Is Currently Open-Source

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    What is a use case where Power still makes sense? In their day they they used to make a processor that x86_64 just couldn't touch for raw muscle. But the world has changed a lot , far more money gets poured into x86_64 design than Power and the software for x86_64 gets far more love. Does any one deploy any thing new on it these days or is it around just to maintain legacy software that no one wants to port? Even if your an x86_64 hater wouldn't ARM make more sense these days? Not looking to start a flame war, just curious.

    Comment


    • #22
      Originally posted by phoron View Post
      The difference is that loadable firmware can be changed. So it is software and not hardware.
      wrong. it can be changed without soldering iron, so it's strictly better than hardware which requires soldering iron. that's all. there's no semantic difference between "load this blob from disk and send it to this hardware port" and "write value a into port x and value b into port y", both are just required hardware initialization procedures.
      Originally posted by phoron View Post
      Not adding suspicious firmware to that suspicious hardware is something you can avoid and something that I want to avoid.
      lol. if that hardware is really suspicious, surely they didn't allow you to work them around by using your own firmware and will do all evil stuff from hardware.
      some people from gnu have stupid beliefs that firmware loaded from kernel is worse than firmware loaded from soldered-in rom chip(that's what most of "firmwareless" devices do). it's total bullshit, you are controlling your kernel and you can do no worse than hardware rom. you even have possibility to reverse-engineer it and write your own free replacement, and it will not need soldering iron
      pal666
      Senior Member
      Last edited by pal666; 10 September 2021, 01:56 PM.

      Comment


      • #23
        Originally posted by MadeUpName View Post
        What is a use case where Power still makes sense? In their day they they used to make a processor that x86_64 just couldn't touch for raw muscle. But the world has changed a lot , far more money gets poured into x86_64 design than Power and the software for x86_64 gets far more love. Does any one deploy any thing new on it these days or is it around just to maintain legacy software that no one wants to port? Even if your an x86_64 hater wouldn't ARM make more sense these days? Not looking to start a flame war, just curious.
        You're confusing POWER and PowerPC. Totally different.

        The PowerPC that apple used and developed in conjunction with IBM and Motorola is a striped-down version of POWER mixed with sawdust and pond water. POWER has been around a lot longer and has been completely separate the whole time. PowerPC supposed to be cheap and simple enough to put into consumer desktops, but now only finds itself in SoCs for WiFi routers.

        POWER on the other hand is a dominant force at the high end and runs the overwhelming majority of the top supercomputers on earth. It's made for large-scale, high-throughput performance. POWER9 came out years ago with PCIe 4.0 long before either AMD or Intel and supported considerably more RAM and CPU power than was available from top-end Intel Xeons. Now POWER10 is out with PCIe 5.0 and the ability to support many TBs of RAM and lots of interconnected processors.

        Unfortunately, while it was possible for Raptor to build a simplified POWER9 system with 1-2 CPUs and 100% open firmware, the open source part isn't possible with POWER10.

        Comment


        • #24
          Originally posted by pal666 View Post
          wrong. it can be changed without soldering iron, so it's strictly better than hardware which requires soldering iron. that's all. there's no semantic difference between "load this blob from disk and send it to this hardware port" and "write value a into port x and value b into port y", both are just required hardware initialization procedures.
          lol. if that hardware is really suspicious, surely they didn't allow you to work them around by using your own firmware and will do all evil stuff from hardware.
          some people from gnu have stupid beliefs that firmware loaded from kernel is worse than firmware loaded from soldered-in rom chip(that's what most of "firmwareless" devices do). it's total bullshit, you are controlling your kernel and you can do no worse than hardware rom. you even have possibility to reverse-engineer it and write your own free replacement, and it will not need soldering iron
          I usually understand the open firmware ideal as follow -

          If some people/companies plant backdoor in hardware, their product will be screwed if such backdoor is ever discovered. So in order to save themselves from their own backdoor, they have to either manufacture their own backdoor-free variant product, or not plant backdoor at all.

          In the age of flashable firmware, planting backdoor to consumers and keeping self-use devices backdoor-free is a lot easier. So planting backdoors for corporate greed or government secret agency is a lot more likely to happen and become widespread behaviour. If backdoor is found and publicised, it is easy to dismiss it as accidental bugs, create a updated version of firmware with new backdoor for people to install, and end the complaints.

          Therefore, open firmware movement is a exhausting try to combat such situation. One can see the Raptor workstations are promoting themselves for *security*.

          Also, in the age of "signed firmware", we are now blocked from writing reverse-engineered free replacement firmware.

          Comment


          • #25
            Originally posted by billyswong View Post

            I usually understand the open firmware ideal as follow -

            If some people/companies plant backdoor in hardware, their product will be screwed if such backdoor is ever discovered. So in order to save themselves from their own backdoor, they have to either manufacture their own backdoor-free variant product, or not plant backdoor at all.

            In the age of flashable firmware, planting backdoor to consumers and keeping self-use devices backdoor-free is a lot easier. So planting backdoors for corporate greed or government secret agency is a lot more likely to happen and become widespread behaviour. If backdoor is found and publicised, it is easy to dismiss it as accidental bugs, create a updated version of firmware with new backdoor for people to install, and end the complaints.

            Therefore, open firmware movement is a exhausting try to combat such situation. One can see the Raptor workstations are promoting themselves for *security*.

            Also, in the age of "signed firmware", we are now blocked from writing reverse-engineered free replacement firmware.
            I don't think the ability to remove the backdoor later if it's discovered is something any manufacturer cares about. Intel still catches bad attention when any kind of flaw is discovered* and it erodes trust in their product. After Spectre, Intel will be known for a long time for making buggy chips, and those security flaws weren't even intentional.

            Everyone knows about the intel management engine and what it can do. They also know about SGX. A lot of it is marketed as features by intel because their customers (eg hollywood/netflix) want to use them for DRM and Intel needs to convince those customers. A true backdoor would be catastrophic, so many times they advertise anything close to a backdoor as a feature first (the ME's Active Management Technology is a backdoor advertised to businesses' IT departments).

            At the same time, there are legitimate security mistakes that need to be patched.

            There are huge number of free software people not installing microcode patches for Spectre because they thing that will somehow make them more free. This is stupid. There is several hundred times more microcode built into the CPU than is in the patch and nobody really has any choice whether there is a backdoor either way. That's the decision they made when they bought an intel chip. And every time they continue to use it. The only thing they can do about it is install the patch and eliminate the one security flaw we actually know about, and can demonstrate exists with proof-of-concept code.

            Layered on top of this, the RYF rules (from the FSF) are stupid. Purism has the same blob as the POWER10 RAM in their Librem phones, for the same reason. Their SoC uses the same Synopsys DDR4 phy IP and thus the same blob. As far as RYF/FSF are concerned, this is 100% ok. Why? because purism sealed the blob away so that the user can't touch it. Not only are purism themselves the manufacturer (here the manufacturer isn't evil) but this actively hurts user freedom.

            Nobody can inspect the blob to see if there really is a backdoor. Nobody can document what it does. Nobody can ever develop an open-source replacement because Purism physically made it irreplaceable.

            Contrast this with Raptor. For a little while they shipped a blob on their Ethernet controller, the only one in the system if you opted-out of the SAS controller. In the meantime, they successfully developed and open-source replacement. They now ship that to customers and EVERYONE can install it because Raptor didn't lock that firmware blob down.

            For all the talk Purism have about "future improvement in freedom" (they use replaceable wifi and cellular modules "in case a more free alternative becomes available") they blocked this RAM blob from being replaceable because then it would have to be loaded by the bootloader (where as firmware on the replaceable modules is on the module itself).

            *Groups like Positive Technologies and Mark Ermolov (@_markel___) spend a lot of time reverse-engineering (and breaking) the ME. Numerous security researchers have discovered Spectre Flaws in SGX.

            Comment


            • #26
              Originally posted by MadeUpName View Post
              What is a use case where Power still makes sense? In their day they they used to make a processor that x86_64 just couldn't touch for raw muscle. But the world has changed a lot , far more money gets poured into x86_64 design than Power and the software for x86_64 gets far more love. Does any one deploy any thing new on it these days or is it around just to maintain legacy software that no one wants to port? Even if your an x86_64 hater wouldn't ARM make more sense these days? Not looking to start a flame war, just curious.
              A good 90% or more of amd64 linux software should compile just fine on ppc64/64le. Void Linux PPC's website suggests a number of at least 97%. Besides that, yes, it's being written for, if not as often as for amd64. In the before-times, you could build a decent Blackbird computer for $2100 or less, and nowadays that number is around $2600 - I've seen people happily drop over $3000 for a not all that much more powerful computer, with more unpatchable vulnerabilities due to the complacency Intel has as the CPU company, begrudgingly alongside AMD.
              Really, right now is a hot period of activity for consumer POWER devices; besides the Raptor CS computers, there's the PowerPC notebook on an e6500 and the Libre-SOC project implementing OpenPOWER v3.0 in a non-IBM package.

              Comment


              • #27
                How many engineers would have to sign a petition or donate to a kickstarter marketing campaign - do you think - to influence AMD to start the process of opening up their CPUs? The issue is in most places where it is discussed some random horde of customers tell the rest of us that they outnumber us - and they need closed CPUs so they can watch DRM'd content (which isn't even true)...

                Comment


                • #28
                  Probably no amount would do anything. They don't actually care, their open source stuff is probably just them realizing Nvidia being actively FOSS hostile and Intel having a reputation as surveillance state hardware opens them up a captive market.

                  Comment


                  • #29
                    Originally posted by make_adobe_on_Linux! View Post
                    How many engineers would have to sign a petition or donate to a kickstarter marketing campaign - do you think - to influence AMD to start the process of opening up their CPUs?
                    I doubt that a petition would have much effect unless it resulted in industry-wide standards that all the major vendors followed.

                    At first glance a kickstarter campaign would have to be large enough to fund the development and parallel production/support of a separate open-able security system that could be made public without putting the closed implementation at risk. We would either need to build and ship two families of CPUs - one open and one closed - or would have to include both security subsystems on every die (raising per-unit cost) and allow some way of choosing which would be in effect on the next boot.

                    Last time I looked there was considerable research going into fully open security systems but there wasn't anything close to production ready. I don't know if anything has changed there, or if that development would need to be funded as well.

                    Rough estimate of cost would be a couple of hundred million dollars for NRE plus comparable per-year ongoing cost ... not sure if Kickstarter goes up that high.

                    Originally posted by make_adobe_on_Linux! View Post
                    The issue is in most places where it is discussed some random horde of customers tell the rest of us that they outnumber us - and they need closed CPUs so they can watch DRM'd content (which isn't even true)...
                    I don't think that is what the "random horde" is saying - they are saying that whether or not they want to watch DRM content the OS vendors want them to be able to do it, and so they make robust DRM a practical requirement at OEM level.
                    bridgman
                    AMD Linux
                    Last edited by bridgman; 14 January 2022, 01:19 PM.
                    Test signature

                    Comment


                    • #30
                      Originally posted by Redeye View Post
                      Probably no amount would do anything. They don't actually care, their open source stuff is probably just them realizing Nvidia being actively FOSS hostile and Intel having a reputation as surveillance state hardware opens them up a captive market.
                      I don't think so - after joining with AMD we had a significant group of enterprise CPU customers asking for open source GPU drivers, and we felt that the business risk was now manageable since we had CPU revenue as well as GPU, so we kicked off an initiative to implement open source GPU drivers.

                      This happened back in 2007, which I think was before Intel ME was commonly used. I believe NVidia was still releasing open source drivers, albeit obfuscated ones.

                      Remember that our Linux driver support was open source from the start (mid-late 90's) until ~2002. When we acquired FireGL we tried using their closed source workstation driver as our only Linux GPU driver.

                      The closed source driver didn't work well for some markets - it started as a dedicated workstation driver - and so we re-started open source work in 2007.
                      bridgman
                      AMD Linux
                      Last edited by bridgman; 14 January 2022, 01:57 PM.
                      Test signature

                      Comment

                      Working...
                      X