Announcement

Collapse
No announcement yet.

The POWER8 Libre System Looks Set To Fail, Now There's An AMD Libre System Effort

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by M@GOid View Post
    I have no doubt that a company like Intel, AMD, IBM and Nvidia have any problem in disassembly and reverse-engineer every single bit of their competitors products. To me, the opensource thing are only a burden to them (see how much time AMD take to release documentation. That is money spent). So if it did not turn in a profit or market advantage, they will not opensource anything.
    I'm sure they do have a problem with it, or else they'd open source everything from the start. But, they realize there's nothing they can really do to stop community efforts. And, by the time someone succeeds in opening the firmware or drivers, the company probably doesn't care anymore. Once a GPU becomes outdated, the company isn't going to really profit from it anymore, so even if there's open-source code they're probably like "eh, whatever". That being said, there is so little financial incentive behind outdated hardware that the companies themselves don't care to contribute their existing software toward any open source project.

    It's not an easy task to reverse engineer something as complex as a GPU, hence nouveau's relatively lacking progress (no offense to those developers - I highly admire their capabilities and ingenuity). The slowness of their progress prevents these companies from getting too worried.

    Comment


    • #12
      Originally posted by Serafean View Post

      Indeed, and here is the reason : https://libreboot.org/faq/#amdpsp
      No more open top modern platforms out there
      Unfortunately there are a lot of things that need this *cough*Windows*cough*Secureboot*cough*, so removing the PSP isn't exactly something that can be done. There are also other reasons that I'm not at liberty to discuss, but it's mostly for "locked down" systems such as Windows and won't only affect the typical FOSS user.

      Although with that said, the entry in the libreboot FAQ about the PSP is mostly FUD... but granted I see where the paranoia comes from. In a perfect world, none of this nonsense would be necessary.

      Comment


      • #13
        There have been many times when the newest systems have been unsafe to use due to Intel and others putting copythugs or governments ahead of their buyers, When the Pentium III came out, it had the antifeature of exposing a unique CPU serial number accessable over the network. It was intended to be used for software DRM node locking. Due to the privacy dangers posed for this, at the time some no doubt stockpiled the Pentium II. Those stockpiles were needed only for a short time because board makers saw that nobody wanted this and added the ability to turn off the CPU serial number feature, many doing so by default.

        Fast-forward to today: Secure Boot has been cracked, unlocking a lot of paperweights like original Microsoft Surface tablets that now can actually be used. At some future point similar cracks for firmware locking will no doubt be found, and there will be modded firmware to verifiably disable things like PSP after initial CPU powerup, or some audit will show a lack of backdoors that don't depend on hooks into Windows.

        This will result in a race between OEM's and those who unlock the hardware, rather like it is with rooting smartphones. Right now AMD is usable through the Bulldozer/Piledriver AM3+ chips, but not the Fusion chips based on them. Intel I think is usable through Core 2 except for server boards (V-Pro capable). As I said there was a time when the "stop point" for Intel was Pentium II, now it's much later than that. I think hardware crackers, unlockers, and in some cases simply auditors will be able to extend this further as old stockpiles get depleted.

        An example of how simple audit could make a board usable: suppose a particular combination of PSP, board, and CPU exists where a hexdump and analysis of a particular signed PSP firmware version on a particular PSP chip show that it does nothing more than check the main firmware signature, hand over execution control to the CPU, and sit at idle waiting to be accessed by DRM drivers in Windows that we don't use? Better yet is an audit that actually finds malicious features, but finds them dependent one something optional like MS Windows or use of the onboard network adapter. It is easier to prove that say, a keylogger needs to use hooks into Windows or the onboard network to phone home than to prove that no such feature exists. The former example is from Lenovo's malcious firmware to reinstall Windows bloatware, the latter is from Intel V-Pro's known features.

        If an extensive behavioral analysis and reverse egineering could prove a particular PSP and firmware combination free of back doors, we would get a combination where that verified and update-blocked firmware could be treated as though it was burned to chip. That chip then becomes exactly as dangerous as the CPU and northbridge themselves are. Hell, a malicious northbridge is probably a better place to insert a keylogger than the PSP, as the keyboard input passes right though it. Thus AMD could make new chips that are exactly as dangerous as the previous chips by releasing a PSP that could be proven to do nothing but hand over boot execution to the CPU, and this might (depending on PSP design) be as simple as releasing and signing an alternate firmware with DRM features disabled for the exact same chip.

        That alternate firmware could potentialy be releasable assuming it does not have to make references to any specialized DRM hardware features.All it has to do is execute that first instruction on powerup, then tell the CPU to begin executing instructions. All other PSP "features" would simply be left out of the open firmware and thus the DRM shit stays closed. The key here is for the "crippled PSP" open firmware to be executable on the same physical core as the normal firmware. Assuming that the keys for the signed firmware eventually leak like the Secure Boot key did, a 3ed party could potentially write this code. It would be simpler than what the Nouveau team has had to do, as it would not be attempting to enable any feature except booting the CPU.

        Alternately, if this stuff changes with time, maybe AMD could be encouraged to open their code when they stop supporting a project, so those of us who need trust can always use parts that are just a couple generations behind. AMD and Intel could even use this to drive sales by carefully controlled "accidental" cracks of hardware/fimrware DRM , thus forcing Netflix and Hulu to only support the newest computers. This drives sales to all the Windows DRM media zombies while opening the old stuff for us.

        Comment


        • #14
          Originally posted by schmidtbag View Post
          It's not an easy task to reverse engineer something as complex as a GPU, hence nouveau's relatively lacking progress (no offense to those developers - I highly admire their capabilities and ingenuity). The slowness of their progress prevents these companies from getting too worried.
          My point is: maybe is difficult for hobbyists do the reverse-engineering, but not big corporations. Image the resources they have at their disposal to delid a chip and take a look at the circuit. And the disassembly and reverse engineering of the driver too.

          I think they all do it at some level, to see what their competitors are doing.

          So make things obscure only slow down hobbyists, not big corporations with deep pockets. Obviously, the patent army they employ prevents the competitors in copying everything they learn from these efforts, but lessons are learned to the development of new products.

          Comment


          • #15
            Originally posted by Mystro256 View Post

            Unfortunately there are a lot of things that need this *cough*Windows*cough*Secureboot*cough*, so removing the PSP isn't exactly something that can be done. There are also other reasons that I'm not at liberty to discuss, but it's mostly for "locked down" systems such as Windows and won't only affect the typical FOSS user.
            Why do you think SecureBoot needs the PSP? You can do signature verification even if the attacker knows the public key. (As long as they cannot manipulate it, which you can do by write-protecting the relevant part of the boot-flash) That's the cool thing about asymmetric/public key cryptography!

            Comment


            • #16
              Originally posted by Serafean View Post

              Indeed, and here is the reason : https://libreboot.org/faq/#amdpsp
              No more open top modern platforms out there
              I'm concerned. Can't an OEM use this to prevent installation of non-original-OS (likely Windows) altogether in a way that's impossible to fix without soldering iron?

              Comment


              • #17
                Originally posted by nanonyme View Post

                I'm concerned. Can't an OEM use this to prevent installation of non-original-OS (likely Windows) altogether in a way that's impossible to fix without soldering iron?
                Much worse: they can use this to prevent installation of non-original-OS in a way that's impossible to fix *with* a soldering iron or any other hardware modifications for that matter. It's literally the main goal of the technology; the software vendor's firmware / kernel is the only thing considered trusted, everything else is potentially a virus. It's a very narrow way of looking at things but since the libre community hasn't shown any alternative is viable it's what we're stuck with.

                Comment


                • #18
                  I'm sorry, but after that massive hissie fit that Leah Rowe caused over the FSF and detaching her Libreboot project from GNU, I want nothing to do with anything attached to her name officially. She's a narcissist and loves blowing things out of proportion.

                  Comment


                  • #19
                    Originally posted by M@GOid View Post
                    My point is: maybe is difficult for hobbyists do the reverse-engineering, but not big corporations. Image the resources they have at their disposal to delid a chip and take a look at the circuit. And the disassembly and reverse engineering of the driver too.

                    I think they all do it at some level, to see what their competitors are doing.
                    It is not any easier for corporations. Nearly all tech companies have or currently are literally funding wars in Africa in order to buy elements like tantalum or gold for a lower price. They cut corners everywhere. So why would a corporation spend the amount of time and resources reverse-engineering another company's product, let alone a competitor? Don't forget the risks involved in the process where it could end up being a total waste of time, for example:
                    * If they find anything useful, it could be controlled via proprietary software (which they would also have to reverse engineer - very time consuming)
                    * If they find anything useful, it could be patented, in which case they can't do anything with it anyway.
                    * If they find anything useful that coincidentally has no restrictions, and, where they just happen to know how to utilize it, they still have to figure out how to implement the design into their own, which in itself is a very difficult and slow process that needs extensive testing.
                    * The average processor die has billions of transistors. It wouldn't surprise me if it was more difficult or time consuming to decipher a delidded processor than when archaeologists first deciphered Egyptian hieroglyphics.
                    * They might not find anything useful at all. The competing product could end up having a worse design (in either hardware or software) where the complementing component happens to be really good. But that doesn't help because there's no access to that.

                    In other words, they'd be better off trying to speculate what the competition did and attempt to make it from scratch themselves than attempting to reverse-engineer it.
                    but lessons are learned to the development of new products.
                    That may be true, but competitors get real suspicious very fast when stuff like that happens. Take Android's early days for example - Oracle wanted to sue Google for using their own code (which from what I recall, they didn't - it was just coincidentally very similar).
                    Last edited by schmidtbag; 09 January 2017, 04:59 PM.

                    Comment


                    • #20
                      Leah Rowe.. Ugh..
                      I'd never buy anything from her/him/it..

                      Comment

                      Working...
                      X