Announcement

Collapse
No announcement yet.

Developer Warns Of "Uncorrectable Freedom & Security Issues" For x86

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • plonoma
    replied
    This might be a good time to mention a fully open source processor, implementing the free open instruction set RISC-V:
    https://www.ethz.ch/en/news-and-even...processor.html
    http://www.pulp-platform.org/
    http://riscv.org/

    And open source GPU:
    http://miaowgpu.org/

    Now having an BIOS/UEFI alternative and platform specification would allow to start building completely open source hardware systems.



    Leave a comment:


  • 89c51
    replied
    Originally posted by stevenc View Post
    Fortunately there are enough pre-2009 Thinkpads and BIOS-based workstation PCs on eBay to last me a few more years. And by then, I hope there might be ARM, MIPS, POWER or open-source hardware that is actually fast, works with mainline kernels, and works with a free graphics driver...
    Tell RMS to make you an open-Risc based superfast/lowpower CPU.

    Leave a comment:


  • Luke
    replied
    For now the solution is to stockpile. If a police raid wiped out my stock of pre-2013 AMD hardware, I could have someone not known to the authorities order more over Ebay. Ordering it myself would be more dangerous than using the current hardware as the FBI would then have the option of intercepting hardware going to a known adversary for installation of malicious firmware or chips.

    A $3,000 POWER setup is worth more than all my assets. If I could not avoid the newer machines, I would have to split them up: video editing and storage on never-networked machines bought randomly with cash, networking done with other machines using read-only filesystems, destructable media to move files between them. Malicious firmware cannot exfiltrate your disk key over a network if there is no network, and exfil by flash drives to another networked machine is complex enough that mass produced firmware probably would leave it out.

    This is important because the NSA had decided to open their database to law enforcement, meaning ALL disfavored activity now has the NSA and not just Secret Service or the FBI as the adversary so far as securing encrypted media and messages is concerned.

    Thanks for what amounts to a warning never to use recent x86 boards for any machine that is both encrypted/has read-write storage of sensitive data and networked. An insecure x86 laptop with TAILS plus an airgapped video editor would be tough to defeat even with malicious firmware unless retail machines sold to off the shelf to all buyers had a keylogger writing to disk turned on all the time. That would almost guarantee detection by users of forensic file recovery software.

    For now I will keep my old BIOS boards and AMD can keep their replacement for Bulldozer and Phenom until someone cracks their firmware and releases the keys.

    Leave a comment:


  • stevenc
    replied
    Fortunately there are enough pre-2009 Thinkpads and BIOS-based workstation PCs on eBay to last me a few more years. And by then, I hope there might be ARM, MIPS, POWER or open-source hardware that is actually fast, works with mainline kernels, and works with a free graphics driver...

    Leave a comment:


  • nanonyme
    replied
    Originally posted by carewolf View Post
    We already have secure boot keys. Microsoft gave some to a few Linux distros, and they can be used to chainload anything else.

    Btw, I thought IME could be disabled in almost all BIOSes, and was infact not enabled by default.
    SB must be enabled on machines sold with Win8+ by default

    Leave a comment:


  • carewolf
    replied
    Originally posted by tuuker View Post
    1: infiltrate Intel labs and take blueprints for x86 and produce CPUs on country where patents do not apply 2: someone should steal this microsoft or any other company secure boot key generator or full source code for these blobs.

    Freedom must be gained back with any means, enough of this locking everything.
    We already have secure boot keys. Microsoft gave some to a few Linux distros, and they can be used to chainload anything else.

    Btw, I thought IME could be disabled in almost all BIOSes, and was infact not enabled by default.

    Leave a comment:


  • duby229
    replied
    Originally posted by Goddard View Post
    So we can reverse engineer these blobs?
    I don't think so, the code actually runs on an embedded processor before the OS runs. Even if a driver could be developed for the embedded processor you can't bypass the binary code that runs before the OS boots.
    Last edited by duby229; 04-05-2016, 10:57 AM.

    Leave a comment:


  • Goddard
    replied
    So we can reverse engineer these blobs?

    Leave a comment:


  • darkbasic
    replied
    How do you expect to sell a GPU for a not-yet-ready workstation if nobody produces it anymore?

    Leave a comment:


  • karolherbst
    replied
    Originally posted by darkbasic View Post
    While there x86 alternatives for a workstation (IBM's power), there are still no alternatives in the GPU market: every single modern GPU commercially available requires binary blobs.
    ahh, well every nvidia gpu except the second maxwell (and most likely newer) generation has no propritary binray code (except for video acceleration)

    Leave a comment:

Working...
X