Announcement

Collapse
No announcement yet.

Librem 15 Rev2 To Ship With Coreboot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Librem 15 Rev2 To Ship With Coreboot

    Phoronix: Librem 15 Rev2 To Ship With Coreboot

    Following the guest post this past weekend about Purism's Librem laptop remaining "blobbed up", the crowd-funded company has put out new information...

    http://www.phoronix.com/scan.php?pag...Rev-2-Coreboot

  • #2
    Coreboot+Intel FSP
    So, Intel's AMT blob-only backdoor still going to be included, right? Am I correct their purism turns out to be not-so-pure, thanks to Intel?

    Comment


    • #3
      Intel FSP means Firmware Support Package.
      It does initialization of the CPU, memory controller, chipset, and certain bus interfaces.
      It is a binary blob consisting of multiple blobs. It supports XHCI (USB) and AHCI (SATA).

      http://www.intel.com/fsp
      http://www.intel.com/content/dam/www...kage-brief.pdf
      http://www.intel.com/content/www/us/...ture-spec.html
      http://www.intel.com/content/dam/www...l-training.pdf

      Comment


      • #4
        Its still much more "pure" than most other things on market. Though we obviously would wish 100% purity. Is that even possible with popular hardware nowdays? For instance can AMD cpu be blob-free? How about AMD GPUs?

        Comment


        • #5
          Originally posted by bitman View Post
          Its still much more "pure" than most other things on market. Though we obviously would wish 100% purity. Is that even possible with popular hardware nowdays? For instance can AMD cpu be blob-free? How about AMD GPUs?
          Well, speaking for myself, I have GPU separated by IOMMU from rest of system - most modern systems use IOMMU to confine PCI(-E) devices in their memory range and isolate failures (its very useful for virtualization and allows passthrough of PCI-E devices to VMs). GPU is not connected to network via chipset internal links either. Unlike Intel's ARC4 CPU in chipset. GPU is not meant to do remote system management as well - it lacks web server and other fancy crap. So it much less harm if it has got some blobs on its own service processors.

          But I'm really not in mood to see blobs during boot sequence around main CPU, capable of wrecking whole system. This sounds like a good way to pwn system. ME CPU can access all system parts (it even can let one to reinstall OS, after all! Remotely!). It can use net at own discretion. There is no way to firewall it. So it can pwn whole system at will and since it can access net, it can do all pwnage under remote command. Due to closed source nature of firmware one can't validate what this blob would actually do in easy ways. And thanks to digital signatures, one can't remove this crap from system either, replacing it with some harmless opensource implementation.

          So whatever everyone mumbles, it does not looks secure at all. It looks like backdoor instead. And it surely sounds like a plan to provide "open" bios, putting all backdoor crap to nearby remote management CPU which can still pwn whole system, regardless of the fact you're running open BIOS implementation. Welcome to Treacherous Computing World.
          Last edited by SystemCrasher; 07-30-2015, 12:37 PM.

          Comment


          • #6
            This doesn't change anything as it's still only going to be a payload. It's no less dependant on proprietary software in other words than before. He's a confidence trickster. He'd need to use LibreBoot, but that isn't possible because Intel is NOT RELEASING THE CODE. No modern X86 laptop is going to be 100% free software friendly. Now the guy is making more bogus claims about hard drive firmware, etc. The stuff he can do has already been done by others. There is some rudimentary work to free an SSD. He's not done ANY of this work and it's not advisable to to use the firmware. Do you want a system that works? Because if you do and he actually uses this free code your system will not work right. Can I say fraudster again? This guy is a con-artist and your letting him take you for a ride and everybody else too.

            There are people who have done *real* work to free devices: http://shop.gluglug.org.uk/

            Or https://www.thinkpenguin.com/ for routers, wifi chips, etc that are legitimately free and RYF certified. The modern laptops from ThinkPenguin are not free in the sense that Todd is claiming, but they are no less free than what Todd has put out either. The difference is ThinkPenguin isn't a fraud and isn't going to claim to have a free BIOS or be "attempting to free" it when it's not possible.
            Last edited by jerry-jed; 07-30-2015, 07:42 PM.

            Comment


            • #7
              The FSF already has a page:
              Respects Your Freedom hardware product certification
              https://www.fsf.org/resources/hw/end...s-your-freedom

              Comment

              Working...
              X