:: Re: [DNG] TALOS 2 - The Libre Owner…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Alessandro Selli
日付:  
To: dng
題目: Re: [DNG] TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server
On 03/09/2017 at 13:32, zap wrote:
>
>
> On 09/03/2017 05:26 AM, Alessandro Selli wrote:
>> On 01/09/2017 at 20:36, zap wrote:
>>>> I doubt it will be owner controlled, as their laptops aren't - they
>>>> still haven't even gotten a blobbed version of coreboot working
>>>> (blobbed init code + ME enabled as they insisted on a crappy intel soc)
>>>> Purism isn't a trustworthy company.
>>> Gee, I thought purism was a trustworthy company, I mean they claim you
>>> can get the latest and the greatest without intel me
>> This is *not* what they claim:
>>
>> https://puri.sm/learn/intel-me/
>>
>> "Freeing the ME is a challenge, but not impossible"
>>
>> "By working with Intel, motherboard design developers, as well as our
>> coreboot developers, Purism has put in motion a solid approach on how to
>> run a freed Intel ME *in the future*."
> Sorry, but have you talked to libreboot or coreboot about this?


What should I tell them? "Why did you let Librem's *evil* patches into
your code?" (https://review.coreboot.org/#/q/owner:"Alaoui" )

> and also,
> not even google with all their money can convince intel to give their
> secrets to them.


What secrets? Intel designes CPUs to Goggle's specifications, what
secrets are you talking about?

> That for me is a solid reason why I said this.


This is the present state of the matter:
https://puri.sm/learn/avoiding-intel-amt/

"So, there is no hardware level remote access to Purism hardware?"

"No, none that we are aware of, nor have put-in. As it relates specifically
to Intel AMT, we neutralize the threat by avoiding Intel CPUs that have the
hardware chip allowing it, we do not use Intel networking cards, we use a
version of the Intel ME that Intel claims does not have these capabilities
(yes, we know that “Intel claims…” means we don’t have visibility into the
source code, and yes, we know that is a concern, and yes, we are working on
solving this) and we neutralize/lobotomize the Intel ME binary, including
the “network” and “kernel” parts of the Management Engine."

[...]

"We are also planning to reverse-engineer the remaining parts. We have
reverse-engineered the ROMP module and will continue the work for other
modules throughout 2017."

What Librem did to Intel's hardware (fuses: https://puri.sm/learn/intel-me/
) and software (firmware) is documented. Better than this you can only have
smartphones from an open-hardware vendor that produced everything in-house,
from the CPU to the screen. Is there such a vendor?

[...]

>> "We are working to completely remove (or reverse engineer, as we have begun
>> to do) the Intel ME, on all our models, and will update on our blog (and
>> this page) as we make progress on that front."
>
> I don't think they will succeed even if they did care...


They are doing it. They already went much farther than anyone else who
tried, AFAIK.

>>> in it and also they
>>> claim that they can sprinkle magic fairy dust on all the hardware so
>>> that you can use it all without any blobs or firmware that is
>>> proprietary...
>> Again, this is *not* what they claim:
>>
>> https://puri.sm/learn/blobs/ and
>> https://puri.sm/about/competitors/
>>
>> They do *not* state that their products are free of any binary blob,
>> they state that *their* software does not have any, from Coreboot on, and
>> that the motherboard's BIOS is *partially* free of binary blobs.
> Saying, that purism is being serious and not misleading people, I doubt
> they can achieve what your talking about, *Intel will not help them!


I know, they know and they're not hiding it at all.
Do you know what "reverse engineering" mean?

> *If *Google cannot get convince intel to give their source code to them,


Did they try? AFAIK, Intel produces chips to Goggle's specifications,
what software does Google need from Intel?

> then purism has no chance in hell...* to get the source code
> **


They do not actually need source code, they'd be content with knowing how
to get rid of what they put in.

>>> Doesn't that sound just plain trustworthy? Can you
>>> honestly say that they cannot be trusted?
>> They are honest in what they say. Could you prove they lied of
>> misguided people in their statements please let everyone know.
> I am sorry to say that I disagree completely, especially due to them
> originally trying to pass nvidia as a means to achieve libre status until
> there was an uproar and they changed to intel.


So, they heeded the community's voice, they excluded a major vendor due to
security concerns, and you claim they are *not* sincere in developing a
system tat is as free as possible from proprietary software? Other than
allegations and personal opinions, do you have anything solid to counter
their claims?

> Unless they are just plain stupid.
>
> Listen to coreboot and libreboot's reasoning why this will never work.
>
> https://libreboot.org/faq.html
>
> look at the parts about purism and intel.


Nothing new there. They just say that the only way to be sure is
"avoiding all modern [>=2008] Intel hardware." Plus: "libreboot project
recommends avoiding all modern [>=2013] AMD hardware."

This leaves out just ARM, SPARC and Power CPUs. Mind if I ask you: what
are your PCs and laptops running on?

> Also if you do, you will see
> that what I said though very sarcastically, was true.


They said nothing about Purism's use of Field Programmable Fuses to lock
ME regions and their removal of 93% of the ME code (as stated in
https://puri.sm/learn/intel-me/ ).

Do you believe that all ARM, SPARC and Power suppliers do not put anything
in their CPUs that users and developers do not know about? Again, the only
way to be sure is buying hardware from a vendor that produces it's own
hardware, CPUs included, openly releasing their full specifications,
blue-prints and software. Do you know any?


Greetings,


Alessandro