著者: Enrico Weigelt, metux IT consult 日付: To: mdn, dng 題目: Re: [DNG] Purism Librem and disabling Intel ME: it can be done [
Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 06.09.2017 03:14, mdn wrote:
>> If I understood it correctly, they managed to boot an modified firmware
>> on that ME core, so it theoretically should be possible to run an
>> entirely own firmware on it. Maybe barebox or plan9.
> They did manage to boot a modified firmware but there's still components
> that aren't yet removed.
> --it also removes all the modules from the images except RBE, KERNEL,
> SYSLIB, and BUP--
> So the modules RBE, KERNEL, SYSLIB and BUP are still their and if you
> read correctly
> --It should be noted that ROM, RBE, and KERNEL are executed at the zero
> privilege level (in ring-0) of the MIA kernel.--
The interesting question here is whether these parts could be replaced.
If I understood it correctly, they didn't remove these parts yet, as
they're still needed to bring up the main cpu. I'd guess it's only a
matter of time until they found out how to do it on their own.
> But has I see things it would be faster to go on POWER and besides
> faster we are 100% sure that there isn't anything in the background that
> we don't know about.
Assuming there'll be suitable and affordable boards in near future.
>> What about ARM ?
> They began to implement similar ME/PSP functions I unfortunately don't
> remember the name of it so if someone knows please post it.
I'm only aware of the TrustZone stuff. But that's not enabled by default
(more precisely: on poweron, the cpu is in "secure" mode, until
explicitly switched down to "normal mode"). For a complete lock-down,
you'd need a soc w/ internal boot flash (most of the socs boot from
external media) and burn the fuses. The CPUs you can buy are usually
open (and only closed-down by board vendors, if done at all) - anything
else wouldn't work well in embedded world. Completely custom boards
are the usual standard here.
> There's also the GPU problem, there is zero effort from allwinner to
> free their MALI GPU and worse they persecute those who try to reverse
> engineer it (see the LIMA driver developer) that's why no 100% free
> driver is available.
Just dont buy that crap. There're other options, eg. vivante is already
opened. (nobody who still has a piece of sanity ever uses proprietary
drivers)