:: Re: [DNG] Purism Librem and disabli…
Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Taiidan@gmx.com
Ημερομηνία:  
Προς: Edward Bartolo, dng
Αντικείμενο: Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On 09/07/2017 11:12 AM, Edward Bartolo wrote:

> Quote: "Please take this discussion somewhere else, it has NOTHING to do with
> Devuan"
>
> This discussion has taught me that Intel CPUs from 2008 onwards also
> come with GRATIS but QUESTIONABLE functionalities, that many including
> myself, frown upon.
>
> If there are non-risky hacks that readers can use to 'harden' their
> computer against this unwelcome feature, please go ahead and provide
> it, even here. This has to do with Devuan as it has to do with
> security.

Purchase these reasonably priced owner controlled non ME/PSP devices if
you can't afford brand new server/workstation hardware like TALOS2:

* KCMA-D8 dual socket libre firmware workstation motherboard - $250 -
you could make a build for under $500 with this considering how cheap
the C32 cpu's are these days - in a few months the OpenBMC port will
also be out of beta for the KCMA-D8 and KGPE-D16 boards. The D8/D16 have
an IOMMU, a TPM accessory and supports IOMMU-GFX so you can attach a
graphics card to a VM in case you want to play windows video games
without dual booting. One 4386 CPU is equal to an FX-8310 so one can
play the latest games and have decently fast compiles.

* Lenovo G505S laptop - owner controlled mostly open source coreboot
(needs blobs for video and power/fan control) - has an IOMMU.

Unfortunately it is impossible to truly disable ME/PSP without
significant effort, the HAP stuff everyone is talking about is simply
nerfing it - a proud technical achievement yes but there is no proof
that it is off and it and its black box code is still integral to the
boot process and thus able to perform a variety of dirty tricks that
will work even after it supposedly turns its-self off and at the end of
the day buying new intel products is financially supporting the next
generation of DRM development.