:: Re: [DNG] Purism Librem and disabli…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Alessandro Selli
日付:  
To: dng
題目: Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re:TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]
On Fri, 8 Sep 2017 at 23:55:08 -0400
"Taiidan@???" <Taiidan@???> wrote:

> On 09/08/2017 07:18 PM, Alessandro Selli wrote:
>
>> On Fri, 8 Sep 2017 at 00:22:40 -0400
>> "Taiidan@???" <Taiidan@???> wrote:
>>
>>> On 09/07/2017 02:18 PM, Rick Moen wrote:
>>>
>>>> Quoting Taiidan@??? (Taiidan@???):


[... space-saving ...]

>>> Mr. Selli has said:
>>> *That IBM's POWER CPU's have a hardware level backdoor and have had
>>> backdoors in the past whilst providing no real evidence to support that
>>> those claims,  
>>    I did provide with the evidence:
>> https://lists.dyne.org/lurker/message/20170907.084234.3d39055c.en.html  
> That .pdf you linked is for IBM's x86 products, which they stopped 
> making 7 years ago.

>
> Irregardless that is a BMC not a backdoor - a BMC is a standard server
> feature


  It's a standard server backdoor.  The BMC chip implements the IPMI
protocol:
https://www.ibm.com/support/knowledgecenter/linuxonibm/liaai.ipmi/liaaiipmi.htm
    IPMI is a standardised message-based hardware management
    interface. A hardware chip known as the Baseboard Management
    Controller (BMC), or Management Controller (MC), implements the
    core of IPMI.


The only good IPMI is the one that isn't there:
https://web.archive.org/web/20170709023319/http://fish2.com/ipmi/itrain-gz.html

    An embedded server called the BMC implements IPMI and lives on
    server motherboards; it typically run Linux and has its own
    little CPU, memory, and storage. The BMC also provides remote
    web access along with email capabilities, LDAP support,
    emulation of remote CDs and other media, and a host of other
    capabilities. The BMC is powerful, and operates and controls the
    server at a very low-level. Designed to operate when the bits
    hit the fan it runs even when the server is powered off. Anyone
    who has control of either the BMC or IPMI (they’re closely
    related) enjoys complete control of the server.


> and on POWER9 the code is entirely open source


Yes, of course, as it's based on Linux it has to be.

> and you can run
> whatever you please on the BMC chip as there isn't hardware code signing
> enforcement like with Intel ME/AMD PSP.


Can I remove it?
I'd like to know that, because while it's good that "there isn't
hardware code signing enforcement", that could just mean it's not
necessary as it sits in ROM that cannot be removed without tampering the
motherboard hardware.
So, can I remove the BCM? Can I have a TALOS system without a
parallel OS running in it's own CPU that has full control of what my OS
does?

>>    Why do you write easy to disprove falseness?  Don't you have a minimum
>> of self-respect?  
> Ah the pot calling the kettle black.
>>> he bolstered that argument by stating that IBM's work with
>>> the US military is suspect and thus concludes guilt by association.  
>>    No, I just pointed out that the fact that IBM does indeed put hardware
>> and software remote-control devices inside it's chips is an established
>> and documented truth.  
> Again a BMC isn't a backdoor


It is by it's very nature and definition:
https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface

    The Intelligent Platform Management Interface (IPMI) is a set of
    computer interface specifications for an autonomous computer
    subsystem that provides management and monitoring capabilities
    independently of the host system's CPU, firmware (BIOS or UEFI)
    and operating system. IPMI defines a set of interfaces used by
    system administrators for out-of-band management of computer
    systems and monitoring of their operation. For example, IPMI
    provides a way to manage a computer that may be powered off or
    otherwise unresponsive by using a network connection to the
    hardware rather than to an operating system or login shell.


[... room saving ...]

>>    Again, this is a faith-based assumption as only IBM knows what's
>> inside their proprietary hardware.  Anyone who's had experiences on
>> their AS400 and RS600 platforms knows how darned proprietary their
>> hardware is.  You're free to believe they changed and they now value the
>> commoner's freedom more than the interests of the governments they
>> serve, of course.  You are *not* free to write falsity and disparage
>> people who hold different opinions, though.  
> I would say buying TALOS where am IBM backdoor is simply fringe 
> speculation


It's a matter of fact: it has a BMC chip, which implements IPMI, which
has all the characteristics and properties and functions of a backdoor.

> is much better than a purism where it is an absolute fact.


Not Purism, rather Intel: what Purism develops, they document and
release as OS.

>>> *That TALOS is proprietary closed source hardware  -  which isn't true -
>>> as not being that is the entire point of it.
>>    I repeatedly asked you if there is anyone who has their chips'
>> blueprints, which is a prime condition to be able to call their hardware
>> anything other than proprietary.  You always turned a deaf ear to these
>> requests.  
> Uhh no I didn't, as I have stated (and as you would know had you read 
> the TALOS2 website) the POWER9 datasheets and HDL's are currently under 
> embargo and will be released to the general public when the hardware is 
> - the makers of TALOS 2 have them as they are a member of the OpenPOWER
> foundation.


<me_laughing>
Did you miss I did not ask if TALOS' makers have the specs, I asked if
they are available to the public? They will be available to the public,
fine. I am not going to spend thousand € *now* on a product that will
be documented *eventually*.

>>> After the release of POWER9 the board and BMC firmware sources will be
>>> provided,  
>>    Ok, so nothing available *now* from IBM is openhardware.  For a
>> strange reason this is acceptable from IBM/Talos, while it's a disgrace
>> when Purism does the same thing.  Go figure.  
> Again, the public will get the spec sheets and HDL's when the hardware 
> is released - why do you consider this equivalent to purism?


Purism release everything they do. TALOS promises they will,
eventually, but are cashing in now.

> they will
> never be able to get intel to release anything, their hardware has been
> out for many years and they still don't even have a blobbed coreboot.


  Wrong:
https://puri.sm/faq/
    Technical & Advanced
    Do Librem devices support coreboot?


    Yes, Librem 13v2 and Librem 15v3 come with coreboot pre-installed.


>>> and both the CPU/board and the BMC are owner controlled due to
>>> the absence of hardware enforced code signing.  
>>    ...that you know of, as the available hardware is proprietary and
>> closed-source.  
> No it isn't, which you would know if you read the TALOS2 website.


...where there are no blueprints available.

>>> Full documentation and HDL's will be available for all components  
>>    All right, good.  I'll believe what I will see.

>>
>>> besides the onboard broadcom nics which currently require a firmware
>>> blob  
>>    I wonder why you felt entitled at railing against Purism for having
>> considered equipping their laptops with Nvidia GPUs while it's perfectly
>> OK that TALOS uses a NIC from one of the most opensource unfriendly
>> vendors.  
> A network interface isn't a critical component like a graphics device 
> is, it doesn't control what you see so the device will still be FSF 
> certified.

>
> The blobs on the broadcom NIC's can and will be replaced with open
> source firmware as they have no hardware code signing - unlike nvidia's
> graphics devices.


Did you miss Purism laptops do *not* have Nvidia?

>>> as there are no open source non-intel gigabit NIC's  
>>    Is not having Intel hardware more important than having opensource
>> components inside a TALOS workstation?  
> Yes it is.


Good, just to know what their priorities are, that is *not* developing
the most opensource possible product.

>>> - but the FSF
>>> says that this minor detail doesn't prevent it from receiving RYF
>>> certification as they are behind the POWER-IOMMU and as such are not
>>> capable of doing anything malicious.  
>>    Good.

>>
>>> * That the reason he/purism hasn't made owner controlled hardware is
>>> because it is "too expensive"  
>>    I don't remember writing anything like this.  Quote, please?  
> https://lists.dyne.org/lurker/message/20170906.103659.075c1022.en.html
> "Me - I take it you work for purism....raptor has made a legitimately 
> owner controlled computer - whats stopping you?"
> "You - The steep price."


Could you please explain me how in the world could saying that a
TALOS' steep price is stopping me from buying it is the same thing as
stating that "the reason he/purism hasn't made owner controlled hardware
is because it is "too expensive""?

> This was also why I assumed you worked for purism.
>>
>>> Purism's "Librem" 15" laptop is $2,000  
>>    False, again:
>> https://puri.sm/shop/librem-15/
>> $1,599.00, now running a rebate to $1,449.00

>>
>>    Compare with this:
>> https://secure.raptorcs.com/content/TL2WK2/purchase.html
>> Talos™ II Secure Workstation    $4,750.00  
> That is the prebuilt cost, not the board/cpu cost.
> You could assemble one for $2.5K which is quite reasonable.


Purism sells assembled systems. I am comparing what TALOS sells
assembled, of course.

>> - in comparison one can have a
>> TALOS-2 DIY build for $2.6K
>>    Do you realize your "errors" are regularly one-sided, they always play
>> in favour of TALOS and to the detriment of Purism?  How do you expect to
>> be trusted as a neutral source of information, given that you also never
>> provide pointers to third-party documentation to back your claims?  
> What claims?


That TALOS systems are opensource (they aren't, they will be in the
future) and that they are little more expensive than Purism (they
aren't, TALOS' oranges are way more expensive than Purism's apples).

>>    You're really comparing apples to oranges: Purism sells finished
>> laptops, TALOS sells rack servers and workstations or components/DIY
>> kits.  Be back with your comparisons when TALOS will produce laptops.  
> TALOS isn't a company it is a product, and this isn't about laptops or 
> servers this is about freedom hardware of which both companies claim to 
> be in the market of - thus I compare them.


I am comparing products, like you did when you compared Purism
laptops' costs (greatly inflating their cost) to TALOS DIY workstation
kits (that are a completely different kind of hardware). As you cannot
say anything worth listening to defend comparing apples to oranges you
now state "this isn't about laptops or servers this is about freedom
hardware". Are you running for Congress? You should, you'd make a good
politician.

> I do however imagine that POWER laptops will be produced soon, perhaps
> during POWER10 era as it will have even lower power consumption that
> POWER9 - of which you can get a CPU that has a 90W TDP.


Good. We'll be able to compare them then. Not now.

>>> * That the HAP mode "disabled" ME and makes a purism laptop somehow
>>> equivalent to TALOS when it comes to privacy and security.  
>>    Again, please quote where I wrote such a thing.  I challenged the idea
>> that TALOS products are safe products as privacy and security are
>> concerned just because they are made out of IBM parts, and I challenged
>> the idea they are free from hardware and software that is designed to
>> remotely access the hardware and the OS.  
> Again an open source BMC chip with full documentation is not a backdoor 
> and not at all equivalent to ME/PSP


It is, because it consists of a CPU embedded in the motherboard
chipset that cannot be removed, that has it's own RAM, ROM and storage
that cannot be removed, runs it's own OS that can access everything the
main CPUs and OS see and do. You say it will be published as OS, that's
good. Now, how could it be removed? Can it's ROM be permanently
disabled? Can it be reflashed?
Could the BMC be done away with? This is what matters.

>>> ME_Cleaner even with HAP mode doesn't disable ME - a black box
>>> supervisor processor is still mandatory for the x86 boot process and is
>>> capable of a variety of dirty tricks so even if one can verify that it
>>> is actually off (difficult...by using an electron microscope perhaps?)  
>>    You just put a protocol analyzer on the chip pins as you operate it.  
> What chip pins? the ME core is entirely integrated in the CPU package.


In the PCH chipset. What makes ME dangerous is it's ability to both
pick up commands from the Ethernet or WiFi chip and to send out
encrypted packets. These operations can be detected putting a protocol
analyser between the PCH and the networking gear or, were they too
embedded in the PCH controller, analysing packets transiting through the
interface. Were at least the PHY controller outside the PCH a protocol
analyser could detect it's activity at times where none is expected.
It's hard work, granted, but it's way simpler, cheaper and faster that
removing a chip's casing and analysing it on a SEM after decapsulating
it chemically. And you do not destroy it in the process, too.

>>> there are various things that it could have done before powering off.
>>> ME cleaner is nerfing/cleaning, nothing more.  
>>    There are various things that IMM/RSA could do at boot time and at
>> poweroff, too.  Why I am to believe it does nothing or that it only does
>> benign operations?  Because IBM states so?  
> POWER doesn't have IMM/RSA (that is for IBM's very old x86 hardware), it 
> has POWER-BMC which is significantly different and open source.
>>    I am wary of TALOS not because I know their hardware is bugged, but
>> because I cannot understand how can it be that:

>>
>> 1) a never heard before manufacturer runs a crowdfunding effort to
>>     produce a 3,700$ POWER8 workstation;  
> You haven't heard of them but many others have


No one I know even today has heard of them. Two-three people are
aware there is somebody trying to produce POWER-based workstations, but
they do not know who's doing it. Which bring up the question: who are
them? Why is there not a "Who we are" link in their site? In contrast,
Purism has all the info:
https://puri.sm/about/team/
https://puri.sm/about/board/
https://puri.sm/about/advisory-board/

In particular, they have Stefano Zacchiroli (former Debian Project
Leader) in the team and used to have Jacob Appelbaum too:
https://web.archive.org/web/20160220095107/https://puri.sm/about/

Who's running RaptorCS, how do they get the funds?

> Raptor is a major coreboot contractor and has been in the free hardware
> community for many years - they have produced libre firmware for many
> motherboards and a variety of useful hardware for the embedded devices
> community..


Maybe, right now https://www.raptorcs.com/content/base/software.html
returns nothing.

>> 2) the crowdfunding fails miserably:
>> https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation
>> 14% funded
>> 3) shortly after they manage to fund:
>>     *) a $4,750 POWER9 Workstation;
>>     *) a $5,100 POWER9 Rack Mount Development Platform;
>>     *) a $3,950 POWER9 Desktop Development System.

>>
>>    If they had the money, why run a crowdfunding?  
> They didn't have corporate backers before, now they do.


Who are them? Is it a secret?
How do you know, if you don't work for them?

>>    Why invest so much money to deliver three very costly systems that
>> were turned down by the public so little time before?  
> It wasn't "turned down by the public", many people contributed to the 
> crowdfunding campaign despite it being poorly promoted and having no 
> business interest at the time.


14% funding is a dismal performance. 495 backers provided 516,040$ of
the 3,700,000 goal. How does that compare to, say, the OUYA
crowdfunding? 63,416 backers, $8,596,474 pledged of $950,000 goal. Be
honest, it was turned down, very very few people thought it worthwhile.

>>    I smell something fishy here.  
> Getting corporate backing isn't fishy, IBM wanted to support a POWER 
> workstation project via the OpenPOWER foundation.


So, IBM is TALOS corporate backer. Why isn't this stated on the website?

>>> * That we should contribute and trust a company that is attempting the
>>> sisyphean task of truly disabling ME.  
>>    Again, you're putting words in my mouth that I never spoke.  Do you
>> know what this shows of *you*, not me?  
> You advertise purism's products time and again and attest that they 
> respect your privacy and security which they don't, thus I assume that 
> you desire people to support them.


I reported what they state on their site as their goals and partial
accomplishments. I did not advertise, in fact I posted about Purism as
a reply to *your* enthusiastic piece extolling TALOS virtues and
marvellous features without even changing the subject line then.

>>> Google has many times attempted to get intel to provide a method to
>>> disable ME and remove it from the boot process for their in house
>>> computers and the coreboot laptops they sell, they have not been
>>> successful - thus if a billion dollar company can't pull it off a small
>>> upstart certainly can't.  
>>    I cannot find references, will you please let me read those you have?  
> https://libreboot.org/faq.html
> There have also been many discussions on the coreboot mailinglist about 
> this.


Google is mentioned just once: "Even Google, which sells millions of
chromebooks (coreboot preinstalled) have been unable to persuade them."
Could still be true, but I see no evidence of this having happened, just
anonymous allegations. Goggle does sell "millions of chromebooks", but
at first they were ARM based, so what did they need from Intel? In 2016
they begun sell high-level units equipped with Intel chips, still I
cannot find any evidence behind the claims that Google could not get
Intel release ME specs, and I cannot see what they needed them for.


--
Alessandro Selli <alessandroselli@???>
Tel. 3701355486
VOIP SIP: dhatarattha@???
Chiave PGP/GPG key: B7FD89FD