:: Re: [DNG] Debian blocks latest Inte…
Forside
Slet denne besked
Besvar denne besked
Skribent: Taiidan@gmx.com
Dato:  
Til: dng, martin
Emne: Re: [DNG] Debian blocks latest Intel microcode update
On 08/22/2018 05:32 PM, Martin Steigerwald wrote:
> Don Wright - 22.08.18, 21:56:
>> El Reg has [1]published a disagreement between a Debian maintainer and
>> Intel over changes to license terms in the latest CPU microcode
>> updates. The added terms (see comments) appear to attach liability to
>> both Debian and mirror sites if the end user violates certain new
>> restrictions regarding benchmarking. Debian has chosen not to play.
>>
>> [1] https://www.theregister.co.uk/2018/08/21/intel_cpu_patch_licence/
>
> Rant opened:
>
> /me prays for the end of proprietary CPUs.
>
> This closed-down proprietary development model of CPUs just does not fly
> anymore. Its clear that Intel does not act in the best interest of their
> customers.
>
> Actually one of the reasons I am still with a ThinkPad T520, while I
> have been offered a new laptop at work several times, is that I just do
> not like to trigger buying a CPU that I know is crap from a security
> point of view. Plus even more / newer Intel Management Engine. Intel
> Boot Guard and other crap Intel came up with.


The T520 has ME although it is possible to nerf more if it than one
could with a newer intel cpu - ME from nehalem on is impossible to
disable although many companies will happily sell someone a "ME
disabled" laptop where the kernel still runs.

The best choice is the G505S on the pre-PSP AMD platform which is the
last and best owner controlled x86 laptop - it has coreboot with open
cpu/ram init (note: coreboot is not always open source firmware these days)

For workstations/servers you have the libreboot KCMA-D8 and KGPE-D16 for
x86 but they are old and slow which brings me to the TALOS 2 - a brand
new OpenPOWER9 owner controlled open source firmware workstation/server
which comes that way straight from the factory.

https://raptorcs.com

The price is very good for server hardware in its (high) performance
class and they plan to make a TALOS "brick" style mobile workstation
laptop if sales go well.

OpenPOWER is the last owner controlled performance CPU arch - absolutely
no hardware enforced code signing (not even microcode signing)
There is a lot of documentation which one can examine on the TALOS wiki.

>
> Stop the crap. Now.
>
> I hope RISC-V will continue to go a different route and that at some day
> there will be laptops with RISC-V. I´d order one even if the CPU would
> be no faster than the Sandybridge i5 in this ThinkPad T520.
>
> Speed over quality. – Stop it already.
>
> Rant closed.
>
> Ciao,
>