[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Home]
Board
Settings Home
/g/ - Technology



Thread archived.
You cannot reply anymore.



File: PogoLoonix.png (80 KB, 909x288)
80 KB
80 KB PNG
PogoLinux got back to me edition
Last thread >>63717402
(1/3)

This general is dedicated to the creation of a list of hardware that is relatively botnet-free.
The Intel ME and other components are a serious threat to user privacy.

>"But what's the Intel ME, anon?"
I'm glad you asked! The Intel ME, or Management Engine, is a secondary co-processor in every single Intel chip in the last decade.
It runs a MINIX-based operating system and has full networking capabilities, drivers, and a goddamn web server in it.
https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html
This page offers additional information, and explains that it can read your files and applications, act as a keylogger, capture the screen, inject rootkits, etc.
https://libreboot.org/faq.html#intelme
Very nasty stuff.

>"HAHA INTEL BTFO! SCREW YOU GOYS I GOT RYZEN!!"
AMD has its own botnet, called the PSP, or Platform Securiy Processor.
Here's what it is:
https://libreboot.org/faq.html#amd-platform-security-processor-psp
Here's Libreboot asking for it to be opened up in Ryzen:
https://libreboot.org/amd-libre.html
Here's Plebbit asking for it:
https://www.reddit.com/r/linux/comments/5xvn4i/update_corebootlibreboot_on_amd_has_ceo_level/
Here's Edward motherfucking Snowden asking for it:
https://mobile.twitter.com/Snowden/status/837367956229206016
And here's AMD telling everyone to go fuck themselves:
https://yro.slashdot.org/story/17/07/19/1459244/amd-has-no-plans-to-release-psp-code

>"b-but how can I avoid this? Im scared, anon!"
That's the point of this thread. To highlight options that are out there that are relatively free of botnets.
This will include the typical Librebooted memepads and whatnot, but a big part of this is also exploring alternative architectures.
>>
(2/3)
For inclusion into this list, if the processor is made by Intel Corporation or Advanced Micro Devices, the device must be 100% free as in Libreboot.
Otherwise, a less-extreme stance is taken, and something like Coreboot or U-boot will suffice.

Findings so far
x86:
For desktops, there's lots of C2Ds and atoms listed, but also some very nice opterons and apparently an iMac
https://libreboot.org/docs/hardware/#desktops-amd-intel-x86
https://libreboot.org/docs/hardware/#serversworkstations-amd-x86
For Laptops, you have the CD and C2D memepads
https://libreboot.org/docs/hardware/#laptops-intel-x86
Purism doesn't do libreboot, but their roadmap includes this as a future goal.
https://puri.sm/learn/freedom-roadmap/
The last AMD chip that came without the PSP is Piledriver.
VIA also makes x86 processors. Proprietary BIOS, but maybe Coreboot potential?

ARM:
Obviously there's a shit ton of SBCs
One of these is EOMA68, which features 3D-printable housings, and potential RYF cert.
https://www.crowdsupply.com/eoma68/micro-desktop
iMX6 Rex is an education-based SBC that combines elements of a Pi and an Arduino. It uses U-Boot.
http://www.imx6rex.com/open-rex/
For a laptop option with an open firmware, try ARM Chromebooks.
I'm dead serious. Open it up, remove the write protection, reflash coreboot with different payload (Not seaBIOS or Depthcharge), install loonix of choice.
https://www.coreboot.org/Chromebooks
https://docs.google.com/presentation/d/1eGPMu03vCxIO0a3oNX8Hmij_Qwwz6R6ViFC_1HlHOYQ/edit#slide=id.p
Inforce has an SBC with high-specs and an open GPU
https://www.inforcecomputing.com/products/single-board-computers-sbc/qualcomm-snapdragon-820-inforce-6640-sbc
Cavium makes some god-tier processors. Be on the lookout for that.
https://www.cavium.com/Table.html
>>
(3/3)
In general, your biggest concern with ARM is the GPU drivers.
Mali is fucked. PowerVR too. Vivante GC and Qualcomm Ardreno are fine. Broadcom VideoCore is partial.
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver#ARM
MALI MIGHT BE GETTING OPENED UP PRAISE LINUX TORVALDS TECH TIPS
https://lwn.net/Articles/738225/
Some anons have reported that lighter environments like XFCE are usable on stuff like Mali without the driver, but it's not ideal.
One anon said he couldn't remove the ChromeOS on his libreboot C201. This github issue talks about a solution.
https://github.com/altreact/archbk/issues/3

OpenPOWER:
Raptor Engineering sells POWER9 workstations, that may soon be getting RYF certification.
They're expensive as fuck, but probably the most powerful non-botnet computers that exist. Comparable to Xeons/Epyc.
https://www.raptorcs.com/TALOSII/

PowerPC:
The company that still makes this is NXP
https://www.nxp.com/products/microcontrollers-and-processors/power-architecture-processors
Here is a project for a Libre PowerPC laptop using NXP, shooting for RYF certification.
https://www.powerpc-notebook.org/faq/
EmbeddedPlanet has several PowerPC SBCs, most using NXP.
https://www.embeddedplanet.com/product/single-board-computers/

MIPS:
The /csg/ of desktops. Lemote is a chink company that sells libre MIPS boards, using PMON firmware.
http://www.lemote.com/html/product/
A German anon on this board says he is going to work with Lemote to resell their stuff.
EmbeddedPlanet also has MIPS boards with processors from Cavium with U-boot firmware.
https://www.embeddedplanet.com/single-board-computers/processor/cavium-oceteon-ii/
GnuBee has two low power NAS devices. They're cheap, they use MIPS, and they're going for RYF!
https://www.crowdsupply.com/gnubee/personal-cloud-1
https://www.crowdsupply.com/gnubee/personal-cloud-2

RISC-V:
Only SBCs here. SiFive has some.
https://www.sifive.com/products/freedom/
There's also LowRISC
http://www.lowrisc.org/
>>
>>63731178
How can we verify this "removal" works if we don't even know how Intel ME works in the first place?

If I understand correctly it's possible to significantly reduce the payload of ME but not removing it all together. How do we know this is enough? Why wouldn't the rudimentary code still be dangerous to us? Can all functionality be restored remotely?
>>
>>63731232
Yeah I personally do not trust the ""Fix"".

In beginning of the second post, I mention that my rule is basically "Libreboot or it's not happening" for Intel and AMD processors, but "At least Coreboot or equivalent" for the rest.
>>
>>63731265
Isn't the status of Intel ME with libreboot still unknown?
>>
>>63731377
as far as I know the status of ME with Libreboot is "Gone".
>>
>>63731430
That sounds great but won't the CPU brick itself after 5 mins, then?
>>
>>63731450
No. People with Libreboot Memepads don't have this problem. Ask Stallman, or Luke Smith, or that anon with the Momiji wallpaper, or anyone who has one of those things.
>>
>>63731503
Thanks for the info.
>>
>>63731450
Only newer ones do that, ie. Sandy Bridge and newer, but Libreboot doesn't run on any of them
>>
>>63731178
>It runs a MINIX-based operating system and has full networking capabilities, drivers, and a goddamn web server in it.
Do they have some sort of datasheet on it? Maybe it is possible to paint pins on CPU and disable this shit?
>>
Will me_cleaner work on an i5-3330?
>>
>>63731572
If such a thing existed, I certainly haven't heard about it. If we're going by the conspiracy theory angle that Intel did this for the NSA/CIAniggers, then I seriously doubt there is any sort of public datasheet from Intel themselves on how this shit works on a low level.
>>
>>63731628
I am not sure, if NSA/CIAniggers can store that much information... But the fucking backdoor, that is not cool
>>
>>63731178
Don't SPARC systems have Open Firmware, and and open and royalty free ISA?
>>
>>63731698
It fact they have Intel ME documentation for manufacturers, at least ME system tools with which you can flash CPU or chipset I guess.

It means, that it is possible to disable it with this kit...
>>
>>63731752
Got any implementations of that?
>>
Show me your botnet-free machines, /hrt/!
>>
>>63731935
Do you think that PPC doesn't have backdoors?

By the way, Some sort of Intel 486 is backdoor free system...
>>
File: X200.png (38 KB, 587x364)
38 KB
38 KB PNG
>>63731935
>>
>>63731961
I'm pretty sure they don't have a hidden OS running under the hood. Plus they use OpenFirmware, and PowerPC is an open architecture now.
>>
>>63732037
Hmmm. Maybe I should buy old G4 macbook?
>>
File: TalosIIOrder2.png (198 KB, 960x840)
198 KB
198 KB PNG
>>63731935
Soon...
>>
>>63732055
Get a PowerBook instead if you can. I have this iBook because it's a maxed out top of the line model and I got it for a really good price. But I'd take one of the last 12" PowerBooks over it any day of the week.
>>
>>63732037
>>63732055
I used to have this in the list, but then some anons informed me the that "Open" firmware used on macs wasn't really OPEN. It was a proprietary implementation of an IEEE standard.
However, If you can prove that the OpenFirmware is actually open, then I'll add them back.
>>
>>63732072
Let's make PowerPC laptops!
And run Mac OS 10.5 there...
>>
What with all the recent IME developments, does that mean I can finally and permanently disable the IME on my x201 thinkpad?
>>
>>63732106
The IEEE standard is just called "IEEE 1275-1994", and Open Firmware is one of its multiple implementations. It also happens to be under a BSD license. Same with OpenBoot (Sun)
https://www.openfirmware.info/Open_Firmware
https://www.openfirmware.info/OpenBOOT
>>
>>63731178
What's the best way to block everything but desired communication? A separate uncompromised appliance?
>>
>>63732234
Has the source for Sun's builds appeared though? If it's BSD it could be made proprietary on the actual implementations. The only genuinely FOSS firmware I've found on that site only appears to work under QEMU or the OLPC.
>>
>>63732255
What do you mean exactly?
>>
>>63732255
Firewall, that block all ports, but 80...
>>
>>63732267
>Has the source for Sun's builds appeared though?
Here you go:
https://code.coreboot.org/p/openboot/source/tree/1/
>>
>>63732225
You can remove everything except the initialization code that's still needed to prevent the CPU from shutting itself down after 30 minutes.
>>
>>63732347
>You can remove everything except the initialization code that's still needed to prevent the CPU from shutting itself down after 30 minutes.
Hm, we have binary files, why we can't disassemble them and make use of it?

And what about AMD systems?
>>
>>63732331
Is this exactly what's used on the old ibooks/powerbooks?
>>
>>63732364
for AMD, I don't think there's any removal tools/stuff like that, but their botnet got added later, so you can get some slightly newer stuff like that really sweet looking D16 server Mobo
>>
>>63732331
So I can just build this and flash it to an Ultra or Blade series machine without modifications? Doesn't it need tailoring to each device, like any other firmware?
>>
>>63732366
No, that's Sun's implementation. Apple used firmworks' (Source: http://www.firmworks.com/open_firmware/literature/ofpci.pdf ), the source code for which is located here:
https://code.coreboot.org/p/openfirmware/
>>63732388
Technically you could, since it's agnostic about pretty much everything and pulls the basic device drivers from FCode stored in the devices' ROMs.
>>
>>63732379
Still worth checking, maybe you can disable it if you can.

And I know, how to make sure this shit is disabled: turn on PSU, measure total current going to mobo without CPU, insert CPU and see if it draws more current without being turned on.
>>
>>63732424
>you can disable it if you can.
I mean it is easier to disable... Typo.
>>
>>63732413
Added the iBooks, Powerbooks, and PowerMacs back to the list.
I've also added a link to the OpenFirmware source in there.

Thanks!
>>
>>63732413
Hmm, I'll have to dig out my Ultra 10 and give this a try.
>>
>>63732347
Nice, thanks.
>>
https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option

Nobody's sure of the extent of the new bios setting yet, but this could be very promising.
>>
Bump. Would like some more info on this Sparc stuff. Might be something to add to the list.
>>
Going to add a list of supported *nix distros to the list, near the header for each architecture.
>>
>>63732718
>>63731178
https://twitter.com/tekwendell/status/938854263563964417
Our lord Wendell has spoken
It is pretty much what system 76 does with their laptops PSP is used when booting but after boot it stops.
>>
File: 467hj465yh3.jpg (216 KB, 800x598)
216 KB
216 KB JPG
I do not approve this bread.
>>
>>63734236
Anyone?
>>
final bump + loli
>>
>>63737660
I don't really have much to add, apart from more detail on the retrocomputing projects from the last thread.
>>
An update from Raptor to those who have pre-ordered Talos II systems for the original Q4 2017 window:
(I asked when they were planning on shipping by, as I have a holiday coming up.)

>While we are still on track for the Talos PCBs and related components
>for a late December shipment, IBM has retargeted the final version of
>the POWER9 processor for very early January. Given this, if you need the
>system in Q4 we can ship it to you with an earlier CPU revision, then
>send out the production CPU as soon as it becomes available (advance
>exchange RMA, no cost to you). If you go this route, you would need to
>swap out the CPU(s) in your system (unmount HSF, replace CPU, remount
>HSF). Otherwise we can wait for the production CPU and ship your system
>with the production CPU later in January when you will be available to
>receive it.
>
>Which would you like to do? You have some time to decide, so no rush.
>
>We will be notifying our Q4 customers of this and offering this choice
>individually to each of them. The extra silicon revision on IBM's side
>was just enough to force production CPU availability out of Q4 and into Q1.
>>
>>63739074
OP here. I heard about this from some anon on 8 chan. He seemed really pissed about it.

Does anyone have good knowledge of Sparc?
From this anon's post >>63731752 it sounds like something worth adding to the list.
>>
>>63739133
>OP here. I heard about this from some anon on 8 chan. He seemed really pissed about it.

Link to thread?
>>
File: REEEEE.png (53 KB, 1275x154)
53 KB
53 KB PNG
>>63739336
https://8
ch. net
/tech/res/831651
.html

Fuck the spam filter
>>
>>63739133
I use an Ultra Enterprise 250 as my homeserver ( >>63731935 )
And yes, they do use an open ISA and OpenBoot. The experience is pretty much the same as with a ppc Mac, but the distro support gets weaker every day.
I know OpenBoot is released under a BSD license (source code linked in >>63732331 ), but technically that license means they could've done whatever with the code before chucking it into the machines. If you're so paranoid, I guess you could find a PROM image from a Solaris install disk and dissasemble it. It's just FCode, so shouldn't be hard at all.
>>
>>63739074
>>63739364
Really fucking hope TALOS II succeeds. Can't believe what IBM is doing if what is described is true.
>>
>>63739446
Well it looks like there's plenty of options here.
https://en.wikipedia.org/wiki/SPARC#Implementations
>>
File: tfwnobotnet.png (146 KB, 700x400)
146 KB
146 KB PNG
>>63739489
Me too. (even if just for selfish reasons because I don't want to port everything to POWER9 myself for the next 20 years)

I'll be sure to make a build, review, and benchmarking thread once mine arrives.
>>
>>63731178
No mention of FPGA based solutions?

If you don't mind the performance hit, you can already run most relevant architectures in a way that's free down to the gate level.

https://en.wikipedia.org/wiki/OpenCores
https://opencores.org/
>>
File: feminization.png (227 KB, 1024x1947)
227 KB
227 KB PNG
>>
I'd like to take a minute to bring up one of /g/'s favorite memes, Gentoo, and how it relates to this.
Gentoo lists ppc as an option for install, but it mostly seems to refer to the old apple stuff, not the POWER stuff like TALOS.
Now granted, supporting that type of ppc isn't bad, as we do have the NXP stuff in the list right now, but since Gentoo is source-based, shouldn't it be possible to install it on the POWER architecture?

I'm not a gentoo expert, so maybe someone could clarify.

Also, Gentoo does support Sparc officially, which is neat.
>>
>>63739645
Good thing I'm posting from Tor then

(USER WAS BANNED FOR THIS POST)
>>
>>63739645
wat
>>
>>63739660
I think Raptor themselves are going to make Gentoo happen. They were talking about it for the Talos 1, so I would guess that any work they had done would be applicable to the Talos 2.
>>
>>63739660
Gentoofags are too NEET to afford POWER9 until it's comparatively as powerful as the aforementioned "old apple stuff".
>>
>>63739717
>until it's comparatively as powerful as the aforementioned "old apple stuff"
what did he mean by this?
>>
>>63739710
They were? I only remember Debian being mentioned.

IIRC Debian, SUSE, RHEL (and hopefully m'linux) are supported at present.
>>
>>63739728
They can't afford a Talos until it's obsolete. They support PPC macs because you can buy them with NEETbucks.
>>
>>63739446
>>63739587
So I mean I guess this is legit?
>open ISA,
>OpenBoot,
>source code link,
>performance and age varying from ancient 80s shit to 5.0 fucking GHz servers from this year, and everything in between.
>Loonix, *BSD, and Illumos
I mean it's not like you can get a desktop or laptop with this, but for server-type stuff, wew
>>
>>63739871
>I mean it's not like you can get a desktop or laptop with this, but for server-type stuff, wew
http://www.computinghistory.org.uk/det/32324/Tadpole-SPARCbook-3/
>>
>>63739965
Well I meant something you could reasonably run modern *nix on, but ok
>>
>>63739735
For fuck's sake, I don't want to get rid of the ME botnet only to have to install the systemd botnet
>>
>>63731178
AMD is now offering a UEFI killswitch toggle for the PSP on Ryzen boards.

r/linuxmasterrace/comments/7i6kl7/amd_listened_to_us_and_added_a_psp_disable_option/
>>
>>63740046
The PSP isn't AMD's equivalent of ME any longer, my understanding is that the botnet would still be there
>>
File: doubt.png (79 KB, 622x465)
79 KB
79 KB PNG
>>63740046
>>63740058
Pic related from 8 chon
>>
>>63740064
Exactly. Fool me once etc.
>>
>>63740064
you're convincing me that half-/g/ is more than a bit shit
>>
>>63740084
Main issue with /tech/ is that it's slow as fuck. If I were doing this list mainly on there, It wouldn't be nearly as complete as it is now.

That said, they allowed the posting of libbie lewds, so there's that.
>>
>>63740129
>libbie
The cockatoo was the best proposed mascot by far.
>>
File: SparcWeed.png (658 KB, 1351x507)
658 KB
658 KB PNG
Fun fact. If you search Sparc on DuckDuckGo, you get a site where you can buy weed.
>>
BHEU slides uploaded

https://firmwaresecurity.com/2017/12/06/bheu-slides-on-intel-me-vuln-uploaded/

IntelME is still a threat, even when "disabled" with HAP flag
>>
>>63740042
And how is systemd a botnet?
>>
>>63740274
It's not, but /g/ thinks it is.
>>
Added SPARC.

>>63740252
And this too.
>>
>Samsung Chromebook Plus
>Running GPL coreboot out of box
>Put in developer mode
>Arch Linux
>No more botnet
>under $500

If Talos II isn't $8000 I will consider one
>>
>>63740354
You can also reflash to get rid of the ChromeOS+Depthcharge botnet.

Also, you'll be happy to know that you will soon be able to have a working, comfy GPU.
https://lwn.net/Articles/738225/
...as soon as that one management guy stops being a faggot.
>>
>>63740354
and TALOS II price varies, but the cheapest mobo+cpu bundle is $2400, and it goes up depending on how much stuff you want them to throw in (case, ECC memory, GPU, second CPU, etc).
>>
I'm also still want to see price on that 32 core 64-bit ARMv8 X-Gene 3

https://www.cnx-software.com/2017/03/11/macom-x-gene-3-server-on-chip-is-equipped-with-32-64-bit-arm-cores-clocked-at-3-0-ghz/
>>
>>63740354
$2,400 for Single CPU, $2,850 for Dual. (motherboard only)

My dual CPU build came to under $4K with 32GB RAM, 480GB SSD, 1.2KW PSU, and a Vega 56. Don't bother buying a prebuilt.
>>
>>63740483
wew

We kinda have something similar in the list with the Cavium ThunderX, which has 48 cores, but that one has a higher clockspeed.
Either way, I can't wait to see some good implementations of these.
>>
>>63740483

>1TB RAM
>>
>>63740398
Pity LWN didn't give us his name, title, and home address.
>>
>>63740530
That's nothing.
One of those PogoLinux rackmounts goes up to 8TB, and the modern SPARC stuff can have 16TB.

Servers can have a shitload of RAM.
>>
>>63740530
It's less than 11GB per core.
>>
>>63740483

Oh no

https://www.apm.com/news/macom-announces-sampling-of-x-gene-3-server-on-a-chip-solution/

The reference platform ships with the AMI AptioV UEFI BIOS

Fuuuuuuuu
>>
File: pogentoo.png (75 KB, 504x229)
75 KB
75 KB PNG
>>63740622
Sent another email to PogoLoonix guy because there wasn't a clear answer on the ARM servers.

Not that it's essential, as we already have TALOS, which has a 4U rackmount option, the Librebooted Opterons, and now the SPARC stuff, but it's always nice to have another option.
>>
>>63740622
>>63740824
Also, would be funny as fuck if this guy found 4chan and discovered all of our autism here.
>>
File: aka.png (156 KB, 256x256)
156 KB
156 KB PNG
bump + uwu.

I'm glad I decided to start this general. Even if the whole botnet thing does get sorted out somehow, it's kinda fun to check out all of these other architectures and open options.
>>
>>63740232
i just call the delivery guy near me...




Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.