Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]

Tue, 05 Sep 2017 21:13:25 -0700 

On 06.09.2017 03:14, mdn wrote:


If I understood it correctly, they managed to boot an modified firmware
on that ME core, so it theoretically should be possible to run an
entirely own firmware on it. Maybe barebox or plan9.

They did manage to boot a modified firmware but there's still components
that aren't yet removed.
--it also removes all the modules from the images except RBE, KERNEL,
SYSLIB, and BUP--
So the modules RBE, KERNEL, SYSLIB and BUP are still their and if you
read correctly
--It should be noted that ROM, RBE, and KERNEL are executed at the zero
privilege level (in ring-0) of the MIA kernel.--


The interesting question here is whether these parts could be replaced.

If I understood it correctly, they didn't remove these parts yet, as
they're still needed to bring up the main cpu. I'd guess it's only a
matter of time until they found out how to do it on their own.


But has I see things it would be faster to go on POWER and besides
faster we are 100% sure that there isn't anything in the background that
we don't know about.


Assuming there'll be suitable and affordable boards in near future.


What about ARM ?

They began to implement similar ME/PSP functions I unfortunately don't
remember the name of it so if someone knows please post it.


I'm only aware of the TrustZone stuff. But that's not enabled by default
(more precisely: on poweron, the cpu is in "secure" mode, until
explicitly switched down to "normal mode"). For a complete lock-down,
you'd need a soc w/ internal boot flash (most of the socs boot from
external media) and burn the fuses. The CPUs you can buy are usually
open (and only closed-down by board vendors, if done at all) - anything
else wouldn't work well in embedded world. Completely custom boards
are the usual standard here.


There's also the GPU problem, there is zero effort from allwinner to
free their MALI GPU and worse they persecute those who try to reverse
engineer it (see the LIMA driver developer) that's why no 100% free
driver is available.


Just dont buy that crap. There're other options, eg. vivante is already
opened. (nobody who still has a piece of sanity ever uses proprietary
drivers)


--mtx

_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
























					Reply via email to