Quoting zap (calmst...@posteo.de): > Very well then, > https://libreboot.org/faq.html#will-the-purism-laptops-be-supported > > that is one perfect example. If it were possible, I think libreboot > would have said something by now about the intel_me cleaner making it > possible.
This is significant and worthy of note, but please be careful to not over-read. Libreboot Project take the sensible stance that it is best to avoid hardware containing Intel ME, including the Purism laptops, because of (1) Intel ME, and (2) the Intel Firmware Support Package (FSP) that coreboot uses to handles all hardware initialisation, including memory and CPU initialisation. (Among other things, Libreboot Project point out that FSP sets up System Management Mode, which is a known-problematic system layer underlying the regular OS level). As it happens, as I mentioned, I just recently bought (to play with) a reconditioned Zotac CI321 w/4GB RAM and a 64GB SSD for US $125 with 1 year warranty from Zotac after John Franklin mentioned the Zotac C-series here. (TY, John!) It has the Intel ME and Intel FSM problems, too. If I understand correctly, it would be self-defeating to totally disable the Intel ME on hardware that uses it -- because the ME is instrumental in initialising the hardware for use. The best possible outcome under the circumstances is to be able to programmatically disable the ME as part of boot-up, as can be done at least for ME version 11 using the technique discovered by Positive Technologies. http://blog.ptsecurity.com/2017/08/disabling-intel-me.html Intel Corp. have confirmed that this technique does disable ME version 11. Call me excessively trusting if you will, but I believe them. And FWIW I do _not_ believe the people thinking ME is a plot to security-compromise our computers. It's a (regrettable) technology intended to facilitate OOB management. The rationale makes perfect sense, even if the unintended side-effects are woeful.) I think, if you credit Purism with a modicum of good will, you might concede that an Intel ME (version 11) that gets programmatically lobotomised immediately upon boot using the Positive Technologies (which I hope and expect Purism are using) is as close to no Intel ME as makes no difference. The FSP is a separate problem (for both the Purism laptops and my little toy Zotac), and I can't say much about more about that. My own semi-considered opinion: Purism have been repeatedly guilty of the, on balance, venial and rather common sin of shading the truth just a bit. Public relations. They may not be unstained saints of the Church of Free Software, but then, who is? Shades of grey. We have 'em. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
