On 12/17/2017 05:06 PM, Dame Más wrote:
Hi, The Coreboot BIOS of Purism 13 is open?
No it isn't, while they do use coreboot the silicon init process is entirely blobbed.
Technical merits - is it better than an off the shelf dell laptop? Of course, but not better enough to justify even a $30 premium let alone the thousands they are charging for a whitebox re-brand. It removes the brander (ex: dell) from the firmware trust equation but intel still remains and so does ME.
If I was you I would purchase a different coreboot compatible laptop then compile and install coreboot while running me_cleaner yourself - this will provide a better result for a lot less money as these following laptops feature open source silicon init and in the case of the intel models are pre-skylake so more of ME can be "cleaned".
One of these laptops is $200 max for one in good condition, vs thousands for a Purism 13 - with the cash you save you can also buy a KCMA-D8 gaming computer for libre gaming in a VM or otherwise.
My laptop recs: Lenovo G505S (best choice) - no ME/PSP + open source silicon init
Lenovo T420 (performance) - ME cleanable + open source silicon init - Can play new games via an ExpressCard EGPU Lenovo X230 (mobility) - ME cleanable + open source silicon init The T420 supports the better ivy bridge CPU's via coreboot, installing coreboot also removes the silly thinkpad wi-fi whitelist. If you get the X230 you may wish to install the better x220 keyboard mod.
I still don't understand as to why purism didn't simply use the AMD FT3 like the G505S, when they released their first laptop it was brand new and very fast...now it is not as fast as skylake but still more than good enough to be useful and definitely better than "free someday in the future" wintel.
I don't include the novena on this list due to it not having an IOMMU, although it does have open source firmware.
My desktop rec: KCMA-D8 (entirely libre, no ME/PSP, can play the latest games at high settings in a VM with a 4386 CPU and a VM attached graphics card)
Where can I download the source code to understand how it is disabled intel ME? Thank you
They use a software called me_cleaner (not made by them) to "clean" the ME blob, it is available in the coreboot tree and the v4.6 tarball and can be ran on almost any laptop that doesn't have the boot guard anti-feature[1] no matter if it supports coreboot or not.
It is impossible to disable ME/PSP[2], Intel/AMD intentionally made them integral to the boot process they even bring up the main CPU - even google was not able to convince them to open source ME and/or and provide a method to truly disable it.
On purisms laptops the ME kernel is still running and it still inits the main CPU pre-BIOS, if it was disabled one could not only remove the full ME blob from the firmware but also physically disconnect the ME core - neither of which one can do on any modern intel platform.
There are many companies that sell legitimately owner controlled hardware so it can be done just not with brand new x86-64 - let us hope purism uses the proceeds from their not-really-libre laptops to produce something worthwhile.
[1] An anti-feature is something that negatively benefits you, in this case "boot guard" takes away the ability to modify your firmware making a modern intel platform controlled 100% by intel and 0% by you vs an intel system from 10 years ago that was 100% you, an IBM POWER 9 system (ex: TALOS 2) which is 100% owner controlled by you or an AMD system pre-PSP (around pre-2013) which is 100% you.
[2] AMD has PSP on their new stuff which is equivilant to ME and just as terrible