On 01.12.21 15:57, Ivan Ivanov wrote:
Thank you, these seem to be good points. However, in regards to:
If you have any hope of open-source coreboot for newer platforms, you shouldn't make it harder for coreboot to advance.
Where to advance? Are there any "newer platforms" that are as worthy as the "older platforms":
Not sure how to compare that, nobody has written native coreboot code for the platforms that you deem worthy either. Also, ...
- as secure: no Intel ME / AMD PSP "security" co-processors, which
are seen as harmful to real security by many ;
...open-source AGESA seems worse to me. In theory one could review it, but did anyone? AIUI, it even provides runtime code for the OS (ACPI DSDT), i.e. tells the OS what to do.
So what you call "real security" seems more like wishful security to me. Presence of ME or PSP does not provide a security issue per se. It depends on your threat model and if they are your weakest spot. There are plenty of controllers even in older machines that run code from ROM masks. What's the difference? Can we trust vendors with code in ROM masks but not with code in flash? These are subtle considerations. So far, it doesn't make older hardware more attractive to me.
Did I mention that at least one of the pre-PSP platforms already has a PSP, just hidden? Ok, I admit I didn't look at the silicon to check, but it's common that a silicon vendor puts new stuff early into chips to test it. So it seems very likely to be true. We generally don't know what exactly lives in these chips. I rather trust what I can see.
- as affordable: the older devices are possible to get used for like
$100-$200. Meanwhile - because of Boot Guard etc. - the "newer platforms" are unlikely to have coreboot without vendor's involvement, who will gladly charge a big extra for "coreboot support".
Last time I checked BootGuard wasn't a big issue, i.e. not so many devices ship with it. Did that change?
Devices sold today will be as affordable tomorrow (well, on a slightly larger timescale). What's your point?
- as available: these generic consumer electronics, which have been
shipped with a proprietary UEFI but got coreboot support later, have a huge numbers all over the world - compared to the quite limited availability of newer coreboot platforms.
I don't understand this point either. This will change, earth keeps turning, right? Also, I'm quite sure that your numbers are wrong anyway. Please check how many Chromebooks are sold, for instance. These, are sold by people who actually support the project btw.
Sorry, I don't see any "newer platforms" which would match the "older platforms" on these critically-important points.
You seem to be too much used to look behind. Please look ahead from time to time. And regarding security, don't trust what you read on the internet. It's far more subtle than non-PSP is secure, PSP is insecure.
Also, it's not about old vs. new hardware anyway. There's much older hardware than the AGESA ports that will stay maintained. It's about hardware that nobody took the time to write a proper, long-term main- tainable coreboot for. And I can't blame anyone for it. Everything AMD Bulldozer based always seemed like the most unattractive hard- ware to me.
So it doesn't seem reasonable to drop the "crappy code" of "older platforms" in favor of the "beautiful code" of "newer platforms", if they could never become as worthy.
You made it clear that they are worthy to *you* (even your arguments seem extremely fragile, so maybe that changed), so you are free to look after their code. Why not start with that instead of complaining that nobody else does it for you?
Well, maybe some corporation sees their newer platform as "more worthy" - despite it's losing on all 3 points above and there are blobs-over-blobs. But they can't speak for the community of opensource hobbyists all over the world, people like you and me. And pleasing the corporations by easing their "burden" - while dropping the "older platforms" which are more worthy - doesn't seem wise, at least to me...
You are blaming and talking to the wrong people. Deprecating old code was always driven by the most libre developers in this community, FWIW. They shoulder the hard work to keep the code base maintainable, so I think they should decide what is worthy and what isn't (hopefully not based on some weak, wishful arguments).
Keeping the code clean makes life easier for other people too, sure, but that's what happens when people work together on a project.
Nico