On 08/05/2015 01:15 PM, Timothy Pearson wrote:
The climate has changed drastically. I ported coreboot to the ASUS KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing), but I think x86 is now end of line for this task given that AMD is building a mandatory Platform Security Processor (PSP) into the next generation of Opterons, and that Intel has been forcing the Management Engine (ME) down everyone's throats.
My understanding of what is going on - it is claimed that this is about DRM, but that doesn't seem true as there has to be a lot of people that are also interested in keeping things secure for business reasons. Having a supervising closed source OS obviously makes things less secure (just the added complexity opens a bunch of attack vectors).
My hunch, from having managed and worked with EEs and programmers that are smarter than me - these guys have one flaw - they think there is no one else that can see what they see and find the flaws(or back-doors depending on who you ask). (I can imagine other countries have high level automated disassembly capabilities that remain unpublished).
So I think that the people that have to keep secrets in government - either have totally different hardware or our national security is totally exposed due to incompetence (I think the latter).
I'm at the point where I think the lack of physical write-protect on hard-drive BIOS, BIOS's of USB-drives, microcode - etc is probably purposeful - instead of getting closer to a system that is user audit-able - we are headed in the opposite direction.
I'm an aging assembly programmer/hardware guy among other things - I understand what actually happens in these chips - but I think the folks that are steering this ship just might be dangerously clueless. If we can't build truly secure business platforms, there is a real risk of a business collapse. We can air-gap design production computers at a huge cost - but computers where people exchange money, by definition can't be disconnected.
We are currently exploring migrating to IBM POWER8 in our next upgrade cycle. The hardware is expensive, but is at least as powerful as Intel and much more secure.
Might need to head to FPGA based processors instead.