On 12/28/18 3:48 AM, John Keates wrote:
On 28 Dec 2018, at 00:36, Piotr Król piotr.krol@3mdeb.com wrote:
On 8/19/18 4:06 PM, John Keates wrote:
Hi,
Hi John,
The extra pointers are helpful indeed. I have started searches for ULV and mobile series single board computers that don’t have BootGuard enforcement enabled, but no luck so far.
I would like to learn more about requirements here from my understanding there should be big selection of devices that match your requirements. Appollo Lake platforms should not have BootGuard since those mostly target embedded market. Maybe Denverton-based hardware would also be interesting to you. I'm not sure if it match your price point.
(...)
- Are you active in pfSense, OPNSense or any other UTM/firewall OS?
I’m active in OPNSense these days. I used to be rather active in pfSense, but the environment has gotten too toxic for me over the past years. I do have some side projects using Linux-based SDN setups on this type of hardware.
Understood. It looks like Qotom is pretty popular in UTM/firewall community.
(...)
As 3mdeb we are official maintainers of PC Engines and looking to support whole network appliance environment. Recently we working also on some support for Qotom based platforms.
I suspect you then have to get around the BootGuard issue, right? Because as far as I know, you cannot boot coreboot with BootGard fuses blown in enforcement mode.
PC Engines is AMD based and there is no BootGuard there. There is Hardware Validated Boot but hardware is shipped without enabling it, truly it would be great if it would be possible to leverage that using open source tools, but probably without PSP keys not much can be done.
(...)
I did switch to ARM based systems (often i.MX) and Intel based systems before the APU platforms became available locally because at that point, white label import became a real option.
Yes, we also did some work with NXP but their mindset is very similar to Intel - lot of stuff rely on proprietary tools that you can get only signing NDAs and getting through their verification process.