Hello,

Off-topic:
Top-posted as Protonmail Android App is still unable to correctly use inline answers without correct quote layout/line breaks. Bug has been reported months ago :-/

Taiidan wrote:

"(...) CPU's....without a fix there will 
be only one coreboot compatible laptop with open source hardware 
initiation that is remotely secure (...)"

Currently I am using two laptops for my work setup:
A 12.5" Lenovo X230 and a 15.x" Lenovo W540 both machines are running with Qubes OS 4rc3 and 16GB RAM. The W540 is a Dual-Boot system with Win10, the x230 is running Coreboot.

Honestly I am shocked and angry if there will be no Intel Updates for the X230 and W540.
On the other hand, if I am running Qubes and Coreboot, wouldn't this reduce the risk of Meltdown/Spectre attacks as Coreboot will protect me against remote attacks (stripped down AMT/Intel ME) and Qubes might reduce the attack surface as I am using several VMs and DVMs for browsing?

If I compare the Lenovo X230 to Lenovo G505s this looks like a step back: the G505s is targeted at another audience that Lenovo ThinkPad Users. It looks to me like an entry level desktop, which is also very bulky (without the additional performance of a W540).

CPU comparison X230 CPU vs G505s
http://www.cpu-world.com/Compare/725/AMD_A6-Series_for_Notebooks_A6-5350M_vs_Intel_Core_i5_Mobile_i5-3360M_(BGA).html

Also the G505s has less cores/no HT

Frustration. Can't "we" build one or maybe two crowd founded secure Laptops (12", 15.x") with reasonable specs, good keyboard, hardware kill switches, internal wan (kill-switchable)?
I can't think that choice is limited in 2018 to only 1 (in words "one") laptop modell, which is no nearly 5 years old (08/2013).

Brave new world.

[799]




Gesendet von ProtonMail mobile



-------- Original-Nachricht --------
An 11. Jan. 2018, 03:55, Taiidan@gmx.com schrieb:

I am curious of any intel insiders know if there will be microcode
updates released for older intel CPU's (ex: sandy/ivybridge) and failing
that, what can be done in regards to securing them from meltdown/spectre.

I believe this is a relevant coreboot topic considering how many
coreboot boards have these and older CPU's....without a fix there will
be only one coreboot compatible laptop with open source hardware
initiation that is remotely secure (lenovo g505s as has a pre-PSP AMD
CPU) and theoretically owner controllable (as the previous C2D/C2Q's
such as the X200 are now permanently insecure without intervention from
intel apparently)

At this point even a massive performance loss is better than having to
throw out so much now-useless hardware.


--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot