On Sat, Dec 23, 2017 at 11:32 PM, Taiidan@gmx.com Taiidan@gmx.com wrote:
On 12/23/2017 07:16 PM, Todd Weaver wrote:
Intel did not mislead, we told them, and continue to, that we _want_ an ME-less design (which is their term for what we asked for). And as we grow our leverage will grow, and our influence will grow. This is a long-term strategy and is playing out as planned.
They will not adjust based on small quantities, but quantity = leverage, and our influence changes as volumes grow. (e.g. $ = influence)
You will never have that type of leverage, if google can't pull it off then no one can.
Yeah, I agree with you on that, I don't think any leverage could make Intel budge on that at this point.
Even the NSA only got HAP, not a CPU without ME all together and the US government probably spends hundreds of millions with intel every year.
x86-64 will always have ME/PSP and it simply can't be disabled, pretending otherwise is doing a disservice to many who look to the big shots for advice and pipe dreams like that being spread to the masses are the main reason I dislike purism so much.
You know of the ROM Bypass stuff, right? The first byte of the flash contains a JMP instruction into the ROMB partition in the flash (that's why the IFD magic number is at offset 0x10, not 0x0), so if you put the right flag in the flash to enable ROM Bypass, then you could get full unsigned/unchecked code (since the code in the ROM is what checks signatures). Now, that actually doesn't work because it's a feature that is disabled on production chips, only pre-production chips allow the ROM Bypass feature. What if someone finds a way to enable that feature on a production chip ? What if you can make your CPU think it's in preproduction mode thanks to some microcode update for example ? Then you can get fully user controlled ME from the very first instruction.
I'm not saying it's possible or that it will be possible, but I'm saying that it's not a "pipe dream" like you seem to think. Even better, forget HAP, forget ROM Bypass, how about using the exploit that PT announced at BlackHat to get your own unsigned code to execute on the ME. You get full user control of the ME that way, and while we know that the HAP bit happens at the end of the BUP module's task, it's possible the exploit happens at the start (it does happen when it tries to read a config file, so it could be early in the BUP). The entire code from the first instruction all the way to the time the exploit runs, could be reverse engineered, so even if you don't control what happens there, you could at least have the source for it and audit it to make sure it's not doing anything you wouldn't want it to do, then have your exploit run and execute your own user controlled ME firmware. It's not an as perfect solution as being able to do a ROM Bypass and control everything from the very first JMP, but it's something doable today, it's not even a "maybe", so again, it's not a pipe dream.
People will think "well gee why buy an actually-libre-right-now TALOS 2 when I can simply wait a few years when the eggheads have cracked ME and I can keep getting cheap soul-less computers" as tim said the discovery of HAP etc probably set back libre computing a decade.
I hope you are buying a TALOS 2.
I think people buying a TALOS 2 and people buying a Librem are two very distinct types of people. I very much doubt that someone has ever had to decide between buying a Librem and a TALOS. No one in need of a computer and in need of a open hardware machine will decide to "wait a few years" either.. when you need a new PC, you buy a new PC. If you want a TALOS, then you buy a TALOS, if you don't want it, or you want a laptop, or if you don't have the budget for it, then you look elsewhere, you're not going to just read some article and decide to wait years without a computer in the hope that what you actually want might be released by then.
A good summary is that we want to "bring blob-free to the hardware that people want", rather than "bring blob-free hardware to the people who want it".
This is great; and I may quote you on that :)
Yeah, Todd, you can quote me. I also really liked that when I thought of it :p And thanks for answering Nico's questions and correcting my statements. I didn't even know an i.mx8 librem 13/15 had already been thought of, that's pretty cool if it's in the plans!