-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi all,
Minifree has launched a new freedom-friendly laptop, with the free and open source Libreboot BIOS replacement, and Debian GNU+Linux preinstalled. This is the first modern laptop available with entirely libre software at every level, with no backdoors or rootkits like with the larger companies, and it's available on pre-order today.
This is good for security-conscious people who believe in Free Software, and want a system that they can trust. This includes businesses, professionals, governments and any other application where data privacy is a must. It's also good generally for those who wish to use a system that respects their freedom.
Here it is (more information is on the page): https://minifree.org/product/libreboot-x220/
This has positive implications for security in terms of auditability, and therefore privacy in general (no backdoors!). It's also free software friendly, so there are zero binary blobs and zero proprietary software running on it in the OS or BIOS. You have all of the four freedoms over each part of the boot process, which means that you the user are in full control.
For the first time ever, it is possible for companies to use libreboot-enabled hardware.
The Libreboot X220 is an upgrade from the existing Libreboot X200 that was sold previously. Here are just some of the improvements with the X22 0:
* Has a touchpad and trackpoint mouse pointer. The X200 only had the trackpoint
* Higher battery life
* SATA III support (6Gbps possible on SSD. The X200 can only do 3Gbps SATA II)
* 2nd mSATA SSD possible in the 2nd mini PCI-E slot (mSATA drives not yet sold by Minifree)
* much faster CPU (core i5/i7 on X220, core 2 duo on X200) *per CPU core*, and has more CPU cores (X220 is quad-core, vs X200 which is dual-core). This makes serious professional software development possible, aswell as enabling all kinds of other high performance use case scenarios which previously the libre software community had fallen short on.
* LED backlit panel instead of CCFL (X200 uses CCFL). LED is more reliable (lasts longer without dimming over time). Better colour/contrast compared to X200. Brighter backlight.
* much faster video performance (Intel HD 3000 on X220, vs Intel GMA 4500MHD on X200)
* higher screen resolution (1366×768 on X220, vs 1280×800 on X200)
* DisplayPort digital video output built in (X200 only has VGA)
* supports more RAM (up to 16GiB, versus X200 which only supports 8GiB)
* current hardware. Moores law has slowed down in recent years; the X220 is roughly on par with performance standards for even the most demanding of software developers. The X220 is a popular laptop for hackers and professional users alike
* larger ESC key
* better CPU cooling (and more power-efficient CPU)
* USB 3.0 possible (with the Core i7 model. NOTE: untested)
* Better webcam (720p HD with a decent microphone, compared to X200 which has low resolution webcam) – NOTE: not all X220 laptops from Minifree have webcams. If you want it, tell us and we’ll make sure to ship one that has it.
Spread the word!
- -- Leah Rowe
Libreboot developer
Use free software. Free as in freedom. https://en.wikipedia.org/wiki/Free_software
Use a free operating system, GNU+Linux. https://libreboot.org/docs/distros/ Or BSD: https://libreboot.org/docs/bsd/
Use a free BIOS. https://libreboot.org/
Support computer user freedom. https://peers.community/
Minifree Ltd, trading as Ministry of Freedom | Registered in England, No. 9361826 | VAT No. GB202190462 Registered Office: 19 Hilton Road, Canvey Island, Essex SS8 9QA, UK | Web: https://minifree.org/
- -- Leah Rowe
Libreboot developer
Use free software. Free as in freedom. https://en.wikipedia.org/wiki/Free_software
Use a free operating system, GNU+Linux. https://libreboot.org/docs/distros/ Or BSD: https://libreboot.org/docs/bsd/
Use a free BIOS. https://libreboot.org/
Support computer user freedom. https://peers.community/
Minifree Ltd, trading as Ministry of Freedom | Registered in England, No. 9361826 | VAT No. GB202190462 Registered Office: 19 Hilton Road, Canvey Island, Essex SS8 9QA, UK | Web: https://minifree.org/
This is a product that doesn't exist yet and that may not ever exist at all.
It is dishonest to claim that a computer with ME (nerfed or not) is "libre", shame even after all the drama I figured you better than the faux libre purism types.
I will be greatly impressed if the 30 minute bullshit is somehow bypassed.
Please, let's keep things calm and civil. There's no call for personal attacks of this nature. Let's not create drama.
Thanks. Martin
On Fri, Feb 17, 2017 at 6:24 PM, Taiidan@gmx.com Taiidan@gmx.com wrote:
This is a product that doesn't exist yet and that may not ever exist at all.
It is dishonest to claim that a computer with ME (nerfed or not) is "libre", shame even after all the drama I figured you better than the faux libre purism types.
I will be greatly impressed if the 30 minute bullshit is somehow bypassed.
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
On Fri, Feb 17, 2017 at 08:24:49PM -0500, Taiidan@gmx.com wrote: [...]
I will be greatly impressed if the 30 minute bullshit is somehow bypassed.
I guess you haven't seen Nicola Corna's recent work on the me_cleaner tool, then:
* https://review.coreboot.org/cgit/coreboot.git/tree/util/me_cleaner * https://github.com/corna/me_cleaner/wiki/How-does-it-work?
Jonathan
On Sat, 18 Feb 2017 19:26:22 +0100 Jonathan Neuschäfer j.neuschaefer@gmx.net wrote:
On Fri, Feb 17, 2017 at 08:24:49PM -0500, Taiidan@gmx.com wrote: [...]
I will be greatly impressed if the 30 minute bullshit is somehow bypassed.
I guess you haven't seen Nicola Corna's recent work on the me_cleaner tool, then:
- https://review.coreboot.org/cgit/coreboot.git/tree/util/me_cleaner
- https://github.com/corna/me_cleaner/wiki/How-does-it-work?
Jonathan
He probably has.
There's currently no known way to *completely* disable the ME on Sandy/Ivy Bridge Thinkpads without the 30 minutes limit.
On 02/18/2017 01:26 PM, Jonathan Neuschäfer wrote:
On Fri, Feb 17, 2017 at 08:24:49PM -0500, Taiidan@gmx.com wrote: [...]
I will be greatly impressed if the 30 minute bullshit is somehow bypassed.
I guess you haven't seen Nicola Corna's recent work on the me_cleaner tool, then:
- https://review.coreboot.org/cgit/coreboot.git/tree/util/me_cleaner
- https://github.com/corna/me_cleaner/wiki/How-does-it-work?
Jonathan
Nerfing and disabling are different things. So are disabled, and removed all together (remove the special ARC core from the CPU package)
FYI so everyone knows despite popular belief (again spread by purism types) the MEI device in lspci/device manager being present or not has no bearing on if it is on, off or disabled. There isn't any way to tell for real if it is actually disabled and not DMA capable without removing the ME firmware and somehow analyzing the ME processor to see if it does anything.
I for one don't think that it is possible to truly disable it (permanently) without a team of experts and millions in equipment and research (per platform), at this point the only real options for libre devices is POWER and ARM (RISC-V doesn't have any hardware with real juice yet). This hasn't happened yet because even linux people are addicted to x86-64.
Conspiracy section: The 30 minute thing begs the question of why does intel care so much about making sure people have ME functional? the corporate manageability excuse goes out the window when you consider the fact that it is present on the non-vPro series processors as well. It makes no sense to me.
Taiidan@gmx.com wrote:
The 30 minute thing begs the question of why does intel care so much about making sure people have ME functional?
It's part of the platform.
It makes no sense to me.
I recommend reading the Platform Embedded Security Technology Revealed book, ISBN 9781430265719.
//Peter
-
Jonathan Neuschäfer -
Leah Rowe -
Martin Roth -
Merlin Büge -
Peter Stuge -
Taiidan@gmx.com