On 07/29/2015 01:54 PM, Patrick Georgi wrote:
One server board that is for sale and can be equipped with coreboot would be the ASUS KGPE-D16.
I looked at that - those are 5 years old now.. I would worry about the age of the capacitors.
I'm no longer seeing any MB - desktop or server that are from the last 2 years? And no one selling such systems?
Also - I did some work with some UEFI BIOSs - I think there is an small OS running on top of everything? (not something the lends itself to creating secure systems... ). Thus my quest for a coreboot system.
I had looked a few years ago and had the sense that there were rather current options - it appears that the climate has changed? Or am I missing part of the bigger picture?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/05/2015 01:05 PM, Karl Schmidt wrote:
On 07/29/2015 01:54 PM, Patrick Georgi wrote:
One server board that is for sale and can be equipped with coreboot would be the ASUS KGPE-D16.
I looked at that - those are 5 years old now.. I would worry about the age of the capacitors.
I'm no longer seeing any MB - desktop or server that are from the last 2 years? And no one selling such systems?
Also - I did some work with some UEFI BIOSs - I think there is an small OS running on top of everything? (not something the lends itself to creating secure systems... ). Thus my quest for a coreboot system.
I had looked a few years ago and had the sense that there were rather current options - it appears that the climate has changed? Or am I missing part of the bigger picture?
The climate has changed drastically. I ported coreboot to the ASUS KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing), but I think x86 is now end of line for this task given that AMD is building a mandatory Platform Security Processor (PSP) into the next generation of Opterons, and that Intel has been forcing the Management Engine (ME) down everyone's throats.
We are currently exploring migrating to IBM POWER8 in our next upgrade cycle. The hardware is expensive, but is at least as powerful as Intel and much more secure.
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 http://www.raptorengineeringinc.com
On 08/05/2015 01:15 PM, Timothy Pearson wrote:
The climate has changed drastically. I ported coreboot to the ASUS KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing), but I think x86 is now end of line for this task given that AMD is building a mandatory Platform Security Processor (PSP) into the next generation of Opterons, and that Intel has been forcing the Management Engine (ME) down everyone's throats.
My understanding of what is going on - it is claimed that this is about DRM, but that doesn't seem true as there has to be a lot of people that are also interested in keeping things secure for business reasons. Having a supervising closed source OS obviously makes things less secure (just the added complexity opens a bunch of attack vectors).
My hunch, from having managed and worked with EEs and programmers that are smarter than me - these guys have one flaw - they think there is no one else that can see what they see and find the flaws(or back-doors depending on who you ask). (I can imagine other countries have high level automated disassembly capabilities that remain unpublished).
So I think that the people that have to keep secrets in government - either have totally different hardware or our national security is totally exposed due to incompetence (I think the latter).
I'm at the point where I think the lack of physical write-protect on hard-drive BIOS, BIOS's of USB-drives, microcode - etc is probably purposeful - instead of getting closer to a system that is user audit-able - we are headed in the opposite direction.
I'm an aging assembly programmer/hardware guy among other things - I understand what actually happens in these chips - but I think the folks that are steering this ship just might be dangerously clueless. If we can't build truly secure business platforms, there is a real risk of a business collapse. We can air-gap design production computers at a huge cost - but computers where people exchange money, by definition can't be disconnected.
We are currently exploring migrating to IBM POWER8 in our next upgrade cycle. The hardware is expensive, but is at least as powerful as Intel and much more secure.
Might need to head to FPGA based processors instead.
Hello,
----- Mail d'origine ----- De: Karl Schmidt karl@xtronics.com À: coreboot@coreboot.org Envoyé: Thu, 06 Aug 2015 01:42:59 +0200 (CEST) Objet: Re: [coreboot] Dead links - missing information?
My hunch, from having managed and worked with EEs and programmers that are smarter than me - these guys have one flaw - they think there is no one else that can see what they see and find the flaws(or back-doors depending on who you ask). (I can imagine other countries have high level automated disassembly capabilities that remain unpublished).
This is EXACTLY my real-life experience also!.. (the hubris makes blind..)
Might need to head to FPGA based processors instead.
Or help (and promote) the projects which aim to design and make fab trully open source SOC ASICS.. No I'm not (yet) crazy (http://opencores.org/donation).
My 2 satoshi.. Florentin
On 08/05/2015 06:42 PM, Karl Schmidt wrote:
On 08/05/2015 01:15 PM, Timothy Pearson wrote:
The climate has changed drastically. I ported coreboot to the ASUS KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing), but I think x86 is now end of line for this task given that AMD is building a mandatory Platform Security Processor (PSP) into the next generation of Opterons, and that Intel has been forcing the Management Engine (ME) down everyone's throats.
My understanding of what is going on - it is claimed that this is about DRM, but that doesn't seem true as there has to be a lot of people that are also interested in keeping things secure for business reasons. Having a supervising closed source OS obviously makes things less secure (just the added complexity opens a bunch of attack vectors).
My hunch, from having managed and worked with EEs and programmers that are smarter than me - these guys have one flaw - they think there is no one else that can see what they see and find the flaws(or back-doors depending on who you ask). (I can imagine other countries have high level automated disassembly capabilities that remain unpublished).
So I think that the people that have to keep secrets in government - either have totally different hardware or our national security is totally exposed due to incompetence (I think the latter).
I'm at the point where I think the lack of physical write-protect on hard-drive BIOS, BIOS's of USB-drives, microcode - etc is probably purposeful - instead of getting closer to a system that is user audit-able - we are headed in the opposite direction.
It is indeed purposeful, but intended primarily for "convenience". Then certain bad actors (e.g. hackers, unethical corporations, and many nation states) abuse this for their own ends.
I'm an aging assembly programmer/hardware guy among other things - I understand what actually happens in these chips - but I think the folks that are steering this ship just might be dangerously clueless. If we can't build truly secure business platforms, there is a real risk of a business collapse. We can air-gap design production computers at a huge cost - but computers where people exchange money, by definition can't be disconnected.
Air-gapping will not protect against a truly malicious low-level firmware. You may slow data transfer somewhat and make initial access harder, but that's about it. For an example I refer you to the recent hacking of drive firmware to store interesting data in a hidden "partition" for later physical (non-network) retrieval.
We are currently exploring migrating to IBM POWER8 in our next upgrade cycle. The hardware is expensive, but is at least as powerful as Intel and much more secure.
Might need to head to FPGA based processors instead.
FPGAs are nowhere near powerful enough, and likely will never be compared to current generation processors in existence at the same time. IMHO the best path at this time is to find a non-consumer oriented platform where security outweighs convenience in the minds of the designers, and right now POWER8 appears to be the only remaining candidate. If IBM also goes to the "dark side" then custom silicon would be required, probably via licensing an existing core (ARM, POWER, SPARC, etc.) and removing the objectionable parts, however we would need to get a lot of companies on board for each run before that would be feasible.
Once thing is for sure, if no one supports the companies that make truly secure hardware and lets those companies know _why_ their hardware is being used over Intel and AMD then they will eventually make the same mistake...
I think most of this hardware protection is bullshit.
You have remote access to the computer in most operating systems used today. Thus you can login in and operate the computer. You wouldn’t let your neighbor to have a direct connection of keyboard, mouse and screen to your computer, would you?
The secure boot needs to store information in a DOS partition on the hard drive. Is that secure? Modern PCs has a RISC processor starting at power on. It has access to all the hardware and holds the reset line for the x86 CPUs low until it determines to release it. They can hold the reset for ever and thus your CPUs will never start.
So before your CPUs even have started the RISC processor can have all the fun it want’s and you will not notice. Is that secure? Do you trust it?
When the CPUs are started, the UEFI BIOS is a big risk. It’s literally an OS with network support and can run a lot of applications before the OS has started.
BR,
B-O
6 aug 2015 kl. 17:57 skrev Timothy Pearson tpearson@raptorengineeringinc.com:
On 08/05/2015 06:42 PM, Karl Schmidt wrote:
On 08/05/2015 01:15 PM, Timothy Pearson wrote:
The climate has changed drastically. I ported coreboot to the ASUS KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing), but I think x86 is now end of line for this task given that AMD is building a mandatory Platform Security Processor (PSP) into the next generation of Opterons, and that Intel has been forcing the Management Engine (ME) down everyone's throats.
My understanding of what is going on - it is claimed that this is about DRM, but that doesn't seem true as there has to be a lot of people that are also interested in keeping things secure for business reasons. Having a supervising closed source OS obviously makes things less secure (just the added complexity opens a bunch of attack vectors).
My hunch, from having managed and worked with EEs and programmers that are smarter than me - these guys have one flaw - they think there is no one else that can see what they see and find the flaws(or back-doors depending on who you ask). (I can imagine other countries have high level automated disassembly capabilities that remain unpublished).
So I think that the people that have to keep secrets in government - either have totally different hardware or our national security is totally exposed due to incompetence (I think the latter).
I'm at the point where I think the lack of physical write-protect on hard-drive BIOS, BIOS's of USB-drives, microcode - etc is probably purposeful - instead of getting closer to a system that is user audit-able - we are headed in the opposite direction.
It is indeed purposeful, but intended primarily for "convenience". Then certain bad actors (e.g. hackers, unethical corporations, and many nation states) abuse this for their own ends.
I'm an aging assembly programmer/hardware guy among other things - I understand what actually happens in these chips - but I think the folks that are steering this ship just might be dangerously clueless. If we can't build truly secure business platforms, there is a real risk of a business collapse. We can air-gap design production computers at a huge cost - but computers where people exchange money, by definition can't be disconnected.
Air-gapping will not protect against a truly malicious low-level firmware. You may slow data transfer somewhat and make initial access harder, but that's about it. For an example I refer you to the recent hacking of drive firmware to store interesting data in a hidden "partition" for later physical (non-network) retrieval.
We are currently exploring migrating to IBM POWER8 in our next upgrade cycle. The hardware is expensive, but is at least as powerful as Intel and much more secure.
Might need to head to FPGA based processors instead.
FPGAs are nowhere near powerful enough, and likely will never be compared to current generation processors in existence at the same time. IMHO the best path at this time is to find a non-consumer oriented platform where security outweighs convenience in the minds of the designers, and right now POWER8 appears to be the only remaining candidate. If IBM also goes to the "dark side" then custom silicon would be required, probably via licensing an existing core (ARM, POWER, SPARC, etc.) and removing the objectionable parts, however we would need to get a lot of companies on board for each run before that would be feasible.
Once thing is for sure, if no one supports the companies that make truly secure hardware and lets those companies know _why_ their hardware is being used over Intel and AMD then they will eventually make the same mistake...
-- Timothy Pearson Raptor Engineering +1 (415) 727-8645 http://www.raptorengineeringinc.com
-- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
On Wed, Aug 5, 2015 at 11:05 AM, Karl Schmidt karl@xtronics.com wrote:
On 07/29/2015 01:54 PM, Patrick Georgi wrote:
One server board that is for sale and can be equipped with coreboot would be the ASUS KGPE-D16.
I looked at that - those are 5 years old now.. I would worry about the age of the capacitors.
I'm no longer seeing any MB - desktop or server that are from the last 2 years? And no one selling such systems?
Some are, yes, but they come and go and may require some searching. Probably your best bet for a desktop is to get a Chromebox since that comes pre-loaded with coreboot and the PCH and CPU are well-supported. Check out the coreboot on Chromebooks community https://plus.google.com/communities/112479827373921524726?e=-RedirectToSandbox on G+ for some pointers on custom-built ROMs.
For servers, I think there are some vendors who sell with coreboot pre-installed but only in volume. You might have better luck browsing the sources for a particular chipset you're interested in, buying one and replacing the vendor-provided firmware. The Asus KFSN4-DRE has been actively worked on recently and tested, as you can see from the Supported Motherboards http://www.coreboot.org/Supported_Motherboards test waterfall.
Also - I did some work with some UEFI BIOSs - I think there is an small OS
running on top of everything? (not something the lends itself to creating secure systems... ).
There's nothing "small" about it, but yes, your general statement is accurate :-)
I had looked a few years ago and had the sense that there were rather
current options - it appears that the climate has changed? Or am I missing part of the bigger picture?
That's also pretty accurate. The momentum of coreboot development was largely on servers a few years ago. Now it seems most (but not all) of the work is geared toward mobile and embedded systems, a natural consequence of many coreboot contributors shifting in that direction as well.
-
Berth-Olof Bergman -
David Hendricks -
echelon@free.fr -
Karl Schmidt -
Timothy Pearson