There's no "pure coreboot" systems. You need some payload.
Also, while Talos is truly awesome, the OP asked about coreboot specifically and Talos doesn't run coreboot :)
At the moment, the best coreboot-supported server motherboard is ASUS KGPE-D16. You can also get libre BMC with OpenBMC port for it.
If you just want a libre motherboard, Talos is the best you can get.
On 18-01-17 12:00:01, coreboot-request@coreboot.org wrote:
Message: 2 Date: Tue, 16 Jan 2018 19:29:18 +0100 From: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net To: Coreboot coreboot@coreboot.org Subject: [coreboot] Server systems shipped with coreboot Message-ID: d5d6d8ee-77ee-4232-a89a-e5158140b065@gmx.net Content-Type: text/plain; charset=UTF-8
Hi,
does anyone have a list of server systems which are shipped with coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping servers with coreboot without announcing this, and I unfortunately neither remember the server model nor who told me about this. If said person could remind contact me, I'd be thankful.
Regards, Carl-Daniel
Message: 3 Date: Wed, 17 Jan 2018 00:28:23 +0300 From: Mike Banon mikebdp2@gmail.com To: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net, coreboot@coreboot.org Subject: Re: [coreboot] Server systems shipped with coreboot Message-ID: CAK7947nVZptQEhiRzfPQpt_KqVFERXzFNrppeb_NTVhEGxSLQQ@mail.gmail.com Content-Type: text/plain; charset="UTF-8"
Hi friend ! I just googled "coreboot servers" and found this:
https://store.vikings.net/the-server-1u , and https://www.siliconmechanics.com/i7045/opteron-server.php (Installation of coreboot is available with certain configurations; contact Sales for details.)
And, of course, Talos II POWER9 servers which are already available for pre-orders. They are the future of libre server computing : https://www.raptorcs.com/TALOSII/prerelease.php
So basically there are two options:
- use one of a few coreboot-supported boards with AMD Opterons (which
are also a bit outdated) you can even build such a server by yourself, just get the supported hardware and flash coreboot to it 2) preorder Talos II and wait for shiny new server to come ;)
Mike
On Tue, Jan 16, 2018 at 9:29 PM, Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net wrote:
Hi,
does anyone have a list of server systems which are shipped with coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping servers with coreboot without announcing this, and I unfortunately neither remember the server model nor who told me about this. If said person could remind contact me, I'd be thankful.
Regards, Carl-Daniel
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Subject: Digest Footer
coreboot mailing list coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
End of coreboot Digest, Vol 155, Issue 24
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
For the KGPE-D16, an integration effort was made in Heads to support such board.
https://github.com/osresearch/heads/issues/134
* OpenBMC support merged into coreboot so the server can boot * Flashrom support to flash OpenBMC directly from within Heads * Flashrom support to reflash Heads internally * Multiboot support, QubesOS support
Thanks Timothy for all the great work that was accomplished on that board in the past years.
TPM2 integration is still missing though. Don't hesitate to collaborate onto heads to integrate VBOOT changes. 16Mb of SPI flash is more then enough to support it.
Talos II cannot actually fulfill most of the threat models that the KGPE-D16 can with Heads + QubesOS combined.
That is why i'm interested in the legal implications and limitations of selling such systems with replaced firmwares. That and the deactivation/suppression of ME/PSP blobs.
Couple of interesting hints given here legally. Thanks a bunch. Will have official legal advices in the next coming days. Will share them back.
Thierry
On 01/17/2018 06:12 AM, Piotr Kubaj via coreboot wrote:
There's no "pure coreboot" systems. You need some payload.
Also, while Talos is truly awesome, the OP asked about coreboot specifically and Talos doesn't run coreboot :)
At the moment, the best coreboot-supported server motherboard is ASUS KGPE-D16. You can also get libre BMC with OpenBMC port for it.
If you just want a libre motherboard, Talos is the best you can get.
On 18-01-17 12:00:01, coreboot-request@coreboot.org wrote:
Message: 2 Date: Tue, 16 Jan 2018 19:29:18 +0100 From: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net To: Coreboot coreboot@coreboot.org Subject: [coreboot] Server systems shipped with coreboot Message-ID: d5d6d8ee-77ee-4232-a89a-e5158140b065@gmx.net Content-Type: text/plain; charset=UTF-8
Hi,
does anyone have a list of server systems which are shipped with coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping servers with coreboot without announcing this, and I unfortunately neither remember the server model nor who told me about this. If said person could remind contact me, I'd be thankful.
Regards, Carl-Daniel
Message: 3 Date: Wed, 17 Jan 2018 00:28:23 +0300 From: Mike Banon mikebdp2@gmail.com To: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net, coreboot@coreboot.org Subject: Re: [coreboot] Server systems shipped with coreboot Message-ID: CAK7947nVZptQEhiRzfPQpt_KqVFERXzFNrppeb_NTVhEGxSLQQ@mail.gmail.com Content-Type: text/plain; charset="UTF-8"
Hi friend ! I just googled "coreboot servers" and found this:
https://store.vikings.net/the-server-1u , and https://www.siliconmechanics.com/i7045/opteron-server.php (Installation of coreboot is available with certain configurations; contact Sales for details.)
And, of course, Talos II POWER9 servers which are already available for pre-orders. They are the future of libre server computing : https://www.raptorcs.com/TALOSII/prerelease.php
So basically there are two options:
- use one of a few coreboot-supported boards with AMD Opterons (which
are also a bit outdated) you can even build such a server by yourself, just get the supported hardware and flash coreboot to it 2) preorder Talos II and wait for shiny new server to come ;)
Mike
On Tue, Jan 16, 2018 at 9:29 PM, Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net wrote:
Hi,
does anyone have a list of server systems which are shipped with coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping servers with coreboot without announcing this, and I unfortunately neither remember the server model nor who told me about this. If said person could remind contact me, I'd be thankful.
Regards, Carl-Daniel
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
Subject: Digest Footer
coreboot mailing list coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
End of coreboot Digest, Vol 155, Issue 24
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On 03/25/2018 11:12 AM, thierry.laurion@gmail.com wrote:
For the KGPE-D16, an integration effort was made in Heads to support such board.
https://github.com/osresearch/heads/issues/134
- OpenBMC support merged into coreboot so the server can boot
- Flashrom support to flash OpenBMC directly from within Heads
- Flashrom support to reflash Heads internally
- Multiboot support, QubesOS support
Thanks Timothy for all the great work that was accomplished on that board in the past years.
TPM2 integration is still missing though. Don't hesitate to collaborate onto heads to integrate VBOOT changes. 16Mb of SPI flash is more then enough to support it.
Talos II cannot actually fulfill most of the threat models that the KGPE-D16 can with Heads + QubesOS combined.
The TALOS 2 has libre firmware, POWER-KVM, POWER-IOMMU and *it isn't a dead platform* - it is definitely worth a purchase. There isn't a POWER-qubes or a POWER-heads because no one has POWER computers and because there aren't those and "you can just get a *some x86 machine*" then not many will buy one and it will be the end of freedom computing...
The facts are that x86_64 is a dead platform and there will never again be another owner controlled x86_64 device. - people need to understand that and realize that things like qubes for POWER is a catch-22 situation that will never be solved unless people have POWER machines and use them for their other virtualization needs until then.
Btw whats better about TPM2 vs TPM1? (Is there anything useful? AFAIK the only difference is the addition of more microsoft sponsored non-owner controlled features that could be potentially used for DRM) I always thought a useful TPM feature to prevent it from being used for DRM is to have a fuse one can set to enable a "secure" mode otherwise one is able to freely read back anything on the chip.
Le dim. 25 mars 2018 14:08, Taiidan@gmx.com Taiidan@gmx.com a écrit :
On 03/25/2018 11:12 AM, thierry.laurion@gmail.com wrote:
For the KGPE-D16, an integration effort was made in Heads to support such board.
https://github.com/osresearch/heads/issues/134
- OpenBMC support merged into coreboot so the server can boot
- Flashrom support to flash OpenBMC directly from within Heads
- Flashrom support to reflash Heads internally
- Multiboot support, QubesOS support
Thanks Timothy for all the great work that was accomplished on that board in the past years.
TPM2 integration is still missing though. Don't hesitate to collaborate onto heads to integrate VBOOT changes. 16Mb of SPI flash is more then enough to support it.
Talos II cannot actually fulfill most of the threat models that the KGPE-D16 can with Heads + QubesOS combined.
The TALOS 2 has libre firmware, POWER-KVM, POWER-IOMMU and *it isn't a dead platform* - it is definitely worth a purchase. There isn't a POWER-qubes or a POWER-heads because no one has POWER computers and because there aren't those and "you can just get a *some x86 machine*" then not many will buy one and it will be the end of freedom computing...
The facts are that x86_64 is a dead platform and there will never again be another owner controlled x86_64 device. - people need to understand that
True. Reluctance to change is another terrain reality though.
and realize that things like qubes for POWER is a catch-22 situation that will never be solved unless people have POWER machines and use them for their other virtualization needs until then.
That's a geeky path and unfortunately not accessible for a lot of use cases and threat models. Even Qubes is still geeky for the masses. Getting easier to use, true. But teaching to whom needs it the most is already a big challenge in itself.
What I mean here is that cooperation should be the path taken. The virtualization abstraction layer in Qubes is there, thanks to libvirt. Helper scripts are missing though. If there is a response from early programmers adopters out there, willing to contribute to Qubes (Timothy's friends and partners?) that could really ease adoption. People want it.
There is a need to have an alternative to x86, i think everyone knowledgeable agrees to that. The thing is to easy that move. Xen won't do thee move until pushed a little. KVM could be used for HVM in Qubes. I'm pretty sure that if a couple of Talos II were borrowed to Qubes enhousiast developers, the helper scripts would be written pretty quickly.
Meanwhile, I'll encourage willing customers who desires private cloud solutions in their organization to buy Talos II. But it won't fulfill the threat models of others until easier compartmentalization is available.
Btw whats better about TPM2 vs TPM1? (Is there anything useful? AFAIK the only difference is the addition of more microsoft sponsored non-owner controlled features that could be potentially used for DRM)
Mostly true. But TPM2 comes now in all recent hardware for different sockets and can be used for measured boot/trusted boot. Its support got included in Grub and vboot. Linux kernel integrated a scheduler recently to properly deal with concurrent requests. Watch this talk. https://fosdem.org/2018/schedule/event/tpm/
KGPE-D16 has a 19 pin header. I'm not aware of any TPMv1 that fits that connector. Is there any? For measured boot and user ownability of hardware, there is no specific need for TPMv2 but largest and stronger algorithms including curves. Other then that, it was just pushed by DRM needs, I believe.
I always thought a useful TPM feature to prevent it from being used for
DRM is to have a fuse one can set to enable a "secure" mode otherwise one is able to freely read back anything on the chip.
Can be used two times. Once in the BIOS and then reused in the OS for other means. No, the secrets kept in there are useful for a lot of uses from a user perspective. You should watch the talk linked above.
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
-
Piotr Kubaj -
Taiidan@gmx.com -
Thierry Laurion -
thierry.laurion@gmail.com