12:12 p.m.
There's no "pure coreboot" systems. You need some payload.
Also, while Talos is truly awesome, the OP asked about coreboot specifically and Talos
doesn't run coreboot :)
At the moment, the best coreboot-supported server motherboard is ASUS KGPE-D16. You can
also get libre BMC with OpenBMC port for it.
If you just want a libre motherboard, Talos is the best you can get.
On 18-01-17 12:00:01, coreboot-request(a)coreboot.org wrote:
Message: 2
Date: Tue, 16 Jan 2018 19:29:18 +0100
From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net>
To: Coreboot <coreboot(a)coreboot.org>
Subject: [coreboot] Server systems shipped with coreboot
Message-ID: <d5d6d8ee-77ee-4232-a89a-e5158140b065(a)gmx.net>
Content-Type: text/plain; charset=UTF-8
Hi,
does anyone have a list of server systems which are shipped with
coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this. If said
person could remind contact me, I'd be thankful.
Regards,
Carl-Daniel
------------------------------
Message: 3
Date: Wed, 17 Jan 2018 00:28:23 +0300
From: Mike Banon <mikebdp2(a)gmail.com>
To: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net>et>,
coreboot(a)coreboot.org
Subject: Re: [coreboot] Server systems shipped with coreboot
Message-ID:
<CAK7947nVZptQEhiRzfPQpt_KqVFERXzFNrppeb_NTVhEGxSLQQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hi friend ! I just googled "coreboot servers" and found this:
https://store.vikings.net/the-server-1u , and
https://www.siliconmechanics.com/i7045/opteron-server.php
(Installation of coreboot is available with certain configurations;
contact Sales for details.)
And, of course, Talos II POWER9 servers which are already available
for pre-orders.
They are the future of libre server computing :
https://www.raptorcs.com/TALOSII/prerelease.php
So basically there are two options:
1) use one of a few coreboot-supported boards with AMD Opterons (which
are also a bit outdated)
you can even build such a server by yourself, just get the supported
hardware and flash coreboot to it
2) preorder Talos II and wait for shiny new server to come ;)
Mike
On Tue, Jan 16, 2018 at 9:29 PM, Carl-Daniel Hailfinger
<c-d.hailfinger.devel.2006(a)gmx.net> wrote:
Hi,
does anyone have a list of server systems which are shipped with
coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this. If said
person could remind contact me, I'd be thankful.
Regards,
Carl-Daniel
--
coreboot mailing list: coreboot(a)coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
------------------------------
Subject: Digest Footer
_______________________________________________
coreboot mailing list
coreboot(a)coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
------------------------------
End of coreboot Digest, Vol 155, Issue 24
*****************************************
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
5:12 p.m.
New subject: Server systems shipped with coreboot
For the KGPE-D16, an integration effort was made in Heads to support
such board.
https://github.com/osresearch/heads/issues/134
* OpenBMC support merged into coreboot so the server can boot
* Flashrom support to flash OpenBMC directly from within Heads
* Flashrom support to reflash Heads internally
* Multiboot support, QubesOS support
Thanks Timothy for all the great work that was accomplished on that
board in the past years.
TPM2 integration is still missing though. Don't hesitate to collaborate
onto heads to integrate VBOOT changes. 16Mb of SPI flash is more then
enough to support it.
Talos II cannot actually fulfill most of the threat models that the
KGPE-D16 can with Heads + QubesOS combined.
That is why i'm interested in the legal implications and limitations of
selling such systems with replaced firmwares. That and the
deactivation/suppression of ME/PSP blobs.
Couple of interesting hints given here legally. Thanks a bunch. Will
have official legal advices in the next coming days. Will share them back.
Thierry
On 01/17/2018 06:12 AM, Piotr Kubaj via coreboot wrote:
There's no "pure coreboot" systems. You
need some payload.
Also, while Talos is truly awesome, the OP asked about coreboot
specifically and Talos doesn't run coreboot :)
At the moment, the best coreboot-supported server motherboard is ASUS
KGPE-D16. You can also get libre BMC with OpenBMC port for it.
If you just want a libre motherboard, Talos is the best you can get.
On 18-01-17 12:00:01, coreboot-request(a)coreboot.org wrote:
Message: 2
Date: Tue, 16 Jan 2018 19:29:18 +0100
From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net>
To: Coreboot <coreboot(a)coreboot.org>
Subject: [coreboot] Server systems shipped with coreboot
Message-ID: <d5d6d8ee-77ee-4232-a89a-e5158140b065(a)gmx.net>
Content-Type: text/plain; charset=UTF-8
Hi,
does anyone have a list of server systems which are shipped with
coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this. If said
person could remind contact me, I'd be thankful.
Regards,
Carl-Daniel
------------------------------
Message: 3
Date: Wed, 17 Jan 2018 00:28:23 +0300
From: Mike Banon <mikebdp2(a)gmail.com>
To: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006(a)gmx.net>et>,
coreboot(a)coreboot.org
Subject: Re: [coreboot] Server systems shipped with coreboot
Message-ID:
<CAK7947nVZptQEhiRzfPQpt_KqVFERXzFNrppeb_NTVhEGxSLQQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hi friend ! I just googled "coreboot servers" and found this:
https://store.vikings.net/the-server-1u , and
https://www.siliconmechanics.com/i7045/opteron-server.php
(Installation of coreboot is available with certain configurations;
contact Sales for details.)
And, of course, Talos II POWER9 servers which are already available
for pre-orders.
They are the future of libre server computing :
https://www.raptorcs.com/TALOSII/prerelease.php
So basically there are two options:
1) use one of a few coreboot-supported boards with AMD Opterons (which
are also a bit outdated)
you can even build such a server by yourself, just get the supported
hardware and flash coreboot to it
2) preorder Talos II and wait for shiny new server to come ;)
Mike
On Tue, Jan 16, 2018 at 9:29 PM, Carl-Daniel Hailfinger
<c-d.hailfinger.devel.2006(a)gmx.net> wrote:
Hi,
does anyone have a list of server systems which are shipped with
coreboot? I'm interested in coreboot+UEFI systems, coreboot+Linux
systems, coreboot+SeaBIOS systems, pure coreboot systems.
At 34C3 I was told by someone that a major vendor has been shipping
servers with coreboot without announcing this, and I unfortunately
neither remember the server model nor who told me about this. If said
person could remind contact me, I'd be thankful.
Regards,
Carl-Daniel
--
coreboot mailing list: coreboot(a)coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
------------------------------
Subject: Digest Footer
_______________________________________________
coreboot mailing list
coreboot(a)coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
------------------------------
End of coreboot Digest, Vol 155, Issue 24
*****************************************
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
8:06 p.m.
New subject: Server systems shipped with coreboot
On 03/25/2018 11:12 AM, thierry.laurion(a)gmail.com wrote:
For the KGPE-D16, an integration effort was made in
Heads to support
such board.
https://github.com/osresearch/heads/issues/134
* OpenBMC support merged into coreboot so the server can boot
* Flashrom support to flash OpenBMC directly from within Heads
* Flashrom support to reflash Heads internally
* Multiboot support, QubesOS support
Thanks Timothy for all the great work that was accomplished on that
board in the past years.
TPM2 integration is still missing though. Don't hesitate to collaborate
onto heads to integrate VBOOT changes. 16Mb of SPI flash is more then
enough to support it.
Talos II cannot actually fulfill most of the threat models that the
KGPE-D16 can with Heads + QubesOS combined.
The TALOS 2 has libre firmware,
POWER-KVM, POWER-IOMMU and *it isn't a
dead platform* - it is definitely worth a purchase.
There isn't a POWER-qubes or a POWER-heads because no one has POWER
computers and because there aren't those and "you can just get a *some
x86 machine*" then not many will buy one and it will be the end of
freedom computing...
The facts are that x86_64 is a dead platform and there will never again
be another owner controlled x86_64 device. - people need to understand
that and realize that things like qubes for POWER is a catch-22
situation that will never be solved unless people have POWER machines
and use them for their other virtualization needs until then.
Btw whats better about TPM2 vs TPM1? (Is there anything useful? AFAIK
the only difference is the addition of more microsoft sponsored
non-owner controlled features that could be potentially used for DRM)
I always thought a useful TPM feature to prevent it from being used for
DRM is to have a fuse one can set to enable a "secure" mode otherwise
one is able to freely read back anything on the chip.
4:41 a.m.
New subject: Server systems shipped with coreboot
Le dim. 25 mars 2018 14:08, Taiidan(a)gmx.com <Taiidan(a)gmx.com> a écrit :
On 03/25/2018 11:12 AM, thierry.laurion(a)gmail.com
wrote:
For the KGPE-D16, an integration effort was made
in Heads to support
such board.
https://github.com/osresearch/heads/issues/134
* OpenBMC support merged into coreboot so the server can boot
* Flashrom support to flash OpenBMC directly from within Heads
* Flashrom support to reflash Heads internally
* Multiboot support, QubesOS support
Thanks Timothy for all the great work that was accomplished on that
board in the past years.
TPM2 integration is still missing though. Don't hesitate to collaborate
onto heads to integrate VBOOT changes. 16Mb of SPI flash is more then
enough to support it.
Talos II cannot actually fulfill most of the threat models that the
KGPE-D16 can with Heads + QubesOS combined.
The TALOS 2 has libre firmware,
POWER-KVM, POWER-IOMMU and *it isn't a
dead platform* - it is definitely worth a purchase.
There isn't a POWER-qubes or a POWER-heads because no one has POWER
computers and because there aren't those and "you can just get a *some
x86 machine*" then not many will buy one and it will be the end of
freedom computing... The facts are that x86_64 is a dead platform and there
will never again
be another owner controlled x86_64 device. - people need to understand
that
True. Reluctance to change is another terrain reality though.
and realize that things like qubes for POWER is a
catch-22
situation that will never be solved unless people have POWER machines
and use them for their other virtualization needs until then.
That's a geeky path and unfortunately not accessible for a lot of use cases
and threat models. Even Qubes is still geeky for the masses. Getting easier
to use, true. But teaching to whom needs it the most is already a big
challenge in itself.
What I mean here is that cooperation should be the path taken. The
virtualization abstraction layer in Qubes is there, thanks to libvirt.
Helper scripts are missing though. If there is a response from early
programmers adopters out there, willing to contribute to Qubes (Timothy's
friends and partners?) that could really ease adoption. People want it.
There is a need to have an alternative to x86, i think everyone
knowledgeable agrees to that. The thing is to easy that move. Xen won't do
thee move until pushed a little. KVM could be used for HVM in Qubes. I'm
pretty sure that if a couple of Talos II were borrowed to Qubes enhousiast
developers, the helper scripts would be written pretty quickly.
Meanwhile, I'll encourage willing customers who desires private cloud
solutions in their organization to buy Talos II. But it won't fulfill the
threat models of others until easier compartmentalization is available.
Btw whats better about TPM2 vs TPM1? (Is there anything useful? AFAIK
the only difference is the addition of more microsoft sponsored
non-owner controlled features that could be potentially used for DRM)
Mostly true. But TPM2 comes now in all recent hardware for different
sockets and can be used for measured boot/trusted boot. Its support got
included in Grub and vboot. Linux kernel integrated a scheduler recently to
properly deal with concurrent requests.
Watch this talk.
https://fosdem.org/2018/schedule/event/tpm/
KGPE-D16 has a 19 pin header. I'm not aware of any TPMv1 that fits that
connector. Is there any? For measured boot and user ownability of hardware,
there is no specific need for TPMv2 but largest and stronger algorithms
including curves. Other then that, it was just pushed by DRM needs, I
believe.
I always thought a useful TPM feature to prevent it from being used for
DRM is to have a fuse one can set to enable a
"secure" mode otherwise
one is able to freely read back anything on the chip.
Can be used two times. Once in the BIOS and then reused in the OS for other
means. No, the secrets kept in there are useful for a lot of uses from a
user perspective. You should watch the talk linked above.
--
coreboot mailing list: coreboot(a)coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
798
days inactive
866
days old
3 comments
4 participants
participants (4)
-
Piotr Kubaj -
Taiidan@gmx.com -
Thierry Laurion -
thierry.laurion@gmail.com