On 12/17/2017 09:01 PM, szbnwer@gmail.com wrote:

hi there! :)

Hi :D

sooo my understanding says that libreboot is a deblobbed coreboot,

Yes -plus the different politics.

you say that those machines you mentioned above are 100% owner cotrolled, however i only know lenovo t400 is good for libreboot from that list. is this about a misinterpretation of your words, or what?

Yeah it is :[

I included the T420/X230 as they have a few features the G505S lacks that he might need - while they are still more free than a purism they have ME so they aren't owner controlled. I wouldn't consider the T400 owner controlled either although it is closer than the T420 etc, while it boots without an ME kernel I still dislike the present of ME and the non-free EC controller (someone is working on a free software replacement for the G505S EC)

All of these below devices have libre firmware besides the G505S which currently requires a blob for video and power management, but it is still owner controlled due to the absence of hardware code signing enforcement.

Owner controlled devices: Laptops: Lenovo G505S - average laptop performance Novena - ARM - slow :[

Workstations/Servers: KCMA-D8 - medium KGPE-D16 - high-medium

Ultra High Performance Servers/Workstations: TALOS 2 (POWER9) - uber fast and a much better price than intel/amd's new high end server stuff. TYAN Palmetto (POWER 8) - fast IBM Firestone (POWER 8) - very fast

POWER 9 is true computing excellence - owner controlled from top to bottom and performance significantly better than x86-64.

my best image about this is that coreboot is owner controlled but not deblobbed, however the possibility is fully opened - is this right? if yes, then what parts are not deblobbed and how serious they can be? so what could i win/lose by letting go the idea of aiming a libreboot machine and choose a coreboot machine instead? (that i dont know when i will have enough money for that purpose)

Some coreboot boards are owner controlled some aren't, and there are varying amounts of blobs. If one builds for instance the KCMA-D8 with coreboot you have the same result as libre-boot as it doesn't need firmware-blobs to run unless you use a 43xx CPU which needs a microcode update for security reasons.

You can get a Lenovo G505S for $200, or you can build a KCMA-D8 libre gaming PC for $500-1000

an another question is that ive read about the background of the whole hacking game maybe here maybe elsewhere but most likely from mixed origins... :D so my understanding says that there is a bunch of encryption keys that are unremovable (except by intel) maybe based on something like in that case (complete overwrite of everything included on the ic that contains the intel me) there is something else that will miss the original keys. (id appreciate a cleaner vision about this part, for better understanding, but its not the main question) so this encryption key is only validating something like headers or entrance points to the parts of the intel me but not the contents/body of them. the best that core-/libreboot can achieve is to override the body parts and we can say then the whole became whitebox and well known, or there is a next level after the achieved access to entirely remove it?

ME brings up the main CPU on a modern intel platform, no ME no computer. The ME core validates the ME kernel and on newer systems parts of the ME software, ME cleaner removes the parts that aren't validated.

It is de-facto impossible to remove/disable ME for a variety of reasons and any effort to do so is wasted and better spent on archs's that can have owner controlled devices such as POWER and ARM.

i dont even know how flashing going on in practise nor in theory, just trying to figure out things around... does it work like total copy/write access with the chance of wrecking things around on the other hand, or its controlling/limiting its own access, and then one should come over it somehow? where me_cleaner works 100% replacing could be achieved, just none implemented core-/libreboot yet for the other machines in th range of a specific range of intel me version?

I am not really sure what you mean due to the language barrier.

so many thanks for any kinda help and all the bests for everyone around here!

Yeah feel free to ask any questions :]