Hi,
I am looking to build a new computer very soon, and I would like to ask for your advice about it, especially about software supports.
My requirements are the following:
1. Absolutely necessary:
1.1. It must be able to run 100% free software. No closed BIOS. No binary firmware loaded to any part of the system with meaningful access to my data. (CPU, GPU, network card, etc.) Open display drivers. (Don't care about 3D.) I don't need UEFI, thank you very much.
1.2. It must have hardware support for AES. (For hw crypto acceleration.)
1.4. It must have hardware support for virtualization.
1.5. It must be able to drive 3 independent display outputs, at least in 1920x1200 resolution. (Preferably all digital, but that's not necessary.)
1.6. I must _use_ this, in a production environment, therefore it must work. Reliably. Now. I have ~15 yrs Linux programming experience, have modified stuff inside the kernel and X drivers, and I am not afraid to have my hands dirty, but now I am not here to run a hobby project, I want to to buy something that works, so that I can do my job using it.
2. Would be nice:
2.1. It should only use integrated graphics. (Both Intel and AMD can do 3 displays from integrated graphics now.) If I must, I could add discrete card[s], but that increases power consumption and system size...
2.2. Size small enough to be portable. Not planning to use in on the move; I mean portable in a (potentially huge) backpack, between several sites, where I intend to use them. - size of Intel NUC or Thin Mini-ITX mainboard are very cool, - Mini ITX is great, too, - MicroATX is acceptable - ATX seems to be too big, unless you can recommend me a really, really small case (with acceptable cooling)
2.3. Modern tech and High CPU performance. Of course :) Whatever is available...
2.4. Low TDP, for the possibility of quite/silent cooling. - definitely under 100W, - probably at most 65W, - ideally only 45W.
2.5. It should be built from standard components, with standard interfaces. (So that I can replace anything later.) Notebook/Laptop stuff is hard, there is too much diversity, not enough standards. Desktop technology seems to be easiest. x86 is not a must (as long as the given arch is supported by Debian), but would be nice, since it has the most support.
* * *
Obviously, given the requirements, I am aware that I will need to forgo some of the "would be nice" bits.
If it was not for the software situation, I would go with a MoBo like Gigabyte GA-Z77MX-D3H TH (MicroATX, has 2x thunderbolt + DVI + HDMI), and with a CPU like Intel Xeon E3-1265L V2 (Quad-core with HT, 45W TDP, scores ~8800 on cpubenchmark I would not need to add a discrete video card.
If I went the AMD way, I would go with ASUS F2A85-M PRO motherboard (eyefinity enabled, with DP + DVI + HDMI + D-SUB), and AMD A10-5700 APU. (65W TDP, scores ~4500 on cpubenchmark.)
* * *
Now, if I understand correctly, the both GPU's (intel HD 4000 and Radeon HD 7660D) runs on binary firmware blobs. I have read about attempts to replace the Intel firmware with an open version, but I am not sure where it stands now.
What are my options here?
Thank you for your help:
Csillag
Hi Csillag,
On Wed, Feb 6, 2013 at 6:58 PM, "Kristóf, Csillag" < csillag.kristof@gmail.com> wrote:
Hi,
I am looking to build a new computer very soon, and I would like to ask for your advice about it, especially about software supports.
My requirements are the following:
- Absolutely necessary:
1.1. It must be able to run 100% free software. No closed BIOS. No binary firmware loaded to any part of the system with meaningful access to my data. (CPU, GPU, network card, etc.) Open display drivers. (Don't care about 3D.) I don't need UEFI, thank you very much.
I don't have experience with Intel motherboards.
If this sounds like I'm pushing one specific motherboard, I apologize. Rudolf Marek did a great job porting coreboot to the Asus F2A85-M board, and I bought one. I simply know the most about this board.
The open source radeon driver performs just fine for this board (as you mention below, yes, there is a binary blob).
1.2. It must have hardware support for AES. (For hw crypto acceleration.)
For AMD that means you want a Bulldozer or Piledriver:
http://en.wikipedia.org/wiki/AES_instruction_set#Supporting_CPUs_2 http://en.wikipedia.org/wiki/Piledriver_%28processor%29#2012_platforms
1.4. It must have hardware support for virtualization.
Which specific virtualization features are you interested in? AMD CPUs should all have some virtualization capability. Coreboot + virtualization has not been tested on the F2A85-M.
1.5. It must be able to drive 3 independent display outputs, at least in 1920x1200 resolution. (Preferably all digital, but that's not necessary.)
The F2A85-M board has HDMI, DVI-D, and VGA sockets, but only works with up to 2 displays. I can confirm that all three sockets work fine with the open source radeon driver, and that dual-display works fine.
ASUS does do 3-display motherboards, just not this one. I think this means you'll need a discrete graphics card, as you mention in 2.1 below. Bitcoin just got ASICs so if you're the type to risk a scammer on fleabay, you could score a great deal.
1.6. I must _use_ this, in a production environment, therefore it must work. Reliably. Now. I have ~15 yrs Linux programming experience, have modified stuff inside the kernel and X drivers, and I am not afraid to have my hands dirty, but now I am not here to run a hobby project, I want to to buy something that works, so that I can do my job using it.
Great! I understand that completely. The F2A85-M has some linux bugs:
1.6.1. The motherboard realtek r8169 gigabit NIC will lock up the system as it gets fully loaded (tested up to kernel 3.7.1). Consider picking up a cheap PCI-E NIC and ignore the on-board NIC until the bugs are well and truly fixed.
1.6.2. The hwmon sensors driver is still a work-in-progress with significant bugs. The stock linux kernel doesn't do anything to hwmon, which is fine for production use.
1.6.3. I'll mention that there is almost no overclocking ability just to be complete. The only thing coreboot supports is selecting the proper voltage for DDR3 RAM at compile time.
- Would be nice:
2.1. It should only use integrated graphics. (Both Intel and AMD can do 3 displays from integrated graphics now.) If I must, I could add discrete card[s], but that increases power consumption and system size...
Yep, integrated graphics can drive 1920x1200 but only 2 displays.
2.2. Size small enough to be portable. Not planning to use in on the move;
I mean portable in a (potentially huge) backpack, between several sites, where I intend to use them. - size of Intel NUC or Thin Mini-ITX mainboard are very cool, - Mini ITX is great, too, - MicroATX is acceptable - ATX seems to be too big, unless you can recommend me a really, really small case (with acceptable cooling)
The F2A85-M is a MicroATX board, for what it's worth.
2.3. Modern tech and High CPU performance. Of course :) Whatever is available...
AMD really doesn't have anything that competes with high-end Intel CPUs.
2.4. Low TDP, for the possibility of quite/silent cooling. - definitely under 100W, - probably at most 65W, - ideally only 45W.
TDP for a high performance AMD CPU is ~100W. I use an aftermarket heatsink and 120mm fan, and if you're willing to get a high-end heatsink this board can be silent, even when the CPU and GPU are running at 100%.
2.5. It should be built from standard components, with standard interfaces. (So that I can replace anything later.) Notebook/Laptop stuff is hard, there is too much diversity, not enough standards. Desktop technology seems to be easiest. x86 is not a must (as long as the given arch is supported by Debian), but would be nice, since it has the most support.
Obviously, given the requirements, I am aware that I will need to forgo some of the "would be nice" bits.
If it was not for the software situation, I would go with a MoBo like Gigabyte GA-Z77MX-D3H TH (MicroATX, has 2x thunderbolt + DVI + HDMI), and with a CPU like Intel Xeon E3-1265L V2 (Quad-core with HT, 45W TDP, scores ~8800 on cpubenchmark I would not need to add a discrete video card.
If I went the AMD way, I would go with ASUS F2A85-M PRO motherboard (eyefinity enabled, with DP + DVI + HDMI + D-SUB), and AMD A10-5700 APU. (65W TDP, scores ~4500 on cpubenchmark.)
Now, if I understand correctly, the both GPU's (intel HD 4000 and Radeon HD 7660D) runs on binary firmware blobs. I have read about attempts to replace the Intel firmware with an open version, but I am not sure where it stands now.
What are my options here?
I didn't realize Intel HD 4000 uses a binary blob. That's interesting, I'm going to go research that. Cheers!
David
"Kristóf, Csillag" wrote:
- Absolutely necessary:
1.1. It must be able to run 100% free software. No closed BIOS. No binary firmware loaded to any part of the system with meaningful access to my data. (CPU, GPU, network card, etc.)
..
1.2. It must have hardware support for AES. (For hw crypto acceleration.)
1.4. It must have hardware support for virtualization.
..
2.3. Modern tech and High CPU performance. Of course :) Whatever is available...
1.2, 1.4, and 2.3 are all the same requirement. Unfortunately, that requirement is in absolute conflict with 1.1.
You lose.
//Peter
At 2013-02-07 09:43, Peter Stuge wrote:
"Kristóf, Csillag" wrote:
- Absolutely necessary:
1.1. It must be able to run 100% free software. No closed BIOS. No binary firmware loaded to any part of the system with meaningful access to my data. (CPU, GPU, network card, etc.)
..
1.2. It must have hardware support for AES. (For hw crypto acceleration.)
1.4. It must have hardware support for virtualization.
..
2.3. Modern tech and High CPU performance. Of course :) Whatever is available...
1.2, 1.4, and 2.3 are all the same requirement. Unfortunately, that requirement is in absolute conflict with 1.1.
I really hope that that's not 100% true. 2.3 was not a strict requirement, but a "would be nice".
The virtualization and crypto stuff have been integrated to CPUs for years.
Or I could add some external solution for hw crypto acceleration, maybe some PCI-e card (if something like that exists, and is supported by the kernel), so it does not necessarily has to be inside the CPU.
You lose.
Really? No way out? In that case, are you suggesting that I need to give up 1.1, or the other three? What system would you suggest, if I decided to keep 1.1?
Thank you for your help:
Kristof
1.1. It must be able to run 100% free software. No closed BIOS. No binary firmware loaded to any part of the system with meaningful access to my data. (CPU, GPU, network card, etc.)
Firmwares on latest AMD APUs:
1) NB firmware - most likely needed for PCIe - never tried without 2) SB firmware - IMC - you dont need to load this 3) XHCI - you dont need to load this - no USB3.0 4) CPU microcode - you will have problems if you don't load this (need to check) 5) ATOM tables - you can interpret them via kernel driver 6) GPU firmware - no GPU and no modesetting
You lose.
Yes you do. But what about IOMMU? You could authorize DMA accesses but not sure if this shields SB stuff.
Also, why the backdoor would be in FW when it could be directly in the HW? You will never know, except if you build your own system on FPGA....
Thanks Rudolf
At 2013-02-07 10:02, Rudolf Marek wrote:
1.1. It must be able to run 100% free software. No closed BIOS. No binary firmware loaded to any part of the system with meaningful access to my data. (CPU, GPU, network card, etc.)
Firmwares on latest AMD APUs:
- NB firmware - most likely needed for PCIe - never tried without
- SB firmware - IMC - you dont need to load this
- XHCI - you dont need to load this - no USB3.0
- CPU microcode - you will have problems if you don't load this (need
to check) 5) ATOM tables - you can interpret them via kernel driver 6) GPU firmware - no GPU and no modesetting
Sounds just great. Any pointers where can I look into these?
You lose.
Yes you do.
Not ready to give up yet.
But what about IOMMU? You could authorize DMA accesses but not sure if this shields SB stuff.
Also, why the backdoor would be in FW when it could be directly in the HW?
It sounds hard to implement complicated, adaptive logic, involving multiple system components, purely in HW. And there are not too much hardware components that have the access required to do this. But yes, it's a real problem...
You will never know, except if you build your own system on FPGA....
Are you aware of any viable designs to do this?
Thanks:
Csillag
- NB firmware - most likely needed for PCIe - never tried without
This is firmware inside coreboot AGESA (15tn), most likely it is some soft core CPU implemented in NB. Did not disassemble this yet.
- SB firmware - IMC - you dont need to load this
This is 8051 firmware, but most system have strap pin for IMC disabled athough you can enable it via software and run own programs there. I disassembled most of the firmware and I was even run own stuff there.
- XHCI - you dont need to load this - no USB3.0
This is in 3rd party blobs repository. No clue what CPU it has or what it does.
- CPU microcode - you will have problems if you don't load this (need to check)
This is part of AGESA. It is not a firmware per se, but just some modification to internal CPU structure (very limited to space) so you cannot probably build your own instructions. At least those seems to be crypto signed in latest AMD CPUs.
- ATOM tables - you can interpret them via kernel driver
This is part of VGA ROM bios. You dont need to run vga rombios, radeon driver in kernel can do GPU POST. But you would have to check if the bytecode does not break the in kernel interpreter.
- GPU firmware - no GPU and no modesetting
no clue about internal structure or purpose.
Sounds just great. Any pointers where can I look into these?
Are you aware of any viable designs to do this?
Not sure, most likely opencores OpenRISC, but no idea about performance. There may be some ASIC at the end in the future.
Thanks Rudolf
Thanks:
Csillag
On Thu, 07 Feb 2013 10:52:16 +0100 Rudolf Marek r.marek@assembler.cz wrote:
- ATOM tables - you can interpret them via kernel driver
This is part of VGA ROM bios. You dont need to run vga rombios, radeon driver in kernel can do GPU POST. But you would have to check if the bytecode does not break the in kernel interpreter.
on the radeon of the M4A785T-M (01:05.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI RS880 [Radeon HD 4200]) it can: some time ago I commented the VGA option rom running but kept it in memory and it worked(the linux kernel initialized the card). it can also work without the firmware but has no 3D acceleration nor video acceleration(XV).
On the i915 it can also initialize the display in the linux kernel without even the option rom in memory, the drawback is that the display backlight is at its maximum and can't be ajusted anymore out of the box. the i915 doesn't have a firmware, at least it seems(since it works with trisquel and parabola).
I didn't try without the nvidia option rom yet...I really should. The nvidia card even has 3D acceleration with the free firmware.
Are you aware of any viable designs to do this?
Not sure, most likely opencores OpenRISC, but no idea about performance. There may be some ASIC at the end in the future.
There are some free software code that implements CPUs: * I heard that some sparcs cpus had some code available * I heard about milkymist which is a board with a latice32 cpu, but it seem to lack an MMU. * I heard about other CPUs like the LEON ones. But their speed is limited...
you to care about high security, maybe he also needs to add one requirement: locked SMM/SMI.
PS: I also want 100% free software coreboot(and the rest too, such as my GNU/Linux distributions(I run trisquel and parabola depending on the computer) etc...).
The main issue I have is the VGA option roms, for instance when I travel I need to have the display inited during grub or even for the press F12 of seaBIOS...
I've never succedded at making i915tool compile... so maybe I should compile a tiny kernel with a tiny initramfs with something like kexecboot. Fitting it in the 2M of my x60 flash chip will be hard...
Denis.
I'm sorry about the state of i915tool. I hope to be able to release what i have very soon.
Thanks for your patience.
We need to solve the vga bios problem. I learned some things about at least the laptop side of things, and hope to be able to communicate what I've learned at some point.
Anyway, like I say, I"m sorry that it's not updated yet. Some things got in the way. I don't expect the delay to be that much longer.
ron
On Thu, Feb 07, 2013 at 08:52:47PM +0100, Denis 'GNUtoo' Carikli wrote:
on the radeon of the M4A785T-M (01:05.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI RS880 [Radeon HD 4200]) it can: some time ago I commented the VGA option rom running but kept it in memory and it worked(the linux kernel initialized the card). it can also work without the firmware but has no 3D acceleration nor video acceleration(XV).
I believe from linux 3.7 up there is no longer option for UMS in radeon, and KMS needs the nonfree firmware.
I didn't try without the nvidia option rom yet...I really should. The nvidia card even has 3D acceleration with the free firmware.
Yes I think nouveau does not need the VGA BIOS, but I haven't tried. May depend on gpu model.
2013-02-07 09:43 keltezéssel, Peter Stuge írta:
"Kristóf, Csillag" wrote:
- Absolutely necessary:
1.1. It must be able to run 100% free software. No closed BIOS. No binary firmware loaded to any part of the system with meaningful access to my data. (CPU, GPU, network card, etc.)
..
1.2. It must have hardware support for AES. (For hw crypto acceleration.)
1.4. It must have hardware support for virtualization.
..
2.3. Modern tech and High CPU performance. Of course :) Whatever is available...
1.2, 1.4, and 2.3 are all the same requirement. Unfortunately, that requirement is in absolute conflict with 1.1.
You lose.
It seems that you are right. I am now looking at MIPS hardware built by Lemote. That fulfills 1.1, but not much else...
On Thu, Feb 07, 2013 at 04:13:00PM +0100, "Kristóf, Csillag" wrote:
It seems that you are right.
Yes, I'm afraid we lose. I'd love to hear about any success however, I'd be interested in such a system. At least with regards to freedom my requirements are the same, performance and features are more relaxed. And a little graphics power would be fine (NV50 will do). Another secondary requirement for me would be little maintenance, so the least custom software and the more use of debian repositories or similar, the better.
I am now looking at MIPS hardware built by Lemote.
My yeeloong has poor performance. Maybe because of the unoptimized software, but the desktop is not very responsive and browsers regurarly crash. I think it worked better before I installed wheezy and then started to compile some packages with loongsoon flags. I don't spend enough time looking at it. I may try parabola some day. Console and some tasks are fine, though.
That fulfills 1.1, but not much else...
Indeed. But I've heard they're working on newer MIPS processors, not sure about the freedom requirements for those or what will be available when.
At 2013-02-07 18:46, xdrudis wrote:
I'd love to hear about any success however, I'd be interested in such a system.
Guys,
I must put this project on a hold now, or else I can stop worrying about doing my job on this new computer. (And not in a good way.)
I'll report back when I can continue the research.
Csillag
"Kristóf, Csillag" wrote:
I must put this project on a hold now
That was a brief commitment. But thanks for looking around!
//Peter
At 2013-02-08 20:53, Peter Stuge wrote:
"Kristóf, Csillag" wrote:
I must put this project on a hold now
That was a brief commitment.
I did not say that I'm over with this. It's just that I must postpone building the system.
Circumstances has changed, so I can not buy anything now. When the opportunity arises, I will continue with the search exactly where I left it. (The requirements have not changed at all.)
Csillag
"Kristóf, Csillag" wrote:
That was a brief commitment.
I did not say that I'm over with this.
Fair enough!
When the opportunity arises, I will continue with the search exactly where I left it. (The requirements have not changed at all.)
ACK. Maybe by that time there will be more choice. But on the other hand, today is when we can shape our own future.
//Peter
I think it's a neat project, and I also strongly believe it's best to find vendors who also want to abide by your principals. So, look at the Gizmosphere. It will save you time and I think it's very close to what you want.
-
"Kristóf, Csillag" -
David Hubbard -
Denis 'GNUtoo' Carikli -
Peter Stuge -
ron minnich -
Rudolf Marek -
xdrudis