[coreboot] Coreboot Purism BIOS is free? open?

echelon at free.fr echelon at free.fr
Sun Dec 24 22:17:53 CET 2017


As a businessman what do you answer when in commercial meeting with Intel they tell you:
"Okaye man, you got the HAP bit and obviously your users are happy with that.. Your products are great and are selling like no tomorrow and no user ever come back complaining that the ME "isn't completely disabled". Aren't they?.. So why are you pissing us again with your unreasonable requests about the ME? You know very well that this question is not negotiable for us. What about giving you a price break for the next batch of Intel components you want to buy and be done with that?.."

----- Mail d'origine -----
De: Todd Weaver <todd at puri.sm>
À: Taiidan at gmx.com, Youness Alaoui <kakaroto at kakaroto.homelinux.net>, Timothy Pearson <tpearson at raptorengineering.com>
Cc: Dame Más <damemasporfavor at gmail.com>, coreboot <coreboot at coreboot.org>
Envoyé: Sun, 24 Dec 2017 21:42:43 +0100 (CET)
Objet: Re: [coreboot] Coreboot Purism BIOS is free? open?

On Sat, 2017-12-23 at 23:32 -0500, Taiidan at gmx.com wrote:
> You will never have that type of leverage, if google can't pull it
> off then no one can.

There are a lot of assumptions you are making.

First off, having leverage doesn't only mean with Intel, it also means
with competitors or alternatives; we are fighting for user freedom and
ethical computing. Having leverage is better than no leverage.

Second, I'm not convinced Google's goals were exactly that, so saying
"If Google can't pull it off then no one can." is a defeatist attitude.
You may as well say "nobody has done it, so nobody can." There are a
lot of avenues to take, and giving up before attempting is of no
interest to me.

> Even the NSA only got HAP, not a CPU without ME all together and the
> US government probably spends hundreds of millions with intel every
> year.

Sure, but that may have been what they asked for. Projecting the NSA's
request to be what you would have asked for is a huge assumption.
"Which makes an 'ass' out of 'u' and 'mption'." :)

> x86-64 will always have ME/PSP and it simply can't be disabled,

It can be disabled, but I suppose you are meaning that it can be re-
enabled again via software update; but we have plans (and will be
releasing) the ability to measure the ME region (via TPM) to flag any
re-enablement attempts. Disable ME, measure it is tampered with, notify
tampering (via coreboot+TPM+Heads).

NOTE: This is not "removal" which is the process of never initializing
the ME, which is the end goal for user freedom. This term is how we
distinguish between the progress being made, as we clearly posted
previously.

> pretending otherwise is doing a disservice to many who look to the
> big shots for advice and pipe dreams like that being spread to the
> masses are the main reason I dislike purism so much.

Our approach is to grow, gain leverage, and influence positive change.
Everything we do is about creating ethical computing; and we will
continue to do so. You are more than welcome to dislike our path or
approach, even though it sounds like we share the same end-goal.


> People will think "well gee why buy an actually-libre-right-now TALOS
> 2 when I can simply wait a few years when the eggheads have cracked
> ME and I can keep getting cheap soul-less computers" as tim said the
> discovery of HAP etc probably set back libre computing a decade.

This is projecting an individual opinion onto others, our users are not
buying Librem laptops over Talos 2, they're drastically different
products, prices, and capabilities.

Todd.



More information about the coreboot mailing list