[coreboot] Server systems shipped with coreboot

[Taiidan at gmx.com]

On 03/25/2018 11:12 AM, thierry.laurion at gmail.com wrote:

> For the KGPE-D16, an integration effort was made in Heads to support
> such board.
>
> https://github.com/osresearch/heads/issues/134
>
>   * OpenBMC support merged into coreboot so the server can boot
>   * Flashrom support to flash OpenBMC directly from within Heads
>   * Flashrom support to reflash Heads internally
>   * Multiboot support, QubesOS support
>
> Thanks Timothy for all the great work that was accomplished on that
> board in the past years.
>
>
> TPM2 integration is still missing though. Don't hesitate to collaborate
> onto  heads to integrate VBOOT changes. 16Mb of SPI flash is more then
> enough to support it.
>
> Talos II cannot actually fulfill most of the threat models that the
> KGPE-D16 can with Heads + QubesOS combined.
The TALOS 2 has libre firmware, POWER-KVM, POWER-IOMMU and *it isn't a
dead platform* - it is definitely worth a purchase.
There isn't a POWER-qubes or a POWER-heads because no one has POWER
computers and because there aren't those and "you can just get a *some
x86 machine*" then not many will buy one and it will be the end of
freedom computing...

The facts are that x86_64 is a dead platform and there will never again
be another owner controlled x86_64 device. - people need to understand
that and realize that things like qubes for POWER is a catch-22
situation that will never be solved unless people have POWER machines
and use them for their other virtualization needs until then.

Btw whats better about TPM2 vs TPM1? (Is there anything useful? AFAIK
the only difference is the addition of more microsoft sponsored
non-owner controlled features that could be potentially used for DRM)
I always thought a useful TPM feature to prevent it from being used for
DRM is to have a fuse one can set to enable a "secure" mode otherwise
one is able to freely read back anything on the chip.